Prolomení hesel

[Tarkin]

Ahoj.
Co se mi stalo?
Nějakým nevysvětlitelným způsobem jsem přišel o Facebook, Instagram, Twitter a dnes i linkedIn.

Dvě hesla byly společná, jinak jiný email i jiné heslo. Pravděpodobně jsem s torrentem stáhl nějaký bordel a ten přes podeřelý exáč, který jsem jako prostoduchý idiot spustil v domnění, že mě kdyžtak Windows Defender podrží, zřejmě nepodržel.

Po první podezřelé aktivitě - ztráta přístupu k FB jsem projel celý PC a telefon přes plnou verzi Esetu, ten samozřejmě našel nějaké věci, které jsem ihned smazal. Log z toho jsem si ale bohužel neuložil a následně přešel na Avira Free Antivirus, který našel něco s threat name: "HTML/Phish.SBH".

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

Nejsem si tedy jistý, jestli tyto dva programy jsou ještě schopné něco najít a udělat relevantní report.

Nicméně co dál?
- Výměna antiviru za něco, co funguje, pravděpodobně Avira nebo Avast?
- Všude jsem vyměnil hesla a doplnil 2fa ověření + telefon
- Zařadit nějaký správce hesel, například bitwander
- Přeinstalace PC?

Teď to nejdůležitější, chápu že bez logu to je těžké určit, ale k čemu pravděpodobně došlo a jak velký může být rozsah úniku? Trochu se děsím, co ještě přijde.
Dal bych ruku do ohně za to, že jsem měl facebook nastavený solidně, vlastně i s 2fa a během pár minut jsem o account téměř přišel, ihned smazání originálního emailu, nebylo jak účet obnovit. Horko těžko jsem jej získával zpět přes scan pasu.
Vlastně mě až děsí, jaké je zabezpečení všech těch věcí. Přihlášení z druhé prdele světa, majitel zaklikne, že změny neudělal on a vlastně se nic nestane a hacker má v podstatě volné pole působnosti. Vlastně mi ani nepřišlo na email upozornění k podezřelému přihlášení. WTF?
Včera se z mého instagram učtu objevil nový post a stories. Opět žádný email, že by se k mému učtu přihlásil někdo jiný. V žádném učtu jsem ani nenašel, že by tam byl přihlášený někdo jiný.
Zkrátka - Co se to sakra děje?

[Rudy]

Zdravím!
Ne vždy se šmejd ukládá do PC. Může jít i o prolomení hesla přímo na webu. Abychom se mohli přesvědčit, dejte log FRST+Addition: http://forum.viry.cz/viewtopic.php?f=24&t=132509. Co se týká AV, vámi jmenované antiviry jsou (pokud budeme uvažovat o free aplikacích více než dostatečné). Pokud free aplikacím nevěříte, kupte si něktrou z placených aplikací (ESET, Norton apod.) Přeinstalací PC toho v tomto případě moce nepořídíte. Útočníci mají nejraději, když v PC po nich nic nezbude.

[Tarkin]

Večer vyrobím potřebné logy. Nicméně dokážeme v tuhle chvíli alespoň odhadnout, o jak velké škody se jedná?

[Rudy]

Tak to musíte vědět vy, já nevidím do vašich profilů. V každém případě si změňte všechna hesla, která je možní sniffnout z internetu. Logy ukáží, co v systému jede a co je třeba případně zastavit a odstranit.

[Tarkin]

Spíš jsem myslel na tu možnost, že by Eset už všechny věci ze systému dostal a z logů by se nedalo nic užitečného vyčíst.

[Rudy]

Tak to nevím, zda tam něco najdu, právě proto vás om něj žádám.

[Tarkin]

Malwarebytes AdwCleaner 8.4.2.0 log:
# -------------------------------
# Malwarebytes AdwCleaner 8.4.2.0
# -------------------------------
# Build: 03-04-2024
# Database: 2024-03-04.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 06-03-2024
# Duration: 00:00:01
# OS: Windows 11 (Build 22631.3593)
# Cleaned: 11
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\ProgramData\SecuritySuite
Deleted C:\ProgramData\TotalAV
Deleted C:\Users\drzka\AppData\Roaming\IObit\Advanced SystemCare
Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\TotalAV

***** [ Files ] *****

Deleted C:\Users\drzka\Downloads\TOTALAV_SETUP.EXE

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\SSProtect
Deleted HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted HKLM\SOFTWARE\Microsoft\Edge\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted HKLM\Software\Classes\totalav
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\SecurityService

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2284 octets] - [03/06/2024 18:39:51]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

[Tarkin]

FRST log:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01.06.2024
Ran by drzka (administrator) on AM5_REACTOR (ASUS System Product Name) (03-06-2024 18:59:06)
Running from C:\Users\drzka\Desktop\logy\FRST64.exe
Loaded Profiles: drzka
Platform: Microsoft Windows 11 Pro Version 23H2 22631.3593 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe ->) (Advanced Micro Devices -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe ->) (Advanced Micro Devices -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSSrcExt.exe
(C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe ->) (Advanced Micro Devices -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cncmd.exe
(C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Windows\System32\AMD\ANR\AMDNoiseSuppression.exe
(C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files\Avira\Endpoint Protection SDK\SentryEye.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.13200.10.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe <6>
(cmd.exe ->) (Advanced Micro Devices -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <34>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(services.exe ->) (Avira Operations GmbH -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(services.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(services.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe
(services.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MsMpEng.exe
(services.exe ->) (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_9d3a92437ffb40b7\RtkAudUService64.exe
(svchost.exe ->) (Advanced Micro Devices -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\CPUMetricsServer.exe
(svchost.exe ->) (ASUSTeK COMPUTER INC. -> ASUS) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.13200.10.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_9d3a92437ffb40b7\RtkAudUService64.exe [1994128 2024-03-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Corsair iCUE5 Software] => C:\Program Files\Corsair\Corsair iCUE5 Software\iCUE Launcher.exe [184872 2024-06-03] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-677491221-3698580047-887230356-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [3851296 2024-05-24] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-677491221-3698580047-887230356-1001\...\Run: [MicrosoftEdgeAutoLaunch_C4C808E20A5B33CC1E09AAA69952E6C1] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4136896 2024-05-30] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-677491221-3698580047-887230356-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4382056 2024-05-24] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-677491221-3698580047-887230356-1001\...\Run: [Wargaming.net Game Center] => C:\ProgramData\Wargaming.net\GameCenter\wgc.exe [2202904 2024-05-23] (Wargaming Group Limited -> Wargaming.net)
HKU\S-1-5-21-677491221-3698580047-887230356-1001\...\Run: [Discord] => C:\Users\drzka\AppData\Local\Discord\Update.exe [1525016 2023-02-13] (Discord Inc. -> GitHub)
HKU\S-1-5-21-677491221-3698580047-887230356-1001\...\Run: [Bloody2] => C:\Program Files (x86)\Bloody7\Bloody7\Bloody7.exe [20998160 2022-11-29] (A FOUR TECH CO., LTD. -> )
HKU\S-1-5-21-677491221-3698580047-887230356-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [45430176 2024-05-20] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-677491221-3698580047-887230356-1001\...\Run: [EADM] => C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALauncher.exe [2658920 2024-01-06] (Electronic Arts, Inc. -> Electronic Arts)
HKU\S-1-5-21-677491221-3698580047-887230356-1001\...\Run: [] => [X]
HKU\S-1-5-21-677491221-3698580047-887230356-1001\...\Run: [AMDNoiseSuppression] => C:\Windows\system32\AMD\ANR\AMDNoiseSuppression.exe [145800 2023-06-14] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\125.0.6422.113\Installer\chrmstp.exe [2024-05-30] (Google LLC -> Google LLC)
Startup: C:\Users\drzka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DDM2.0.lnk [2023-04-02]
ShortcutTarget: DDM2.0.lnk -> C:\Program Files\Dell\Dell Display Manager 2\DDM.exe (Qisda Corporation -> Dell Inc.)
Startup: C:\Users\drzka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Poslat do aplikace OneNote.lnk [2024-05-14]
ShortcutTarget: Poslat do aplikace OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {3C77B70B-5FC7-4EF7-95B2-99BE46E81495} - \drzka -> No File <==== ATTENTION
Task: {0901B835-7B75-46AE-8DB3-3C7784AA0E29} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1030872 2024-05-09] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
Task: {C2E12DA9-2B39-44FC-84EB-085C77E1971D} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1030872 2024-05-09] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
Task: {EC76E72F-E575-4EA1-801C-EE77414411C8} - System32\Tasks\AMDRyzenMasterSDKTask => C:\Program Files\AMD\CNext\CNext\cpumetricsserver.exe [184024 2024-05-08] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
Task: {9015E530-9A72-4B68-8CAA-17F57B0EDF6D} - System32\Tasks\ASUS\AcPowerNotification => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe [355176 2023-11-13] (ASUSTeK COMPUTER INC. -> ASUS)
Task: {FC1939AD-120E-4948-BFFB-1D12B65B64D5} - System32\Tasks\ASUS\ArmourySocketServer => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe [1444200 2023-11-13] (ASUSTeK COMPUTER INC. -> ASUS)
Task: {F3CDBC09-0872-4FDC-A077-DEFB3FE99086} - System32\Tasks\ASUS\ASUSUpdateTaskMachineCore1da7b15d5a0bcbc => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [165224 2024-03-21] (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.)
Task: {2FB34F67-4BBC-427C-937C-2E86150CD9ED} - System32\Tasks\ASUS\ASUSUpdateTaskMachineUA => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [165224 2024-03-21] (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.)
Task: {156FEFDF-9F0C-4040-B2A1-6D05D6D839F2} - System32\Tasks\ASUS\NoiseCancelingEngine => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\NoiseCancelingEngine.exe [1261928 2023-12-07] (ASUSTeK COMPUTER INC. -> ASUS)
Task: {248BAB3E-69CE-48C8-BA7A-36A48DAB54EA} - System32\Tasks\ASUS\P508PowerAgent_sdk => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe (No File)
Task: {746C6C73-1AC3-41EB-8CB3-B367A31C310A} - System32\Tasks\Avira_FallbackUpdater => C:\Windows\System32\sc.exe [98304 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> start AviraFallbackUpdater Delayed=false
Task: {2F28009D-33FB-4834-AD20-3F4AF3BD02B3} - System32\Tasks\Avira_Security_Maintenance => Command(1): C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe -> FallbackTelemetry
Task: {2F28009D-33FB-4834-AD20-3F4AF3BD02B3} - System32\Tasks\Avira_Security_Maintenance => Command(2): C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe -> ServiceWatchdog
Task: {2F28009D-33FB-4834-AD20-3F4AF3BD02B3} - System32\Tasks\Avira_Security_Maintenance => Command(3): C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe -> CrashCollector
Task: {8D3D1860-5F98-4067-929C-ACE06BDFC90A} - System32\Tasks\Avira_Security_Service_SCM_Watchdog => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe [259040 2024-05-02] (Avira Operations GmbH -> Avira Operations GmbH)
Task: {5A67A668-4434-4249-80C4-8B60D35D0567} - System32\Tasks\Avira_Security_Systray => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Systray.Application.exe [1775072 2024-05-02] (Avira Operations GmbH -> Avira Operations GmbH)
Task: {7A540933-080B-4563-886C-C38C4864039F} - System32\Tasks\Avira_Security_Update => C:\Windows\System32\net.exe [81920 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
Task: {6225F086-8151-4DCF-81E4-A040305C281D} - System32\Tasks\AviraSystemSpeedupVerify => C:\Program Files (x86)\Avira\System Speedup\setup\avira_speedup_setup.exe [36867824 2024-06-03] (Avira Operations GmbH -> Avira Operations GmbH)
Task: {E5DAFBDB-DD22-4F91-A28E-2B0DF199D7EB} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2024-05-20] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {C4F46D22-B2FC-402A-9E21-91D0C90CE24D} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [5074848 2024-05-20] (PIRIFORM SOFTWARE LIMITED -> Gen Digital Inc. All rights reserved.) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "146da99c-1a20-40df-b580-be7abcc1e574" --version "6.24.11060" --silent
Task: {778EBFF7-8EA3-4651-95D7-A8798BEEC4D9} - System32\Tasks\CCleanerSkipUAC - drzka => C:\Program Files\CCleaner\CCleaner.exe [39169952 2024-05-20] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {FF34D12E-0D74-4E1A-A40E-5988F6BBDE9B} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem127.0.6490.0{2EE3EA27-BDCF-40F6-AF85-E48C262BB59D} => C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe [4785440 2024-05-20] (Google LLC -> Google LLC)
Task: {4AA22050-2CFF-409A-937F-07A746E6A13C} - System32\Tasks\infatica_p2b => C:\Program Files (x86)\Infatica P2B\infatica-service-app.exe [20072 2021-12-04] (Infatica pte ltd -> )
Task: {0CFCFD83-1F97-48E1-BE76-E6C8D0367320} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2113024 2023-04-08] () [File not signed]
Task: {B2A2FC2D-D2DF-4EFC-A457-657EED0A7AE6} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28435936 2024-05-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {C6ED8D73-F512-4669-9EA3-846EEF509B08} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28435936 2024-05-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {84D58152-3DC3-4CEF-8404-D42E2D9D6005} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309832 2024-05-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {69F8F791-E99E-493B-929E-0C7FA633BAB7} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309832 2024-05-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {54226F17-3176-499F-9E81-94291F466E83} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [168928 2024-05-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {7E4B170E-4E32-4466-9FDD-AA76F59E4301} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1030872 2024-05-09] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
Task: {71AA8180-1474-496F-880E-7A0808A5923B} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4209168 2024-05-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {033D724F-3522-43A1-8A5B-9ABB63FF9169} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-677491221-3698580047-887230356-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4209168 2024-05-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {0C5A2F7B-12D7-456C-8C7E-42DA2B52369B} - System32\Tasks\RTSS => C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe [436544 2023-02-16] (Alexey Nicolaychuk -> )
Task: {C31F9E7D-271B-473E-A10F-E705925C318E} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [60632 2024-05-08] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
Task: {938D1CEE-A89E-4A6C-B364-FA6BE4AAF161} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [324312 2024-05-08] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{843068f5-778f-42e9-a493-a507d3143adb}: [DhcpNameServer] 192.168.188.218
Tcpip\..\Interfaces\{cd614fd4-2f78-40f6-8ee8-f6035b853487}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{d690e51a-4c62-4ed7-bd29-5e8be27e20c2}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{d690e51a-4c62-4ed7-bd29-5e8be27e20c2}\F4E65605C65737021323: [DhcpNameServer] 192.168.147.96

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\drzka\AppData\Local\Microsoft\Edge\User Data\Default [2024-06-03]
Edge Extension: (Dokumenty Google offline) - C:\Users\drzka\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-12]
Edge Extension: (Edge relevant text changes) - C:\Users\drzka\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-02-23]
Edge HKLM-x32\...\Edge\Extension: [caiblelclndcckfafdaggpephhgfpoip]
Edge HKLM-x32\...\Edge\Extension: [emgfgdclgfeldebanedpihppahgngnle]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-04-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (Electronic Sports Network i Sverige AB -> ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB) [File not signed]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-04-03] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\drzka\AppData\Local\Google\Chrome\User Data\Default [2024-06-03]
CHR Notifications: Default -> hxxps://tinder.com; hxxps://www.netflix.com
CHR Session Restore: Default -> is enabled.
CHR Extension: (Advanced Font Settings) - C:\Users\drzka\AppData\Local\Google\Chrome\User Data\Default\Extensions\caclkomlalccbpcdllchkeecicepbmbm [2023-12-01]
CHR Extension: (Avira Password Manager) - C:\Users\drzka\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2024-06-03]
CHR Extension: (Avira Safe Shopping) - C:\Users\drzka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh [2024-06-03]
CHR Extension: (GoFullPage - Full Page Screen Capture) - C:\Users\drzka\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2024-06-01]
CHR Extension: (Avira Browser Safety) - C:\Users\drzka\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2024-06-03]
CHR Extension: (Dokumenty Google offline) - C:\Users\drzka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-21]
CHR Extension: (UltraWide Video) - C:\Users\drzka\AppData\Local\Google\Chrome\User Data\Default\Extensions\lngfncacljheahfpahadgipefkbagpdl [2023-02-26]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\drzka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-02-26]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ArmouryLiveUpdate; C:\Windows\System32\DriverStore\FileRepository\rogms.inf_amd64_94d9766656ff6011\ArmouryLiveUpdate.exe [576216 2021-08-30] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\4.02.32\atkexComSvc.exe [907112 2024-01-11] (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.)
S2 asus; C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [165224 2024-03-21] (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.)
S2 AsusCertService; C:\Program Files (x86)\ASUS\AsusCertService\AsusCertService.exe [502120 2023-11-22] (ASUSTeK COMPUTER INC. -> Asustek Computer Inc.)
S3 asusm; C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [165224 2024-03-21] (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.)
S2 AsusROGLSLService; C:\Program Files (x86)\ASUS\AsusROGLSLService\AsusROGLSLService.exe [681832 2024-03-21] (ASUSTeK COMPUTER INC. -> ASUS)
S2 AsusUpdateCheck; C:\Windows\System32\AsusUpdateCheck.exe [845256 2024-06-03] (ASUSTeK Computer Inc. -> )
S2 AviraFallbackUpdater; C:\Program Files (x86)\Avira\Fallback Updater\Avira.Spotlight.FallbackUpdater.exe [6738360 2024-06-03] (Avira Operations GmbH -> Avira Operations GmbH)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [3003584 2024-01-22] (Avira Operations GmbH -> Avira Operations GmbH)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [398816 2024-04-23] (Avira Operations GmbH -> Avira Operations GmbH & Co. KG)
R2 AviraSecurity; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe [265544 2024-05-02] (Avira Operations GmbH -> Avira Operations GmbH)
S2 AviraSecurityUpdater; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe [295752 2024-05-02] (Avira Operations GmbH -> Avira Operations GmbH)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [9884424 2023-02-28] (BattlEye Innovations e.K. -> )
R3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1085856 2024-05-20] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14248016 2024-05-09] (Microsoft Corporation -> Microsoft Corporation)
S3 CorsairCpuIdService; C:\Program Files\Corsair\Corsair iCUE5 Software\CorsairCpuIdService.exe [240680 2024-06-03] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
S3 CorsairDeviceListerService; C:\Program Files\Corsair\Corsair iCUE5 Software\CorsairDeviceListerService.exe [155688 2024-06-03] (Corsair Memory, Inc. -> )
S2 CorsairLLAService; C:\Program Files\Corsair\Corsair iCUE5 Software\CueLLAccessService.exe [251944 2024-06-03] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
S2 CorsairService; C:\Program Files\Corsair\Corsair iCUE5 Software\clink\Corsair.Service.exe [84008 2024-06-03] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
S2 DolbyDAXAPI; C:\Windows\System32\dolbyaposvc\DAX3API.exe [2471312 2022-07-09] (AAF Optimus -> Dolby Laboratories)
S2 DtsApo4Service; C:\Windows\System32\DTS\PC\APO4x\DtsApo4Service.exe [434000 2024-03-21] (DTS, Inc. -> DTS Inc.)
S3 EABackgroundService; C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe [11385960 2024-01-06] (Electronic Arts, Inc. -> Electronic Arts)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [1135648 2023-09-30] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [954704 2023-10-06] (EasyAntiCheat Oy -> Epic Games, Inc.)
R2 EndpointProtectionService; C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe [11429720 2024-05-23] (Avira Operations GmbH -> Avira Operations GmbH)
S3 EndpointProtectionService2; C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe [11429720 2024-05-23] (Avira Operations GmbH -> Avira Operations GmbH)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\24.091.0505.0003\FileSyncHelper.exe [3508240 2024-05-24] (Microsoft Corporation -> Microsoft Corporation)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [347408 2023-11-30] (Underwriters Laboratories Inc. -> Futuremark)
S2 GameSDK Service; C:\Program Files (x86)\ASUS\GameSDK Service\GameSDK.exe [397544 2022-05-31] (ASUSTeK COMPUTER INC. -> ASUS Inc.)
S2 GoogleUpdaterInternalService127.0.6490.0; C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe [4785440 2024-05-20] (Google LLC -> Google LLC)
S2 GoogleUpdaterService127.0.6490.0; C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe [4785440 2024-05-20] (Google LLC -> Google LLC)
S3 iCUEUpdateService; C:\Program Files\Corsair\Corsair iCUE5 Software\iCUEUpdateService.exe [381480 2024-06-03] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MpDefenderCoreService.exe [1489000 2024-05-17] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\24.091.0505.0003\OneDriveUpdaterService.exe [3847600 2024-05-24] (Microsoft Corporation -> Microsoft Corporation)
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2024-01-06] (Even Balance, Inc. -> )
S3 Rockstar Service; D:\Launcher\RockstarService.exe [5813744 2024-05-18] (Rockstar Games, Inc. -> Rockstar Games)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [522184 2024-05-16] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\NisSrv.exe [3236840 2024-05-17] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MsMpEng.exe [133704 2024-05-17] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdfendrmgr; C:\Windows\System32\drivers\amdfendrmgr.sys [25688 2024-02-22] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdgpio3; C:\Windows\System32\drivers\amdgpio3.sys [36928 2022-09-16] (ASMedia Technology Inc. -> Advanced Micro Devices, Inc)
R2 AMDRyzenMasterDriverV20; C:\Windows\system32\AMDRyzenMasterDriver.sys [58952 2024-05-08] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
S2 AMDRyzenMasterDriverV22; C:\Windows\system32\AMDRyzenMasterDriver.sys [58952 2024-05-08] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R3 AMDSAFD; C:\Windows\System32\DriverStore\FileRepository\amdsafd.inf_amd64_54807f69fe156f14\amdsafd.sys [113088 2023-04-13] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R3 amduw23g; C:\Windows\System32\DriverStore\FileRepository\u0402593.inf_amd64_66758692e35a2906\B402774\amdkmdag.sys [100117320 2024-05-14] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
R3 AMDXE; C:\Windows\System32\drivers\amdxe.sys [61888 2023-05-24] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R1 Asusgio3; C:\Windows\system32\drivers\AsIO3.sys [59344 2023-11-22] (ASUSTeK COMPUTER INC. -> Asustek Computer Inc.)
R0 BdNet; C:\Windows\System32\DRIVERS\BdNet.sys [176712 2024-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Avira Operations GmbH)
R1 BdSentry; C:\Windows\System32\DRIVERS\BdSentry.sys [233560 2024-05-20] (Avira Operations GmbH -> Avira Operations GmbH)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [532480 2022-09-25] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [184320 2022-09-25] (Microsoft Corporation) [File not signed]
S3 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [106496 2022-05-07] (Microsoft Corporation) [File not signed]
R2 CorsairLLAccess8F050F5E415C1A5882EB9FF7CE2BC59B7BE3A953; C:\Program Files\Corsair\Corsair iCUE5 Software\CorsairLLAccess64.sys [23728 2024-06-03] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R3 cpuz158; C:\Windows\temp\cpuz158\cpuz158_x64.sys [44592 2024-06-03] (Microsoft Windows Hardware Compatibility Publisher -> CPUID) <==== ATTENTION
R1 CTIAIO; C:\Windows\system32\drivers\CtiAIo64.sys [34520 2024-03-21] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Innovation Co., LTd.)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 IGO_VSD; C:\Windows\system32\drivers\igovsd.sys [43392 2022-09-22] (British Cayman Islands Intelligo Technology Inc. Taiwan Branch -> ASUSTek Computer Inc.)
R2 inpoutx64; C:\Windows\System32\Drivers\inpoutx64.sys [15008 2024-04-22] (Red Fox UK Limited -> Highresolution Enterprises [www.highrez.co.uk])
R1 MSIO; C:\Windows\system32\drivers\MsIo64.sys [19672 2023-12-11] (Microsoft Windows Hardware Compatibility Publisher -> MICSYS Technology Co., LTd)
R3 MTKBTFilterx64; C:\Windows\system32\DRIVERS\mtkbtfilterx.sys [361472 2024-03-21] (Microsoft Windows Hardware Compatibility Publisher -> MediaTek Inc.)
R3 mtkwlex; C:\Windows\System32\drivers\mtkwl6ex.sys [1617920 2024-02-24] (Microsoft Windows Hardware Compatibility Publisher -> MediaTek Inc.)
R1 netprotection_network_filter; C:\Windows\System32\drivers\netprotection_network_filter.sys [115528 2024-05-23] (Avira Operations GmbH -> Avira Operations GmbH)
R3 ROGMS; C:\Windows\System32\DriverStore\FileRepository\rogms.inf_amd64_94d9766656ff6011\ROGMS.sys [33184 2021-08-30] (ASUSTeK Computer Inc. -> )
R3 rt25cx21; C:\Windows\System32\DriverStore\FileRepository\rt25cx21x64.inf_amd64_bda91607087ccd13\rt25cx21x64.sys [656288 2024-03-21] (Realtek Semiconductor Corp. -> Realtek)
S3 rtcx21; C:\Windows\System32\DriverStore\FileRepository\rtcx21x64.inf_amd64_516e5c9b75c49dc2\rtcx21x64.sys [539648 2022-05-06] (Microsoft Windows -> Realtek)
R1 rtp1; C:\Windows\System32\DRIVERS\rtp1.sys [414120 2024-05-22] (Avira Operations GmbH -> Avira Operations GmbH)
S1 rtp2; C:\Windows\System32\DRIVERS\rtp2.sys [414120 2024-05-22] (Avira Operations GmbH -> Avira Operations GmbH)
S0 rtp_elam; C:\Windows\System32\DRIVERS\rtp_elam.sys [28768 2024-05-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Avira Operations GmbH)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [21056 2024-05-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [601496 2024-05-17] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105880 2024-05-17] (Microsoft Windows -> Microsoft Corporation)
S3 cpuz154; \??\C:\Windows\temp\cpuz154\cpuz154_x64.sys [X] <==== ATTENTION
S3 HWiNFO_187; \??\C:\Users\drzka\AppData\Local\Temp\HWiNFO64A_187.SYS [X] <==== ATTENTION
S3 HWiNFO_190; \??\C:\Users\drzka\AppData\Local\Temp\HWiNFO64A_190.SYS [X] <==== ATTENTION
S3 netprotection_network_filter2; System32\drivers\netprotection_network_filter2.sys [X]
S3 SIUSBXP; \??\C:\Windows\system32\drivers\SiUSBXp.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-06-03 18:58 - 2024-06-03 18:59 - 000000000 ____D C:\FRST
2024-06-03 18:55 - 2024-06-03 18:59 - 000000000 ____D C:\Users\drzka\Desktop\logy
2024-06-03 18:42 - 2024-06-03 18:42 - 000725758 _____ C:\Windows\system32\perfh005.dat
2024-06-03 18:42 - 2024-06-03 18:42 - 000151026 _____ C:\Windows\system32\perfc005.dat
2024-06-03 18:36 - 2024-06-03 18:42 - 000000000 ____D C:\AdwCleaner
2024-06-03 10:09 - 2024-06-03 10:09 - 000000000 ____D C:\Windows\SysWOW64\statReporter
2024-06-03 10:09 - 2024-06-03 10:09 - 000000000 ____D C:\Users\drzka\AppData\Local\AviraWebView2Cache
2024-06-03 10:09 - 2024-06-03 10:09 - 000000000 ____D C:\Users\drzka\AppData\Local\Avira
2024-06-03 10:09 - 2024-06-03 10:09 - 000000000 ____D C:\Program Files\Avira
2024-06-03 10:09 - 2024-06-03 10:09 - 000000000 _____ C:\Windows\system32\rtp.db
2024-06-03 10:09 - 2024-05-23 08:25 - 000115528 _____ (Avira Operations GmbH) C:\Windows\system32\Drivers\netprotection_network_filter.sys
2024-06-03 10:09 - 2024-05-22 22:11 - 000414120 _____ (Avira Operations GmbH) C:\Windows\system32\Drivers\rtp2.sys
2024-06-03 10:09 - 2024-05-22 22:11 - 000414120 _____ (Avira Operations GmbH) C:\Windows\system32\Drivers\rtp1.sys
2024-06-03 10:09 - 2024-05-20 09:15 - 000233560 _____ (Avira Operations GmbH) C:\Windows\system32\Drivers\BdSentry.sys
2024-06-03 10:08 - 2024-06-03 10:09 - 000000000 ____D C:\ProgramData\Avira
2024-06-03 10:08 - 2024-06-03 10:08 - 000003888 _____ C:\Windows\system32\Tasks\Avira_Security_Maintenance
2024-06-03 10:08 - 2024-06-03 10:08 - 000003770 _____ C:\Windows\system32\Tasks\AviraSystemSpeedupVerify
2024-06-03 10:08 - 2024-06-03 10:08 - 000003706 _____ C:\Windows\system32\Tasks\Avira_FallbackUpdater
2024-06-03 10:08 - 2024-06-03 10:08 - 000003474 _____ C:\Windows\system32\Tasks\Avira_Security_Update
2024-06-03 10:08 - 2024-06-03 10:08 - 000003428 _____ C:\Windows\system32\Tasks\Avira_Security_Service_SCM_Watchdog
2024-06-03 10:08 - 2024-06-03 10:08 - 000002818 _____ C:\Windows\system32\Tasks\Avira_Security_Systray
2024-06-03 10:08 - 2024-06-03 10:08 - 000001150 _____ C:\Users\Public\Desktop\Avira.lnk
2024-06-03 10:08 - 2024-06-03 10:08 - 000000000 ____D C:\Users\Public\Speedup Sessions
2024-06-03 10:08 - 2024-06-03 10:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2024-06-03 10:08 - 2024-06-03 10:08 - 000000000 ____D C:\Program Files (x86)\Avira
2024-06-03 09:09 - 2024-06-03 09:09 - 000000878 _____ C:\Users\Public\Desktop\iCUE.lnk
2024-06-03 09:09 - 2024-06-03 09:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Corsair
2024-06-02 23:22 - 2024-06-02 23:22 - 057488912 _____ C:\Users\drzka\Downloads\TotalAV_Setup (1).exe
2024-06-02 15:53 - 2024-06-02 15:54 - 002589624 _____ (Malwarebytes) C:\Users\drzka\Downloads\MBSetup.exe
2024-06-02 13:34 - 2024-06-02 13:34 - 002112064 _____ C:\Users\drzka\Downloads\IMG20240602130126.heic
2024-06-01 20:31 - 2024-06-01 20:31 - 010262392 _____ (ESET) C:\Users\drzka\Downloads\eset_internet_security_live_installer.exe
2024-06-01 20:29 - 2024-06-02 12:57 - 000000000 ____D C:\Users\drzka\AppData\Roaming\UPO
2024-06-01 20:29 - 2024-06-01 20:29 - 000027568 _____ C:\Windows\system32\lc.dat
2024-06-01 20:28 - 2024-06-01 20:28 - 000000000 ____D C:\Users\drzka\AppData\Roaming\plugin66
2024-06-01 20:28 - 2024-06-01 20:28 - 000000000 ____D C:\Users\drzka\AppData\Local\javafast_test_v3
2024-05-31 15:20 - 2024-05-31 15:20 - 000014987 _____ C:\Users\drzka\Downloads\[SkT]První_znamení__Přichází_satan!___The_First_Omen_(2024)(EN)[WebRip][1080p]_=_CSFD_64%.torrent
2024-05-31 15:19 - 2024-05-31 15:19 - 000014960 _____ C:\Users\drzka\Downloads\[SkT]Tarot_(2024)(EN)[WebRip][1080p]_=_CSFD_61%.torrent
2024-05-29 23:59 - 2024-05-29 23:59 - 001259877 _____ C:\Users\drzka\Downloads\ASRE24677110.pdf
2024-05-29 22:13 - 2024-05-29 22:13 - 000027440 _____ C:\Windows\SysWOW64\lc.dat
2024-05-28 20:29 - 2024-05-28 20:29 - 000212638 _____ C:\Users\drzka\Downloads\[SkT]Sileny_Max__Zbesila_cesta___Mad_Max__Fury_Road_(2015)(CZ_EN)[HEVC][4K_HDR_10bit]_=_CSFD_80%.torrent
2024-05-28 20:29 - 2024-05-28 20:29 - 000063680 _____ C:\Users\drzka\Downloads\[SkT]Karlos_(CZ)(2024)[1080p][WEB-DL]_=_CSFD_36%.torrent
2024-05-24 23:47 - 2024-05-24 23:47 - 000000000 ____D C:\Users\drzka\AppData\Local\Hellblade2
2024-05-24 23:24 - 2024-05-24 23:24 - 000000643 _____ C:\Users\Public\Desktop\Senua's Saga - Hellblade II.lnk
2024-05-23 22:57 - 2024-05-23 22:57 - 012214363 _____ C:\Users\drzka\Downloads\OnePlus-USB-Drivers (2).zip
2024-05-23 20:32 - 2024-05-23 20:32 - 114291473 _____ C:\Users\drzka\Downloads\2024_0523_202130_002.MP4
2024-05-22 17:28 - 2024-05-22 17:28 - 000056067 _____ C:\Users\drzka\Downloads\[SkT]The_Grand_Tour_-_1._serie_(2016)[WebRip]_=_CSFD_91%.torrent
2024-05-22 17:27 - 2024-05-22 17:27 - 000276721 _____ C:\Users\drzka\Downloads\[SkT]Clarksons_Farm__-_1._serie_(2021)(EN CZtit.)[1080p]_=_CSFD_95%.torrent
2024-05-19 17:57 - 2024-05-19 17:57 - 000000016 _____ C:\ProgramData\mntemp
2024-05-19 17:57 - 2024-05-19 17:57 - 000000000 ____D C:\Voiceover
2024-05-19 17:56 - 2024-05-23 22:59 - 000000000 ____D C:\Users\drzka\AppData\Local\Wondershare
2024-05-19 17:56 - 2024-05-20 22:11 - 000000000 ____D C:\ProgramData\Wondershare
2024-05-19 17:56 - 2024-05-19 17:57 - 000000000 ____D C:\Users\drzka\AppData\Roaming\Wondershare
2024-05-19 17:54 - 2024-05-19 17:54 - 001995256 _____ C:\Users\drzka\Downloads\filmora-idco_setup_full1901.exe
2024-05-18 23:08 - 2024-06-03 18:28 - 000003110 _____ C:\Windows\system32\Tasks\AMDInstallLauncher
2024-05-18 23:07 - 2024-05-18 23:07 - 000002618 _____ C:\Windows\system32\Tasks\AMDRyzenMasterSDKTask
2024-05-18 23:07 - 2024-05-18 23:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Software꞉ Adrenalin Edition
2024-05-18 23:07 - 2024-05-18 23:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Bug Report Tool
2024-05-18 23:05 - 2024-05-14 19:49 - 002091224 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2024-05-18 23:05 - 2024-05-14 19:49 - 002091224 _____ C:\Windows\system32\vulkaninfo.exe
2024-05-18 23:05 - 2024-05-14 19:49 - 001649368 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2024-05-18 23:05 - 2024-05-14 19:49 - 001649368 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2024-05-18 23:05 - 2024-05-14 19:49 - 001456360 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2024-05-18 23:05 - 2024-05-14 19:49 - 001456360 _____ C:\Windows\system32\vulkan-1.dll
2024-05-18 23:05 - 2024-05-14 19:49 - 001297712 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2024-05-18 23:05 - 2024-05-14 19:49 - 001297712 _____ C:\Windows\SysWOW64\vulkan-1.dll
2024-05-18 23:05 - 2024-05-14 19:49 - 000721632 _____ C:\Windows\system32\hiprt0200064.dll
2024-05-18 23:05 - 2024-05-14 19:49 - 000598240 _____ C:\Windows\system32\GameManager64.dll
2024-05-18 23:05 - 2024-05-14 19:49 - 000492760 _____ C:\Windows\system32\EEURestart.exe
2024-05-18 23:05 - 2024-05-14 19:49 - 000451288 _____ C:\Windows\SysWOW64\GameManager32.dll
2024-05-18 23:05 - 2024-05-14 19:49 - 000174304 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2024-05-18 23:05 - 2024-05-14 19:49 - 000137440 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2024-05-18 23:05 - 2024-05-14 19:48 - 002120928 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2024-05-18 23:05 - 2024-05-14 19:48 - 001631448 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2024-05-18 23:05 - 2024-05-14 19:48 - 001631448 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2024-05-18 23:05 - 2024-05-14 19:48 - 000988888 _____ (AMD) C:\Windows\system32\atieclxx.exe
2024-05-18 23:05 - 2024-05-14 19:48 - 000526048 _____ C:\Windows\system32\atieah64.exe
2024-05-18 23:05 - 2024-05-14 19:48 - 000463576 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2024-05-18 23:05 - 2024-05-14 19:48 - 000394968 _____ C:\Windows\SysWOW64\atieah32.exe
2024-05-18 23:05 - 2024-05-14 19:48 - 000256840 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2024-05-18 23:05 - 2024-05-14 19:48 - 000217304 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2024-05-18 23:05 - 2024-05-14 19:48 - 000186584 _____ (AMD) C:\Windows\system32\atimuixx.dll
2024-05-18 23:05 - 2024-05-14 19:48 - 000129352 _____ C:\Windows\system32\amdxc64.dll
2024-05-18 23:05 - 2024-05-14 19:48 - 000065240 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ati2erec.dll
2024-05-18 23:05 - 2024-05-14 19:47 - 011516848 _____ C:\Windows\system32\amdsmi.exe
2024-05-18 23:05 - 2024-05-14 19:47 - 007550280 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdadlx64.dll
2024-05-18 23:05 - 2024-05-14 19:47 - 007330008 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdadlx32.dll
2024-05-18 23:05 - 2024-05-14 19:47 - 002212680 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdsasrv64.dll
2024-05-18 23:05 - 2024-05-14 19:47 - 001322024 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdsacli64.dll
2024-05-18 23:05 - 2024-05-14 19:47 - 001245000 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll
2024-05-18 23:05 - 2024-05-14 19:47 - 001045832 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll
2024-05-18 23:05 - 2024-05-14 19:47 - 001044888 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdsacli32.dll
2024-05-18 23:05 - 2024-05-14 19:47 - 000791880 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Rapidfire64.dll
2024-05-18 23:05 - 2024-05-14 19:47 - 000669000 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\Rapidfire.dll
2024-05-18 23:05 - 2024-05-14 19:47 - 000558920 _____ C:\Windows\system32\amdgfxinfo64.dll
2024-05-18 23:05 - 2024-05-14 19:47 - 000533832 _____ C:\Windows\system32\dgtrayicon.exe
2024-05-18 23:05 - 2024-05-14 19:47 - 000461640 _____ C:\Windows\system32\amdlogum.exe
2024-05-18 23:05 - 2024-05-14 19:47 - 000422728 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2024-05-18 23:05 - 2024-05-14 19:47 - 000105288 _____ C:\Windows\SysWOW64\amdxc32.dll
2024-05-18 23:05 - 2024-05-14 19:47 - 000041800 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\RapidFireServer64.dll
2024-05-18 23:05 - 2024-05-14 19:47 - 000038728 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\RapidFireServer.dll
2024-05-18 23:05 - 2024-05-14 19:46 - 105795912 _____ C:\Windows\system32\amd_comgr_2.dll
2024-05-18 23:05 - 2024-05-14 19:46 - 105423064 _____ C:\Windows\system32\amd_comgr.dll
2024-05-18 23:05 - 2024-05-14 19:46 - 089164104 _____ C:\Windows\SysWOW64\amd_comgr32.dll
2024-05-18 23:05 - 2024-05-14 19:46 - 021752536 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdhip64.dll
2024-05-18 23:05 - 2024-05-14 19:46 - 018434784 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdhip64_6.dll
2024-05-18 23:05 - 2024-05-14 19:46 - 001701832 _____ (AMD) C:\Windows\system32\amf-mft-mjpeg-decoder64.dll
2024-05-18 23:05 - 2024-05-14 19:46 - 001379248 _____ (AMD) C:\Windows\SysWOW64\amf-mft-mjpeg-decoder32.dll
2024-05-18 23:05 - 2024-05-14 19:46 - 000515288 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2024-05-18 23:05 - 2024-05-14 19:46 - 000380232 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2024-05-18 23:05 - 2024-05-14 19:46 - 000351560 _____ C:\Windows\system32\clinfo.exe
2024-05-18 23:05 - 2024-05-14 19:46 - 000167128 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2024-05-18 23:05 - 2024-05-14 19:46 - 000156256 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2024-05-18 23:05 - 2024-05-14 19:46 - 000156248 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2024-05-18 23:05 - 2024-05-14 19:46 - 000148960 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2024-05-18 23:05 - 2024-05-14 19:46 - 000135896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl.dll
2024-05-18 23:05 - 2024-05-14 19:46 - 000126016 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2024-05-18 23:05 - 2024-05-14 19:46 - 000126016 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2024-05-18 23:05 - 2024-05-14 19:46 - 000120832 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2024-05-18 23:05 - 2024-05-14 19:45 - 000553568 _____ C:\Windows\system32\amdmiracast.dll
2024-05-18 23:05 - 2024-05-14 19:45 - 000166096 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2024-05-18 23:05 - 2024-05-14 19:45 - 000140536 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2024-05-18 23:05 - 2024-05-14 18:50 - 106072944 _____ C:\Windows\system32\amdxc64.so
2024-05-16 22:18 - 2024-05-16 22:19 - 000000000 ___HD C:\$WinREAgent
2024-05-08 19:30 - 2024-05-08 19:30 - 000873688 _____ (Advanced Micro Devices) C:\Windows\system32\Device.dll
2024-05-08 19:30 - 2024-05-08 19:30 - 000061656 _____ (Advanced Micro Devices) C:\Windows\system32\Platform.dll
2024-05-08 18:58 - 2024-05-08 18:58 - 000058952 _____ (Advanced Micro Devices) C:\Windows\system32\AMDRyzenMasterDriver.sys
2024-05-05 23:30 - 2024-05-05 23:30 - 000000000 ____D C:\Users\drzka\OneDrive\Dokumenty\Onenotové poznámkové bloky
2024-05-05 23:30 - 2024-05-05 23:30 - 000000000 ____D C:\Users\drzka\AppData\Roaming\Microsoft\OneNote
2024-05-04 01:13 - 2024-05-23 23:33 - 000000000 ____D C:\Android
2024-05-04 00:40 - 2024-05-04 00:40 - 012214363 _____ C:\Users\drzka\Downloads\OnePlus-USB-Drivers (1).zip

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-06-03 18:58 - 2022-05-07 07:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-06-03 18:42 - 2023-03-12 02:35 - 000000000 ____D C:\Users\drzka\AppData\Roaming\IObit
2024-06-03 18:42 - 2023-02-26 19:49 - 001718036 _____ C:\Windows\system32\PerfStringBackup.INI
2024-06-03 18:42 - 2022-05-07 07:22 - 000000000 ____D C:\Windows\INF
2024-06-03 18:39 - 2023-03-11 20:07 - 000003118 _____ C:\Windows\system32\Tasks\RTSS
2024-06-03 18:39 - 2023-03-11 19:10 - 000000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2024-06-03 18:39 - 2023-03-04 19:09 - 000000000 ____D C:\Users\drzka\AppData\Roaming\utorrent
2024-06-03 18:39 - 2023-02-26 20:02 - 000000000 ____D C:\Program Files (x86)\Steam
2024-06-03 18:34 - 2023-12-02 14:57 - 000000000 ____D C:\Users\drzka\AppData\Local\CrashDumps
2024-06-03 18:34 - 2023-04-11 22:00 - 000000000 ____D C:\Users\drzka\AppData\Roaming\MPC-HC
2024-06-03 18:34 - 2023-03-04 19:08 - 000000000 ____D C:\Users\drzka\AppData\Local\BitTorrentHelper
2024-06-03 18:29 - 2023-10-21 12:57 - 000000000 ____D C:\Program Files\CCleaner
2024-06-03 18:28 - 2023-12-16 22:23 - 000003102 _____ C:\Windows\system32\Tasks\AMDLinkUpdate
2024-06-03 10:33 - 2023-03-05 18:24 - 000000000 ____D C:\Users\drzka\AppData\Roaming\discord
2024-06-03 10:30 - 2023-03-05 18:24 - 000000000 ____D C:\Users\drzka\AppData\Local\Discord
2024-06-03 10:20 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\AppReadiness
2024-06-03 10:14 - 2023-02-26 19:54 - 000000000 ____D C:\Users\drzka\AppData\Local\Packages
2024-06-03 10:14 - 2023-02-26 19:43 - 000000000 ____D C:\ProgramData\Packages
2024-06-03 10:11 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\SystemTemp
2024-06-03 10:09 - 2022-05-07 07:24 - 000000000 ___HD C:\Windows\ELAMBKUP
2024-06-03 09:30 - 2023-07-09 23:02 - 000000000 ____D C:\Users\drzka\AppData\Roaming\Corsair
2024-06-03 09:30 - 2023-07-04 11:02 - 000000000 ____D C:\Users\drzka\AppData\Local\Dell Display Manager
2024-06-03 09:30 - 2023-02-26 19:55 - 000000000 ___RD C:\Users\drzka\OneDrive
2024-06-03 09:29 - 2023-02-26 19:43 - 000001623 _____ C:\Windows\system32\config\VSMIDK
2024-06-03 09:29 - 2023-02-26 19:41 - 000901328 _____ () C:\Windows\system32\wpbbin.exe
2024-06-03 09:29 - 2023-02-26 19:41 - 000845256 _____ C:\Windows\system32\AsusUpdateCheck.exe
2024-06-03 09:29 - 2023-02-26 19:41 - 000012288 ___SH C:\DumpStack.log.tmp
2024-06-03 09:29 - 2023-02-26 19:41 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2024-06-03 09:29 - 2022-05-07 07:17 - 000524288 _____ C:\Windows\system32\config\BBI
2024-06-02 23:20 - 2023-02-26 19:41 - 000000000 ____D C:\Windows\system32\SleepStudy
2024-06-02 18:58 - 2024-01-27 23:05 - 000000000 ____D C:\Program Files\Kingston_SSD_Manager
2024-06-02 18:55 - 2024-01-27 23:06 - 000000942 _____ C:\Users\Public\Desktop\Kingston SSD Manager x64.lnk
2024-06-02 18:55 - 2024-01-27 23:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kingston SSD Manager x64
2024-06-02 16:00 - 2023-02-26 19:54 - 000000000 ____D C:\Users\drzka\AppData\Local\D3DSCache
2024-06-02 15:54 - 2022-05-07 07:24 - 000000000 ___HD C:\Program Files\WindowsApps
2024-06-02 12:57 - 2023-12-16 22:09 - 000000000 ____D C:\Program Files\AMD
2024-06-02 00:24 - 2023-03-04 19:01 - 000000000 ____D C:\Users\drzka\AppData\Local\AMD_Common
2024-06-01 19:52 - 2023-02-26 19:41 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-06-01 19:52 - 2023-02-26 19:41 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-05-30 22:12 - 2023-02-26 20:00 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-05-30 22:12 - 2023-02-26 20:00 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2024-05-30 22:11 - 2023-10-21 12:57 - 000000666 _____ C:\Windows\Tasks\CCleanerCrashReporting.job
2024-05-29 22:05 - 2023-10-21 12:57 - 000003936 _____ C:\Windows\system32\Tasks\CCleaner Update
2024-05-29 22:05 - 2023-10-21 12:57 - 000003378 _____ C:\Windows\system32\Tasks\CCleanerCrashReporting
2024-05-27 00:15 - 2023-02-26 19:52 - 000000000 ____D C:\Users\drzka
2024-05-25 22:46 - 2023-02-26 19:41 - 000003640 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-05-25 22:46 - 2023-02-26 19:41 - 000003516 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-05-25 11:42 - 2023-02-27 21:32 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2024-05-24 23:47 - 2023-10-22 17:44 - 000000000 ____D C:\Users\drzka\AppData\Local\UnrealEngine
2024-05-24 22:02 - 2023-02-26 21:29 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2024-05-24 22:02 - 2023-02-26 21:29 - 000002130 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-05-24 22:02 - 2023-02-26 19:55 - 000003588 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-677491221-3698580047-887230356-1001
2024-05-23 23:34 - 2024-03-21 00:04 - 000000000 ____D C:\Program Files (x86)\OnePlus USB Drivers
2024-05-21 23:14 - 2023-02-26 21:31 - 000000000 ____D C:\Program Files\Microsoft Office
2024-05-19 17:27 - 2023-11-25 21:11 - 000000000 ____D C:\Users\drzka\AppData\Roaming\EasyAntiCheat
2024-05-19 16:42 - 2023-02-26 19:54 - 000000000 ____D C:\Users\drzka\AppData\Local\AMD
2024-05-19 14:56 - 2023-03-04 18:40 - 000000000 ____D C:\AMD
2024-05-18 23:07 - 2023-12-16 22:23 - 000003484 _____ C:\Windows\system32\Tasks\ModifyLinkUpdate
2024-05-18 23:07 - 2023-12-16 22:22 - 000003152 _____ C:\Windows\system32\Tasks\StartCN
2024-05-18 23:07 - 2023-12-16 22:22 - 000003072 _____ C:\Windows\system32\Tasks\StartDVR
2024-05-18 22:37 - 2023-10-14 16:23 - 000000000 ____D C:\Users\drzka\AppData\Local\T2GP Launcher
2024-05-18 20:13 - 2023-02-26 20:10 - 000000000 ____D C:\Users\drzka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2024-05-18 20:03 - 2023-12-28 18:42 - 000000000 ____D C:\Users\drzka\AppData\Local\Rockstar Games
2024-05-17 11:33 - 2023-02-26 19:41 - 000000000 ____D C:\Windows\system32\Drivers\wd
2024-05-17 00:16 - 2023-02-26 19:41 - 000475792 _____ C:\Windows\system32\FNTCACHE.DAT
2024-05-17 00:15 - 2023-10-12 12:47 - 000000000 ____D C:\Windows\system32\Microsoft-Edge-WebView
2024-05-17 00:15 - 2022-05-07 12:14 - 000000000 __SHD C:\Windows\BitLockerDiscoveryVolumeContents
2024-05-17 00:15 - 2022-05-07 12:14 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2024-05-17 00:15 - 2022-05-07 07:24 - 000000000 ___SD C:\Windows\SysWOW64\F12
2024-05-17 00:15 - 2022-05-07 07:24 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2024-05-17 00:15 - 2022-05-07 07:24 - 000000000 ___SD C:\Windows\system32\UNP
2024-05-17 00:15 - 2022-05-07 07:24 - 000000000 ___SD C:\Windows\system32\F12
2024-05-17 00:15 - 2022-05-07 07:24 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2024-05-17 00:15 - 2022-05-07 07:24 - 000000000 ___RD C:\Windows\PrintDialog
2024-05-17 00:15 - 2022-05-07 07:24 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2024-05-17 00:15 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\UUS
2024-05-17 00:15 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2024-05-17 00:15 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\SysWOW64\PerceptionSimulation
2024-05-17 00:15 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\SysWOW64\Dism
2024-05-17 00:15 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\SystemResources
2024-05-17 00:15 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\SystemApps
2024-05-17 00:15 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\system32\WinMetadata
2024-05-17 00:15 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2024-05-17 00:15 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2024-05-17 00:15 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\system32\ShellExperiences
2024-05-17 00:15 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\system32\Sgrm
2024-05-17 00:15 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2024-05-17 00:15 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\system32\oobe
2024-05-17 00:15 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\system32\migwiz
2024-05-17 00:15 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\system32\HealthAttestationClient
2024-05-17 00:15 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\system32\Dism
2024-05-17 00:15 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\system32\appraiser
2024-05-17 00:15 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\ShellExperiences
2024-05-17 00:15 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\ShellComponents
2024-05-17 00:15 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\PolicyDefinitions
2024-05-17 00:15 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\BrowserCore
2024-05-17 00:15 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\bcastdvr
2024-05-17 00:15 - 2022-05-07 07:17 - 000000000 ____D C:\Windows\servicing
2024-05-16 22:24 - 2023-02-28 22:06 - 000000000 ____D C:\Windows\system32\MRT
2024-05-16 22:24 - 2022-05-07 07:17 - 000000000 ____D C:\Windows\CbsTemp
2024-05-16 22:23 - 2023-02-28 22:06 - 196465576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2024-05-16 22:21 - 2023-02-26 19:43 - 003214336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2024-05-16 22:17 - 2022-05-07 07:24 - 000000000 ____D C:\ProgramData\USOPrivate
2024-05-14 19:00 - 2023-03-05 18:24 - 000002243 _____ C:\Users\drzka\Desktop\Discord.lnk
2024-05-14 18:59 - 2023-02-26 19:56 - 000000172 ____R C:\Users\drzka\OneDrive\Dokumenty\Poznámkový blok uživatele Vojtech.url
2024-05-09 01:52 - 2023-12-16 22:22 - 002977464 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\AMDBugReportTool.exe
2024-05-07 19:51 - 2023-02-26 20:03 - 000000000 ____D C:\Users\drzka\AppData\Local\Steam

==================== Files in the root of some directories ========

2023-12-02 17:23 - 2023-12-02 18:23 - 000000169 _____ () C:\Users\drzka\AppData\Roaming\BattleBitConfig.ini

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

[Tarkin]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01.06.2024
Ran by drzka (03-06-2024 19:00:21)
Running from C:\Users\drzka\Desktop\logy
Microsoft Windows 11 Pro Version 23H2 22631.3593 (X64) (2023-02-26 17:43:19)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-677491221-3698580047-887230356-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-677491221-3698580047-887230356-503 - Limited - Disabled)
drzka (S-1-5-21-677491221-3698580047-887230356-1001 - Administrator - Enabled) => C:\Users\drzka
Guest (S-1-5-21-677491221-3698580047-887230356-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-677491221-3698580047-887230356-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avira Security (Enabled - Up to date) {09B870F1-4EAA-0247-50BF-43DEE2D355CA}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-677491221-3698580047-887230356-1001\...\uTorrent) (Version: 3.6.0.47084 - BitTorrent Limited)
AAF DCH Optimus Audio (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBD}_is1) (Version: 10.0.22621.608 - AAF Optimus)
AFOP (HKLM-x32\...\Uplay Install 4740) (Version: - Ubisoft)
Alan Wake 2 (HKLM-x32\...\Alan Wake 2_is1) (Version: 0.0.0 - DODI-Repacks)
AMD GPIO2 Driver (HKLM-x32\...\{E9DD399F-21A3-479E-A7DF-D6CF4B2ADBF3}) (Version: 2.2.0.130 - Advanced Micro Devices, Inc.) Hidden
AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 6.02.07.2300 - Advanced Micro Devices, Inc.)
AMD I2C Driver (HKLM-x32\...\{B31D92D9-2914-46B0-9738-F668A563DE73}) (Version: 1.2.0.124 - Advanced Micro Devices, Inc.) Hidden
AMD PPM Provisioning File Driver (HKLM-x32\...\{3665A5DE-D07C-46D7-9207-713E8E9FEF32}) (Version: 8.0.0.27 - Advanced Micro Devices, Inc.) Hidden
AMD PSP Driver (HKLM-x32\...\{988F14B8-79A8-475D-BAC7-83F96AD3D821}) (Version: 5.27.0.0 - Advanced Micro Devices, Inc.) Hidden
AMD SBxxx SMBus Driver (HKLM-x32\...\{AAE0E27D-C88A-49BA-8715-77ADCD4286A3}) (Version: 5.12.0.38 - Advanced Micro Devices, Inc.) Hidden
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 24.5.1 - Advanced Micro Devices, Inc.)
AMD_Chipset_Drivers (HKLM-x32\...\{87355a16-0a35-41ad-b751-301db3b6b78c}) (Version: 6.02.07.2300 - Advanced Micro Devices, Inc.) Hidden
ASUS AIOFan HAL (HKLM\...\{EAE80DED-1A39-41C5-9F60-87CC947F6454}) (Version: 1.2.16.0 - ASUSTek COMPUTER INC.) Hidden
ASUS AIOFan HAL (HKLM-x32\...\{1cc3b919-0334-4fab-aea3-6a7b47235509}) (Version: 1.2.16.0 - ASUSTek COMPUTER INC.) Hidden
ASUS Ambient HAL (HKLM\...\{2D7710B3-1561-486D-901F-458770B079D1}) (Version: 2.7.0.0 - ASUSTeK COMPUTER INC.) Hidden
ASUS Ambient HAL (HKLM-x32\...\{4ca6df8f-d753-49f6-a5da-ebee19a56f2f}) (Version: 2.7.0.0 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Extension Card HAL (HKLM\...\{237E1CAC-1708-4940-AC34-DF15C079AB70}) (Version: 1.1.0.20 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Extension Card HAL (HKLM-x32\...\{49c4358d-054e-4cf1-9ec1-dca3487f304a}) (Version: 1.1.0.20 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Motherboard HAL (HKLM\...\{4EBEAC95-76BC-46A8-8644-6E2F1C87CF70}) (Version: 1.3.9.6 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Motherboard HAL (HKLM-x32\...\{4edc3c3e-2ec4-43d0-a184-ad61bc7dda53}) (Version: 1.3.9.6 - ASUSTeK COMPUTER INC.) Hidden
ASUS Keyboard HAL (HKLM\...\{AF92E89C-547B-4043-9298-0BAABD1F70EA}) (Version: 1.2.55.0 - ASUSTek COMPUTER INC.) Hidden
ASUS Keyboard HAL (HKLM-x32\...\{6df9a8c3-1f55-4422-ac64-4cd95989a3cf}) (Version: 1.2.55.0 - ASUSTek COMPUTER INC.) Hidden
ASUS Motherboard (HKLM-x32\...\{93795eb8-bd86-4d4d-ab27-ff80f9467b37}) (Version: 4.01.38 - ASUSTek Computer Inc.)
ASUS Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.107.113 - ASUSTeK Computer Inc.) Hidden
AURA DRAM Component (HKLM\...\{F2E3BF81-9CB7-4093-8A2B-FF7DFF631E7F}) (Version: 1.1.25 - ASUS) Hidden
AURA DRAM Component (HKLM-x32\...\{9e3269a6-bacd-4c90-98cc-28b15874bf74}) (Version: 1.1.25 - ASUS) Hidden
Avira Fallback Updater (HKLM-x32\...\Avira Fallback Updater) (Version: - ) Hidden
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.44.1.19908 - Avira Operations GmbH & Co. KG) Hidden
Avira Security (HKLM-x32\...\Avira Security_is1) (Version: 1.1.101.650 - Avira Operations GmbH) Hidden
Avira Security (HKLM-x32\...\AviraSecurityUninstaller) (Version: - Avira Operations GmbH)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 7.3.0.501 - Avira Operations GmbH) Hidden
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
Bloody7 (HKLM-x32\...\Bloody3) (Version: 22.11.0004 - Bloody)
Branding64 (HKLM\...\{492AEFBE-1B81-4C20-A111-E6974BB98EC5}) (Version: 1.00.0009 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 6.24 - Piriform)
Corsair iCUE5 Software (HKLM\...\{A9B0B2D7-8C59-4413-A2FB-99EDBE65A608}) (Version: 5.15.117 - Corsair)
CPUID ASUS CPU-Z 2.01 (HKLM\...\CPUID ASUS CPU-Z_is1) (Version: 2.01 - CPUID, Inc.)
CPUID CPU-Z 2.08 (HKLM\...\CPUID CPU-Z_is1) (Version: 2.08 - CPUID, Inc.)
Dell Display Manager 2.3 (HKLM\...\Dell Display Manager 2) (Version: 2.3.0.19 - Dell Inc.)
Discord (HKU\S-1-5-21-677491221-3698580047-887230356-1001\...\Discord) (Version: 1.0.9011 - Discord Inc.)
EA app (HKLM\...\{C2622085-ABD2-49E5-8AB9-D3D6A642C091}) (Version: 13.86.0.5599 - Electronic Arts) Hidden
EA app (HKLM-x32\...\{cacc560a-9ede-4f2f-ba96-fef05cf7bb1d}) (Version: 13.86.0.5599 - Electronic Arts)
Endpoint Protection SDK (HKLM\...\{68E1CCB4-4965-4713-BDEB-77F6D6C9BF9D}_is1) (Version: 1.0.2405.2972 - Avira Operations GmbH) Hidden
ENE RGB HAL (HKLM\...\{E050E98C-5524-4AFB-9E53-97700BEF2C02}) (Version: 1.1.48.6 - Ene Tech.) Hidden
ENE RGB HAL (HKLM-x32\...\{2f11e68d-297d-4e28-80e0-b98178606bea}) (Version: 1.1.48.6 - Ene Tech.) Hidden
ENE_EHD_M2_HAL (HKLM\...\{37A48B7F-D4EA-4863-844E-A284E2AA3C5D}) (Version: 1.0.10.3 - ENE TECHNOLOGY INC.) Hidden
ENE_EHD_M2_HAL (HKLM-x32\...\{79e8502b-eaf7-4831-b53d-2da128540d16}) (Version: 1.0.10.3 - ENE TECHNOLOGY INC.) Hidden
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Far Cry 6 (HKLM-x32\...\Far Cry 6_is1) (Version: 0.0.0 - DODI-Repacks)
Futuremark SystemInfo (HKLM-x32\...\{DB3FC272-D04E-42E1-A981-20A781A9561C}) (Version: 5.69.1204.0 - Futuremark)
GameSDK Service (HKLM-x32\...\{021d69c3-d686-4a94-8fb5-fd1ee782fb14}) (Version: 1.0.5.0 - ASUSTek COMPUTER INC.)
GameSDK Service (HKLM-x32\...\{7160DA8D-3F25-4F6E-ABC8-F693551D82FA}) (Version: 1.0.5.0 - ASUSTek COMPUTER INC.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 125.0.6422.113 - Google LLC)
HD Tune Pro 5.50 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software)
Horizon Forbidden West (HKLM-x32\...\Horizon Forbidden West_is1) (Version: 0.0.0 - DODI-Repacks)
HWiNFO64 (HKLM\...\HWiNFO64_is1) (Version: 7.68 - Martin Malik, REALiX s.r.o.)
Chernobylite Enhanced Edition Season 3 (HKLM-x32\...\FLT_Chernobylite) (Version: - )
Infatica P2B Network (HKLM-x32\...\{043C71DF-992B-4A8C-B584-DE65480802F8}_is1) (Version: 1.0.6.4 - )
Kingston AURA DRAM Component (HKLM\...\{965CDF5F-901C-476F-B3A8-7396701B1129}) (Version: 1.1.33 - KINGSTON COMPONENTS INC.) Hidden
Kingston AURA DRAM Component (HKLM-x32\...\{6fcd931b-eac3-4850-9d72-8e2124e32754}) (Version: 1.1.33 - KINGSTON COMPONENTS INC.) Hidden
Kingston SSD Manager x64 1.5.4.5 (HKLM-x32\...\{53F657CD-C4FC-4DCD-826E-6862917532AC}_is1) (Version: 1.5.4.5 - @2021 Kingston Digital, Inc.)
K-Lite Codec Pack 17.5.2 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 17.5.2 - KLCP)
Microsoft .NET Host - 5.0.17 (x64) (HKLM\...\{E663ED1E-899C-40E8-91D0-8D37B95E3C69}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host - 6.0.16 (x64) (HKLM\...\{1D0AC7F1-2B34-44AF-91F6-88757D768DA7}) (Version: 48.67.58427 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.17 (x64) (HKLM\...\{8BA25391-0BE6-443A-8EBF-86A29BAFC479}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.14 (x64) (HKLM\...\{D1726E78-81F3-40A2-A7AF-6286BAA49B1C}) (Version: 48.59.55225 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.16 (x64) (HKLM\...\{B8537ACA-B210-4DF5-B928-E41CEB76723D}) (Version: 48.67.58427 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.17 (x64) (HKLM\...\{5A66E598-37BD-4C8A-A7CB-A71C32ABCD78}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.14 (x64) (HKLM\...\{61202CF9-3B84-4E5A-91A1-2984FAE38259}) (Version: 48.59.55225 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.16 (x64) (HKLM\...\{C71E93D2-B8B4-4858-B2A1-4C967DBC1C5F}) (Version: 48.67.58427 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.16 (x64) (HKLM-x32\...\{2a8d0f2b-911b-4b58-8252-46b29e7a4590}) (Version: 6.0.16.32323 - Microsoft Corporation)
Microsoft 365 - cs-cz (HKLM\...\O365HomePremRetail - cs-cz) (Version: 16.0.17531.20152 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 125.0.2535.79 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 125.0.2535.79 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 24.091.0505.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.38.33135 (HKLM-x32\...\{c649ede4-f16a-4486-a117-dcc2f2a35165}) (Version: 14.38.33135.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.38.33135 (HKLM-x32\...\{46c3b171-c15c-4137-8e1d-67eeb2985b44}) (Version: 14.38.33135.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.38.33135 (HKLM\...\{19AFE054-CA83-45D5-A9DB-4108EF4BD391}) (Version: 14.38.33135 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.38.33135 (HKLM\...\{AA0C8AB5-7297-4D46-A0D9-08096FE59E46}) (Version: 14.38.33135 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.38.33135 (HKLM-x32\...\{9C19C103-7DB1-44D1-A039-2C076A633A38}) (Version: 14.38.33135 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.38.33135 (HKLM-x32\...\{286DC39B-5FB7-4AFF-9DD4-22DB47664CD7}) (Version: 14.38.33135 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 5.0.17 (x64) (HKLM\...\{3C31CBA1-A0D9-4B95-A807-AD2313D12F47}) (Version: 40.68.31219 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 5.0.17 (x64) (HKLM-x32\...\{20d5df4e-006c-4d6d-a0dc-490d009b9786}) (Version: 5.0.17.31219 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 6.0.14 (x64) (HKLM\...\{424D9E0C-14D9-4D4B-9562-845689D972F6}) (Version: 48.59.55235 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.14 (x64) (HKLM-x32\...\{c4558324-5b32-43fc-9ac2-423fee96dae0}) (Version: 6.0.14.32124 - Microsoft Corporation)
MorePowerTool (HKLM-x32\...\{182DC641-57F9-4391-ADD4-17B921B03743}) (Version: 1.3.19 - MoreTools © By Hellm)
MSI Kombustor 4.1.26.0 (64-bit) (HKLM\...\{F3D3CC6B-9AD7-4F43-8C69-40D5902FDC5C}}_is1) (Version: - MSI / Geeks3D)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.17425.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17531.20152 - Microsoft Corporation) Hidden
Patriot Viper DRAM RGB (HKLM\...\{1F9C282E-CCB4-4D8E-A5CB-7B74DFCD8C95}) (Version: 1.0.9.8 - Patriot Memory) Hidden
Patriot Viper DRAM RGB (HKLM-x32\...\{55993b50-5bec-47c8-8b2b-1aecad927e48}) (Version: 1.0.9.8 - Patriot Memory) Hidden
Patriot Viper M2 SSD RGB (HKLM\...\{8B4C0A3D-C135-4E1F-98D8-3926494B4D61}) (Version: 1.1.0.3 - Patriot Memory) Hidden
Patriot Viper M2 SSD RGB (HKLM-x32\...\{6e0eff60-c502-43bb-8f56-360ca07e73d9}) (Version: 1.1.0.3 - Patriot Memory) Hidden
Promontory_GPIO Driver (HKLM-x32\...\{B5512BCC-F4CD-4159-86A4-B2AD7D38FFA9}) (Version: 3.0.0.0 - Advanced Micro Devices, Inc.) Hidden
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9608.1 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 11.9.0614.2022 - Realtek)
REDlauncher (HKU\S-1-5-21-677491221-3698580047-887230356-1001\...\{7258BA11-600C-430E-A759-27E2C691A335}-REDlauncher_is1) (Version: - CD Projekt RED)
RivaTuner Statistics Server 7.3.4 Beta 8 (HKLM-x32\...\RTSS) (Version: 7.3.4 Beta 8 - Unwinder)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.89.1979 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.3.0.8 - Rockstar Games)
ROG STRIX SCOPE RX (HKLM-x32\...\{63c78ce2-290f-4fa2-9428-cedcc7a4c0c2}) (Version: 4.01.14 - ASUSTek Computer Inc.)
ROGFontInstaller (HKLM\...\{605108C1-153E-43D8-8A67-7CE326B00ECA}) (Version: 1.0.0 - ASUS)
RyzenMasterSDK (HKLM\...\{32D8096C-1B3B-4EC1-BDE7-4AEC2761FE40}) (Version: 1.2.3.5 - Advanced Micro Devices, Inc.) Hidden
Senua's Saga: Hellblade II (HKLM-x32\...\Senua's Saga: Hellblade II_is1) (Version: - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak (HKLM\...\{1A2225E5-E3DC-4227-B307-9857CCCCF540}) (Version: 5.0.0 - TeamSpeak)
TechPowerUp GPU-Z (HKLM-x32\...\{8B0F211E-5846-4FB2-B0B9-4EB31546FDF9}}_is1) (Version: 2.57.0 - TechPowerUp)
Two-Way AI Noise Cancelation (HKLM\...\Two-Way AI Noise Cancelation) (Version: 1.1.0.1 - ASUSTek Computer Inc.)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 148.2.10984 - Ubisoft)
Universal Holtek RGB DRAM (HKLM\...\{826388E4-E31F-4514-948B-3BB954FB3EAF}) (Version: 1.0.0.7 - PD) Hidden
Universal Holtek RGB DRAM (HKLM-x32\...\{9a732423-e2f4-47d0-87ab-ef745c7dba69}) (Version: 1.0.0.7 - PD) Hidden
Wargaming.net Game Center (HKU\S-1-5-21-677491221-3698580047-887230356-1001\...\Wargaming.net Game Center) (Version: 24.2.0.5793 - Wargaming.net)
WD_BLACK AN1500 (HKLM\...\{085E2365-0A70-4230-B664-02D5E4FE7E9C}) (Version: 1.0.14.0 - ENE TECHNOLOGY INC.) Hidden
WD_BLACK AN1500 (HKLM-x32\...\{e42c5874-37b0-4977-9e8d-70bf006e1f76}) (Version: 1.0.14.0 - ENE TECHNOLOGY INC.) Hidden
WinRAR 6.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.21.0 - win.rar GmbH)
World of Tanks EU (2) (HKU\S-1-5-21-677491221-3698580047-887230356-1001\...\1545387067) (Version: - Wargaming.net)
World of Tanks EU (HKU\S-1-5-21-677491221-3698580047-887230356-1001\...\WOT.EU.PRODUCTION) (Version: - Wargaming.net)

Packages:
=========

AMD Radeon Software -> C:\Program Files\AMD\CNext\CNext [2024-05-18] (Advanced Micro Devices Inc.)
Armoury Crate -> C:\Program Files\ASUS\AacAmbientHal [2024-03-21] (Sparse Package)
ARMOURY CRATE -> C:\Program Files\WindowsApps\B9ECED6F.ArmouryCrate_5.8.9.0_x64__qmba6cd70vzyy [2024-04-01] (ASUSTeK COMPUTER INC.)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.23.0_neutral__8xx8rvfyw5nnt [2024-04-26] (Instagram)
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2403.21002.0_x64__8wekyb3d8bbwe [2024-04-04] (Microsoft Corporation) [Startup Task]
Microsoft.BingSearch -> C:\Program Files\WindowsApps\Microsoft.BingSearch_1.0.91.0_x64__8wekyb3d8bbwe [2024-03-21] (Microsoft Corporation)
MicrosoftWindows.CrossDevice -> C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.24051.39.0_x64__cw5n1h2txyewy [2024-05-30] (Microsoft Windows) [Startup Task]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.99.5.0_x64__mcm4njqhnhss8 [2024-04-21] (Netflix, Inc.)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.48.313.0_x64__dt26b99r8h8gj [2024-03-21] (Realtek Semiconductor Corp)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.238.720.0_x64__zpdnekdrzrea0 [2024-05-29] (Spotify AB) [Startup Task]
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2421.7.0_x64__cv1g1gvanyjgm [2024-06-01] (WhatsApp Inc.) [Startup Task]
Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.LKG_cw5n1h2txyewy [2024-05-17] (Microsoft Windows)
WinRAR -> C:\Program Files\WinRAR [2023-03-11] (win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-677491221-3698580047-887230356-1001_Classes\CLSID\{989dacff-3a01-6b2c-f623-9ef1597c6141}\localserver32 -> C:\Program Files\Dell\Dell Display Manager 2\DDM.exe (Qisda Corporation -> Dell Inc.)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.091.0505.0003\FileSyncShell64.dll [2024-05-24] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.091.0505.0003\FileSyncShell64.dll [2024-05-24] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.091.0505.0003\FileSyncShell64.dll [2024-05-24] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.091.0505.0003\FileSyncShell64.dll [2024-05-24] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.091.0505.0003\FileSyncShell64.dll [2024-05-24] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.091.0505.0003\FileSyncShell64.dll [2024-05-24] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.091.0505.0003\FileSyncShell64.dll [2024-05-24] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.091.0505.0003\FileSyncShell64.dll [2024-05-24] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.091.0505.0003\FileSyncShell64.dll [2024-05-24] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.091.0505.0003\FileSyncShell64.dll [2024-05-24] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.091.0505.0003\FileSyncShell64.dll [2024-05-24] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.091.0505.0003\FileSyncShell64.dll [2024-05-24] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.091.0505.0003\FileSyncShell64.dll [2024-05-24] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.091.0505.0003\FileSyncShell64.dll [2024-05-24] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.091.0505.0003\FileSyncShell64.dll [2024-05-24] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {14cb2bd0-2375-3d10-9b5d-5e18865c8959} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2024-05-06] (Avira Operations GmbH -> Avira Operations GmbH)
ContextMenuHandlers2: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL [2024-05-02] (Avira Operations GmbH -> Avira Operations GmbH)
ContextMenuHandlers3: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL [2024-05-02] (Avira Operations GmbH -> Avira Operations GmbH)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.091.0505.0003\FileSyncShell64.dll [2024-05-24] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {700866bb-c8e9-3e71-b359-abb28baed0e8} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2024-05-06] (Avira Operations GmbH -> Avira Operations GmbH)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.091.0505.0003\FileSyncShell64.dll [2024-05-24] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {0cab5786-30e8-3185-9b3b-ccefbf1b8afe} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2024-05-06] (Avira Operations GmbH -> Avira Operations GmbH)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-04-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-05-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-05-12] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-05-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-05-12] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-05-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-05-12] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-05-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-05-12] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2022-05-07 07:24 - 2024-06-03 09:28 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\dotnet\;C:\Android;C:\Windows\System32
HKU\S-1-5-21-677491221-3698580047-887230356-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\drzka\Downloads\ultrawide-New-York-City-Empire-State-Building-cityscape-USA-Manhattan-2165811-wallhere.com.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-677491221-3698580047-887230356-1001\...\StartupApproved\StartupFolder: => "Poslat do aplikace OneNote.lnk"
HKU\S-1-5-21-677491221-3698580047-887230356-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_C4C808E20A5B33CC1E09AAA69952E6C1"
HKU\S-1-5-21-677491221-3698580047-887230356-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-677491221-3698580047-887230356-1001\...\StartupApproved\Run: => "EADM"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2F3BF5A6-3981-43AA-87B7-E4AE1C0002C6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{7204D30E-263F-43DA-AF12-231302A9E713}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{30A31154-C377-4FA1-B81A-F7D2CFC86673}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{F15A9CF1-502D-48D6-A916-AE9BDFB1FD8B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [TCP Query User{E7C96AF5-C3AE-4BF4-A761-8A59DAD0DEE3}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming Group Limited -> Wargaming.net)
FirewallRules: [UDP Query User{D29C0454-421B-4F19-8BED-392A40BBD0F9}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming Group Limited -> Wargaming.net)
FirewallRules: [{F1D6BD12-3D46-4BF8-B058-B333996EAF0C}] => (Allow) J:\SteamLibrary\steamapps\common\Hunt Showdown\hunt.exe => No File
FirewallRules: [{57497151-2B54-4889-BF57-758817E90B83}] => (Allow) J:\SteamLibrary\steamapps\common\Hunt Showdown\hunt.exe => No File
FirewallRules: [{793109E5-75F5-4084-A446-6778DCCA127B}] => (Allow) J:\SteamLibrary\steamapps\common\Warhammer Vermintide 2\launcher\Launcher.exe => No File
FirewallRules: [{A6D3D220-49AB-4EFE-92ED-1BBD2C159353}] => (Allow) J:\SteamLibrary\steamapps\common\Warhammer Vermintide 2\launcher\Launcher.exe => No File
FirewallRules: [{85A11FB3-2A1D-4DB1-A2B7-B184AE8EBF53}] => (Allow) J:\SteamLibrary\steamapps\common\Mafia II Definitive Edition\2KLauncher\LauncherPatcher.exe => No File
FirewallRules: [{701E6520-A8A3-4020-AA68-FB5516F99B38}] => (Allow) J:\SteamLibrary\steamapps\common\Mafia II Definitive Edition\2KLauncher\LauncherPatcher.exe => No File
FirewallRules: [{830641E4-8086-4F07-9C41-6D251673713F}] => (Allow) J:\SteamLibrary\steamapps\common\DayZ\DayZLauncher.exe => No File
FirewallRules: [{42A68589-21CF-4B20-A938-FC189E71636B}] => (Allow) J:\SteamLibrary\steamapps\common\DayZ\DayZLauncher.exe => No File
FirewallRules: [{40A4D201-304C-463C-95F3-B6EB0B85B86A}] => (Allow) J:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe => No File
FirewallRules: [{0D4AA56D-9925-48BD-BC26-500B1C9A066D}] => (Allow) J:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe => No File
FirewallRules: [{F3E5688D-124E-46E7-BDF7-B9140A08EACC}] => (Allow) J:\SteamLibrary\steamapps\common\Company of Heroes 2\RelicCoH2.exe => No File
FirewallRules: [{B2077F8F-62C3-4791-9FF4-90B303FEEC6C}] => (Allow) J:\SteamLibrary\steamapps\common\Company of Heroes 2\RelicCoH2.exe => No File
FirewallRules: [{8DCA0E3C-631A-4A56-B8EF-01FA1EC8F39D}] => (Allow) J:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe => No File
FirewallRules: [{650BA7B1-BE2F-45DE-8AC2-978A292A47A6}] => (Allow) J:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe => No File
FirewallRules: [{C15DB393-6FDD-419E-830B-4D2323189907}] => (Allow) J:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe => No File
FirewallRules: [{6F0E6620-8332-40DB-AEFE-33ABE619B2A1}] => (Allow) J:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe => No File
FirewallRules: [{8609E886-313D-4CC3-B251-C02393D62EB2}] => (Allow) J:\SteamLibrary\steamapps\common\Metro Exodus Enhanced Edition\MetroExodus.exe => No File
FirewallRules: [{A7730E1D-1976-40F8-B7FA-8F92124189AA}] => (Allow) J:\SteamLibrary\steamapps\common\Metro Exodus Enhanced Edition\MetroExodus.exe => No File
FirewallRules: [TCP Query User{3C3A6441-A0D9-4305-9389-9EBF7268EB63}C:\users\drzka\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\drzka\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Limited)
FirewallRules: [UDP Query User{6D40B526-516E-4E8A-80EA-A257CAF12483}C:\users\drzka\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\drzka\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Limited)
FirewallRules: [{0E7B76C6-A6B4-4E37-A13D-989CAF33F228}] => (Allow) D:\SteamLibrary\steamapps\common\Company of Heroes 2\RelicCoH2.exe (RELIC ENTERTAINMENT, INC. -> Relic Entertainment Inc.)
FirewallRules: [{8FF1BD71-FE52-42A9-B79B-7F323AC69EBE}] => (Allow) D:\SteamLibrary\steamapps\common\Company of Heroes 2\RelicCoH2.exe (RELIC ENTERTAINMENT, INC. -> Relic Entertainment Inc.)
FirewallRules: [{986DF3F2-6593-482B-AEBC-C3B9A8C102C5}] => (Allow) D:\SteamLibrary\steamapps\common\DayZ\DayZLauncher.exe (BOHEMIA INTERACTIVE a.s. -> Bohemia Interactive a.s.)
FirewallRules: [{16DAF562-E196-4B86-8F82-765E9E7A8FCC}] => (Allow) D:\SteamLibrary\steamapps\common\DayZ\DayZLauncher.exe (BOHEMIA INTERACTIVE a.s. -> Bohemia Interactive a.s.)
FirewallRules: [{E82BBB4C-72A2-4BC2-8F1D-75EA613CCB5C}] => (Allow) D:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve Corp. -> )
FirewallRules: [{48386519-32E0-41EE-8FAA-B05BB7E7618B}] => (Allow) D:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve Corp. -> )
FirewallRules: [{B7737008-56F0-4141-8C63-2EBFD7BD847C}] => (Allow) D:\SteamLibrary\steamapps\common\The Witcher 3\REDprelauncher.exe (GOG sp. z o.o -> GOG.com)
FirewallRules: [{31999F19-8F7D-4912-B001-1C1301C0F838}] => (Allow) D:\SteamLibrary\steamapps\common\The Witcher 3\REDprelauncher.exe (GOG sp. z o.o -> GOG.com)
FirewallRules: [{F3A0DCF1-4511-49F0-A833-BA968549681E}] => (Allow) D:\SteamLibrary\steamapps\common\Hogwarts Legacy\HogwartsLegacy.exe (Warner Bros. Interactive) [File not signed]
FirewallRules: [{231852D7-BDA6-4468-B766-BDD11B065C86}] => (Allow) D:\SteamLibrary\steamapps\common\Hogwarts Legacy\HogwartsLegacy.exe (Warner Bros. Interactive) [File not signed]
FirewallRules: [{4FD4C7C3-9F80-4D34-B0D8-DCEC21A399A1}] => (Allow) D:\SteamLibrary\steamapps\common\Mafia Definitive Edition\2KLauncher\LauncherPatcher.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.)
FirewallRules: [{04CEC270-C5D7-4D81-AE37-DCB5CE440276}] => (Allow) D:\SteamLibrary\steamapps\common\Mafia Definitive Edition\2KLauncher\LauncherPatcher.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.)
FirewallRules: [{DED6E364-E4AB-4017-A258-5B8924FF283A}] => (Allow) D:\SteamLibrary\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe (Tripwire Interactive, LLC.) [File not signed]
FirewallRules: [{43764D7A-6EE7-41A3-A6F0-6349158015D1}] => (Allow) D:\SteamLibrary\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe (Tripwire Interactive, LLC.) [File not signed]
FirewallRules: [{2D97C6F9-3BEE-42E7-A4EB-59A9EFCAE58E}] => (Allow) D:\SteamLibrary\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{2D206AC7-7B40-4188-A119-2BFFF3EF10C7}] => (Allow) D:\SteamLibrary\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [TCP Query User{061DE13D-FF3A-4918-8E07-13DC5FC784AC}D:\world_of_tanks_eu\win64\worldoftanks.exe] => (Allow) D:\world_of_tanks_eu\win64\worldoftanks.exe (Wargaming Group Limited -> Wargaming.net)
FirewallRules: [UDP Query User{B5033CB8-5BD2-4EE4-A406-746CC575452B}D:\world_of_tanks_eu\win64\worldoftanks.exe] => (Allow) D:\world_of_tanks_eu\win64\worldoftanks.exe (Wargaming Group Limited -> Wargaming.net)
FirewallRules: [{F2093B45-A438-4DFF-BFEE-BB66CE8BFB8F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{BB1ACBD7-D25E-4468-8A76-D821B16A5F2A}C:\users\drzka\downloads\rustdesk-1.1.9-x64.exe] => (Allow) C:\users\drzka\downloads\rustdesk-1.1.9-x64.exe (Zhou Huabing -> )
FirewallRules: [UDP Query User{FC628F03-1DDA-4488-A491-2738F0B667E1}C:\users\drzka\downloads\rustdesk-1.1.9-x64.exe] => (Allow) C:\users\drzka\downloads\rustdesk-1.1.9-x64.exe (Zhou Huabing -> )
FirewallRules: [TCP Query User{4A8B8BB6-9A23-4891-9476-2901CA9F21FE}C:\users\drzka\appdata\roaming\utorrent\updates\utorrent.exe] => (Block) C:\users\drzka\appdata\roaming\utorrent\updates\utorrent.exe (BitTorrent Inc -> BitTorrent Limited)
FirewallRules: [UDP Query User{BEC97079-8100-4005-B983-8C05B3F66E12}C:\users\drzka\appdata\roaming\utorrent\updates\utorrent.exe] => (Block) C:\users\drzka\appdata\roaming\utorrent\updates\utorrent.exe (BitTorrent Inc -> BitTorrent Limited)
FirewallRules: [{EB7E963C-B6D6-49B5-8FCC-5431C7869A92}] => (Allow) D:\SteamLibrary\steamapps\common\Deep Rock Galactic\FSD.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{F0043AF7-27E9-49DC-ADDF-6D40952D084A}] => (Allow) D:\SteamLibrary\steamapps\common\Deep Rock Galactic\FSD.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{E14F5661-374B-4778-8A67-39DE84A6EE16}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{91AA6DD7-F383-4AE5-9AD4-D5E689A5E136}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{6287A8B9-11A8-43C4-AAD6-3E5083291CF0}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{6020068E-E976-4C7D-AFF9-07F237B36E0A}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{9CD71415-4A29-4F88-B01E-5BB7778C76E7}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{ABD4D3F7-B400-4A46-856F-43D08C7D8027}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{623A0E1F-0C9E-419D-BB7A-56E06CA5BC33}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{E3358742-A6B4-4812-9DE5-2230BE4D2553}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{7FC2CEDA-5204-4F64-ABB6-3313D73A7300}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{ABC5B82F-91BD-4D6F-A4B9-D4692496DB9D}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{227E80D7-070B-4AF3-9C0A-EB8808C92961}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALaunchHelper.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [TCP Query User{63E1C96E-EEAE-461D-A86F-022163CE8689}D:\steamlibrary\steamapps\common\dayz\dayz_x64.exe] => (Allow) D:\steamlibrary\steamapps\common\dayz\dayz_x64.exe (BOHEMIA INTERACTIVE a.s. -> Bohemia Interactive a.s.)
FirewallRules: [UDP Query User{D34D9ED4-5F37-48CD-A90C-251478FA3CD5}D:\steamlibrary\steamapps\common\dayz\dayz_x64.exe] => (Allow) D:\steamlibrary\steamapps\common\dayz\dayz_x64.exe (BOHEMIA INTERACTIVE a.s. -> Bohemia Interactive a.s.)
FirewallRules: [{B931F461-4CD8-4ADA-A7D5-14458522165F}] => (Allow) D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe (BOHEMIA INTERACTIVE a.s. -> BattlEye Innovations)
FirewallRules: [{A5B3421F-7409-4A4E-8DFF-ABC4FBE7EBB3}] => (Allow) D:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe (BOHEMIA INTERACTIVE a.s. -> BattlEye Innovations)
FirewallRules: [{E070B87C-0E2B-49B9-8665-A3531B83F67B}] => (Allow) D:\SteamLibrary\steamapps\common\3DMark\bin\x64\3DMark.exe (Underwriters Laboratories Inc. -> )
FirewallRules: [{630950A6-3F19-48B7-8744-C71A389E8BA8}] => (Allow) D:\SteamLibrary\steamapps\common\3DMark\bin\x64\3DMark.exe (Underwriters Laboratories Inc. -> )
FirewallRules: [{A950D275-5F3A-48A0-BE2B-73019EA79C32}] => (Allow) D:\SteamLibrary\steamapps\common\Dying Light 2\ph\work\bin\x64\DyingLightGame_x64_rwdi.exe (Techland S.A. -> Techland)
FirewallRules: [{0957BB5D-AD38-4C8C-8286-92057789535E}] => (Allow) D:\SteamLibrary\steamapps\common\Dying Light 2\ph\work\bin\x64\DyingLightGame_x64_rwdi.exe (Techland S.A. -> Techland)
FirewallRules: [TCP Query User{56D4178F-ECF3-42C6-8F2D-3989A62069D3}D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [UDP Query User{A4CBB962-DD95-441B-B680-7ADBCC0E75D6}D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{745C52DD-7DC2-4ABE-B67B-2674A716D5BC}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{CE71B9E7-753D-42FC-8B8F-095AB29021EF}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{09230320-5DDE-4317-B888-E971E5E17137}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{200CEBDD-6771-4AA0-A5C1-E4F88E46BD84}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{6669D114-1B0F-4163-B75A-01497CA0ED61}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe (Electronic Sports Network i Sverige AB -> ESN Social Software AB)
FirewallRules: [{A818574D-8001-4856-BA98-76E5C859FA21}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe (Electronic Sports Network i Sverige AB -> ESN Social Software AB)
FirewallRules: [{89487C62-FB6B-46A5-94DD-2EAAA8B5C74D}] => (Allow) D:\SteamLibrary\steamapps\common\Shadow of the Tomb Raider\SOTTR.exe (Crystal Dynamics, Inc -> Eidos Inc.)
FirewallRules: [{F2370F01-953A-4F0A-8790-1E96D99B66D5}] => (Allow) D:\SteamLibrary\steamapps\common\Shadow of the Tomb Raider\SOTTR.exe (Crystal Dynamics, Inc -> Eidos Inc.)
FirewallRules: [{9A5679B2-8968-4E3B-92B3-D7E0154A5C7B}] => (Allow) D:\SteamLibrary\steamapps\common\The Callisto Protocol\TheCallistoProtocol.exe (Striking Distance Studios, Inc.) [File not signed]
FirewallRules: [{3670ED6B-67E4-411F-B7C9-4A546BCA7241}] => (Allow) D:\SteamLibrary\steamapps\common\The Callisto Protocol\TheCallistoProtocol.exe (Striking Distance Studios, Inc.) [File not signed]
FirewallRules: [{9205366F-9568-49EF-95DE-3BC6C6780561}] => (Allow) D:\SteamLibrary\steamapps\common\KingdomComeDeliverance\Bin\Win64\KingdomCome.exe (Warhorse Studios sro) [File not signed]
FirewallRules: [{10BD2278-DA25-4A0F-B605-2915D2CE7BE7}] => (Allow) D:\SteamLibrary\steamapps\common\KingdomComeDeliverance\Bin\Win64\KingdomCome.exe (Warhorse Studios sro) [File not signed]
FirewallRules: [{A4A54154-F72A-4D6F-A83A-1BD2A64CF6D3}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmouryHtmlDebugServer.exe (ASUSTeK COMPUTER INC. -> ASUS)
FirewallRules: [{1C43EA03-0118-4020-8DDC-AAAEA5CDAD70}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe (ASUSTeK COMPUTER INC. -> ASUS)
FirewallRules: [{D42673B3-3184-4AC1-8192-BB4FB3E2FE47}] => (Allow) C:\Program Files\ASUS\AacAmbientHal\AacAmbientLighting.exe (ASUSTeK COMPUTER INC. -> )
FirewallRules: [{845CE2AD-E6C8-4E15-BFCE-98C95B4C20AA}] => (Allow) C:\Users\drzka\AppData\Local\Packages\B9ECED6F.ArmouryCrate_qmba6cd70vzyy\LocalState\GridUpdateFile\ASUSGCDriverUpdateClient.exe (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.)
FirewallRules: [{23B61BD9-7EA8-4542-889F-8793D087B35B}] => (Allow) D:\SteamLibrary\steamapps\common\7 Days To Die\7dLauncher.exe () [File not signed]
FirewallRules: [{6028B1CF-44AB-40F5-87D1-CA14FA41C16E}] => (Allow) D:\SteamLibrary\steamapps\common\7 Days To Die\7dLauncher.exe () [File not signed]
FirewallRules: [TCP Query User{5A65C252-9B36-4983-81C4-DE736ED3DC15}D:\steamlibrary\steamapps\common\7 days to die\7daystodie.exe] => (Allow) D:\steamlibrary\steamapps\common\7 days to die\7daystodie.exe () [File not signed]
FirewallRules: [UDP Query User{C64DC4A6-FCD3-4678-9B3F-DFA5FBAA9B6B}D:\steamlibrary\steamapps\common\7 days to die\7daystodie.exe] => (Allow) D:\steamlibrary\steamapps\common\7 days to die\7daystodie.exe () [File not signed]
FirewallRules: [{AFBD3C71-5BE5-4941-B007-7C729D5F5EA8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.238.720.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{A6E3AE24-0FE2-4238-A32D-F30A29C179C0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.238.720.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{840F1434-AB21-4B0A-85B3-54D9546E3876}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.238.720.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{95765841-D5B5-490D-901D-E4CDAC1A9C4B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.238.720.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{7856D8BE-7F88-43EA-BAAF-70D91F507082}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.238.720.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{2C52243C-2A95-492D-A466-6A8B5EB250D5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.238.720.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{AF281351-C59B-44A1-A305-B1A6676C6F4C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.238.720.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{FB1A07BE-94B4-4B0C-AA53-4AB86B744880}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.238.720.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{C1A2C03B-7038-474E-9DF8-25DBA6EEA525}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.238.720.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{7C3DED8E-E40B-4B7A-80AB-EE00BB81CE4F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.238.720.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{6B1BE5C1-F8D7-4B5F-852E-422A4FB75B2B}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{294D5220-59EF-4593-96E4-70E86DA6354A}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24124.2402.2858.5617_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{97840219-8B6B-49AE-AC46-DA6C9ABB8000}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24124.2402.2858.5617_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9BC88120-7BC4-45F4-95A2-508B430E356E}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

28-05-2024 20:47:59 Windows Update
01-06-2024 19:09:19 Windows Update
02-06-2024 23:22:32 TotalAV Install

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (06/03/2024 10:14:41 AM) (Source: ESENT) (EventID: 439) (User: )
Description: taskhostw (8848,D,0) WebCacheLocal: Pro soubor C:\Users\drzka\AppData\Local\Microsoft\Windows\WebCache\V01.chk se nedá zapsat stínové záhlaví. Chyba: -1032

Error: (06/03/2024 10:14:41 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhostw (8848,D,0) WebCacheLocal: Pokus o otevření souboru C:\Users\drzka\AppData\Local\Microsoft\Windows\WebCache\V01.chk pro čtení nebo zápis selhal. Došlo k systémové chybě 32 (0x00000020): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces. . Operace otevření souboru selže a dojde k chybě -1032 (0xfffffbf8).

Error: (06/03/2024 09:30:17 AM) (Source: Application Error) (EventID: 1000) (User: AM5_REACTOR)
Description: Název chybující aplikace: NoiseCancelingEngine.exe, verze: 1.0.0.24, časové razítko: 0x65546672
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000000000
ID chybujícího procesu: 0x0x2014
Čas spuštění chybující aplikace: 0x0x1dab587e0ded4bb
Cesta k chybující aplikaci: C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\NoiseCancelingEngine.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 68784179-ce99-417d-a185-2940cc9f7a5b
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (06/03/2024 09:08:38 AM) (Source: Application Error) (EventID: 1000) (User: AM5_REACTOR)
Description: Název chybující aplikace: NoiseCancelingEngine.exe, verze: 1.0.0.24, časové razítko: 0x65546672
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000000000
ID chybujícího procesu: 0x0x117c
Čas spuštění chybující aplikace: 0x0x1dab584d952dc75
Cesta k chybující aplikaci: C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\NoiseCancelingEngine.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: deb489df-6926-4abe-acd8-57685a08a761
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (06/03/2024 08:45:04 AM) (Source: Application Error) (EventID: 1000) (User: AM5_REACTOR)
Description: Název chybující aplikace: NoiseCancelingEngine.exe, verze: 1.0.0.24, časové razítko: 0x65546672
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000000000
ID chybujícího procesu: 0x0x1110
Čas spuštění chybující aplikace: 0x0x1dab5818e56b496
Cesta k chybující aplikaci: C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\NoiseCancelingEngine.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 88c5272b-413b-46f0-b202-8a889d7e889b
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (06/02/2024 11:24:14 PM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Název chybující aplikace: SecurityService.exe, verze: 5.24.38.0, časové razítko: 0x637474de
Název chybujícího modulu: remediation.dll, verze: 1.0.2405.1327, časové razítko: 0x6655d3ef
Kód výjimky: 0xc0000409
Posun chyby: 0x0035265d
ID chybujícího procesu: 0x0x1908
Čas spuštění chybující aplikace: 0x0x1dab53300ff94e4
Cesta k chybující aplikaci: C:\Program Files (x86)\TotalAV\SecurityService.exe
Cesta k chybujícímu modulu: C:\Program Files (x86)\TotalAV\x86\remediation.dll
ID zprávy: d0a3e11c-4d15-4798-8061-0db12f7c5fc9
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (06/02/2024 03:51:25 PM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Název chybující aplikace: wmiprvse.exe, verze: 10.0.22621.1, časové razítko: 0x3b1bcc5b
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0x80131623
Posun chyby: 0x00007ffd88b4200f
ID chybujícího procesu: 0x0x57f0
Čas spuštění chybující aplikace: 0x0x1dab4f3f5cd14da
Cesta k chybující aplikaci: C:\Windows\system32\wbem\wmiprvse.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 0535cda8-1fb7-4658-ba18-5392fd78a5dc
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (06/02/2024 03:51:25 PM) (Source: .NET Runtime) (EventID: 1025) (User: )
Description: Application: wmiprvse.exe
Framework Version: v4.0.30319
Description: The application requested process termination through System.Environment.FailFast(string message).
Message: Byla vyvolána neočekávaná výjimka od poskytovatele:
System.IO.FileLoadException:
File name: 'Microsoft.AppV.AppvClientComConsumer, Version=10.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35'
at Microsoft.AppV.AppvPublishingServerWMI.AppvPublishingServer.EnumeratePublishingServers()


Stack:
at System.Environment.FailFast(System.String)
at WmiNative.WbemProvider.WmiNative.IWbemServices.CreateInstanceEnumAsync(System.String, Int32, WmiNative.IWbemContext, WmiNative.IWbemObjectSink)


System errors:
=============
Error: (06/03/2024 06:52:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Microsoft Office Click-to-Run Service byla nečekaně ukončena. Stalo se to 2 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.

Error: (06/03/2024 06:52:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Avira Phantom VPN byla nečekaně ukončena. Stalo se to 2 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (06/03/2024 06:52:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Realtek Audio Universal Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.

Error: (06/03/2024 06:52:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Avira Optimizer Host byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.

Error: (06/03/2024 06:42:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Avira Phantom VPN byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 5000 milisekund: Restartovat službu.

Error: (06/03/2024 06:42:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Avira Optimizer Host byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.

Error: (06/03/2024 06:42:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Corsair Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (06/03/2024 06:42:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Corsair CpuIdService byla neočekávaně ukončena. Tento stav nastal již 1krát.


Windows Defender:
================
Date: 2024-06-02 19:28:14
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {F69B4E35-B84A-4D75-981B-AAB120B6176D}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Úplné prohledávání
Uživatel: AM5_REACTOR\drzka

Date: 2024-06-01 20:31:20
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Script/Wacatac.H!ml
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\drzka\AppData\Local\Temp\EMWZ147EIDTUWJE0KPZ5ZU.exe
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.413.42.0, AS: 1.413.42.0, NIS: 1.413.42.0
Verze modulu: AM: 1.1.24050.5, NIS: 1.1.24050.5

Date: 2024-06-01 20:29:18
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/AgentTesla!ml
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_c:\users\drzka\appdata\local\temp\kaul0zk3tevywqs347.exe; process:_pid:35888,ProcessStart:133617401490259729
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Users\drzka\AppData\Local\Temp\KAUL0ZK3TEVYWQS347.exe
Verze bezpečnostních informací: AV: 1.413.42.0, AS: 1.413.42.0, NIS: 1.413.42.0
Verze modulu: AM: 1.1.24050.5, NIS: 1.1.24050.5

Date: 2024-06-01 20:29:09
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/AgentTesla!ml
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_c:\users\drzka\appdata\local\temp\kaul0zk3tevywqs347.exe
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.413.42.0, AS: 1.413.42.0, NIS: 1.413.42.0
Verze modulu: AM: 1.1.24050.5, NIS: 1.1.24050.5

Date: 2024-05-04 00:01:45
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {DAC16293-A016-4681-A8B3-C0FB898D1A94}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Event[0]

Date: 2023-07-02 19:21:54
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.391.3299.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.23050.3
Kód chyby: 0x80240438
Popis chyby: Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

Date: 2023-05-03 18:53:25
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.389.82.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.20300.3
Kód chyby: 0x80240438
Popis chyby: Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

CodeIntegrity:
===============
Date: 2024-06-03 18:37:57
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Avira\Endpoint Protection SDK\amsi\x64\avamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

BIOS: American Megatrends Inc. 1813 10/13/2023
Motherboard: ASUSTeK COMPUTER INC. TUF GAMING X670E-PLUS WIFI
Processor: AMD Ryzen 9 7900X 12-Core Processor
Percentage of memory in use: 28%
Total physical RAM: 31961.58 MB
Available physical RAM: 22694.5 MB
Total Virtual: 37081.58 MB
Available Virtual: 25415.27 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:194.59 GB) (Free:83.08 GB) (Model: KINGSTON SKC3000D2048G) NTFS
Drive d: (Games) (Fixed) (Total:1712.42 GB) (Free:91.65 GB) (Model: KINGSTON SKC3000D2048G) NTFS
Drive e: () (Fixed) (Total:5589.01 GB) (Free:3427.03 GB) (Model: TOSHIBA HDWT360) NTFS

\\?\Volume{c1ec94a1-de54-4d9e-80ec-35abd1935cd9}\ () (Fixed) (Total:0.61 GB) (Free:0.08 GB) NTFS
\\?\Volume{a314a384-391b-468f-a4c6-02e864e304ea}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 5589 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Size: 1907.7 GB) (Disk ID: 06889D10)

Partition: GPT.

==================== End of Addition.txt =======================

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
FirewallRules: [{F1D6BD12-3D46-4BF8-B058-B333996EAF0C}] => (Allow) J:\SteamLibrary\steamapps\common\Hunt Showdown\hunt.exe => No File
FirewallRules: [{57497151-2B54-4889-BF57-758817E90B83}] => (Allow) J:\SteamLibrary\steamapps\common\Hunt Showdown\hunt.exe => No File
FirewallRules: [{793109E5-75F5-4084-A446-6778DCCA127B}] => (Allow) J:\SteamLibrary\steamapps\common\Warhammer Vermintide 2\launcher\Launcher.exe => No File
FirewallRules: [{A6D3D220-49AB-4EFE-92ED-1BBD2C159353}] => (Allow) J:\SteamLibrary\steamapps\common\Warhammer Vermintide 2\launcher\Launcher.exe => No File
FirewallRules: [{85A11FB3-2A1D-4DB1-A2B7-B184AE8EBF53}] => (Allow) J:\SteamLibrary\steamapps\common\Mafia II Definitive Edition\2KLauncher\LauncherPatcher.exe => No File
FirewallRules: [{701E6520-A8A3-4020-AA68-FB5516F99B38}] => (Allow) J:\SteamLibrary\steamapps\common\Mafia II Definitive Edition\2KLauncher\LauncherPatcher.exe => No File
FirewallRules: [{830641E4-8086-4F07-9C41-6D251673713F}] => (Allow) J:\SteamLibrary\steamapps\common\DayZ\DayZLauncher.exe => No File
FirewallRules: [{42A68589-21CF-4B20-A938-FC189E71636B}] => (Allow) J:\SteamLibrary\steamapps\common\DayZ\DayZLauncher.exe => No File
FirewallRules: [{40A4D201-304C-463C-95F3-B6EB0B85B86A}] => (Allow) J:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe => No File
FirewallRules: [{0D4AA56D-9925-48BD-BC26-500B1C9A066D}] => (Allow) J:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe => No File
FirewallRules: [{F3E5688D-124E-46E7-BDF7-B9140A08EACC}] => (Allow) J:\SteamLibrary\steamapps\common\Company of Heroes 2\RelicCoH2.exe => No File
FirewallRules: [{B2077F8F-62C3-4791-9FF4-90B303FEEC6C}] => (Allow) J:\SteamLibrary\steamapps\common\Company of Heroes 2\RelicCoH2.exe => No File
FirewallRules: [{8DCA0E3C-631A-4A56-B8EF-01FA1EC8F39D}] => (Allow) J:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe => No File
FirewallRules: [{650BA7B1-BE2F-45DE-8AC2-978A292A47A6}] => (Allow) J:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe => No File
FirewallRules: [{C15DB393-6FDD-419E-830B-4D2323189907}] => (Allow) J:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe => No File
FirewallRules: [{6F0E6620-8332-40DB-AEFE-33ABE619B2A1}] => (Allow) J:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe => No File
FirewallRules: [{8609E886-313D-4CC3-B251-C02393D62EB2}] => (Allow) J:\SteamLibrary\steamapps\common\Metro Exodus Enhanced Edition\MetroExodus.exe => No File
FirewallRules: [{A7730E1D-1976-40F8-B7FA-8F92124189AA}] => (Allow) J:\SteamLibrary\steamapps\common\Metro Exodus Enhanced Edition\MetroExodus.exe => No File
C:\Users\drzka\AppData\Local\Temp
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-677491221-3698580047-887230356-1001\...\Run: [] => [X]
R3 cpuz158; C:\Windows\temp\cpuz158\cpuz158_x64.sys [44592 2024-06-03] (Microsoft Windows Hardware Compatibility Publisher -> CPUID) <==== ATTENTION
Task: {3C77B70B-5FC7-4EF7-95B2-99BE46E81495} - \drzka -> No File <==== ATTENTION
S3 cpuz154; \??\C:\Windows\temp\cpuz154\cpuz154_x64.sys [X] <==== ATTENTION
S3 HWiNFO_187; \??\C:\Users\drzka\AppData\Local\Temp\HWiNFO64A_187.SYS [X] <==== ATTENTION
S3 HWiNFO_190; \??\C:\Users\drzka\AppData\Local\Temp\HWiNFO64A_190.SYS [X] <==== ATTENTION

EmptyTemp:
End

Uložte do C:\Users\drzka\Desktop\logy jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

----------


V dočasném adresáři byly celkem 3 trojany. které již dříve odstranil WinDefender. Pro jistotu mažeme celý obsah adresáře (pokud se odtamtud něco spouští, je to na 99% šmejd). Zbytky po IoBitu jsou, doufám, už jen zbytky. Tento program teké není zrovna košér.

[Tarkin]

Fix result of Farbar Recovery Scan Tool (x64) Version: 01.06.2024
Ran by drzka (03-06-2024 20:11:47) Run:1
Running from C:\Users\drzka\Desktop\logy
Loaded Profiles: drzka
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
FirewallRules: [{F1D6BD12-3D46-4BF8-B058-B333996EAF0C}] => (Allow) J:\SteamLibrary\steamapps\common\Hunt Showdown\hunt.exe => No File
FirewallRules: [{57497151-2B54-4889-BF57-758817E90B83}] => (Allow) J:\SteamLibrary\steamapps\common\Hunt Showdown\hunt.exe => No File
FirewallRules: [{793109E5-75F5-4084-A446-6778DCCA127B}] => (Allow) J:\SteamLibrary\steamapps\common\Warhammer Vermintide 2\launcher\Launcher.exe => No File
FirewallRules: [{A6D3D220-49AB-4EFE-92ED-1BBD2C159353}] => (Allow) J:\SteamLibrary\steamapps\common\Warhammer Vermintide 2\launcher\Launcher.exe => No File
FirewallRules: [{85A11FB3-2A1D-4DB1-A2B7-B184AE8EBF53}] => (Allow) J:\SteamLibrary\steamapps\common\Mafia II Definitive Edition\2KLauncher\LauncherPatcher.exe => No File
FirewallRules: [{701E6520-A8A3-4020-AA68-FB5516F99B38}] => (Allow) J:\SteamLibrary\steamapps\common\Mafia II Definitive Edition\2KLauncher\LauncherPatcher.exe => No File
FirewallRules: [{830641E4-8086-4F07-9C41-6D251673713F}] => (Allow) J:\SteamLibrary\steamapps\common\DayZ\DayZLauncher.exe => No File
FirewallRules: [{42A68589-21CF-4B20-A938-FC189E71636B}] => (Allow) J:\SteamLibrary\steamapps\common\DayZ\DayZLauncher.exe => No File
FirewallRules: [{40A4D201-304C-463C-95F3-B6EB0B85B86A}] => (Allow) J:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe => No File
FirewallRules: [{0D4AA56D-9925-48BD-BC26-500B1C9A066D}] => (Allow) J:\SteamLibrary\steamapps\common\DayZ\DayZ_BE.exe => No File
FirewallRules: [{F3E5688D-124E-46E7-BDF7-B9140A08EACC}] => (Allow) J:\SteamLibrary\steamapps\common\Company of Heroes 2\RelicCoH2.exe => No File
FirewallRules: [{B2077F8F-62C3-4791-9FF4-90B303FEEC6C}] => (Allow) J:\SteamLibrary\steamapps\common\Company of Heroes 2\RelicCoH2.exe => No File
FirewallRules: [{8DCA0E3C-631A-4A56-B8EF-01FA1EC8F39D}] => (Allow) J:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe => No File
FirewallRules: [{650BA7B1-BE2F-45DE-8AC2-978A292A47A6}] => (Allow) J:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe => No File
FirewallRules: [{C15DB393-6FDD-419E-830B-4D2323189907}] => (Allow) J:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe => No File
FirewallRules: [{6F0E6620-8332-40DB-AEFE-33ABE619B2A1}] => (Allow) J:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe => No File
FirewallRules: [{8609E886-313D-4CC3-B251-C02393D62EB2}] => (Allow) J:\SteamLibrary\steamapps\common\Metro Exodus Enhanced Edition\MetroExodus.exe => No File
FirewallRules: [{A7730E1D-1976-40F8-B7FA-8F92124189AA}] => (Allow) J:\SteamLibrary\steamapps\common\Metro Exodus Enhanced Edition\MetroExodus.exe => No File
C:\Users\drzka\AppData\Local\Temp
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-677491221-3698580047-887230356-1001\...\Run: [] => [X]
R3 cpuz158; C:\Windows\temp\cpuz158\cpuz158_x64.sys [44592 2024-06-03] (Microsoft Windows Hardware Compatibility Publisher -> CPUID) <==== ATTENTION
Task: {3C77B70B-5FC7-4EF7-95B2-99BE46E81495} - \drzka -> No File <==== ATTENTION
S3 cpuz154; \??\C:\Windows\temp\cpuz154\cpuz154_x64.sys [X] <==== ATTENTION
S3 HWiNFO_187; \??\C:\Users\drzka\AppData\Local\Temp\HWiNFO64A_187.SYS [X] <==== ATTENTION
S3 HWiNFO_190; \??\C:\Users\drzka\AppData\Local\Temp\HWiNFO64A_190.SYS [X] <==== ATTENTION

EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F1D6BD12-3D46-4BF8-B058-B333996EAF0C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{57497151-2B54-4889-BF57-758817E90B83}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{793109E5-75F5-4084-A446-6778DCCA127B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A6D3D220-49AB-4EFE-92ED-1BBD2C159353}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{85A11FB3-2A1D-4DB1-A2B7-B184AE8EBF53}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{701E6520-A8A3-4020-AA68-FB5516F99B38}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{830641E4-8086-4F07-9C41-6D251673713F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{42A68589-21CF-4B20-A938-FC189E71636B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{40A4D201-304C-463C-95F3-B6EB0B85B86A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0D4AA56D-9925-48BD-BC26-500B1C9A066D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F3E5688D-124E-46E7-BDF7-B9140A08EACC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B2077F8F-62C3-4791-9FF4-90B303FEEC6C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8DCA0E3C-631A-4A56-B8EF-01FA1EC8F39D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{650BA7B1-BE2F-45DE-8AC2-978A292A47A6}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C15DB393-6FDD-419E-830B-4D2323189907}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6F0E6620-8332-40DB-AEFE-33ABE619B2A1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8609E886-313D-4CC3-B251-C02393D62EB2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A7730E1D-1976-40F8-B7FA-8F92124189AA}" => removed successfully

"C:\Users\drzka\AppData\Local\Temp" Folder move:

Could not move "C:\Users\drzka\AppData\Local\Temp" => Scheduled to move on reboot.

"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKU\S-1-5-21-677491221-3698580047-887230356-1001\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
cpuz158 => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\cpuz158 => removed successfully
cpuz158 => service removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{3C77B70B-5FC7-4EF7-95B2-99BE46E81495}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C77B70B-5FC7-4EF7-95B2-99BE46E81495}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\drzka" => not found
HKLM\System\CurrentControlSet\Services\cpuz154 => removed successfully
cpuz154 => service removed successfully
HKLM\System\CurrentControlSet\Services\HWiNFO_187 => removed successfully
HWiNFO_187 => service removed successfully
HKLM\System\CurrentControlSet\Services\HWiNFO_190 => removed successfully
HWiNFO_190 => service removed successfully

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 20010928 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 877124415 B
Windows/system/drivers => 657109179 B
Edge => 0 B
Chrome => 1392920131 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 64621466 B
systemprofile32 => 64621845 B
LocalService => 64621845 B
NetworkService => 64623011 B
drzka => 100375351 B

RecycleBin => 44491976 B
EmptyTemp: => 3.1 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 03-06-2024 20:13:35)

C:\Users\drzka\AppData\Local\Temp => Could not move

==== End of Fixlog 20:13:35 ====

Výše zmíněný texťák s fixem provedl vlastně co? Mám trošku obavu, že včerejší mazání přes Eset zahladilo stopu po skutečném problému, vzhledem k tomu, jak staré bylo hlášení o trojanech.

[Rudy]

Nic se nezahladilo. Ten *.txt soubor provedl fixaci (mazání) souborů, adresářů a reg. klíčů v něm vypsaných. Trojáky byly smazané a byly z 1.6.2024. Smazal je WinDefender. Pro jistotu jsem smazal celý adresář C:\Users\drzka\AppData\Local\Temp. Byly to dočasné soubory internetu, které nejsou nezbytně nutné. Nevím, zda mezi nimi náhodou nebyl nějaký další troják. Toto mi log neřekne, dovím se pouze to, jestli mi ho FRST smazal. PC by již měl být čistý, takže zbývá pouze změna hesel. Důležité je jen to, zda PC obsahuje nějaký malware, či ne.

[Tarkin]

Mockrát děkuju za pomoc.

Má smysl přejít na nějaký správce hesel a vyměnit Windows Defender za něco jiného - například Avast, Avira nebo Bitdefender?

Ve chvíli, kdy jsem tohle psal mi přišlo 91 emailu ze steamů, že jsem si rozprodal inventář, samožřejmě jsem nic takového neudělal.
Dál pokračuje naprosté nepochopení. Co se to sakra děje? Jak je možné, že mi nepřišel email o podezřelé aktivitě, podezřelé přihlášení nebo cokoliv? Tohle celé se zkrátka jeví, jakobych to dělal já sám. Jakoby byl hacker z mého PC.

Snímek obrazovky 2024-06-04 010754.png (317.23 KiB) Zobrazeno 3760 x

[Rudy]

Tak Steam je tolerovaný šmejd a snadno se hackerům dobývá. Ve svém PC bych ho nesnesl (také nepařím hry). Letěl by z PC velkým obloukem. Tento útok je realizován zvenčí (s největší pravděpodobností). Někdo se vám snaží vloupat do profilu. Změnil jste všude hesla? WinDefender určitě nahrazte něčím lepším (Avira, Avast z free), Eset, Norton z placených. Vyplatí se to v případě, že chodíte někam, kde jsou takovéto poměry.

[altrok]

Ahoj,

Rudy promin za vlez, zkusime se pobavit v teoretictejsi rovine. Podle detekci Defenderu mame co docineni s Wacatac a AgentTesla. Oba patri do skupiny RAT (remote access trojan) se schopnosti keyloggeru, snimku obrazovky, extrakce ulozenych hesel v prohlizecich a dalsich aplikacich, real-time komunikace s C2C, proste cokoliv nejhorsiho, co si dokazes predstavit.

Predpokladam, ze ke spusteni doslo 1.6. kolem 20:30, nevidime, co uz jsi smazal, ale stejne by me zajimal obsah souboru a slozek

Kód: Vybrat vše

2024-06-01 20:29 - 2024-06-02 12:57 - 000000000 ____D C:\Users\drzka\AppData\Roaming\UPO
2024-06-01 20:29 - 2024-06-01 20:29 - 000027568 _____ C:\Windows\system32\lc.dat
2024-06-01 20:28 - 2024-06-01 20:28 - 000000000 ____D C:\Users\drzka\AppData\Roaming\plugin66
2024-06-01 20:28 - 2024-06-01 20:28 - 000000000 ____D C:\Users\drzka\AppData\Local\javafast_test_v3

Podvodne jednani si vysvetluju kradezi cookies. Kdyz se prihlasis pres browser heslem, v hlavicce HTTP requestu je tvoje prihlaseni ulozeno v teto susence a pri jakemkoliv dalsim requestu touto susenkou dokazujes, ze jses to ty. Pokud ti tuhle cookie ukradnu a pouziju u sebe, jednam zkratka pod tvym (drive overenym) uctem. To, ze jednam pod jinou IP adresou plno sluzeb nezajima, protoze napr. pri mobilnim pripojeni na cestach skacu z jedne BTS na druhou, meni se mi IP adresa a nepral bych si, abych se furt dokola musel prihlasovat. Resenim by mohlo byt (preventivne z cisteho zarizeni) v kazde sluzbe odhlasit vsechny relace (zneplatnit overene cookies) a vsude vynutit 2FA se zmenou hesla.

Skoda, ze se nedostaneme k samplu samotnemu nebo aspon k nazvu dalsich detekovanych a smazanych veci ruznyma antimalwarovyma utilitama (nebo aspon k hashum skodlivych souboru). Takhle je to vesteni na zaklade nazvu detekci z Defenderu.
Tempy, kde byla detekovana havet Defenderem, jste vycistili a persistenci v logach jiz nevidim.