Hezký večer Vám všem přeji, mohl bych vás požádat o pomoc?
Na steamu jsem zjistil, že 12.3.2025 se z mého účtu rozeslal spam několika dalším uživatelům z přátel (a přidaly se mi na účet i neznámé kontakty).
Podezřele rychle mi dochází místo na disku C:, a v Chrome -> Nastavení -> Ochrana soukromí a zabezpečení -> Soubory Cookie třetích stran -> Zobrazit veškerá data webů a oprávnění ... Zde celkové uložiště využité weby zahrnuje 3.5 Gb, a je tu dost známých i neznámých stránek, jež každá ze stránek obsahuje 40.8 mb nějakých souborů.....
Nejspíš tam bude nějaký malware, rád bych ho dostal pryč, děkuji.
posílám log z FRST.txt níže :
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-03-2025
Ran by Paulie (administrator) on PAULIE-PC (19-03-2025 18:21:36)
Running from C:\Users\Paulie\Desktop\FRST64.exe
Loaded Profiles: Paulie
Platform: Microsoft Windows 10 Pro Version 22H2 19045.5487 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\AVAST Software\Avast\AvastUI.exe <3>
(C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe ->) (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(C:\Program Files\AVAST Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(DriverStore\FileRepository\u0376209.inf_amd64_b3bdffadea4def3f\B374968\atiesrxx.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0376209.inf_amd64_b3bdffadea4def3f\B374968\atieclxx.exe
(explorer.exe ->) (A FOUR TECH CO., LTD. -> ) C:\Program Files (x86)\Bloody7\Bloody7\Bloody7.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <32>
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(services.exe ->) () [File not signed] C:\Program Files (x86)\Wondershare\dr.fone\Addins\Recovery\ElevationService.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(services.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(services.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0376209.inf_amd64_b3bdffadea4def3f\B374968\atiesrxx.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(services.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(services.exe ->) (FabulaTech -> ) C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgrhv.exe
(services.exe ->) (FabulaTech -> ) C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe
(services.exe ->) (FabulaTech -> VMware) C:\Program Files (x86)\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe
(services.exe ->) (Famatech Corp. -> Famatech Corp.) C:\Program Files (x86)\Radmin VPN\RvControlSvc.exe
(services.exe ->) (Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(services.exe ->) (Parsec Cloud, Inc. -> Parsec) C:\Program Files\Parsec\pservice.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek) C:\Program Files\Tenda\WifiAutoInstall\WifiAutoInstallSrv.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\ClientService\horizon_client_service.exe
(services.exe ->) (Wondershare Technology Co.,Ltd -> Wondershare) C:\ProgramData\Wondershare\Service\InstallAssistService.exe
(services.exe ->) (wondershare) [File not signed] C:\Program Files (x86)\Wondershare\dr.fone\WsidService.exe
(spoolsv.exe ->) (CANON INC. -> CANON INC.) C:\Windows\System32\CNAB4RPD.EXE
(svchost.exe ->) () [File not signed] C:\Windows\DAODx.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [455976 2025-02-12] (Avast Software s.r.o. -> Gen Digital Inc.)
HKLM\...\Run: [VMware Netlink 3 HV Install Utility] => C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnliu.exe [75680 2017-07-12] (FabulaTech -> )
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3571168 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7200984 2013-10-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-12-16] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1669368 2020-10-16] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM-x32\...\Run: [RadminVPN] => C:\Program Files (x86)\Radmin VPN\RvRvpnGui.exe [2131984 2022-10-18] (Famatech Corp. -> Famatech Corp.)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SYSTEM\...\Terminal Server: [fDenyTSConnections] = 0 <==== ATTENTION
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\...\Run: [CCleaner Smart Cleaning] => D:\PROGRAMY\CCleaner\CCleaner64.exe [42727840 2023-10-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\...\Run: [Steam] => E:\PROGRAMY\Steam\steam.exe [4693088 2025-03-11] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\...\Run: [Discord] => C:\Users\Paulie\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Paulie\AppData\Local\Microsoft\Teams\Update.exe [2588520 2023-07-22] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\...\Run: [FACEIT] => C:\Users\Paulie\AppData\Local\FACEITApp\update.exe [2204984 2021-02-04] (FACE IT LIMITED -> )
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\...\Run: [Parsec.App.0] => C:\Program Files\Parsec\parsecd.exe [461440 2023-05-01] (Parsec Cloud, Inc. -> Parsec)
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\...\Run: [Bloody2] => C:\Program Files (x86)\Bloody7\Bloody7\Bloody7.exe [22282640 2024-01-31] (A FOUR TECH CO., LTD. -> )
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\...\MountPoints2: F - "F:\Setup.exe"
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\...\MountPoints2: H - "H:\setup.exe"
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\...\MountPoints2: {d6549c64-734e-11ea-9f72-b137a34b7c85} - "F:\HiSuiteDownLoader.exe"
HKLM\...\Print\Monitors\CNAB4 Monitor: C:\WINDOWS\system32\CNAB4LMD.DLL [58880 2012-10-09] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\...\AppCompatFlags\Custom\Heroes3.exe: [{1d3c859c-1028-4822-b0a7-da4f7bbc18bc}.sdb] -> GOG.com Heroes of Might and Magic 3
HKLM\Software\...\AppCompatFlags\InstalledSDB\{1d3c859c-1028-4822-b0a7-da4f7bbc18bc}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{1d3c859c-1028-4822-b0a7-da4f7bbc18bc}.sdb [2012-11-28]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\134.0.6998.36\Installer\chrmstp.exe [2025-03-11] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Canon LBP2900 Status Window.lnk [2023-05-10]
ShortcutTarget: Canon LBP2900 Status Window.lnk -> C:\Windows\System32\spool\drivers\x64\3\CNAB4LAD.EXE (CANON INC. -> CANON INC.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\update.bat [2019-12-24] () [File not signed] <==== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WSAndroidAppHelper.lnk [2021-05-08]
ShortcutTarget: WSAndroidAppHelper.lnk -> C:\Program Files (x86)\Wondershare\dr.fone\Addins\SocialApps\WSAndroidAppHelper.exe (Wondershare Technology Co.,Ltd -> Microsoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WSAppHelper.lnk [2021-05-08]
ShortcutTarget: WSAppHelper.lnk -> C:\Program Files (x86)\Wondershare\dr.fone\Addins\SocialApps\WSAppHelper.exe (Wondershare Technology Co.,Ltd -> Microsoft)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {2B66B829-CC76-405D-A63A-51499A13A282} - System32\Tasks\{38585E9B-6B1E-4432-8614-096A60AAA340} => E:\HRY\Warcraft II BNE\Warcraft II BNE.exe (No File)
Task: {021DB23C-4AAE-4DDD-84B8-1297368A8526} - System32\Tasks\{E0B8B670-75E5-4C13-A77B-85A9C058ECD4} => C:\Windows\System32\pcalua.exe [91136 2025-02-14] (Microsoft Windows -> Microsoft Corporation) -> -a D:\DOWNLOADS\FreeRapid-0.9u4\FreeRapid-0.9u4\frd.exe -d D:\DOWNLOADS\FreeRapid-0.9u4\FreeRapid-0.9u4
Task: {4F7AB8B5-413B-4625-B120-5D6231BBBA28} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1580992 2024-12-18] (Adobe Inc. -> Adobe Inc.)
Task: {7F2D03D9-3AF7-4FC2-AFB8-C0150B98E729} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_403_Plugin.exe [1475640 2020-07-14] (Adobe Inc. -> Adobe)
Task: {8AA7E1DE-F8AA-47F9-B9D8-6F351FCE46A5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-07-14] (Adobe Inc. -> Adobe)
Task: {25BDBC5C-7AA7-4F3E-8309-E51C3333F37B} - System32\Tasks\AdobeAAMUpdater-1.0-Paulie-PC-Paulie => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {CCCA215C-C3DA-4F05-A9CF-B30BF7A7278E} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3571168 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {6621C5DC-35F8-4FA2-8F9D-28751CE561F4} - System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3807712 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {ACD446C9-94BD-46D8-A5A2-2A795441CA40} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1709048 2021-10-05] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {20515FF8-722B-4EFE-989E-173EE2DBB0A2} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1709048 2021-10-05] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {CD6FEFED-FBD1-45A9-B594-A82B364536E1} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe (No File)
Task: {8AC8F324-81BB-4F90-871C-3C206C51E3A0} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [32768 2009-03-30] () [File not signed]
Task: {37301BC7-8A04-4461-A062-8FFA29EEB782} - System32\Tasks\Avast Software\Avast Antivirus Patcher => C:\Program Files\Common Files\Avast Software\Icarus\avast-av\icarus.exe [8432936 2025-01-24] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {61BC50F0-D968-4F85-A0CE-1A227CD1C070} - System32\Tasks\Avast Software\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [5278504 2025-02-12] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {89E39149-D29B-402D-9637-BE3BE53C2BAD} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe -> C:\Program Files\Common Files\AV\avast! Antivirus\/backup /iavs
Task: {B9A65AF9-D1AC-49AE-994C-8F6A6803F26D} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2564904 2024-11-20] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {A914A185-A749-4C56-985B-A35C257BD191} - System32\Tasks\Avast TUNEUP Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe (No File)
Task: {C40C081C-CA65-4F1B-A81D-8CCC492AEF5E} - System32\Tasks\CCleaner Update => D:\PROGRAMY\CCleaner\CCUpdate.exe [714256 2023-10-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {95BF1C8C-37FA-492E-84D9-4E2C3FFFD3A2} - System32\Tasks\CCleanerCrashReporting => D:\PROGRAMY\CCleaner\CCleanerBugReport.exe [4703648 2023-10-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "D:\PROGRAMY\CCleaner\LOG" --programpath "D:\PROGRAMY\CCleaner" --configpath "D:\PROGRAMY\CCleaner\Setup" --guid "a138c520-f119-4d07-9395-43195f217799" --version "6.17.10746" --silent
Task: {1E7B86F5-BE33-475C-AA97-D0D64FABBB81} - System32\Tasks\CCleanerSkipUAC - Paulie => D:\PROGRAMY\CCleaner\CCleaner.exe [35664800 2023-10-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {60004209-B04C-4109-B3CC-DE19653FFEFC} - System32\Tasks\CMEClient => "E:\HRY\ChallengeMe.GG Client pro CSGO\ChallengeMeClient.exe" (No File)
Task: {EE43EF3C-8B7A-46A9-8B47-03F3762F29B6} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem135.0.7023.0{24E994BF-01EF-4F47-A266-00375E6B1332} => C:\Program Files (x86)\Google\GoogleUpdater\135.0.7023.0\updater.exe [5745760 2025-02-19] (Google LLC -> Google LLC)
Task: {8733AE6D-DFCA-447D-8DB5-D74E7A0C9A06} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\B9CF9DFA-7BEE-48B7-A3BA-C519960ED1B7\OS Edition Upgrade event listener created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [504832 2025-02-14] (Microsoft Windows -> Microsoft Corporation)
Task: {4026F526-55CA-41AC-B97E-5A7B935FD7E2} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\B9CF9DFA-7BEE-48B7-A3BA-C519960ED1B7\Passport for Work alert created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [504832 2025-02-14] (Microsoft Windows -> Microsoft Corporation)
Task: {4342991E-47F7-4648-B4A2-6EE6046802E4} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\B9CF9DFA-7BEE-48B7-A3BA-C519960ED1B7\Provisioning initiated session => C:\WINDOWS\system32\deviceenroller.exe [504832 2025-02-14] (Microsoft Windows -> Microsoft Corporation)
Task: {EEBA52D9-DA69-4AA7-8C9D-237EA6645A6B} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\B9CF9DFA-7BEE-48B7-A3BA-C519960ED1B7\PushUpgrade => C:\WINDOWS\system32\deviceenroller.exe [504832 2025-02-14] (Microsoft Windows -> Microsoft Corporation)
Task: {1489B21A-B62D-48AC-9980-B0E49617AFC3} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\B9CF9DFA-7BEE-48B7-A3BA-C519960ED1B7\Schedule #1 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [504832 2025-02-14] (Microsoft Windows -> Microsoft Corporation)
Task: {7DED8EA8-9BDA-49BA-B43E-FFFB16554581} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\B9CF9DFA-7BEE-48B7-A3BA-C519960ED1B7\Schedule #2 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [504832 2025-02-14] (Microsoft Windows -> Microsoft Corporation)
Task: {33B42CDC-1B68-4128-AB28-E16291B7C999} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\B9CF9DFA-7BEE-48B7-A3BA-C519960ED1B7\Schedule #3 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [504832 2025-02-14] (Microsoft Windows -> Microsoft Corporation)
Task: {25C506D6-82AA-4B21-8D0E-0325347CE7E5} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\B9CF9DFA-7BEE-48B7-A3BA-C519960ED1B7\Schedule created by enrollment client for renewal of certificate warning => C:\WINDOWS\system32\deviceenroller.exe [504832 2025-02-14] (Microsoft Windows -> Microsoft Corporation)
Task: {C744FAFD-CF2A-4348-9FFC-32E4083F7095} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\B9CF9DFA-7BEE-48B7-A3BA-C519960ED1B7\Schedule to run OMADMClient by client => C:\WINDOWS\system32\omadmclient.exe [498176 2024-12-12] (Microsoft Windows -> Microsoft Corporation)
Task: {AAEEFEE8-9C2A-43B3-821E-AED7100E791E} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\B9CF9DFA-7BEE-48B7-A3BA-C519960ED1B7\Schedule to run OMADMClient by server => C:\WINDOWS\system32\omadmclient.exe [498176 2024-12-12] (Microsoft Windows -> Microsoft Corporation)
Task: {EFE84708-328D-4B40-96F9-6C242103674F} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\B9CF9DFA-7BEE-48B7-A3BA-C519960ED1B7\Win10 S Mode event listener created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [504832 2025-02-14] (Microsoft Windows -> Microsoft Corporation)
Task: {EC19D5CB-492E-4E1F-A01B-F428D283525F} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch (No File)
Task: {6D54230C-7B80-4805-976E-24865BB7D127} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (No File)
Task: {0D4EF373-C1D7-4E24-8A26-71E4DD1F497D} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (No File)
Task: {C59C4DFC-37FD-40E3-87CF-395DB7104183} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe /DRMInit (No File)
Task: {A9D53DF5-1629-41B1-8477-0F2A9C543D43} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (No File)
Task: {CC3B2B43-8146-4DA6-9DE4-DBD78AFA5E3F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate $(Arg0) (No File)
Task: {B9F04F4F-2ACC-4B14-860C-01F90FFF645E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15 (No File)
Task: {66A1AB22-1A9E-410D-9F63-7F3585B687C7} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask (No File)
Task: {D005DD46-29A2-45CC-ACA1-57448A628D2D} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask (No File)
Task: {0FED875F-A36C-4BE3-A816-087B25A5AC94} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate (No File)
Task: {2C4D4C54-7C0F-4007-AB21-DE2A054A18CA} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (No File)
Task: {D80EAA21-3F10-40DC-899C-9DB7AB73BECD} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery (No File)
Task: {E6D091AE-89DC-4B60-AAB6-4914C8BF2ADF} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (No File)
Task: {F647E6FF-14DB-4635-A1D8-98CDA930CA19} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (No File)
Task: {3D6360CC-017C-436B-8A9C-BF4F054CBBE0} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe -pscn 0 (No File)
Task: {072281CB-D26D-49E1-A9DD-9472C44123DB} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask (No File)
Task: {4B776637-E010-4A15-9F33-749F96D44947} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe -PvrSchedule (No File)
Task: {725B9AA1-968F-4980-9FA9-1CBB78D0901B} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec /RestartRecording (No File)
Task: {3EDA3836-8BF4-4DDE-ABCF-4E9310E2F95D} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (No File)
Task: {2AC68338-9FB4-416C-B814-A60AA3E3EAB6} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot (No File)
Task: {2798E341-2B5F-4ED8-97AD-0117964B1A83} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask (No File)
Task: {43709EA4-C3D5-4108-81D4-EDC76E9F34EC} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (No File)
Task: {32E57C35-7426-434E-BB9B-9987CC77CCE1} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40b4-8963-D3C761B18371}
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47c2-B62A-B7C4CED925CB}
Task: {F078423F-A4C7-458F-A4CF-F2CDA1AE42C8} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {C0270D74-0C40-4F6A-9806-6F7A02DC506C} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61}
Task: {A8AF81F8-C920-4911-B09B-7E1987E82B29} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1}
Task: {E26B16E6-C513-447E-A471-1B43A38E71E4} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {9A422F44-AADB-4D71-B611-60C40CCD4DF2} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1709048 2021-10-05] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {F5CA3A99-B43E-40E6-B409-A54E729EFF08} - System32\Tasks\SessionAgent => "C:\windows\sysde32.exe" (No File)
Task: {473FDB5B-1D33-419D-8D5E-6EC0690CD8D3} - System32\Tasks\SmartDefrag_Update => E:\PROGRAMY\Smart Defrag\AutoUpdate.exe /autorun (No File)
Task: {CA3CF478-BA76-421B-9566-88DEC1BC91AE} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [55288 2021-10-05] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {CBAE3F5A-51CD-4E0D-A943-086650853697} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [260600 2021-10-05] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => D:\PROGRAMY\CCleaner\CCleanerBugReport.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7721449B-54C2-4422-B45D-91B5D03753DA}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{7721449B-54C2-4422-B45D-91B5D03753DA}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{afd71ca2-ecfb-4431-aadf-451cdde4e920}: [DhcpNameServer] 192.168.43.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Paulie\AppData\Local\Microsoft\Edge\User Data\Default [2025-01-25]
Edge Extension: (Dokumenty Google offline) - C:\Users\Paulie\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-27]hxxps://clients2.google.com/service/update2/crx
Edge Extension: (Edge relevant text changes) - C:\Users\Paulie\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24]hxxps://edge.microsoft.com/extensionwebstorebase/v1/crx
FireFox:
========
FF HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\...\Firefox\Extensions: [KVAllmytube@KeepVid.com] - E:\PROGRAMY\Wondershare\Wondershare AllMyTube\BrowserPlugin\kvallmytube@keepvid.com_xpi
FF Extension: (KeepVid Pro) - E:\PROGRAMY\Wondershare\Wondershare AllMyTube\BrowserPlugin\kvallmytube@keepvid.com_xpi [2019-08-16] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_403.dll [2020-07-14] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> E:\PROGRAMY\JAVA\jre\bin\dtplugin\npDeployJava1.dll [2017-08-06] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> E:\PROGRAMY\JAVA\jre\bin\plugin2\npjp2.dll [2017-08-06] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2025-02-14] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_403.dll [2020-07-14] (Adobe Inc. -> )
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (Electronic Sports Network i Sverige AB -> ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB) [File not signed]
FF Plugin-x32: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2020-06-11] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2020-06-11] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.5.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.10 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Paulie\AppData\Local\Google\Chrome\User Data\Default [2025-03-19]
CHR Notifications: Default -> hxxps://meet.google.com; hxxps://www.facebook.com
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Paulie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2025-03-19]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Steam Inventory Helper) - C:\Users\Paulie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2024-06-27]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Tampermonkey) - C:\Users\Paulie\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2024-12-12]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Paulie\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2025-03-19]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (ARC Welder) - C:\Users\Paulie\AppData\Local\Google\Chrome\User Data\Default\Extensions\emfinbmielocnlhgmfkkmkngdoccbadn [2019-07-09]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Vzdálená plocha Chrome) - C:\Users\Paulie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2019-07-18]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Dokumenty Google offline) - C:\Users\Paulie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-02-22]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (AdBlock - nejlepší blokátor reklam) - C:\Users\Paulie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2025-03-17]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (App Runtime for Chrome (Beta)) - C:\Users\Paulie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfaihdlpglflfgpfjcifdjdjcckigekc [2019-07-09]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (SuperNova SWF Enabler) - C:\Users\Paulie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhmphnocemakkjdampibehejoaleebpo [2025-01-12]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Facebook Screen Sharing) - C:\Users\Paulie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncfpggehkhmjpdjpefomjchjafhmbnai [2019-11-23]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Paulie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]hxxps://clients2.google.com/service/update2/crx
CHR Profile: C:\Users\Paulie\AppData\Local\Google\Chrome\User Data\System Profile [2018-11-20]
CHR HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo]
CHR HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [174520 2024-12-18] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-07-14] (Adobe Inc. -> Adobe)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3966432 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [7498024 2025-02-12] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [805672 2025-02-12] (Avast Software s.r.o. -> Gen Digital Inc.)
R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [1257256 2025-02-12] (Avast Software s.r.o. -> Gen Digital Inc.)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [56912 2021-06-03] (Avast Software s.r.o. -> AVAST Software)
S3 battlenet_helpersvc; C:\ProgramData\Battle.net_components\battlenet_helpersvc\AgentHelper.exe [3318400 2025-01-30] (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [18663720 2024-10-07] (BattlEye Innovations e.K. -> )
S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\133.0.6943.7\remoting_host.exe [73312 2025-01-10] (Google LLC -> Google LLC)
R2 client_service; C:\Program Files (x86)\VMware\VMware Horizon View Client\ClientService\horizon_client_service.exe [532456 2017-09-27] (VMware, Inc. -> VMware, Inc.)
R2 DFWSIDService; C:\Program Files (x86)\Wondershare\dr.fone\WsidService.exe [1051136 2021-03-01] (wondershare) [File not signed]
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [805488 2020-12-11] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [964336 2025-02-11] (EasyAntiCheat Oy -> Epic Games, Inc.)
R2 ElevationService; C:\Program Files (x86)\Wondershare\dr.fone\Addins\Recovery\ElevationService.exe [913408 2021-01-20] () [File not signed]
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [368088 2025-02-11] (Epic Games Inc. -> Epic Games, Inc.)
R2 ftnlsv3hv; C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe [218528 2017-07-12] (FabulaTech -> )
R2 ftscanmgrhv; C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgrhv.exe [2949024 2017-06-15] (FabulaTech -> )
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [190784 2018-04-20] (Huawei Technologies Co., Ltd. -> ) [File not signed]
R2 Parsec; C:\Program Files\Parsec\pservice.exe [415872 2023-05-01] (Parsec Cloud, Inc. -> Parsec)
S3 Rockstar Service; D:\rockstar Launcher\RockstarService.exe [6913000 2025-02-11] (Rockstar Games, Inc. -> Rockstar Games)
R2 RvControlSvc; C:\Program Files (x86)\Radmin VPN\RvControlSvc.exe [1069584 2022-10-18] (Famatech Corp. -> Famatech Corp.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [559368 2024-11-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 vmwsprrdpwks; C:\Program Files (x86)\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe [276896 2017-06-15] (FabulaTech -> VMware)
S3 wampapache64; D:\wampserver\bin\apache\apache2.4.58\bin\httpd.exe [30720 2023-10-18] (Apache Software Foundation) [File not signed]
S3 wampmariadb64; D:\wampserver\bin\mariadb\mariadb11.2.2\bin\mysqld.exe [38824 2023-11-19] (MariaDB Corporation Ab -> )
S3 wampmysqld64; D:\wampserver\bin\mysql\mysql8.2.0\bin\mysqld.exe [54819400 2023-10-12] (Oracle America, Inc. -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe [2876152 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WifiAutoInstallSrv; C:\Program Files\Tenda\WifiAutoInstall\WifiAutoInstallSrv.exe [118720 2018-10-26] (Realtek Semiconductor Corp. -> Realtek)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe [128360 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 Wondershare InstallAssist; C:\ProgramData\Wondershare\Service\InstallAssistService.exe [262824 2021-04-13] (Wondershare Technology Co.,Ltd -> Wondershare)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 amdfendrmgr; C:\WINDOWS\System32\drivers\amdfendrmgr.sys [41376 2021-07-30] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 AMDSAFD; C:\WINDOWS\System32\DriverStore\FileRepository\amdsafd.inf_amd64_50fee1227e96ec14\amdsafd.sys [100792 2021-08-04] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R3 amdwddmg; C:\WINDOWS\System32\DriverStore\FileRepository\u0376209.inf_amd64_b3bdffadea4def3f\B374968\amdkmdag.sys [80540576 2022-01-28] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [65168 2021-08-17] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [20536 2025-02-12] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [235064 2025-02-12] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [384080 2025-02-12] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [295992 2025-02-12] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [84536 2025-02-12] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [28280 2024-11-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Gen Digital Inc.)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [28728 2025-02-12] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [276536 2025-02-12] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [553016 2025-02-12] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
S3 aswNetNd6; C:\WINDOWS\system32\DRIVERS\aswNetNd6.sys [38152 2020-04-21] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [98360 2025-02-12] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [69712 2025-02-12] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [956472 2025-02-12] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [1425976 2025-02-12] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R3 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [206904 2025-02-12] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [383032 2025-02-12] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2020-09-19] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 EraserUtilDrv11510; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11510.sys [153936 2016-06-06] (Symantec Corporation -> Symantec Corporation)
S3 EraserUtilDrv11521; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11521.sys [156912 2016-06-06] (Symantec Corporation -> Symantec Corporation)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2018-04-20] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 libusbK; C:\WINDOWS\System32\drivers\libusbK.sys [47200 2020-11-30] (Travis Lee Robinson -> hxxp://libusb-win32.sourceforge.net)
R3 parsecvusba; C:\WINDOWS\System32\drivers\parsecvusba.sys [256560 2023-04-05] (Microsoft Windows Hardware Compatibility Publisher -> Parsec)
R3 RTL8023x64; C:\WINDOWS\System32\drivers\Rtnic64.sys [51712 2019-12-07] (Microsoft Windows -> Realtek Semiconductor Corporation)
R3 RvNetMP60; C:\WINDOWS\System32\drivers\RvNetMP60.sys [58288 2022-10-18] (Microsoft Windows Hardware Compatibility Publisher -> Famatech Corp.)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
S2 SecDrv; C:\WINDOWS\SysWOW64\drivers\SECDRV.SYS [28400 2024-05-03] () [File not signed]
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2016-06-04] (Symantec Corporation -> Symantec Corporation)
R1 VBoxNetAdp; C:\WINDOWS\System32\DRIVERS\VBoxNetAdp6.sys [119712 2016-06-28] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [192864 2016-06-28] (Oracle Corporation -> Oracle Corporation)
R3 VCSVADHWSer; C:\WINDOWS\System32\drivers\vcsvad.sys [21504 2008-12-26] (AVnex Ltd. -> Avnex)
S3 ViGEmBus; C:\WINDOWS\System32\drivers\ViGEmBus.sys [69168 2020-01-10] (Microsoft Windows Hardware Compatibility Publisher -> Benjamin Höglinger-Stelzer)
S3 VOICEMOD_Driver; C:\WINDOWS\system32\drivers\mvvad.sys [48144 2022-07-26] (Voicemod Sociedad Limitada -> Windows (R) Win 7 DDK provider)
S3 vpnva; C:\WINDOWS\System32\drivers\vpnva64-6.sys [74048 2020-10-16] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2021-12-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [435432 2021-12-16] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86248 2021-12-16] (Microsoft Windows -> Microsoft Corporation)
S2 AODDriver4.3.0; \??\C:\Program Files\AMD\Performance Profile Client\amd64\AODDriver2.sys [X]
U3 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
Error Reading file: "C:\Users\Paulie\fish-fillets.exe"
2025-03-19 18:21 - 2025-03-19 18:22 - 000043956 _____ C:\Users\Paulie\Desktop\FRST.txt
2025-03-19 18:17 - 2025-03-19 18:18 - 002404352 _____ (Farbar) C:\Users\Paulie\Desktop\FRST64.exe
2025-03-18 20:56 - 2025-03-18 20:56 - 000000000 ___HD C:\$WinREAgent
2025-03-10 12:39 - 2025-03-10 12:39 - 019353172 _____ C:\Users\Paulie\Desktop\pracovní smlouva automotive services.zip
2025-03-10 12:39 - 2025-03-10 12:39 - 000000000 ____D C:\Users\Paulie\Desktop\pracovní smlouva automotive services
2025-03-09 06:03 - 2025-03-09 06:03 - 000000239 _____ C:\Users\Paulie\Desktop\co kupit.txt
2025-02-26 13:47 - 2025-02-26 13:47 - 000000000 ____D C:\Users\Paulie\AppData\LocalLow\Casus Ludi
2025-02-26 13:42 - 2025-02-26 13:42 - 000000509 _____ C:\Users\Public\Desktop\Blanc.lnk
2025-02-26 13:34 - 2025-02-26 13:34 - 000004269 _____ C:\Users\Paulie\Downloads\Blanc [FitGirl Repack].torrent
2025-02-23 19:43 - 2025-02-23 19:43 - 000063787 _____ C:\Users\Paulie\Downloads\priloha_1468413072_0_PP2500017559.pdf
2025-02-23 19:43 - 2025-02-23 19:43 - 000021056 _____ C:\Users\Paulie\Downloads\priloha_1477166164_0_zprava.html
2025-02-23 19:39 - 2025-02-23 19:39 - 000034706 _____ C:\Users\Paulie\Downloads\priloha_1467151482_1_VZP_OSVČ_dopis_2025.pdf
2025-02-23 19:37 - 2025-02-23 19:37 - 000159179 _____ C:\Users\Paulie\Downloads\priloha_1467151482_0_p720611331.pdf
2025-02-23 19:36 - 2025-02-23 19:36 - 000021058 _____ C:\Users\Paulie\Downloads\priloha_1466088747_0_zprava.html
2025-02-23 19:34 - 2025-02-23 19:34 - 000374160 _____ C:\Users\Paulie\Downloads\priloha_1457285627_0_Zmeny_v_oblasti_pojistneho_na_socialni_zabezpeceni_OSVC_od_1._1._2025.pdf
2025-02-23 19:33 - 2025-02-23 19:33 - 000157729 _____ C:\Users\Paulie\Downloads\priloha_1451110804_0_RZP-310008-2024-814228.pdf
2025-02-23 19:32 - 2025-02-23 19:32 - 000011134 _____ C:\Users\Paulie\Downloads\priloha_1450757129_0_Odpoved_na_DZ_1450733745.html
2025-02-23 19:31 - 2025-02-23 19:31 - 000011119 _____ C:\Users\Paulie\Downloads\priloha_1450755561_0_Odpoved_na_DZ_1450728438.html
2025-02-23 19:30 - 2025-02-23 19:30 - 000052436 _____ C:\Users\Paulie\Downloads\priloha_1450737888_0_Jirgal-potvrzeni.pdf
2025-02-17 11:43 - 2025-02-17 11:43 - 005098520 _____ (Husdawg, LLC) C:\Users\Paulie\Desktop\Detection (0os).exe
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-03-19 18:24 - 2020-09-15 17:02 - 000000000 ____D C:\Users\Paulie\AppData\Local\D3DSCache
2025-03-19 18:22 - 2020-03-11 17:55 - 000000000 ____D C:\FRST
2025-03-19 18:21 - 2022-03-16 18:03 - 000000095 _____ C:\Users\Paulie\.accessibility.properties
2025-03-19 18:21 - 2020-09-15 16:42 - 000000000 ____D C:\Users\Paulie
2025-03-19 17:56 - 2020-09-15 16:39 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2025-03-19 17:04 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-03-19 14:23 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2025-03-19 14:23 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2025-03-19 14:18 - 2020-09-15 16:41 - 001885460 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2025-03-19 14:18 - 2019-12-07 15:43 - 000779862 _____ C:\WINDOWS\system32\perfh005.dat
2025-03-19 14:18 - 2019-12-07 15:43 - 000177848 _____ C:\WINDOWS\system32\perfc005.dat
2025-03-19 14:18 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2025-03-19 14:15 - 2021-12-15 04:49 - 000000000 ____D C:\WINDOWS\SystemTemp
2025-03-19 14:14 - 2020-09-15 16:46 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2025-03-18 20:59 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2025-03-18 20:57 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2025-03-18 00:57 - 2023-10-18 02:08 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-03-18 00:57 - 2023-10-18 02:08 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2025-03-18 00:23 - 2023-10-18 02:08 - 000003568 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2025-03-18 00:23 - 2023-10-18 02:08 - 000003344 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2025-03-18 00:23 - 2021-09-22 07:57 - 000002246 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - Paulie
2025-03-18 00:23 - 2020-09-15 16:46 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2025-03-18 00:23 - 2020-09-15 16:46 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software
2025-03-18 00:16 - 2017-05-02 10:28 - 000000000 ____D C:\ProgramData\AVAST Software
2025-03-18 00:15 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2025-03-18 00:15 - 2017-02-14 14:46 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2025-03-17 22:32 - 2020-06-16 13:39 - 000000000 ____D C:\Users\Paulie\AppData\Roaming\vlc
2025-03-11 23:15 - 2020-09-15 16:56 - 000000000 ____D C:\Users\Paulie\AppData\Local\Packages
2025-03-11 23:15 - 2020-09-15 16:56 - 000000000 ____D C:\ProgramData\Packages
2025-03-11 20:00 - 2016-06-05 00:00 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2025-03-11 20:00 - 2016-06-05 00:00 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2025-02-28 08:46 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2025-02-28 07:42 - 2016-06-06 10:03 - 000000000 ____D C:\Users\Paulie\AppData\Roaming\uTorrent
2025-02-27 21:52 - 2016-06-05 01:02 - 000000000 ____D C:\Users\Paulie\AppData\Local\ElevatedDiagnostics
2025-02-26 13:52 - 2020-06-10 23:43 - 000000000 ____D C:\Users\Paulie\AppData\Roaming\Goldberg SteamEmu Saves
2025-02-26 13:47 - 2016-07-12 08:42 - 000000000 ____D C:\Users\Paulie\Documents\My Games
2025-02-26 13:39 - 2019-04-15 16:08 - 000000000 ____D C:\Users\Paulie\AppData\Local\BitTorrentHelper
2025-02-21 18:05 - 2020-09-17 21:58 - 000000000 ____D C:\WINDOWS\Minidump
2025-02-19 11:23 - 2022-10-12 13:18 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2025-02-19 11:23 - 2022-10-12 13:18 - 000002061 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2025-02-17 18:00 - 2024-11-13 02:06 - 000055064 _____ (Gen Digital Inc.) C:\WINDOWS\system32\icarus_rvrt.exe
==================== Files in the root of some directories ========
2022-12-10 17:40 - 2022-12-10 18:34 - 000001327 _____ () C:\Users\Paulie\AppData\Roaming\CascView.ini
2021-08-04 16:03 - 2023-09-22 15:36 - 003354624 _____ () C:\Users\Paulie\AppData\Roaming\emp.bin
2022-10-11 15:51 - 2022-10-11 15:51 - 000000044 _____ () C:\Users\Paulie\AppData\Roaming\twow_sysprepdt.dat
2020-03-24 22:55 - 2020-07-23 10:32 - 000000025 ____H () C:\Users\Paulie\AppData\Roaming\uninst48.log
2018-11-23 14:46 - 2018-11-23 14:46 - 000000000 _____ () C:\Users\Paulie\AppData\Local\oobelibMkey.log
2019-04-10 12:57 - 2019-04-10 12:57 - 000000017 _____ () C:\Users\Paulie\AppData\Local\resmon.resmoncfg
2020-03-24 22:55 - 2020-07-23 10:32 - 000000025 ____H () C:\Users\Paulie\AppData\Local\uninst37.log
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Podezření na zavirovaný PC
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119309
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Podezření na zavirovaný PC
Zdravím!
Spusřtte tuto utilitu:
Spusřtte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/
ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Podezření na zavirovaný PC
Posílám log :
# -------------------------------
# Malwarebytes AdwCleaner 8.5.0.595
# -------------------------------
# Build: 03-05-2025
# Database: 2024-10-23.4 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 03-19-2025
# Duration: 00:00:01
# OS: Windows 10 (Build 19045.5487)
# Cleaned: 2
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\ProgramData\BSD\DriverHive
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKLM\Software\Wow6432Node\BSD
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [2004 octets] - [18/11/2018 01:46:08]
AdwCleaner[C00].txt - [2004 octets] - [18/11/2018 01:46:27]
AdwCleaner[S01].txt - [1386 octets] - [18/11/2018 01:55:48]
AdwCleaner[C01].txt - [1552 octets] - [18/11/2018 01:55:56]
AdwCleaner[S02].txt - [1806 octets] - [16/05/2019 18:39:15]
AdwCleaner[C02].txt - [1858 octets] - [16/05/2019 18:39:28]
AdwCleaner[S03].txt - [1640 octets] - [19/06/2019 13:30:55]
AdwCleaner[C03].txt - [1806 octets] - [19/06/2019 13:31:04]
AdwCleaner[S04].txt - [2253 octets] - [11/03/2020 17:52:16]
AdwCleaner[C04].txt - [2427 octets] - [11/03/2020 17:53:15]
AdwCleaner[S05].txt - [2075 octets] - [30/03/2020 16:02:10]
AdwCleaner[C05].txt - [2245 octets] - [30/03/2020 16:02:19]
AdwCleaner[S06].txt - [2041 octets] - [08/10/2020 18:01:08]
AdwCleaner[C06].txt - [2207 octets] - [08/10/2020 18:01:18]
AdwCleaner[S07].txt - [2120 octets] - [30/09/2021 11:40:12]
AdwCleaner[C07].txt - [2286 octets] - [30/09/2021 11:40:23]
AdwCleaner[S08].txt - [2283 octets] - [22/02/2022 13:29:40]
AdwCleaner[C08].txt - [2449 octets] - [22/02/2022 13:29:53]
AdwCleaner[S09].txt - [2503 octets] - [01/09/2022 21:41:52]
AdwCleaner[S10].txt - [2640 octets] - [19/03/2025 21:37:05]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C10].txt ##########
# -------------------------------
# Malwarebytes AdwCleaner 8.5.0.595
# -------------------------------
# Build: 03-05-2025
# Database: 2024-10-23.4 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 03-19-2025
# Duration: 00:00:01
# OS: Windows 10 (Build 19045.5487)
# Cleaned: 2
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\ProgramData\BSD\DriverHive
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKLM\Software\Wow6432Node\BSD
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [2004 octets] - [18/11/2018 01:46:08]
AdwCleaner[C00].txt - [2004 octets] - [18/11/2018 01:46:27]
AdwCleaner[S01].txt - [1386 octets] - [18/11/2018 01:55:48]
AdwCleaner[C01].txt - [1552 octets] - [18/11/2018 01:55:56]
AdwCleaner[S02].txt - [1806 octets] - [16/05/2019 18:39:15]
AdwCleaner[C02].txt - [1858 octets] - [16/05/2019 18:39:28]
AdwCleaner[S03].txt - [1640 octets] - [19/06/2019 13:30:55]
AdwCleaner[C03].txt - [1806 octets] - [19/06/2019 13:31:04]
AdwCleaner[S04].txt - [2253 octets] - [11/03/2020 17:52:16]
AdwCleaner[C04].txt - [2427 octets] - [11/03/2020 17:53:15]
AdwCleaner[S05].txt - [2075 octets] - [30/03/2020 16:02:10]
AdwCleaner[C05].txt - [2245 octets] - [30/03/2020 16:02:19]
AdwCleaner[S06].txt - [2041 octets] - [08/10/2020 18:01:08]
AdwCleaner[C06].txt - [2207 octets] - [08/10/2020 18:01:18]
AdwCleaner[S07].txt - [2120 octets] - [30/09/2021 11:40:12]
AdwCleaner[C07].txt - [2286 octets] - [30/09/2021 11:40:23]
AdwCleaner[S08].txt - [2283 octets] - [22/02/2022 13:29:40]
AdwCleaner[C08].txt - [2449 octets] - [22/02/2022 13:29:53]
AdwCleaner[S09].txt - [2503 octets] - [01/09/2022 21:41:52]
AdwCleaner[S10].txt - [2640 octets] - [19/03/2025 21:37:05]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C10].txt ##########
-
Rudy
- Site Admin
- Příspěvky: 119309
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Podezření na zavirovaný PC
Něco tam bylo. Terď dejte nové logy FRST+Addition.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Podezření na zavirovaný PC
Děkuji, posílám FRST a
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-03-2025
Ran by Paulie (administrator) on PAULIE-PC (20-03-2025 16:49:35)
Running from C:\Users\Paulie\Desktop\FRST64.exe
Loaded Profiles: Paulie
Platform: Microsoft Windows 10 Pro Version 22H2 19045.5487 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\AVAST Software\Avast\AvastUI.exe <3>
(C:\Program Files\AVAST Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(services.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(services.exe ->) (FabulaTech -> ) C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgrhv.exe
(services.exe ->) (FabulaTech -> ) C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(spoolsv.exe ->) (CANON INC. -> CANON INC.) C:\Windows\System32\CNAB4RPD.EXE
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [455976 2025-02-12] (Avast Software s.r.o. -> Gen Digital Inc.)
HKLM\...\Run: [VMware Netlink 3 HV Install Utility] => C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnliu.exe [75680 2017-07-12] (FabulaTech -> )
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3571168 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7200984 2013-10-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-12-16] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1669368 2020-10-16] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM-x32\...\Run: [RadminVPN] => C:\Program Files (x86)\Radmin VPN\RvRvpnGui.exe [2131984 2022-10-18] (Famatech Corp. -> Famatech Corp.)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SYSTEM\...\Terminal Server: [fDenyTSConnections] = 0 <==== ATTENTION
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\...\Run: [CCleaner Smart Cleaning] => D:\PROGRAMY\CCleaner\CCleaner64.exe [42727840 2023-10-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\...\Run: [Steam] => E:\PROGRAMY\Steam\steam.exe [4693088 2025-03-11] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\...\Run: [Discord] => C:\Users\Paulie\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Paulie\AppData\Local\Microsoft\Teams\Update.exe [2588520 2023-07-22] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\...\Run: [FACEIT] => C:\Users\Paulie\AppData\Local\FACEITApp\update.exe [2204984 2021-02-04] (FACE IT LIMITED -> )
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\...\Run: [Parsec.App.0] => C:\Program Files\Parsec\parsecd.exe [461440 2023-05-01] (Parsec Cloud, Inc. -> Parsec)
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\...\Run: [Bloody2] => C:\Program Files (x86)\Bloody7\Bloody7\Bloody7.exe [22282640 2024-01-31] (A FOUR TECH CO., LTD. -> )
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\...\MountPoints2: F - "F:\Setup.exe"
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\...\MountPoints2: H - "H:\setup.exe"
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\...\MountPoints2: {d6549c64-734e-11ea-9f72-b137a34b7c85} - "F:\HiSuiteDownLoader.exe"
HKLM\...\Print\Monitors\CNAB4 Monitor: C:\WINDOWS\system32\CNAB4LMD.DLL [58880 2012-10-09] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\...\AppCompatFlags\Custom\Heroes3.exe: [{1d3c859c-1028-4822-b0a7-da4f7bbc18bc}.sdb] -> GOG.com Heroes of Might and Magic 3
HKLM\Software\...\AppCompatFlags\InstalledSDB\{1d3c859c-1028-4822-b0a7-da4f7bbc18bc}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{1d3c859c-1028-4822-b0a7-da4f7bbc18bc}.sdb [2012-11-28]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\134.0.6998.36\Installer\chrmstp.exe [2025-03-11] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Canon LBP2900 Status Window.lnk [2023-05-10]
ShortcutTarget: Canon LBP2900 Status Window.lnk -> C:\Windows\System32\spool\drivers\x64\3\CNAB4LAD.EXE (CANON INC. -> CANON INC.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\update.bat [2019-12-24] () [File not signed] <==== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WSAndroidAppHelper.lnk [2021-05-08]
ShortcutTarget: WSAndroidAppHelper.lnk -> C:\Program Files (x86)\Wondershare\dr.fone\Addins\SocialApps\WSAndroidAppHelper.exe (Wondershare Technology Co.,Ltd -> Microsoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WSAppHelper.lnk [2021-05-08]
ShortcutTarget: WSAppHelper.lnk -> C:\Program Files (x86)\Wondershare\dr.fone\Addins\SocialApps\WSAppHelper.exe (Wondershare Technology Co.,Ltd -> Microsoft)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {2B66B829-CC76-405D-A63A-51499A13A282} - System32\Tasks\{38585E9B-6B1E-4432-8614-096A60AAA340} => E:\HRY\Warcraft II BNE\Warcraft II BNE.exe (No File)
Task: {021DB23C-4AAE-4DDD-84B8-1297368A8526} - System32\Tasks\{E0B8B670-75E5-4C13-A77B-85A9C058ECD4} => C:\Windows\System32\pcalua.exe [91136 2025-02-14] (Microsoft Windows -> Microsoft Corporation) -> -a D:\DOWNLOADS\FreeRapid-0.9u4\FreeRapid-0.9u4\frd.exe -d D:\DOWNLOADS\FreeRapid-0.9u4\FreeRapid-0.9u4
Task: {4F7AB8B5-413B-4625-B120-5D6231BBBA28} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1580992 2024-12-18] (Adobe Inc. -> Adobe Inc.)
Task: {7F2D03D9-3AF7-4FC2-AFB8-C0150B98E729} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_403_Plugin.exe [1475640 2020-07-14] (Adobe Inc. -> Adobe)
Task: {8AA7E1DE-F8AA-47F9-B9D8-6F351FCE46A5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-07-14] (Adobe Inc. -> Adobe)
Task: {25BDBC5C-7AA7-4F3E-8309-E51C3333F37B} - System32\Tasks\AdobeAAMUpdater-1.0-Paulie-PC-Paulie => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {CCCA215C-C3DA-4F05-A9CF-B30BF7A7278E} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3571168 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {6621C5DC-35F8-4FA2-8F9D-28751CE561F4} - System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3807712 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {ACD446C9-94BD-46D8-A5A2-2A795441CA40} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1709048 2021-10-05] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {20515FF8-722B-4EFE-989E-173EE2DBB0A2} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1709048 2021-10-05] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {CD6FEFED-FBD1-45A9-B594-A82B364536E1} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe (No File)
Task: {8AC8F324-81BB-4F90-871C-3C206C51E3A0} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [32768 2009-03-30] () [File not signed]
Task: {37301BC7-8A04-4461-A062-8FFA29EEB782} - System32\Tasks\Avast Software\Avast Antivirus Patcher => C:\Program Files\Common Files\Avast Software\Icarus\avast-av\icarus.exe [8432936 2025-01-24] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {61BC50F0-D968-4F85-A0CE-1A227CD1C070} - System32\Tasks\Avast Software\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [5278504 2025-02-12] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {89E39149-D29B-402D-9637-BE3BE53C2BAD} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe -> C:\Program Files\Common Files\AV\avast! Antivirus\/backup /iavs
Task: {B9A65AF9-D1AC-49AE-994C-8F6A6803F26D} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2564904 2024-11-20] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {A914A185-A749-4C56-985B-A35C257BD191} - System32\Tasks\Avast TUNEUP Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe (No File)
Task: {C40C081C-CA65-4F1B-A81D-8CCC492AEF5E} - System32\Tasks\CCleaner Update => D:\PROGRAMY\CCleaner\CCUpdate.exe [714256 2023-10-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {95BF1C8C-37FA-492E-84D9-4E2C3FFFD3A2} - System32\Tasks\CCleanerCrashReporting => D:\PROGRAMY\CCleaner\CCleanerBugReport.exe [4703648 2023-10-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "D:\PROGRAMY\CCleaner\LOG" --programpath "D:\PROGRAMY\CCleaner" --configpath "D:\PROGRAMY\CCleaner\Setup" --guid "a138c520-f119-4d07-9395-43195f217799" --version "6.17.10746" --silent
Task: {1E7B86F5-BE33-475C-AA97-D0D64FABBB81} - System32\Tasks\CCleanerSkipUAC - Paulie => D:\PROGRAMY\CCleaner\CCleaner.exe [35664800 2023-10-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {60004209-B04C-4109-B3CC-DE19653FFEFC} - System32\Tasks\CMEClient => "E:\HRY\ChallengeMe.GG Client pro CSGO\ChallengeMeClient.exe" (No File)
Task: {EE43EF3C-8B7A-46A9-8B47-03F3762F29B6} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem135.0.7023.0{24E994BF-01EF-4F47-A266-00375E6B1332} => C:\Program Files (x86)\Google\GoogleUpdater\135.0.7023.0\updater.exe [5745760 2025-02-19] (Google LLC -> Google LLC)
Task: {8733AE6D-DFCA-447D-8DB5-D74E7A0C9A06} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\B9CF9DFA-7BEE-48B7-A3BA-C519960ED1B7\OS Edition Upgrade event listener created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [504832 2025-02-14] (Microsoft Windows -> Microsoft Corporation)
Task: {4026F526-55CA-41AC-B97E-5A7B935FD7E2} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\B9CF9DFA-7BEE-48B7-A3BA-C519960ED1B7\Passport for Work alert created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [504832 2025-02-14] (Microsoft Windows -> Microsoft Corporation)
Task: {4342991E-47F7-4648-B4A2-6EE6046802E4} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\B9CF9DFA-7BEE-48B7-A3BA-C519960ED1B7\Provisioning initiated session => C:\WINDOWS\system32\deviceenroller.exe [504832 2025-02-14] (Microsoft Windows -> Microsoft Corporation)
Task: {EEBA52D9-DA69-4AA7-8C9D-237EA6645A6B} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\B9CF9DFA-7BEE-48B7-A3BA-C519960ED1B7\PushUpgrade => C:\WINDOWS\system32\deviceenroller.exe [504832 2025-02-14] (Microsoft Windows -> Microsoft Corporation)
Task: {1489B21A-B62D-48AC-9980-B0E49617AFC3} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\B9CF9DFA-7BEE-48B7-A3BA-C519960ED1B7\Schedule #1 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [504832 2025-02-14] (Microsoft Windows -> Microsoft Corporation)
Task: {7DED8EA8-9BDA-49BA-B43E-FFFB16554581} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\B9CF9DFA-7BEE-48B7-A3BA-C519960ED1B7\Schedule #2 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [504832 2025-02-14] (Microsoft Windows -> Microsoft Corporation)
Task: {33B42CDC-1B68-4128-AB28-E16291B7C999} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\B9CF9DFA-7BEE-48B7-A3BA-C519960ED1B7\Schedule #3 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [504832 2025-02-14] (Microsoft Windows -> Microsoft Corporation)
Task: {25C506D6-82AA-4B21-8D0E-0325347CE7E5} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\B9CF9DFA-7BEE-48B7-A3BA-C519960ED1B7\Schedule created by enrollment client for renewal of certificate warning => C:\WINDOWS\system32\deviceenroller.exe [504832 2025-02-14] (Microsoft Windows -> Microsoft Corporation)
Task: {C744FAFD-CF2A-4348-9FFC-32E4083F7095} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\B9CF9DFA-7BEE-48B7-A3BA-C519960ED1B7\Schedule to run OMADMClient by client => C:\WINDOWS\system32\omadmclient.exe [498176 2024-12-12] (Microsoft Windows -> Microsoft Corporation)
Task: {AAEEFEE8-9C2A-43B3-821E-AED7100E791E} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\B9CF9DFA-7BEE-48B7-A3BA-C519960ED1B7\Schedule to run OMADMClient by server => C:\WINDOWS\system32\omadmclient.exe [498176 2024-12-12] (Microsoft Windows -> Microsoft Corporation)
Task: {EFE84708-328D-4B40-96F9-6C242103674F} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\B9CF9DFA-7BEE-48B7-A3BA-C519960ED1B7\Win10 S Mode event listener created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [504832 2025-02-14] (Microsoft Windows -> Microsoft Corporation)
Task: {EC19D5CB-492E-4E1F-A01B-F428D283525F} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch (No File)
Task: {6D54230C-7B80-4805-976E-24865BB7D127} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (No File)
Task: {0D4EF373-C1D7-4E24-8A26-71E4DD1F497D} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (No File)
Task: {C59C4DFC-37FD-40E3-87CF-395DB7104183} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe /DRMInit (No File)
Task: {A9D53DF5-1629-41B1-8477-0F2A9C543D43} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (No File)
Task: {CC3B2B43-8146-4DA6-9DE4-DBD78AFA5E3F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate $(Arg0) (No File)
Task: {B9F04F4F-2ACC-4B14-860C-01F90FFF645E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15 (No File)
Task: {66A1AB22-1A9E-410D-9F63-7F3585B687C7} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask (No File)
Task: {D005DD46-29A2-45CC-ACA1-57448A628D2D} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask (No File)
Task: {0FED875F-A36C-4BE3-A816-087B25A5AC94} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate (No File)
Task: {2C4D4C54-7C0F-4007-AB21-DE2A054A18CA} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (No File)
Task: {D80EAA21-3F10-40DC-899C-9DB7AB73BECD} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery (No File)
Task: {E6D091AE-89DC-4B60-AAB6-4914C8BF2ADF} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (No File)
Task: {F647E6FF-14DB-4635-A1D8-98CDA930CA19} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (No File)
Task: {3D6360CC-017C-436B-8A9C-BF4F054CBBE0} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe -pscn 0 (No File)
Task: {072281CB-D26D-49E1-A9DD-9472C44123DB} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask (No File)
Task: {4B776637-E010-4A15-9F33-749F96D44947} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe -PvrSchedule (No File)
Task: {725B9AA1-968F-4980-9FA9-1CBB78D0901B} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec /RestartRecording (No File)
Task: {3EDA3836-8BF4-4DDE-ABCF-4E9310E2F95D} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (No File)
Task: {2AC68338-9FB4-416C-B814-A60AA3E3EAB6} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot (No File)
Task: {2798E341-2B5F-4ED8-97AD-0117964B1A83} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask (No File)
Task: {43709EA4-C3D5-4108-81D4-EDC76E9F34EC} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (No File)
Task: {32E57C35-7426-434E-BB9B-9987CC77CCE1} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40b4-8963-D3C761B18371}
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47c2-B62A-B7C4CED925CB}
Task: {F078423F-A4C7-458F-A4CF-F2CDA1AE42C8} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {C0270D74-0C40-4F6A-9806-6F7A02DC506C} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61}
Task: {A8AF81F8-C920-4911-B09B-7E1987E82B29} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1}
Task: {E26B16E6-C513-447E-A471-1B43A38E71E4} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {9A422F44-AADB-4D71-B611-60C40CCD4DF2} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1709048 2021-10-05] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {F5CA3A99-B43E-40E6-B409-A54E729EFF08} - System32\Tasks\SessionAgent => "C:\windows\sysde32.exe" (No File)
Task: {473FDB5B-1D33-419D-8D5E-6EC0690CD8D3} - System32\Tasks\SmartDefrag_Update => E:\PROGRAMY\Smart Defrag\AutoUpdate.exe /autorun (No File)
Task: {CA3CF478-BA76-421B-9566-88DEC1BC91AE} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [55288 2021-10-05] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {CBAE3F5A-51CD-4E0D-A943-086650853697} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [260600 2021-10-05] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => D:\PROGRAMY\CCleaner\CCleanerBugReport.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7721449B-54C2-4422-B45D-91B5D03753DA}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{7721449B-54C2-4422-B45D-91B5D03753DA}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{afd71ca2-ecfb-4431-aadf-451cdde4e920}: [DhcpNameServer] 192.168.43.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Paulie\AppData\Local\Microsoft\Edge\User Data\Default [2025-01-25]
Edge Extension: (Dokumenty Google offline) - C:\Users\Paulie\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-27]hxxps://clients2.google.com/service/update2/crx
Edge Extension: (Edge relevant text changes) - C:\Users\Paulie\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24]hxxps://edge.microsoft.com/extensionwebstorebase/v1/crx
FireFox:
========
FF HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\...\Firefox\Extensions: [KVAllmytube@KeepVid.com] - E:\PROGRAMY\Wondershare\Wondershare AllMyTube\BrowserPlugin\kvallmytube@keepvid.com_xpi
FF Extension: (KeepVid Pro) - E:\PROGRAMY\Wondershare\Wondershare AllMyTube\BrowserPlugin\kvallmytube@keepvid.com_xpi [2019-08-16] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_403.dll [2020-07-14] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> E:\PROGRAMY\JAVA\jre\bin\dtplugin\npDeployJava1.dll [2017-08-06] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> E:\PROGRAMY\JAVA\jre\bin\plugin2\npjp2.dll [2017-08-06] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2025-02-14] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_403.dll [2020-07-14] (Adobe Inc. -> )
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (Electronic Sports Network i Sverige AB -> ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB) [File not signed]
FF Plugin-x32: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2020-06-11] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2020-06-11] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.5.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.10 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Paulie\AppData\Local\Google\Chrome\User Data\Default [2025-03-20]
CHR Notifications: Default -> hxxps://meet.google.com; hxxps://www.facebook.com
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Paulie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2025-03-19]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Steam Inventory Helper) - C:\Users\Paulie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2024-06-27]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Tampermonkey) - C:\Users\Paulie\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2024-12-12]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Paulie\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2025-03-19]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (ARC Welder) - C:\Users\Paulie\AppData\Local\Google\Chrome\User Data\Default\Extensions\emfinbmielocnlhgmfkkmkngdoccbadn [2019-07-09]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Vzdálená plocha Chrome) - C:\Users\Paulie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2019-07-18]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Dokumenty Google offline) - C:\Users\Paulie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-02-22]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (AdBlock - nejlepší blokátor reklam) - C:\Users\Paulie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2025-03-19]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (App Runtime for Chrome (Beta)) - C:\Users\Paulie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfaihdlpglflfgpfjcifdjdjcckigekc [2019-07-09]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (SuperNova SWF Enabler) - C:\Users\Paulie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhmphnocemakkjdampibehejoaleebpo [2025-01-12]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Facebook Screen Sharing) - C:\Users\Paulie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncfpggehkhmjpdjpefomjchjafhmbnai [2019-11-23]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Paulie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]hxxps://clients2.google.com/service/update2/crx
CHR Profile: C:\Users\Paulie\AppData\Local\Google\Chrome\User Data\System Profile [2018-11-20]
CHR HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo]
CHR HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [174520 2024-12-18] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-07-14] (Adobe Inc. -> Adobe)
S2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3966432 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [7498024 2025-02-12] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [805672 2025-02-12] (Avast Software s.r.o. -> Gen Digital Inc.)
R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [1257256 2025-02-12] (Avast Software s.r.o. -> Gen Digital Inc.)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [56912 2021-06-03] (Avast Software s.r.o. -> AVAST Software)
S3 battlenet_helpersvc; C:\ProgramData\Battle.net_components\battlenet_helpersvc\AgentHelper.exe [3318400 2025-01-30] (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [18663720 2024-10-07] (BattlEye Innovations e.K. -> )
S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\133.0.6943.7\remoting_host.exe [73312 2025-01-10] (Google LLC -> Google LLC)
S2 client_service; C:\Program Files (x86)\VMware\VMware Horizon View Client\ClientService\horizon_client_service.exe [532456 2017-09-27] (VMware, Inc. -> VMware, Inc.)
S2 DFWSIDService; C:\Program Files (x86)\Wondershare\dr.fone\WsidService.exe [1051136 2021-03-01] (wondershare) [File not signed]
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [805488 2020-12-11] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [964336 2025-02-11] (EasyAntiCheat Oy -> Epic Games, Inc.)
S2 ElevationService; C:\Program Files (x86)\Wondershare\dr.fone\Addins\Recovery\ElevationService.exe [913408 2021-01-20] () [File not signed]
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [368088 2025-02-11] (Epic Games Inc. -> Epic Games, Inc.)
R2 ftnlsv3hv; C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe [218528 2017-07-12] (FabulaTech -> )
R2 ftscanmgrhv; C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgrhv.exe [2949024 2017-06-15] (FabulaTech -> )
S2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [190784 2018-04-20] (Huawei Technologies Co., Ltd. -> ) [File not signed]
S2 Parsec; C:\Program Files\Parsec\pservice.exe [415872 2023-05-01] (Parsec Cloud, Inc. -> Parsec)
S3 Rockstar Service; D:\rockstar Launcher\RockstarService.exe [6913000 2025-02-11] (Rockstar Games, Inc. -> Rockstar Games)
S2 RvControlSvc; C:\Program Files (x86)\Radmin VPN\RvControlSvc.exe [1069584 2022-10-18] (Famatech Corp. -> Famatech Corp.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [559368 2024-11-13] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 vmwsprrdpwks; C:\Program Files (x86)\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe [276896 2017-06-15] (FabulaTech -> VMware)
S3 wampapache64; D:\wampserver\bin\apache\apache2.4.58\bin\httpd.exe [30720 2023-10-18] (Apache Software Foundation) [File not signed]
S3 wampmariadb64; D:\wampserver\bin\mariadb\mariadb11.2.2\bin\mysqld.exe [38824 2023-11-19] (MariaDB Corporation Ab -> )
S3 wampmysqld64; D:\wampserver\bin\mysql\mysql8.2.0\bin\mysqld.exe [54819400 2023-10-12] (Oracle America, Inc. -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe [2876152 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 WifiAutoInstallSrv; C:\Program Files\Tenda\WifiAutoInstall\WifiAutoInstallSrv.exe [118720 2018-10-26] (Realtek Semiconductor Corp. -> Realtek)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe [128360 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 Wondershare InstallAssist; C:\ProgramData\Wondershare\Service\InstallAssistService.exe [262824 2021-04-13] (Wondershare Technology Co.,Ltd -> Wondershare)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 amdfendrmgr; C:\WINDOWS\System32\drivers\amdfendrmgr.sys [41376 2021-07-30] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 AMDSAFD; C:\WINDOWS\System32\DriverStore\FileRepository\amdsafd.inf_amd64_50fee1227e96ec14\amdsafd.sys [100792 2021-08-04] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R3 amdwddmg; C:\WINDOWS\System32\DriverStore\FileRepository\u0376209.inf_amd64_b3bdffadea4def3f\B374968\amdkmdag.sys [80540576 2022-01-28] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [65168 2021-08-17] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [20536 2025-02-12] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [235064 2025-02-12] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [384080 2025-02-12] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [295992 2025-02-12] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [84536 2025-02-12] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [28280 2024-11-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Gen Digital Inc.)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [28728 2025-02-12] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [276536 2025-02-12] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [553016 2025-02-12] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
S3 aswNetNd6; C:\WINDOWS\system32\DRIVERS\aswNetNd6.sys [38152 2020-04-21] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [98360 2025-02-12] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [69712 2025-02-12] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [956472 2025-02-12] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [1425976 2025-02-12] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R3 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [206904 2025-02-12] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [383032 2025-02-12] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2020-09-19] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 EraserUtilDrv11510; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11510.sys [153936 2016-06-06] (Symantec Corporation -> Symantec Corporation)
S3 EraserUtilDrv11521; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11521.sys [156912 2016-06-06] (Symantec Corporation -> Symantec Corporation)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2018-04-20] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 libusbK; C:\WINDOWS\System32\drivers\libusbK.sys [47200 2020-11-30] (Travis Lee Robinson -> hxxp://libusb-win32.sourceforge.net)
R3 parsecvusba; C:\WINDOWS\System32\drivers\parsecvusba.sys [256560 2023-04-05] (Microsoft Windows Hardware Compatibility Publisher -> Parsec)
R3 RTL8023x64; C:\WINDOWS\System32\drivers\Rtnic64.sys [51712 2019-12-07] (Microsoft Windows -> Realtek Semiconductor Corporation)
R3 RvNetMP60; C:\WINDOWS\System32\drivers\RvNetMP60.sys [58288 2022-10-18] (Microsoft Windows Hardware Compatibility Publisher -> Famatech Corp.)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
S2 SecDrv; C:\WINDOWS\SysWOW64\drivers\SECDRV.SYS [28400 2024-05-03] () [File not signed]
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2016-06-04] (Symantec Corporation -> Symantec Corporation)
R1 VBoxNetAdp; C:\WINDOWS\System32\DRIVERS\VBoxNetAdp6.sys [119712 2016-06-28] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [192864 2016-06-28] (Oracle Corporation -> Oracle Corporation)
R3 VCSVADHWSer; C:\WINDOWS\System32\drivers\vcsvad.sys [21504 2008-12-26] (AVnex Ltd. -> Avnex)
S3 ViGEmBus; C:\WINDOWS\System32\drivers\ViGEmBus.sys [69168 2020-01-10] (Microsoft Windows Hardware Compatibility Publisher -> Benjamin Höglinger-Stelzer)
S3 VOICEMOD_Driver; C:\WINDOWS\system32\drivers\mvvad.sys [48144 2022-07-26] (Voicemod Sociedad Limitada -> Windows (R) Win 7 DDK provider)
S3 vpnva; C:\WINDOWS\System32\drivers\vpnva64-6.sys [74048 2020-10-16] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2021-12-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [435432 2021-12-16] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86248 2021-12-16] (Microsoft Windows -> Microsoft Corporation)
S2 AODDriver4.3.0; \??\C:\Program Files\AMD\Performance Profile Client\amd64\AODDriver2.sys [X]
U3 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-03-20 12:22 - 2025-03-20 12:22 - 000000000 ___HD C:\$WinREAgent
2025-03-19 21:42 - 2025-03-19 21:42 - 008790880 _____ (Malwarebytes) C:\Users\Paulie\Desktop\AdwCleaner (1).exe
2025-03-19 21:34 - 2025-03-19 21:34 - 009566696 _____ (Malwarebytes) C:\Users\Paulie\Desktop\adwcleaner.exe
2025-03-19 18:21 - 2025-03-20 16:50 - 000041470 _____ C:\Users\Paulie\Desktop\FRST.txt
2025-03-19 18:17 - 2025-03-19 18:18 - 002404352 _____ (Farbar) C:\Users\Paulie\Desktop\FRST64.exe
2025-03-10 12:39 - 2025-03-10 12:39 - 019353172 _____ C:\Users\Paulie\Desktop\pracovní smlouva automotive services.zip
2025-03-10 12:39 - 2025-03-10 12:39 - 000000000 ____D C:\Users\Paulie\Desktop\pracovní smlouva automotive services
2025-03-09 06:03 - 2025-03-09 06:03 - 000000239 _____ C:\Users\Paulie\Desktop\co kupit.txt
2025-02-26 13:47 - 2025-02-26 13:47 - 000000000 ____D C:\Users\Paulie\AppData\LocalLow\Casus Ludi
2025-02-26 13:42 - 2025-02-26 13:42 - 000000509 _____ C:\Users\Public\Desktop\Blanc.lnk
2025-02-26 13:34 - 2025-02-26 13:34 - 000004269 _____ C:\Users\Paulie\Downloads\Blanc [FitGirl Repack].torrent
2025-02-23 19:43 - 2025-02-23 19:43 - 000063787 _____ C:\Users\Paulie\Downloads\priloha_1468413072_0_PP2500017559.pdf
2025-02-23 19:43 - 2025-02-23 19:43 - 000021056 _____ C:\Users\Paulie\Downloads\priloha_1477166164_0_zprava.html
2025-02-23 19:39 - 2025-02-23 19:39 - 000034706 _____ C:\Users\Paulie\Downloads\priloha_1467151482_1_VZP_OSVČ_dopis_2025.pdf
2025-02-23 19:37 - 2025-02-23 19:37 - 000159179 _____ C:\Users\Paulie\Downloads\priloha_1467151482_0_p720611331.pdf
2025-02-23 19:36 - 2025-02-23 19:36 - 000021058 _____ C:\Users\Paulie\Downloads\priloha_1466088747_0_zprava.html
2025-02-23 19:34 - 2025-02-23 19:34 - 000374160 _____ C:\Users\Paulie\Downloads\priloha_1457285627_0_Zmeny_v_oblasti_pojistneho_na_socialni_zabezpeceni_OSVC_od_1._1._2025.pdf
2025-02-23 19:33 - 2025-02-23 19:33 - 000157729 _____ C:\Users\Paulie\Downloads\priloha_1451110804_0_RZP-310008-2024-814228.pdf
2025-02-23 19:32 - 2025-02-23 19:32 - 000011134 _____ C:\Users\Paulie\Downloads\priloha_1450757129_0_Odpoved_na_DZ_1450733745.html
2025-02-23 19:31 - 2025-02-23 19:31 - 000011119 _____ C:\Users\Paulie\Downloads\priloha_1450755561_0_Odpoved_na_DZ_1450728438.html
2025-02-23 19:30 - 2025-02-23 19:30 - 000052436 _____ C:\Users\Paulie\Downloads\priloha_1450737888_0_Jirgal-potvrzeni.pdf
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-03-20 16:50 - 2020-03-11 17:55 - 000000000 ____D C:\FRST
2025-03-20 16:49 - 2022-03-16 18:03 - 000000095 _____ C:\Users\Paulie\.accessibility.properties
2025-03-20 16:49 - 2020-09-15 16:42 - 000000000 ____D C:\Users\Paulie
2025-03-20 16:48 - 2020-09-15 16:39 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2025-03-20 16:20 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-03-20 12:25 - 2020-09-15 17:02 - 000000000 ____D C:\Users\Paulie\AppData\Local\D3DSCache
2025-03-20 12:25 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2025-03-20 12:21 - 2021-12-15 04:49 - 000000000 ____D C:\WINDOWS\SystemTemp
2025-03-19 21:44 - 2023-08-04 10:44 - 000000000 ____D C:\ProgramData\BSD
2025-03-19 14:23 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2025-03-19 14:23 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2025-03-19 14:18 - 2020-09-15 16:41 - 001885460 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2025-03-19 14:18 - 2019-12-07 15:43 - 000779862 _____ C:\WINDOWS\system32\perfh005.dat
2025-03-19 14:18 - 2019-12-07 15:43 - 000177848 _____ C:\WINDOWS\system32\perfc005.dat
2025-03-19 14:18 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2025-03-19 14:14 - 2020-09-15 16:46 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2025-03-18 20:57 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2025-03-18 00:57 - 2023-10-18 02:08 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-03-18 00:57 - 2023-10-18 02:08 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2025-03-18 00:23 - 2023-10-18 02:08 - 000003568 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2025-03-18 00:23 - 2023-10-18 02:08 - 000003344 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2025-03-18 00:23 - 2021-09-22 07:57 - 000002246 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - Paulie
2025-03-18 00:23 - 2020-09-15 16:46 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2025-03-18 00:23 - 2020-09-15 16:46 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software
2025-03-18 00:16 - 2017-05-02 10:28 - 000000000 ____D C:\ProgramData\AVAST Software
2025-03-18 00:15 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2025-03-18 00:15 - 2017-02-14 14:46 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2025-03-17 22:32 - 2020-06-16 13:39 - 000000000 ____D C:\Users\Paulie\AppData\Roaming\vlc
2025-03-11 23:15 - 2020-09-15 16:56 - 000000000 ____D C:\Users\Paulie\AppData\Local\Packages
2025-03-11 23:15 - 2020-09-15 16:56 - 000000000 ____D C:\ProgramData\Packages
2025-03-11 20:00 - 2016-06-05 00:00 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2025-03-11 20:00 - 2016-06-05 00:00 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2025-02-28 08:46 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2025-02-28 07:42 - 2016-06-06 10:03 - 000000000 ____D C:\Users\Paulie\AppData\Roaming\uTorrent
2025-02-27 21:52 - 2016-06-05 01:02 - 000000000 ____D C:\Users\Paulie\AppData\Local\ElevatedDiagnostics
2025-02-26 13:52 - 2020-06-10 23:43 - 000000000 ____D C:\Users\Paulie\AppData\Roaming\Goldberg SteamEmu Saves
2025-02-26 13:47 - 2016-07-12 08:42 - 000000000 ____D C:\Users\Paulie\Documents\My Games
2025-02-26 13:39 - 2019-04-15 16:08 - 000000000 ____D C:\Users\Paulie\AppData\Local\BitTorrentHelper
2025-02-21 18:05 - 2020-09-17 21:58 - 000000000 ____D C:\WINDOWS\Minidump
2025-02-19 11:23 - 2022-10-12 13:18 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2025-02-19 11:23 - 2022-10-12 13:18 - 000002061 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
==================== Files in the root of some directories ========
2022-12-10 17:40 - 2022-12-10 18:34 - 000001327 _____ () C:\Users\Paulie\AppData\Roaming\CascView.ini
2021-08-04 16:03 - 2023-09-22 15:36 - 003354624 _____ () C:\Users\Paulie\AppData\Roaming\emp.bin
2022-10-11 15:51 - 2022-10-11 15:51 - 000000044 _____ () C:\Users\Paulie\AppData\Roaming\twow_sysprepdt.dat
2020-03-24 22:55 - 2020-07-23 10:32 - 000000025 ____H () C:\Users\Paulie\AppData\Roaming\uninst48.log
2018-11-23 14:46 - 2018-11-23 14:46 - 000000000 _____ () C:\Users\Paulie\AppData\Local\oobelibMkey.log
2019-04-10 12:57 - 2019-04-10 12:57 - 000000017 _____ () C:\Users\Paulie\AppData\Local\resmon.resmoncfg
2020-03-24 22:55 - 2020-07-23 10:32 - 000000025 ____H () C:\Users\Paulie\AppData\Local\uninst37.log
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-03-2025
Ran by Paulie (administrator) on PAULIE-PC (20-03-2025 16:49:35)
Running from C:\Users\Paulie\Desktop\FRST64.exe
Loaded Profiles: Paulie
Platform: Microsoft Windows 10 Pro Version 22H2 19045.5487 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\AVAST Software\Avast\AvastUI.exe <3>
(C:\Program Files\AVAST Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(services.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(services.exe ->) (FabulaTech -> ) C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgrhv.exe
(services.exe ->) (FabulaTech -> ) C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(spoolsv.exe ->) (CANON INC. -> CANON INC.) C:\Windows\System32\CNAB4RPD.EXE
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [455976 2025-02-12] (Avast Software s.r.o. -> Gen Digital Inc.)
HKLM\...\Run: [VMware Netlink 3 HV Install Utility] => C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnliu.exe [75680 2017-07-12] (FabulaTech -> )
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3571168 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7200984 2013-10-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-12-16] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1669368 2020-10-16] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM-x32\...\Run: [RadminVPN] => C:\Program Files (x86)\Radmin VPN\RvRvpnGui.exe [2131984 2022-10-18] (Famatech Corp. -> Famatech Corp.)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SYSTEM\...\Terminal Server: [fDenyTSConnections] = 0 <==== ATTENTION
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\...\Run: [CCleaner Smart Cleaning] => D:\PROGRAMY\CCleaner\CCleaner64.exe [42727840 2023-10-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\...\Run: [Steam] => E:\PROGRAMY\Steam\steam.exe [4693088 2025-03-11] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\...\Run: [Discord] => C:\Users\Paulie\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Paulie\AppData\Local\Microsoft\Teams\Update.exe [2588520 2023-07-22] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\...\Run: [FACEIT] => C:\Users\Paulie\AppData\Local\FACEITApp\update.exe [2204984 2021-02-04] (FACE IT LIMITED -> )
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\...\Run: [Parsec.App.0] => C:\Program Files\Parsec\parsecd.exe [461440 2023-05-01] (Parsec Cloud, Inc. -> Parsec)
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\...\Run: [Bloody2] => C:\Program Files (x86)\Bloody7\Bloody7\Bloody7.exe [22282640 2024-01-31] (A FOUR TECH CO., LTD. -> )
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\...\MountPoints2: F - "F:\Setup.exe"
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\...\MountPoints2: H - "H:\setup.exe"
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\...\MountPoints2: {d6549c64-734e-11ea-9f72-b137a34b7c85} - "F:\HiSuiteDownLoader.exe"
HKLM\...\Print\Monitors\CNAB4 Monitor: C:\WINDOWS\system32\CNAB4LMD.DLL [58880 2012-10-09] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\...\AppCompatFlags\Custom\Heroes3.exe: [{1d3c859c-1028-4822-b0a7-da4f7bbc18bc}.sdb] -> GOG.com Heroes of Might and Magic 3
HKLM\Software\...\AppCompatFlags\InstalledSDB\{1d3c859c-1028-4822-b0a7-da4f7bbc18bc}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{1d3c859c-1028-4822-b0a7-da4f7bbc18bc}.sdb [2012-11-28]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\134.0.6998.36\Installer\chrmstp.exe [2025-03-11] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Canon LBP2900 Status Window.lnk [2023-05-10]
ShortcutTarget: Canon LBP2900 Status Window.lnk -> C:\Windows\System32\spool\drivers\x64\3\CNAB4LAD.EXE (CANON INC. -> CANON INC.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\update.bat [2019-12-24] () [File not signed] <==== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WSAndroidAppHelper.lnk [2021-05-08]
ShortcutTarget: WSAndroidAppHelper.lnk -> C:\Program Files (x86)\Wondershare\dr.fone\Addins\SocialApps\WSAndroidAppHelper.exe (Wondershare Technology Co.,Ltd -> Microsoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WSAppHelper.lnk [2021-05-08]
ShortcutTarget: WSAppHelper.lnk -> C:\Program Files (x86)\Wondershare\dr.fone\Addins\SocialApps\WSAppHelper.exe (Wondershare Technology Co.,Ltd -> Microsoft)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {2B66B829-CC76-405D-A63A-51499A13A282} - System32\Tasks\{38585E9B-6B1E-4432-8614-096A60AAA340} => E:\HRY\Warcraft II BNE\Warcraft II BNE.exe (No File)
Task: {021DB23C-4AAE-4DDD-84B8-1297368A8526} - System32\Tasks\{E0B8B670-75E5-4C13-A77B-85A9C058ECD4} => C:\Windows\System32\pcalua.exe [91136 2025-02-14] (Microsoft Windows -> Microsoft Corporation) -> -a D:\DOWNLOADS\FreeRapid-0.9u4\FreeRapid-0.9u4\frd.exe -d D:\DOWNLOADS\FreeRapid-0.9u4\FreeRapid-0.9u4
Task: {4F7AB8B5-413B-4625-B120-5D6231BBBA28} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1580992 2024-12-18] (Adobe Inc. -> Adobe Inc.)
Task: {7F2D03D9-3AF7-4FC2-AFB8-C0150B98E729} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_403_Plugin.exe [1475640 2020-07-14] (Adobe Inc. -> Adobe)
Task: {8AA7E1DE-F8AA-47F9-B9D8-6F351FCE46A5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-07-14] (Adobe Inc. -> Adobe)
Task: {25BDBC5C-7AA7-4F3E-8309-E51C3333F37B} - System32\Tasks\AdobeAAMUpdater-1.0-Paulie-PC-Paulie => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {CCCA215C-C3DA-4F05-A9CF-B30BF7A7278E} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3571168 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {6621C5DC-35F8-4FA2-8F9D-28751CE561F4} - System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3807712 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {ACD446C9-94BD-46D8-A5A2-2A795441CA40} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1709048 2021-10-05] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {20515FF8-722B-4EFE-989E-173EE2DBB0A2} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1709048 2021-10-05] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {CD6FEFED-FBD1-45A9-B594-A82B364536E1} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe (No File)
Task: {8AC8F324-81BB-4F90-871C-3C206C51E3A0} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [32768 2009-03-30] () [File not signed]
Task: {37301BC7-8A04-4461-A062-8FFA29EEB782} - System32\Tasks\Avast Software\Avast Antivirus Patcher => C:\Program Files\Common Files\Avast Software\Icarus\avast-av\icarus.exe [8432936 2025-01-24] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {61BC50F0-D968-4F85-A0CE-1A227CD1C070} - System32\Tasks\Avast Software\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [5278504 2025-02-12] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {89E39149-D29B-402D-9637-BE3BE53C2BAD} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe -> C:\Program Files\Common Files\AV\avast! Antivirus\/backup /iavs
Task: {B9A65AF9-D1AC-49AE-994C-8F6A6803F26D} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2564904 2024-11-20] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {A914A185-A749-4C56-985B-A35C257BD191} - System32\Tasks\Avast TUNEUP Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe (No File)
Task: {C40C081C-CA65-4F1B-A81D-8CCC492AEF5E} - System32\Tasks\CCleaner Update => D:\PROGRAMY\CCleaner\CCUpdate.exe [714256 2023-10-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {95BF1C8C-37FA-492E-84D9-4E2C3FFFD3A2} - System32\Tasks\CCleanerCrashReporting => D:\PROGRAMY\CCleaner\CCleanerBugReport.exe [4703648 2023-10-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "D:\PROGRAMY\CCleaner\LOG" --programpath "D:\PROGRAMY\CCleaner" --configpath "D:\PROGRAMY\CCleaner\Setup" --guid "a138c520-f119-4d07-9395-43195f217799" --version "6.17.10746" --silent
Task: {1E7B86F5-BE33-475C-AA97-D0D64FABBB81} - System32\Tasks\CCleanerSkipUAC - Paulie => D:\PROGRAMY\CCleaner\CCleaner.exe [35664800 2023-10-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {60004209-B04C-4109-B3CC-DE19653FFEFC} - System32\Tasks\CMEClient => "E:\HRY\ChallengeMe.GG Client pro CSGO\ChallengeMeClient.exe" (No File)
Task: {EE43EF3C-8B7A-46A9-8B47-03F3762F29B6} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem135.0.7023.0{24E994BF-01EF-4F47-A266-00375E6B1332} => C:\Program Files (x86)\Google\GoogleUpdater\135.0.7023.0\updater.exe [5745760 2025-02-19] (Google LLC -> Google LLC)
Task: {8733AE6D-DFCA-447D-8DB5-D74E7A0C9A06} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\B9CF9DFA-7BEE-48B7-A3BA-C519960ED1B7\OS Edition Upgrade event listener created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [504832 2025-02-14] (Microsoft Windows -> Microsoft Corporation)
Task: {4026F526-55CA-41AC-B97E-5A7B935FD7E2} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\B9CF9DFA-7BEE-48B7-A3BA-C519960ED1B7\Passport for Work alert created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [504832 2025-02-14] (Microsoft Windows -> Microsoft Corporation)
Task: {4342991E-47F7-4648-B4A2-6EE6046802E4} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\B9CF9DFA-7BEE-48B7-A3BA-C519960ED1B7\Provisioning initiated session => C:\WINDOWS\system32\deviceenroller.exe [504832 2025-02-14] (Microsoft Windows -> Microsoft Corporation)
Task: {EEBA52D9-DA69-4AA7-8C9D-237EA6645A6B} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\B9CF9DFA-7BEE-48B7-A3BA-C519960ED1B7\PushUpgrade => C:\WINDOWS\system32\deviceenroller.exe [504832 2025-02-14] (Microsoft Windows -> Microsoft Corporation)
Task: {1489B21A-B62D-48AC-9980-B0E49617AFC3} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\B9CF9DFA-7BEE-48B7-A3BA-C519960ED1B7\Schedule #1 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [504832 2025-02-14] (Microsoft Windows -> Microsoft Corporation)
Task: {7DED8EA8-9BDA-49BA-B43E-FFFB16554581} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\B9CF9DFA-7BEE-48B7-A3BA-C519960ED1B7\Schedule #2 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [504832 2025-02-14] (Microsoft Windows -> Microsoft Corporation)
Task: {33B42CDC-1B68-4128-AB28-E16291B7C999} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\B9CF9DFA-7BEE-48B7-A3BA-C519960ED1B7\Schedule #3 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [504832 2025-02-14] (Microsoft Windows -> Microsoft Corporation)
Task: {25C506D6-82AA-4B21-8D0E-0325347CE7E5} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\B9CF9DFA-7BEE-48B7-A3BA-C519960ED1B7\Schedule created by enrollment client for renewal of certificate warning => C:\WINDOWS\system32\deviceenroller.exe [504832 2025-02-14] (Microsoft Windows -> Microsoft Corporation)
Task: {C744FAFD-CF2A-4348-9FFC-32E4083F7095} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\B9CF9DFA-7BEE-48B7-A3BA-C519960ED1B7\Schedule to run OMADMClient by client => C:\WINDOWS\system32\omadmclient.exe [498176 2024-12-12] (Microsoft Windows -> Microsoft Corporation)
Task: {AAEEFEE8-9C2A-43B3-821E-AED7100E791E} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\B9CF9DFA-7BEE-48B7-A3BA-C519960ED1B7\Schedule to run OMADMClient by server => C:\WINDOWS\system32\omadmclient.exe [498176 2024-12-12] (Microsoft Windows -> Microsoft Corporation)
Task: {EFE84708-328D-4B40-96F9-6C242103674F} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\B9CF9DFA-7BEE-48B7-A3BA-C519960ED1B7\Win10 S Mode event listener created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [504832 2025-02-14] (Microsoft Windows -> Microsoft Corporation)
Task: {EC19D5CB-492E-4E1F-A01B-F428D283525F} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch (No File)
Task: {6D54230C-7B80-4805-976E-24865BB7D127} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (No File)
Task: {0D4EF373-C1D7-4E24-8A26-71E4DD1F497D} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (No File)
Task: {C59C4DFC-37FD-40E3-87CF-395DB7104183} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe /DRMInit (No File)
Task: {A9D53DF5-1629-41B1-8477-0F2A9C543D43} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (No File)
Task: {CC3B2B43-8146-4DA6-9DE4-DBD78AFA5E3F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate $(Arg0) (No File)
Task: {B9F04F4F-2ACC-4B14-860C-01F90FFF645E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15 (No File)
Task: {66A1AB22-1A9E-410D-9F63-7F3585B687C7} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask (No File)
Task: {D005DD46-29A2-45CC-ACA1-57448A628D2D} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask (No File)
Task: {0FED875F-A36C-4BE3-A816-087B25A5AC94} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate (No File)
Task: {2C4D4C54-7C0F-4007-AB21-DE2A054A18CA} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (No File)
Task: {D80EAA21-3F10-40DC-899C-9DB7AB73BECD} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery (No File)
Task: {E6D091AE-89DC-4B60-AAB6-4914C8BF2ADF} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (No File)
Task: {F647E6FF-14DB-4635-A1D8-98CDA930CA19} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (No File)
Task: {3D6360CC-017C-436B-8A9C-BF4F054CBBE0} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe -pscn 0 (No File)
Task: {072281CB-D26D-49E1-A9DD-9472C44123DB} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask (No File)
Task: {4B776637-E010-4A15-9F33-749F96D44947} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe -PvrSchedule (No File)
Task: {725B9AA1-968F-4980-9FA9-1CBB78D0901B} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec /RestartRecording (No File)
Task: {3EDA3836-8BF4-4DDE-ABCF-4E9310E2F95D} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (No File)
Task: {2AC68338-9FB4-416C-B814-A60AA3E3EAB6} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot (No File)
Task: {2798E341-2B5F-4ED8-97AD-0117964B1A83} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask (No File)
Task: {43709EA4-C3D5-4108-81D4-EDC76E9F34EC} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (No File)
Task: {32E57C35-7426-434E-BB9B-9987CC77CCE1} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40b4-8963-D3C761B18371}
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47c2-B62A-B7C4CED925CB}
Task: {F078423F-A4C7-458F-A4CF-F2CDA1AE42C8} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {C0270D74-0C40-4F6A-9806-6F7A02DC506C} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61}
Task: {A8AF81F8-C920-4911-B09B-7E1987E82B29} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1}
Task: {E26B16E6-C513-447E-A471-1B43A38E71E4} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {9A422F44-AADB-4D71-B611-60C40CCD4DF2} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1709048 2021-10-05] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {F5CA3A99-B43E-40E6-B409-A54E729EFF08} - System32\Tasks\SessionAgent => "C:\windows\sysde32.exe" (No File)
Task: {473FDB5B-1D33-419D-8D5E-6EC0690CD8D3} - System32\Tasks\SmartDefrag_Update => E:\PROGRAMY\Smart Defrag\AutoUpdate.exe /autorun (No File)
Task: {CA3CF478-BA76-421B-9566-88DEC1BC91AE} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [55288 2021-10-05] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {CBAE3F5A-51CD-4E0D-A943-086650853697} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [260600 2021-10-05] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => D:\PROGRAMY\CCleaner\CCleanerBugReport.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7721449B-54C2-4422-B45D-91B5D03753DA}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{7721449B-54C2-4422-B45D-91B5D03753DA}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{afd71ca2-ecfb-4431-aadf-451cdde4e920}: [DhcpNameServer] 192.168.43.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Paulie\AppData\Local\Microsoft\Edge\User Data\Default [2025-01-25]
Edge Extension: (Dokumenty Google offline) - C:\Users\Paulie\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-27]hxxps://clients2.google.com/service/update2/crx
Edge Extension: (Edge relevant text changes) - C:\Users\Paulie\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24]hxxps://edge.microsoft.com/extensionwebstorebase/v1/crx
FireFox:
========
FF HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\...\Firefox\Extensions: [KVAllmytube@KeepVid.com] - E:\PROGRAMY\Wondershare\Wondershare AllMyTube\BrowserPlugin\kvallmytube@keepvid.com_xpi
FF Extension: (KeepVid Pro) - E:\PROGRAMY\Wondershare\Wondershare AllMyTube\BrowserPlugin\kvallmytube@keepvid.com_xpi [2019-08-16] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_403.dll [2020-07-14] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> E:\PROGRAMY\JAVA\jre\bin\dtplugin\npDeployJava1.dll [2017-08-06] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> E:\PROGRAMY\JAVA\jre\bin\plugin2\npjp2.dll [2017-08-06] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2025-02-14] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_403.dll [2020-07-14] (Adobe Inc. -> )
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (Electronic Sports Network i Sverige AB -> ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB) [File not signed]
FF Plugin-x32: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2020-06-11] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2020-06-11] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.5.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.10 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems Incorporated -> Adobe Systems)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Paulie\AppData\Local\Google\Chrome\User Data\Default [2025-03-20]
CHR Notifications: Default -> hxxps://meet.google.com; hxxps://www.facebook.com
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Paulie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2025-03-19]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Steam Inventory Helper) - C:\Users\Paulie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2024-06-27]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Tampermonkey) - C:\Users\Paulie\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2024-12-12]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Paulie\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2025-03-19]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (ARC Welder) - C:\Users\Paulie\AppData\Local\Google\Chrome\User Data\Default\Extensions\emfinbmielocnlhgmfkkmkngdoccbadn [2019-07-09]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Vzdálená plocha Chrome) - C:\Users\Paulie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2019-07-18]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Dokumenty Google offline) - C:\Users\Paulie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-02-22]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (AdBlock - nejlepší blokátor reklam) - C:\Users\Paulie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2025-03-19]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (App Runtime for Chrome (Beta)) - C:\Users\Paulie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfaihdlpglflfgpfjcifdjdjcckigekc [2019-07-09]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (SuperNova SWF Enabler) - C:\Users\Paulie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhmphnocemakkjdampibehejoaleebpo [2025-01-12]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Facebook Screen Sharing) - C:\Users\Paulie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncfpggehkhmjpdjpefomjchjafhmbnai [2019-11-23]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Paulie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]hxxps://clients2.google.com/service/update2/crx
CHR Profile: C:\Users\Paulie\AppData\Local\Google\Chrome\User Data\System Profile [2018-11-20]
CHR HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo]
CHR HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [174520 2024-12-18] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-07-14] (Adobe Inc. -> Adobe)
S2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3966432 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [7498024 2025-02-12] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [805672 2025-02-12] (Avast Software s.r.o. -> Gen Digital Inc.)
R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [1257256 2025-02-12] (Avast Software s.r.o. -> Gen Digital Inc.)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [56912 2021-06-03] (Avast Software s.r.o. -> AVAST Software)
S3 battlenet_helpersvc; C:\ProgramData\Battle.net_components\battlenet_helpersvc\AgentHelper.exe [3318400 2025-01-30] (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [18663720 2024-10-07] (BattlEye Innovations e.K. -> )
S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\133.0.6943.7\remoting_host.exe [73312 2025-01-10] (Google LLC -> Google LLC)
S2 client_service; C:\Program Files (x86)\VMware\VMware Horizon View Client\ClientService\horizon_client_service.exe [532456 2017-09-27] (VMware, Inc. -> VMware, Inc.)
S2 DFWSIDService; C:\Program Files (x86)\Wondershare\dr.fone\WsidService.exe [1051136 2021-03-01] (wondershare) [File not signed]
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [805488 2020-12-11] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [964336 2025-02-11] (EasyAntiCheat Oy -> Epic Games, Inc.)
S2 ElevationService; C:\Program Files (x86)\Wondershare\dr.fone\Addins\Recovery\ElevationService.exe [913408 2021-01-20] () [File not signed]
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [368088 2025-02-11] (Epic Games Inc. -> Epic Games, Inc.)
R2 ftnlsv3hv; C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe [218528 2017-07-12] (FabulaTech -> )
R2 ftscanmgrhv; C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgrhv.exe [2949024 2017-06-15] (FabulaTech -> )
S2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [190784 2018-04-20] (Huawei Technologies Co., Ltd. -> ) [File not signed]
S2 Parsec; C:\Program Files\Parsec\pservice.exe [415872 2023-05-01] (Parsec Cloud, Inc. -> Parsec)
S3 Rockstar Service; D:\rockstar Launcher\RockstarService.exe [6913000 2025-02-11] (Rockstar Games, Inc. -> Rockstar Games)
S2 RvControlSvc; C:\Program Files (x86)\Radmin VPN\RvControlSvc.exe [1069584 2022-10-18] (Famatech Corp. -> Famatech Corp.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [559368 2024-11-13] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 vmwsprrdpwks; C:\Program Files (x86)\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe [276896 2017-06-15] (FabulaTech -> VMware)
S3 wampapache64; D:\wampserver\bin\apache\apache2.4.58\bin\httpd.exe [30720 2023-10-18] (Apache Software Foundation) [File not signed]
S3 wampmariadb64; D:\wampserver\bin\mariadb\mariadb11.2.2\bin\mysqld.exe [38824 2023-11-19] (MariaDB Corporation Ab -> )
S3 wampmysqld64; D:\wampserver\bin\mysql\mysql8.2.0\bin\mysqld.exe [54819400 2023-10-12] (Oracle America, Inc. -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe [2876152 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 WifiAutoInstallSrv; C:\Program Files\Tenda\WifiAutoInstall\WifiAutoInstallSrv.exe [118720 2018-10-26] (Realtek Semiconductor Corp. -> Realtek)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe [128360 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 Wondershare InstallAssist; C:\ProgramData\Wondershare\Service\InstallAssistService.exe [262824 2021-04-13] (Wondershare Technology Co.,Ltd -> Wondershare)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 amdfendrmgr; C:\WINDOWS\System32\drivers\amdfendrmgr.sys [41376 2021-07-30] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 AMDSAFD; C:\WINDOWS\System32\DriverStore\FileRepository\amdsafd.inf_amd64_50fee1227e96ec14\amdsafd.sys [100792 2021-08-04] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R3 amdwddmg; C:\WINDOWS\System32\DriverStore\FileRepository\u0376209.inf_amd64_b3bdffadea4def3f\B374968\amdkmdag.sys [80540576 2022-01-28] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [65168 2021-08-17] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [20536 2025-02-12] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [235064 2025-02-12] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [384080 2025-02-12] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [295992 2025-02-12] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [84536 2025-02-12] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [28280 2024-11-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Gen Digital Inc.)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [28728 2025-02-12] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [276536 2025-02-12] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [553016 2025-02-12] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
S3 aswNetNd6; C:\WINDOWS\system32\DRIVERS\aswNetNd6.sys [38152 2020-04-21] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [98360 2025-02-12] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [69712 2025-02-12] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [956472 2025-02-12] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [1425976 2025-02-12] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R3 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [206904 2025-02-12] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [383032 2025-02-12] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2020-09-19] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 EraserUtilDrv11510; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11510.sys [153936 2016-06-06] (Symantec Corporation -> Symantec Corporation)
S3 EraserUtilDrv11521; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11521.sys [156912 2016-06-06] (Symantec Corporation -> Symantec Corporation)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2018-04-20] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 libusbK; C:\WINDOWS\System32\drivers\libusbK.sys [47200 2020-11-30] (Travis Lee Robinson -> hxxp://libusb-win32.sourceforge.net)
R3 parsecvusba; C:\WINDOWS\System32\drivers\parsecvusba.sys [256560 2023-04-05] (Microsoft Windows Hardware Compatibility Publisher -> Parsec)
R3 RTL8023x64; C:\WINDOWS\System32\drivers\Rtnic64.sys [51712 2019-12-07] (Microsoft Windows -> Realtek Semiconductor Corporation)
R3 RvNetMP60; C:\WINDOWS\System32\drivers\RvNetMP60.sys [58288 2022-10-18] (Microsoft Windows Hardware Compatibility Publisher -> Famatech Corp.)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
S2 SecDrv; C:\WINDOWS\SysWOW64\drivers\SECDRV.SYS [28400 2024-05-03] () [File not signed]
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2016-06-04] (Symantec Corporation -> Symantec Corporation)
R1 VBoxNetAdp; C:\WINDOWS\System32\DRIVERS\VBoxNetAdp6.sys [119712 2016-06-28] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [192864 2016-06-28] (Oracle Corporation -> Oracle Corporation)
R3 VCSVADHWSer; C:\WINDOWS\System32\drivers\vcsvad.sys [21504 2008-12-26] (AVnex Ltd. -> Avnex)
S3 ViGEmBus; C:\WINDOWS\System32\drivers\ViGEmBus.sys [69168 2020-01-10] (Microsoft Windows Hardware Compatibility Publisher -> Benjamin Höglinger-Stelzer)
S3 VOICEMOD_Driver; C:\WINDOWS\system32\drivers\mvvad.sys [48144 2022-07-26] (Voicemod Sociedad Limitada -> Windows (R) Win 7 DDK provider)
S3 vpnva; C:\WINDOWS\System32\drivers\vpnva64-6.sys [74048 2020-10-16] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2021-12-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [435432 2021-12-16] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86248 2021-12-16] (Microsoft Windows -> Microsoft Corporation)
S2 AODDriver4.3.0; \??\C:\Program Files\AMD\Performance Profile Client\amd64\AODDriver2.sys [X]
U3 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-03-20 12:22 - 2025-03-20 12:22 - 000000000 ___HD C:\$WinREAgent
2025-03-19 21:42 - 2025-03-19 21:42 - 008790880 _____ (Malwarebytes) C:\Users\Paulie\Desktop\AdwCleaner (1).exe
2025-03-19 21:34 - 2025-03-19 21:34 - 009566696 _____ (Malwarebytes) C:\Users\Paulie\Desktop\adwcleaner.exe
2025-03-19 18:21 - 2025-03-20 16:50 - 000041470 _____ C:\Users\Paulie\Desktop\FRST.txt
2025-03-19 18:17 - 2025-03-19 18:18 - 002404352 _____ (Farbar) C:\Users\Paulie\Desktop\FRST64.exe
2025-03-10 12:39 - 2025-03-10 12:39 - 019353172 _____ C:\Users\Paulie\Desktop\pracovní smlouva automotive services.zip
2025-03-10 12:39 - 2025-03-10 12:39 - 000000000 ____D C:\Users\Paulie\Desktop\pracovní smlouva automotive services
2025-03-09 06:03 - 2025-03-09 06:03 - 000000239 _____ C:\Users\Paulie\Desktop\co kupit.txt
2025-02-26 13:47 - 2025-02-26 13:47 - 000000000 ____D C:\Users\Paulie\AppData\LocalLow\Casus Ludi
2025-02-26 13:42 - 2025-02-26 13:42 - 000000509 _____ C:\Users\Public\Desktop\Blanc.lnk
2025-02-26 13:34 - 2025-02-26 13:34 - 000004269 _____ C:\Users\Paulie\Downloads\Blanc [FitGirl Repack].torrent
2025-02-23 19:43 - 2025-02-23 19:43 - 000063787 _____ C:\Users\Paulie\Downloads\priloha_1468413072_0_PP2500017559.pdf
2025-02-23 19:43 - 2025-02-23 19:43 - 000021056 _____ C:\Users\Paulie\Downloads\priloha_1477166164_0_zprava.html
2025-02-23 19:39 - 2025-02-23 19:39 - 000034706 _____ C:\Users\Paulie\Downloads\priloha_1467151482_1_VZP_OSVČ_dopis_2025.pdf
2025-02-23 19:37 - 2025-02-23 19:37 - 000159179 _____ C:\Users\Paulie\Downloads\priloha_1467151482_0_p720611331.pdf
2025-02-23 19:36 - 2025-02-23 19:36 - 000021058 _____ C:\Users\Paulie\Downloads\priloha_1466088747_0_zprava.html
2025-02-23 19:34 - 2025-02-23 19:34 - 000374160 _____ C:\Users\Paulie\Downloads\priloha_1457285627_0_Zmeny_v_oblasti_pojistneho_na_socialni_zabezpeceni_OSVC_od_1._1._2025.pdf
2025-02-23 19:33 - 2025-02-23 19:33 - 000157729 _____ C:\Users\Paulie\Downloads\priloha_1451110804_0_RZP-310008-2024-814228.pdf
2025-02-23 19:32 - 2025-02-23 19:32 - 000011134 _____ C:\Users\Paulie\Downloads\priloha_1450757129_0_Odpoved_na_DZ_1450733745.html
2025-02-23 19:31 - 2025-02-23 19:31 - 000011119 _____ C:\Users\Paulie\Downloads\priloha_1450755561_0_Odpoved_na_DZ_1450728438.html
2025-02-23 19:30 - 2025-02-23 19:30 - 000052436 _____ C:\Users\Paulie\Downloads\priloha_1450737888_0_Jirgal-potvrzeni.pdf
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-03-20 16:50 - 2020-03-11 17:55 - 000000000 ____D C:\FRST
2025-03-20 16:49 - 2022-03-16 18:03 - 000000095 _____ C:\Users\Paulie\.accessibility.properties
2025-03-20 16:49 - 2020-09-15 16:42 - 000000000 ____D C:\Users\Paulie
2025-03-20 16:48 - 2020-09-15 16:39 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2025-03-20 16:20 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-03-20 12:25 - 2020-09-15 17:02 - 000000000 ____D C:\Users\Paulie\AppData\Local\D3DSCache
2025-03-20 12:25 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2025-03-20 12:21 - 2021-12-15 04:49 - 000000000 ____D C:\WINDOWS\SystemTemp
2025-03-19 21:44 - 2023-08-04 10:44 - 000000000 ____D C:\ProgramData\BSD
2025-03-19 14:23 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2025-03-19 14:23 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2025-03-19 14:18 - 2020-09-15 16:41 - 001885460 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2025-03-19 14:18 - 2019-12-07 15:43 - 000779862 _____ C:\WINDOWS\system32\perfh005.dat
2025-03-19 14:18 - 2019-12-07 15:43 - 000177848 _____ C:\WINDOWS\system32\perfc005.dat
2025-03-19 14:18 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2025-03-19 14:14 - 2020-09-15 16:46 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2025-03-18 20:57 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2025-03-18 00:57 - 2023-10-18 02:08 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-03-18 00:57 - 2023-10-18 02:08 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2025-03-18 00:23 - 2023-10-18 02:08 - 000003568 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2025-03-18 00:23 - 2023-10-18 02:08 - 000003344 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2025-03-18 00:23 - 2021-09-22 07:57 - 000002246 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - Paulie
2025-03-18 00:23 - 2020-09-15 16:46 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2025-03-18 00:23 - 2020-09-15 16:46 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software
2025-03-18 00:16 - 2017-05-02 10:28 - 000000000 ____D C:\ProgramData\AVAST Software
2025-03-18 00:15 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2025-03-18 00:15 - 2017-02-14 14:46 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2025-03-17 22:32 - 2020-06-16 13:39 - 000000000 ____D C:\Users\Paulie\AppData\Roaming\vlc
2025-03-11 23:15 - 2020-09-15 16:56 - 000000000 ____D C:\Users\Paulie\AppData\Local\Packages
2025-03-11 23:15 - 2020-09-15 16:56 - 000000000 ____D C:\ProgramData\Packages
2025-03-11 20:00 - 2016-06-05 00:00 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2025-03-11 20:00 - 2016-06-05 00:00 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2025-02-28 08:46 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2025-02-28 07:42 - 2016-06-06 10:03 - 000000000 ____D C:\Users\Paulie\AppData\Roaming\uTorrent
2025-02-27 21:52 - 2016-06-05 01:02 - 000000000 ____D C:\Users\Paulie\AppData\Local\ElevatedDiagnostics
2025-02-26 13:52 - 2020-06-10 23:43 - 000000000 ____D C:\Users\Paulie\AppData\Roaming\Goldberg SteamEmu Saves
2025-02-26 13:47 - 2016-07-12 08:42 - 000000000 ____D C:\Users\Paulie\Documents\My Games
2025-02-26 13:39 - 2019-04-15 16:08 - 000000000 ____D C:\Users\Paulie\AppData\Local\BitTorrentHelper
2025-02-21 18:05 - 2020-09-17 21:58 - 000000000 ____D C:\WINDOWS\Minidump
2025-02-19 11:23 - 2022-10-12 13:18 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2025-02-19 11:23 - 2022-10-12 13:18 - 000002061 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
==================== Files in the root of some directories ========
2022-12-10 17:40 - 2022-12-10 18:34 - 000001327 _____ () C:\Users\Paulie\AppData\Roaming\CascView.ini
2021-08-04 16:03 - 2023-09-22 15:36 - 003354624 _____ () C:\Users\Paulie\AppData\Roaming\emp.bin
2022-10-11 15:51 - 2022-10-11 15:51 - 000000044 _____ () C:\Users\Paulie\AppData\Roaming\twow_sysprepdt.dat
2020-03-24 22:55 - 2020-07-23 10:32 - 000000025 ____H () C:\Users\Paulie\AppData\Roaming\uninst48.log
2018-11-23 14:46 - 2018-11-23 14:46 - 000000000 _____ () C:\Users\Paulie\AppData\Local\oobelibMkey.log
2019-04-10 12:57 - 2019-04-10 12:57 - 000000017 _____ () C:\Users\Paulie\AppData\Local\resmon.resmoncfg
2020-03-24 22:55 - 2020-07-23 10:32 - 000000025 ____H () C:\Users\Paulie\AppData\Local\uninst37.log
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
-
Rudy
- Site Admin
- Příspěvky: 119309
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Podezření na zavirovaný PC
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
CloseProcesses:
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SYSTEM\...\Terminal Server: [fDenyTSConnections] = 0 <==== ATTENTION
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\...\MountPoints2: F - "F:\Setup.exe"
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\...\MountPoints2: H - "H:\setup.exe"
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\...\MountPoints2: {d6549c64-734e-11ea-9f72-b137a34b7c85} - "F:\HiSuiteDownLoader.exe"
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\update.bat [2019-12-24] () [File not signed] <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {CD6FEFED-FBD1-45A9-B594-A82B364536E1} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe (No File)
Task: {A914A185-A749-4C56-985B-A35C257BD191} - System32\Tasks\Avast TUNEUP Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe (No File)
Task: {60004209-B04C-4109-B3CC-DE19653FFEFC} - System32\Tasks\CMEClient => "E:\HRY\ChallengeMe.GG Client pro CSGO\ChallengeMeClient.exe" (No File)
Task: {EC19D5CB-492E-4E1F-A01B-F428D283525F} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch (No File)
Task: {6D54230C-7B80-4805-976E-24865BB7D127} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (No File)
Task: {0D4EF373-C1D7-4E24-8A26-71E4DD1F497D} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (No File)
Task: {C59C4DFC-37FD-40E3-87CF-395DB7104183} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe /DRMInit (No File)
Task: {A9D53DF5-1629-41B1-8477-0F2A9C543D43} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (No File)
Task: {CC3B2B43-8146-4DA6-9DE4-DBD78AFA5E3F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate $(Arg0) (No File)
Task: {B9F04F4F-2ACC-4B14-860C-01F90FFF645E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15 (No File)
Task: {66A1AB22-1A9E-410D-9F63-7F3585B687C7} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask (No File)
Task: {D005DD46-29A2-45CC-ACA1-57448A628D2D} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask (No File)
Task: {0FED875F-A36C-4BE3-A816-087B25A5AC94} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate (No File)
Task: {2C4D4C54-7C0F-4007-AB21-DE2A054A18CA} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (No File)
Task: {D80EAA21-3F10-40DC-899C-9DB7AB73BECD} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery (No File)
Task: {E6D091AE-89DC-4B60-AAB6-4914C8BF2ADF} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (No File)
Task: {F647E6FF-14DB-4635-A1D8-98CDA930CA19} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (No File)
Task: {3D6360CC-017C-436B-8A9C-BF4F054CBBE0} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe -pscn 0 (No File)
Task: {072281CB-D26D-49E1-A9DD-9472C44123DB} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask (No File)
Task: {4B776637-E010-4A15-9F33-749F96D44947} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe -PvrSchedule (No File)
Task: {725B9AA1-968F-4980-9FA9-1CBB78D0901B} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec /RestartRecording (No File)
Task: {3EDA3836-8BF4-4DDE-ABCF-4E9310E2F95D} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (No File)
Task: {2AC68338-9FB4-416C-B814-A60AA3E3EAB6} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot (No File)
Task: {2798E341-2B5F-4ED8-97AD-0117964B1A83} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask (No File)
Task: {43709EA4-C3D5-4108-81D4-EDC76E9F34EC} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (No File)
Task: {F5CA3A99-B43E-40E6-B409-A54E729EFF08} - System32\Tasks\SessionAgent => "C:\windows\sysde32.exe" (No File)
Task: {473FDB5B-1D33-419D-8D5E-6EC0690CD8D3} - System32\Tasks\SmartDefrag_Update => E:\PROGRAMY\Smart Defrag\AutoUpdate.exe /autorun (No File)
U3 idsvc; no ImagePath
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
FirewallRules: [TCP Query User{4BC470E5-DEDD-4148-ACE5-113B3B20A398}D:\games\it takes two\nuts\binaries\win64\ittakestwo.exe] => (Allow) D:\games\it takes two\nuts\binaries\win64\ittakestwo.exe => No File
FirewallRules: [UDP Query User{D0A7778C-8729-4B19-801A-F7E50B27D8D5}D:\games\it takes two\nuts\binaries\win64\ittakestwo.exe] => (Allow) D:\games\it takes two\nuts\binaries\win64\ittakestwo.exe => No File
FirewallRules: [{0E6F446D-9EF0-40E4-BE71-8CBCB3D2719F}] => (Block) D:\games\it takes two\nuts\binaries\win64\ittakestwo.exe => No File
FirewallRules: [{955D7072-E551-4DC2-933C-A4871A53E0BB}] => (Block) D:\games\it takes two\nuts\binaries\win64\ittakestwo.exe => No File
FirewallRules: [{FC81CFDF-B092-4A59-AA12-B98091B2CF35}] => (Block) D:\before your eyes\before your eyes.exe => No File
FirewallRules: [{8FF87285-89C4-4458-8F04-51967AF524E1}] => (Block) D:\before your eyes\before your eyes.exe => No File
FirewallRules: [TCP Query User{E78D98E7-A812-432E-9272-E1B18D78380B}D:\rocket league\rocketleague\binaries\win64\rocketleague.exe] => (Allow) D:\rocket league\rocketleague\binaries\win64\rocketleague.exe => No File
FirewallRules: [UDP Query User{D006495C-77E7-4AB4-8620-0A0AC477925C}D:\rocket league\rocketleague\binaries\win64\rocketleague.exe] => (Allow) D:\rocket league\rocketleague\binaries\win64\rocketleague.exe => No File
FirewallRules: [{6B47D931-868D-43B8-85B5-E6C79C554D5B}] => (Block) D:\rocket league\rocketleague\binaries\win64\rocketleague.exe => No File
FirewallRules: [{7326EDFA-2DA7-4357-BC3F-FD71EA77E09A}] => (Block) D:\rocket league\rocketleague\binaries\win64\rocketleague.exe => No File
FirewallRules: [TCP Query User{77A89666-05FD-4272-BE23-9C23F0448B0E}D:\far cry 3 complete collection\far cry 3\bin\farcry3.exe] => (Allow) D:\far cry 3 complete collection\far cry 3\bin\farcry3.exe => No File
FirewallRules: [UDP Query User{700B55B9-091B-4B2A-A4B5-8B336775B72F}D:\far cry 3 complete collection\far cry 3\bin\farcry3.exe] => (Allow) D:\far cry 3 complete collection\far cry 3\bin\farcry3.exe => No File
FirewallRules: [{6DA96EE0-8836-4A62-9EA7-F7CCCB5BF230}] => (Block) D:\far cry 3 complete collection\far cry 3\bin\farcry3.exe => No File
FirewallRules: [{865B3285-62B8-42AB-B882-0A2BC5C62074}] => (Block) D:\far cry 3 complete collection\far cry 3\bin\farcry3.exe => No File
FirewallRules: [TCP Query User{C7CDAF38-7D87-47D6-98F3-6917A48CCA7D}E:\hry\hogwarts legacy\phoenix\binaries\win64\hogwartslegacy.exe] => (Allow) E:\hry\hogwarts legacy\phoenix\binaries\win64\hogwartslegacy.exe => No File
FirewallRules: [UDP Query User{B203CECA-6E95-43B0-871F-2861AAB5634A}E:\hry\hogwarts legacy\phoenix\binaries\win64\hogwartslegacy.exe] => (Allow) E:\hry\hogwarts legacy\phoenix\binaries\win64\hogwartslegacy.exe => No File
FirewallRules: [{79C784ED-F6C6-4691-B9F0-E20513A0B975}] => (Block) E:\hry\hogwarts legacy\phoenix\binaries\win64\hogwartslegacy.exe => No File
FirewallRules: [{9DFFEB25-00AE-41CC-93EB-DBDB8C05404B}] => (Block) E:\hry\hogwarts legacy\phoenix\binaries\win64\hogwartslegacy.exe => No File
FirewallRules: [TCP Query User{B59148D8-7602-42D9-B9C1-D10E6B5A1C9E}D:\games\age of mythology retold\aomrt_s.exe] => (Allow) D:\games\age of mythology retold\aomrt_s.exe => No File
FirewallRules: [UDP Query User{C91BF65F-237C-40F8-82D1-306D33F15CCB}D:\games\age of mythology retold\aomrt_s.exe] => (Allow) D:\games\age of mythology retold\aomrt_s.exe => No File
FirewallRules: [TCP Query User{E23BD57A-550B-4418-9CDD-D9BA5BA347EB}D:\games\age of mythology retold\battleserver.exe] => (Allow) D:\games\age of mythology retold\battleserver.exe => No File
FirewallRules: [UDP Query User{51658F84-E579-463B-802F-37C0B3B87D11}D:\games\age of mythology retold\battleserver.exe] => (Allow) D:\games\age of mythology retold\battleserver.exe => No File
FirewallRules: [{42B130E7-B899-4298-BBC8-2DAF8560E2F3}] => (Block) D:\games\age of mythology retold\battleserver.exe => No File
FirewallRules: [{3DCCAB02-5EE8-4620-924E-4584BB3529C8}] => (Block) D:\games\age of mythology retold\battleserver.exe => No File
FirewallRules: [{3E554EA5-87F7-4C01-9D20-1009A51C3AA6}] => (Block) D:\games\age of mythology retold\aomrt_s.exe => No File
FirewallRules: [{B670F3A8-ECCE-4A11-8C9E-CE95A8547ED2}] => (Block) D:\games\age of mythology retold\aomrt_s.exe => No File
EmptyTemp:
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Podezření na zavirovaný PC
Fix result of Farbar Recovery Scan Tool (x64) Version: 18-03-2025
Ran by Paulie (20-03-2025 21:12:38) Run:2
Running from C:\Users\Paulie\Desktop
Loaded Profiles: Paulie
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SYSTEM\...\Terminal Server: [fDenyTSConnections] = 0 <==== ATTENTION
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\...\MountPoints2: F - "F:\Setup.exe"
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\...\MountPoints2: H - "H:\setup.exe"
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\...\MountPoints2: {d6549c64-734e-11ea-9f72-b137a34b7c85} - "F:\HiSuiteDownLoader.exe"
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\update.bat [2019-12-24] () [File not signed] <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {CD6FEFED-FBD1-45A9-B594-A82B364536E1} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe (No File)
Task: {A914A185-A749-4C56-985B-A35C257BD191} - System32\Tasks\Avast TUNEUP Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe (No File)
Task: {60004209-B04C-4109-B3CC-DE19653FFEFC} - System32\Tasks\CMEClient => "E:\HRY\ChallengeMe.GG Client pro CSGO\ChallengeMeClient.exe" (No File)
Task: {EC19D5CB-492E-4E1F-A01B-F428D283525F} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch (No File)
Task: {6D54230C-7B80-4805-976E-24865BB7D127} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (No File)
Task: {0D4EF373-C1D7-4E24-8A26-71E4DD1F497D} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (No File)
Task: {C59C4DFC-37FD-40E3-87CF-395DB7104183} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe /DRMInit (No File)
Task: {A9D53DF5-1629-41B1-8477-0F2A9C543D43} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (No File)
Task: {CC3B2B43-8146-4DA6-9DE4-DBD78AFA5E3F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate $(Arg0) (No File)
Task: {B9F04F4F-2ACC-4B14-860C-01F90FFF645E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15 (No File)
Task: {66A1AB22-1A9E-410D-9F63-7F3585B687C7} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask (No File)
Task: {D005DD46-29A2-45CC-ACA1-57448A628D2D} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask (No File)
Task: {0FED875F-A36C-4BE3-A816-087B25A5AC94} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate (No File)
Task: {2C4D4C54-7C0F-4007-AB21-DE2A054A18CA} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (No File)
Task: {D80EAA21-3F10-40DC-899C-9DB7AB73BECD} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery (No File)
Task: {E6D091AE-89DC-4B60-AAB6-4914C8BF2ADF} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (No File)
Task: {F647E6FF-14DB-4635-A1D8-98CDA930CA19} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (No File)
Task: {3D6360CC-017C-436B-8A9C-BF4F054CBBE0} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe -pscn 0 (No File)
Task: {072281CB-D26D-49E1-A9DD-9472C44123DB} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask (No File)
Task: {4B776637-E010-4A15-9F33-749F96D44947} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe -PvrSchedule (No File)
Task: {725B9AA1-968F-4980-9FA9-1CBB78D0901B} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec /RestartRecording (No File)
Task: {3EDA3836-8BF4-4DDE-ABCF-4E9310E2F95D} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (No File)
Task: {2AC68338-9FB4-416C-B814-A60AA3E3EAB6} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot (No File)
Task: {2798E341-2B5F-4ED8-97AD-0117964B1A83} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask (No File)
Task: {43709EA4-C3D5-4108-81D4-EDC76E9F34EC} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (No File)
Task: {F5CA3A99-B43E-40E6-B409-A54E729EFF08} - System32\Tasks\SessionAgent => "C:\windows\sysde32.exe" (No File)
Task: {473FDB5B-1D33-419D-8D5E-6EC0690CD8D3} - System32\Tasks\SmartDefrag_Update => E:\PROGRAMY\Smart Defrag\AutoUpdate.exe /autorun (No File)
U3 idsvc; no ImagePath
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
FirewallRules: [TCP Query User{4BC470E5-DEDD-4148-ACE5-113B3B20A398}D:\games\it takes two\nuts\binaries\win64\ittakestwo.exe] => (Allow) D:\games\it takes two\nuts\binaries\win64\ittakestwo.exe => No File
FirewallRules: [UDP Query User{D0A7778C-8729-4B19-801A-F7E50B27D8D5}D:\games\it takes two\nuts\binaries\win64\ittakestwo.exe] => (Allow) D:\games\it takes two\nuts\binaries\win64\ittakestwo.exe => No File
FirewallRules: [{0E6F446D-9EF0-40E4-BE71-8CBCB3D2719F}] => (Block) D:\games\it takes two\nuts\binaries\win64\ittakestwo.exe => No File
FirewallRules: [{955D7072-E551-4DC2-933C-A4871A53E0BB}] => (Block) D:\games\it takes two\nuts\binaries\win64\ittakestwo.exe => No File
FirewallRules: [{FC81CFDF-B092-4A59-AA12-B98091B2CF35}] => (Block) D:\before your eyes\before your eyes.exe => No File
FirewallRules: [{8FF87285-89C4-4458-8F04-51967AF524E1}] => (Block) D:\before your eyes\before your eyes.exe => No File
FirewallRules: [TCP Query User{E78D98E7-A812-432E-9272-E1B18D78380B}D:\rocket league\rocketleague\binaries\win64\rocketleague.exe] => (Allow) D:\rocket league\rocketleague\binaries\win64\rocketleague.exe => No File
FirewallRules: [UDP Query User{D006495C-77E7-4AB4-8620-0A0AC477925C}D:\rocket league\rocketleague\binaries\win64\rocketleague.exe] => (Allow) D:\rocket league\rocketleague\binaries\win64\rocketleague.exe => No File
FirewallRules: [{6B47D931-868D-43B8-85B5-E6C79C554D5B}] => (Block) D:\rocket league\rocketleague\binaries\win64\rocketleague.exe => No File
FirewallRules: [{7326EDFA-2DA7-4357-BC3F-FD71EA77E09A}] => (Block) D:\rocket league\rocketleague\binaries\win64\rocketleague.exe => No File
FirewallRules: [TCP Query User{77A89666-05FD-4272-BE23-9C23F0448B0E}D:\far cry 3 complete collection\far cry 3\bin\farcry3.exe] => (Allow) D:\far cry 3 complete collection\far cry 3\bin\farcry3.exe => No File
FirewallRules: [UDP Query User{700B55B9-091B-4B2A-A4B5-8B336775B72F}D:\far cry 3 complete collection\far cry 3\bin\farcry3.exe] => (Allow) D:\far cry 3 complete collection\far cry 3\bin\farcry3.exe => No File
FirewallRules: [{6DA96EE0-8836-4A62-9EA7-F7CCCB5BF230}] => (Block) D:\far cry 3 complete collection\far cry 3\bin\farcry3.exe => No File
FirewallRules: [{865B3285-62B8-42AB-B882-0A2BC5C62074}] => (Block) D:\far cry 3 complete collection\far cry 3\bin\farcry3.exe => No File
FirewallRules: [TCP Query User{C7CDAF38-7D87-47D6-98F3-6917A48CCA7D}E:\hry\hogwarts legacy\phoenix\binaries\win64\hogwartslegacy.exe] => (Allow) E:\hry\hogwarts legacy\phoenix\binaries\win64\hogwartslegacy.exe => No File
FirewallRules: [UDP Query User{B203CECA-6E95-43B0-871F-2861AAB5634A}E:\hry\hogwarts legacy\phoenix\binaries\win64\hogwartslegacy.exe] => (Allow) E:\hry\hogwarts legacy\phoenix\binaries\win64\hogwartslegacy.exe => No File
FirewallRules: [{79C784ED-F6C6-4691-B9F0-E20513A0B975}] => (Block) E:\hry\hogwarts legacy\phoenix\binaries\win64\hogwartslegacy.exe => No File
FirewallRules: [{9DFFEB25-00AE-41CC-93EB-DBDB8C05404B}] => (Block) E:\hry\hogwarts legacy\phoenix\binaries\win64\hogwartslegacy.exe => No File
FirewallRules: [TCP Query User{B59148D8-7602-42D9-B9C1-D10E6B5A1C9E}D:\games\age of mythology retold\aomrt_s.exe] => (Allow) D:\games\age of mythology retold\aomrt_s.exe => No File
FirewallRules: [UDP Query User{C91BF65F-237C-40F8-82D1-306D33F15CCB}D:\games\age of mythology retold\aomrt_s.exe] => (Allow) D:\games\age of mythology retold\aomrt_s.exe => No File
FirewallRules: [TCP Query User{E23BD57A-550B-4418-9CDD-D9BA5BA347EB}D:\games\age of mythology retold\battleserver.exe] => (Allow) D:\games\age of mythology retold\battleserver.exe => No File
FirewallRules: [UDP Query User{51658F84-E579-463B-802F-37C0B3B87D11}D:\games\age of mythology retold\battleserver.exe] => (Allow) D:\games\age of mythology retold\battleserver.exe => No File
FirewallRules: [{42B130E7-B899-4298-BBC8-2DAF8560E2F3}] => (Block) D:\games\age of mythology retold\battleserver.exe => No File
FirewallRules: [{3DCCAB02-5EE8-4620-924E-4584BB3529C8}] => (Block) D:\games\age of mythology retold\battleserver.exe => No File
FirewallRules: [{3E554EA5-87F7-4C01-9D20-1009A51C3AA6}] => (Block) D:\games\age of mythology retold\aomrt_s.exe => No File
FirewallRules: [{B670F3A8-ECCE-4A11-8C9E-CE95A8547ED2}] => (Block) D:\games\age of mythology retold\aomrt_s.exe => No File
EmptyTemp:
End
*****************
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiSpyware"="0" => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiVirus"="0" => value restored successfully
HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\\"fDenyTSConnections"="1" => value restored successfully
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F => removed successfully
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H => removed successfully
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d6549c64-734e-11ea-9f72-b137a34b7c85} => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{503739d0-4c5e-4cfd-b3ba-d881334f0df2}" => removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\update.bat => moved successfully
"C:\WINDOWS\system32\GroupPolicy\Machine" Folder move:
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD6FEFED-FBD1-45A9-B594-A82B364536E1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD6FEFED-FBD1-45A9-B594-A82B364536E1}" => removed successfully
C:\WINDOWS\System32\Tasks\ASUS\ASUS Product Register Service => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS\ASUS Product Register Service" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{A914A185-A749-4C56-985B-A35C257BD191}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A914A185-A749-4C56-985B-A35C257BD191}" => removed successfully
C:\WINDOWS\System32\Tasks\Avast TUNEUP Update => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast TUNEUP Update" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{60004209-B04C-4109-B3CC-DE19653FFEFC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60004209-B04C-4109-B3CC-DE19653FFEFC}" => removed successfully
C:\WINDOWS\System32\Tasks\CMEClient => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CMEClient" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EC19D5CB-492E-4E1F-A01B-F428D283525F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC19D5CB-492E-4E1F-A01B-F428D283525F}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ActivateWindowsSearch" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6D54230C-7B80-4805-976E-24865BB7D127}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D54230C-7B80-4805-976E-24865BB7D127}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ConfigureInternetTimeService" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D4EF373-C1D7-4E24-8A26-71E4DD1F497D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D4EF373-C1D7-4E24-8A26-71E4DD1F497D}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\DispatchRecoveryTasks" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C59C4DFC-37FD-40E3-87CF-395DB7104183}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C59C4DFC-37FD-40E3-87CF-395DB7104183}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ehDRMInit" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A9D53DF5-1629-41B1-8477-0F2A9C543D43}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9D53DF5-1629-41B1-8477-0F2A9C543D43}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\InstallPlayReady" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CC3B2B43-8146-4DA6-9DE4-DBD78AFA5E3F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC3B2B43-8146-4DA6-9DE4-DBD78AFA5E3F}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\mcupdate => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\mcupdate" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B9F04F4F-2ACC-4B14-860C-01F90FFF645E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9F04F4F-2ACC-4B14-860C-01F90FFF645E}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\mcupdate_scheduled" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{66A1AB22-1A9E-410D-9F63-7F3585B687C7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66A1AB22-1A9E-410D-9F63-7F3585B687C7}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\MediaCenterRecoveryTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D005DD46-29A2-45CC-ACA1-57448A628D2D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D005DD46-29A2-45CC-ACA1-57448A628D2D}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0FED875F-A36C-4BE3-A816-087B25A5AC94}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0FED875F-A36C-4BE3-A816-087B25A5AC94}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURActivate" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2C4D4C54-7C0F-4007-AB21-DE2A054A18CA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C4D4C54-7C0F-4007-AB21-DE2A054A18CA}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURDiscovery" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D80EAA21-3F10-40DC-899C-9DB7AB73BECD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D80EAA21-3F10-40DC-899C-9DB7AB73BECD}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscovery" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E6D091AE-89DC-4B60-AAB6-4914C8BF2ADF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6D091AE-89DC-4B60-AAB6-4914C8BF2ADF}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscoveryW1" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F647E6FF-14DB-4635-A1D8-98CDA930CA19}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F647E6FF-14DB-4635-A1D8-98CDA930CA19}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscoveryW2" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3D6360CC-017C-436B-8A9C-BF4F054CBBE0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D6360CC-017C-436B-8A9C-BF4F054CBBE0}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PeriodicScanRetry" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{072281CB-D26D-49E1-A9DD-9472C44123DB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{072281CB-D26D-49E1-A9DD-9472C44123DB}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PvrRecoveryTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4B776637-E010-4A15-9F33-749F96D44947}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B776637-E010-4A15-9F33-749F96D44947}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PvrScheduleTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{725B9AA1-968F-4980-9FA9-1CBB78D0901B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{725B9AA1-968F-4980-9FA9-1CBB78D0901B}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\RecordingRestart" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3EDA3836-8BF4-4DDE-ABCF-4E9310E2F95D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3EDA3836-8BF4-4DDE-ABCF-4E9310E2F95D}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\RegisterSearch" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2AC68338-9FB4-416C-B814-A60AA3E3EAB6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2AC68338-9FB4-416C-B814-A60AA3E3EAB6}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ReindexSearchRoot" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2798E341-2B5F-4ED8-97AD-0117964B1A83}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2798E341-2B5F-4ED8-97AD-0117964B1A83}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\SqlLiteRecoveryTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{43709EA4-C3D5-4108-81D4-EDC76E9F34EC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{43709EA4-C3D5-4108-81D4-EDC76E9F34EC}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\UpdateRecordPath" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F5CA3A99-B43E-40E6-B409-A54E729EFF08}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5CA3A99-B43E-40E6-B409-A54E729EFF08}" => removed successfully
C:\WINDOWS\System32\Tasks\SessionAgent => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SessionAgent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{473FDB5B-1D33-419D-8D5E-6EC0690CD8D3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{473FDB5B-1D33-419D-8D5E-6EC0690CD8D3}" => removed successfully
C:\WINDOWS\System32\Tasks\SmartDefrag_Update => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDefrag_Update" => removed successfully
HKLM\System\CurrentControlSet\Services\idsvc => removed successfully
idsvc => service removed successfully
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`27hfm" ADS removed successfully
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File) => Error: No automatic fix found for this entry.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{4BC470E5-DEDD-4148-ACE5-113B3B20A398}D:\games\it takes two\nuts\binaries\win64\ittakestwo.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D0A7778C-8729-4B19-801A-F7E50B27D8D5}D:\games\it takes two\nuts\binaries\win64\ittakestwo.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0E6F446D-9EF0-40E4-BE71-8CBCB3D2719F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{955D7072-E551-4DC2-933C-A4871A53E0BB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FC81CFDF-B092-4A59-AA12-B98091B2CF35}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8FF87285-89C4-4458-8F04-51967AF524E1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E78D98E7-A812-432E-9272-E1B18D78380B}D:\rocket league\rocketleague\binaries\win64\rocketleague.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D006495C-77E7-4AB4-8620-0A0AC477925C}D:\rocket league\rocketleague\binaries\win64\rocketleague.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6B47D931-868D-43B8-85B5-E6C79C554D5B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7326EDFA-2DA7-4357-BC3F-FD71EA77E09A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{77A89666-05FD-4272-BE23-9C23F0448B0E}D:\far cry 3 complete collection\far cry 3\bin\farcry3.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{700B55B9-091B-4B2A-A4B5-8B336775B72F}D:\far cry 3 complete collection\far cry 3\bin\farcry3.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6DA96EE0-8836-4A62-9EA7-F7CCCB5BF230}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{865B3285-62B8-42AB-B882-0A2BC5C62074}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C7CDAF38-7D87-47D6-98F3-6917A48CCA7D}E:\hry\hogwarts legacy\phoenix\binaries\win64\hogwartslegacy.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B203CECA-6E95-43B0-871F-2861AAB5634A}E:\hry\hogwarts legacy\phoenix\binaries\win64\hogwartslegacy.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{79C784ED-F6C6-4691-B9F0-E20513A0B975}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9DFFEB25-00AE-41CC-93EB-DBDB8C05404B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B59148D8-7602-42D9-B9C1-D10E6B5A1C9E}D:\games\age of mythology retold\aomrt_s.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C91BF65F-237C-40F8-82D1-306D33F15CCB}D:\games\age of mythology retold\aomrt_s.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E23BD57A-550B-4418-9CDD-D9BA5BA347EB}D:\games\age of mythology retold\battleserver.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{51658F84-E579-463B-802F-37C0B3B87D11}D:\games\age of mythology retold\battleserver.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{42B130E7-B899-4298-BBC8-2DAF8560E2F3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3DCCAB02-5EE8-4620-924E-4584BB3529C8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3E554EA5-87F7-4C01-9D20-1009A51C3AA6}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B670F3A8-ECCE-4A11-8C9E-CE95A8547ED2}" => removed successfully
=========== EmptyTemp: ==========
FlushDNS => completed
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13682165 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 365553310 B
Windows/system/drivers => 225 B
Edge => 0 B
Chrome => 398476862 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 6656 B
ProgramData => 6656 B
Public => 6656 B
systemprofile => 6656 B
systemprofile32 => 6656 B
LocalService => 578790 B
NetworkService => 8441228 B
Paulie => 38044032 B
RecycleBin => 162710 B
EmptyTemp: => 788 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 21:13:04 ====
Ran by Paulie (20-03-2025 21:12:38) Run:2
Running from C:\Users\Paulie\Desktop
Loaded Profiles: Paulie
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SYSTEM\...\Terminal Server: [fDenyTSConnections] = 0 <==== ATTENTION
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\...\MountPoints2: F - "F:\Setup.exe"
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\...\MountPoints2: H - "H:\setup.exe"
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\...\MountPoints2: {d6549c64-734e-11ea-9f72-b137a34b7c85} - "F:\HiSuiteDownLoader.exe"
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\update.bat [2019-12-24] () [File not signed] <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {CD6FEFED-FBD1-45A9-B594-A82B364536E1} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe (No File)
Task: {A914A185-A749-4C56-985B-A35C257BD191} - System32\Tasks\Avast TUNEUP Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe (No File)
Task: {60004209-B04C-4109-B3CC-DE19653FFEFC} - System32\Tasks\CMEClient => "E:\HRY\ChallengeMe.GG Client pro CSGO\ChallengeMeClient.exe" (No File)
Task: {EC19D5CB-492E-4E1F-A01B-F428D283525F} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch (No File)
Task: {6D54230C-7B80-4805-976E-24865BB7D127} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (No File)
Task: {0D4EF373-C1D7-4E24-8A26-71E4DD1F497D} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (No File)
Task: {C59C4DFC-37FD-40E3-87CF-395DB7104183} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe /DRMInit (No File)
Task: {A9D53DF5-1629-41B1-8477-0F2A9C543D43} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (No File)
Task: {CC3B2B43-8146-4DA6-9DE4-DBD78AFA5E3F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate $(Arg0) (No File)
Task: {B9F04F4F-2ACC-4B14-860C-01F90FFF645E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15 (No File)
Task: {66A1AB22-1A9E-410D-9F63-7F3585B687C7} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask (No File)
Task: {D005DD46-29A2-45CC-ACA1-57448A628D2D} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask (No File)
Task: {0FED875F-A36C-4BE3-A816-087B25A5AC94} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate (No File)
Task: {2C4D4C54-7C0F-4007-AB21-DE2A054A18CA} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (No File)
Task: {D80EAA21-3F10-40DC-899C-9DB7AB73BECD} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery (No File)
Task: {E6D091AE-89DC-4B60-AAB6-4914C8BF2ADF} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (No File)
Task: {F647E6FF-14DB-4635-A1D8-98CDA930CA19} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (No File)
Task: {3D6360CC-017C-436B-8A9C-BF4F054CBBE0} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe -pscn 0 (No File)
Task: {072281CB-D26D-49E1-A9DD-9472C44123DB} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask (No File)
Task: {4B776637-E010-4A15-9F33-749F96D44947} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe -PvrSchedule (No File)
Task: {725B9AA1-968F-4980-9FA9-1CBB78D0901B} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec /RestartRecording (No File)
Task: {3EDA3836-8BF4-4DDE-ABCF-4E9310E2F95D} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (No File)
Task: {2AC68338-9FB4-416C-B814-A60AA3E3EAB6} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot (No File)
Task: {2798E341-2B5F-4ED8-97AD-0117964B1A83} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask (No File)
Task: {43709EA4-C3D5-4108-81D4-EDC76E9F34EC} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (No File)
Task: {F5CA3A99-B43E-40E6-B409-A54E729EFF08} - System32\Tasks\SessionAgent => "C:\windows\sysde32.exe" (No File)
Task: {473FDB5B-1D33-419D-8D5E-6EC0690CD8D3} - System32\Tasks\SmartDefrag_Update => E:\PROGRAMY\Smart Defrag\AutoUpdate.exe /autorun (No File)
U3 idsvc; no ImagePath
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
FirewallRules: [TCP Query User{4BC470E5-DEDD-4148-ACE5-113B3B20A398}D:\games\it takes two\nuts\binaries\win64\ittakestwo.exe] => (Allow) D:\games\it takes two\nuts\binaries\win64\ittakestwo.exe => No File
FirewallRules: [UDP Query User{D0A7778C-8729-4B19-801A-F7E50B27D8D5}D:\games\it takes two\nuts\binaries\win64\ittakestwo.exe] => (Allow) D:\games\it takes two\nuts\binaries\win64\ittakestwo.exe => No File
FirewallRules: [{0E6F446D-9EF0-40E4-BE71-8CBCB3D2719F}] => (Block) D:\games\it takes two\nuts\binaries\win64\ittakestwo.exe => No File
FirewallRules: [{955D7072-E551-4DC2-933C-A4871A53E0BB}] => (Block) D:\games\it takes two\nuts\binaries\win64\ittakestwo.exe => No File
FirewallRules: [{FC81CFDF-B092-4A59-AA12-B98091B2CF35}] => (Block) D:\before your eyes\before your eyes.exe => No File
FirewallRules: [{8FF87285-89C4-4458-8F04-51967AF524E1}] => (Block) D:\before your eyes\before your eyes.exe => No File
FirewallRules: [TCP Query User{E78D98E7-A812-432E-9272-E1B18D78380B}D:\rocket league\rocketleague\binaries\win64\rocketleague.exe] => (Allow) D:\rocket league\rocketleague\binaries\win64\rocketleague.exe => No File
FirewallRules: [UDP Query User{D006495C-77E7-4AB4-8620-0A0AC477925C}D:\rocket league\rocketleague\binaries\win64\rocketleague.exe] => (Allow) D:\rocket league\rocketleague\binaries\win64\rocketleague.exe => No File
FirewallRules: [{6B47D931-868D-43B8-85B5-E6C79C554D5B}] => (Block) D:\rocket league\rocketleague\binaries\win64\rocketleague.exe => No File
FirewallRules: [{7326EDFA-2DA7-4357-BC3F-FD71EA77E09A}] => (Block) D:\rocket league\rocketleague\binaries\win64\rocketleague.exe => No File
FirewallRules: [TCP Query User{77A89666-05FD-4272-BE23-9C23F0448B0E}D:\far cry 3 complete collection\far cry 3\bin\farcry3.exe] => (Allow) D:\far cry 3 complete collection\far cry 3\bin\farcry3.exe => No File
FirewallRules: [UDP Query User{700B55B9-091B-4B2A-A4B5-8B336775B72F}D:\far cry 3 complete collection\far cry 3\bin\farcry3.exe] => (Allow) D:\far cry 3 complete collection\far cry 3\bin\farcry3.exe => No File
FirewallRules: [{6DA96EE0-8836-4A62-9EA7-F7CCCB5BF230}] => (Block) D:\far cry 3 complete collection\far cry 3\bin\farcry3.exe => No File
FirewallRules: [{865B3285-62B8-42AB-B882-0A2BC5C62074}] => (Block) D:\far cry 3 complete collection\far cry 3\bin\farcry3.exe => No File
FirewallRules: [TCP Query User{C7CDAF38-7D87-47D6-98F3-6917A48CCA7D}E:\hry\hogwarts legacy\phoenix\binaries\win64\hogwartslegacy.exe] => (Allow) E:\hry\hogwarts legacy\phoenix\binaries\win64\hogwartslegacy.exe => No File
FirewallRules: [UDP Query User{B203CECA-6E95-43B0-871F-2861AAB5634A}E:\hry\hogwarts legacy\phoenix\binaries\win64\hogwartslegacy.exe] => (Allow) E:\hry\hogwarts legacy\phoenix\binaries\win64\hogwartslegacy.exe => No File
FirewallRules: [{79C784ED-F6C6-4691-B9F0-E20513A0B975}] => (Block) E:\hry\hogwarts legacy\phoenix\binaries\win64\hogwartslegacy.exe => No File
FirewallRules: [{9DFFEB25-00AE-41CC-93EB-DBDB8C05404B}] => (Block) E:\hry\hogwarts legacy\phoenix\binaries\win64\hogwartslegacy.exe => No File
FirewallRules: [TCP Query User{B59148D8-7602-42D9-B9C1-D10E6B5A1C9E}D:\games\age of mythology retold\aomrt_s.exe] => (Allow) D:\games\age of mythology retold\aomrt_s.exe => No File
FirewallRules: [UDP Query User{C91BF65F-237C-40F8-82D1-306D33F15CCB}D:\games\age of mythology retold\aomrt_s.exe] => (Allow) D:\games\age of mythology retold\aomrt_s.exe => No File
FirewallRules: [TCP Query User{E23BD57A-550B-4418-9CDD-D9BA5BA347EB}D:\games\age of mythology retold\battleserver.exe] => (Allow) D:\games\age of mythology retold\battleserver.exe => No File
FirewallRules: [UDP Query User{51658F84-E579-463B-802F-37C0B3B87D11}D:\games\age of mythology retold\battleserver.exe] => (Allow) D:\games\age of mythology retold\battleserver.exe => No File
FirewallRules: [{42B130E7-B899-4298-BBC8-2DAF8560E2F3}] => (Block) D:\games\age of mythology retold\battleserver.exe => No File
FirewallRules: [{3DCCAB02-5EE8-4620-924E-4584BB3529C8}] => (Block) D:\games\age of mythology retold\battleserver.exe => No File
FirewallRules: [{3E554EA5-87F7-4C01-9D20-1009A51C3AA6}] => (Block) D:\games\age of mythology retold\aomrt_s.exe => No File
FirewallRules: [{B670F3A8-ECCE-4A11-8C9E-CE95A8547ED2}] => (Block) D:\games\age of mythology retold\aomrt_s.exe => No File
EmptyTemp:
End
*****************
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiSpyware"="0" => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiVirus"="0" => value restored successfully
HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\\"fDenyTSConnections"="1" => value restored successfully
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F => removed successfully
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H => removed successfully
HKU\S-1-5-21-2623976002-1524246759-2826972749-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d6549c64-734e-11ea-9f72-b137a34b7c85} => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{503739d0-4c5e-4cfd-b3ba-d881334f0df2}" => removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\update.bat => moved successfully
"C:\WINDOWS\system32\GroupPolicy\Machine" Folder move:
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD6FEFED-FBD1-45A9-B594-A82B364536E1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD6FEFED-FBD1-45A9-B594-A82B364536E1}" => removed successfully
C:\WINDOWS\System32\Tasks\ASUS\ASUS Product Register Service => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS\ASUS Product Register Service" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{A914A185-A749-4C56-985B-A35C257BD191}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A914A185-A749-4C56-985B-A35C257BD191}" => removed successfully
C:\WINDOWS\System32\Tasks\Avast TUNEUP Update => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast TUNEUP Update" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{60004209-B04C-4109-B3CC-DE19653FFEFC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60004209-B04C-4109-B3CC-DE19653FFEFC}" => removed successfully
C:\WINDOWS\System32\Tasks\CMEClient => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CMEClient" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EC19D5CB-492E-4E1F-A01B-F428D283525F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC19D5CB-492E-4E1F-A01B-F428D283525F}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ActivateWindowsSearch" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6D54230C-7B80-4805-976E-24865BB7D127}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D54230C-7B80-4805-976E-24865BB7D127}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ConfigureInternetTimeService" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D4EF373-C1D7-4E24-8A26-71E4DD1F497D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D4EF373-C1D7-4E24-8A26-71E4DD1F497D}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\DispatchRecoveryTasks" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C59C4DFC-37FD-40E3-87CF-395DB7104183}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C59C4DFC-37FD-40E3-87CF-395DB7104183}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ehDRMInit" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A9D53DF5-1629-41B1-8477-0F2A9C543D43}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9D53DF5-1629-41B1-8477-0F2A9C543D43}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\InstallPlayReady" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CC3B2B43-8146-4DA6-9DE4-DBD78AFA5E3F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC3B2B43-8146-4DA6-9DE4-DBD78AFA5E3F}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\mcupdate => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\mcupdate" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B9F04F4F-2ACC-4B14-860C-01F90FFF645E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9F04F4F-2ACC-4B14-860C-01F90FFF645E}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\mcupdate_scheduled" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{66A1AB22-1A9E-410D-9F63-7F3585B687C7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66A1AB22-1A9E-410D-9F63-7F3585B687C7}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\MediaCenterRecoveryTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D005DD46-29A2-45CC-ACA1-57448A628D2D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D005DD46-29A2-45CC-ACA1-57448A628D2D}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0FED875F-A36C-4BE3-A816-087B25A5AC94}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0FED875F-A36C-4BE3-A816-087B25A5AC94}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURActivate" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2C4D4C54-7C0F-4007-AB21-DE2A054A18CA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C4D4C54-7C0F-4007-AB21-DE2A054A18CA}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURDiscovery" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D80EAA21-3F10-40DC-899C-9DB7AB73BECD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D80EAA21-3F10-40DC-899C-9DB7AB73BECD}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscovery" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E6D091AE-89DC-4B60-AAB6-4914C8BF2ADF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6D091AE-89DC-4B60-AAB6-4914C8BF2ADF}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscoveryW1" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F647E6FF-14DB-4635-A1D8-98CDA930CA19}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F647E6FF-14DB-4635-A1D8-98CDA930CA19}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscoveryW2" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3D6360CC-017C-436B-8A9C-BF4F054CBBE0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D6360CC-017C-436B-8A9C-BF4F054CBBE0}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PeriodicScanRetry" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{072281CB-D26D-49E1-A9DD-9472C44123DB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{072281CB-D26D-49E1-A9DD-9472C44123DB}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PvrRecoveryTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4B776637-E010-4A15-9F33-749F96D44947}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B776637-E010-4A15-9F33-749F96D44947}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PvrScheduleTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{725B9AA1-968F-4980-9FA9-1CBB78D0901B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{725B9AA1-968F-4980-9FA9-1CBB78D0901B}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\RecordingRestart" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3EDA3836-8BF4-4DDE-ABCF-4E9310E2F95D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3EDA3836-8BF4-4DDE-ABCF-4E9310E2F95D}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\RegisterSearch" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2AC68338-9FB4-416C-B814-A60AA3E3EAB6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2AC68338-9FB4-416C-B814-A60AA3E3EAB6}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ReindexSearchRoot" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2798E341-2B5F-4ED8-97AD-0117964B1A83}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2798E341-2B5F-4ED8-97AD-0117964B1A83}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\SqlLiteRecoveryTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{43709EA4-C3D5-4108-81D4-EDC76E9F34EC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{43709EA4-C3D5-4108-81D4-EDC76E9F34EC}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\UpdateRecordPath" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F5CA3A99-B43E-40E6-B409-A54E729EFF08}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5CA3A99-B43E-40E6-B409-A54E729EFF08}" => removed successfully
C:\WINDOWS\System32\Tasks\SessionAgent => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SessionAgent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{473FDB5B-1D33-419D-8D5E-6EC0690CD8D3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{473FDB5B-1D33-419D-8D5E-6EC0690CD8D3}" => removed successfully
C:\WINDOWS\System32\Tasks\SmartDefrag_Update => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDefrag_Update" => removed successfully
HKLM\System\CurrentControlSet\Services\idsvc => removed successfully
idsvc => service removed successfully
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`27hfm" ADS removed successfully
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File) => Error: No automatic fix found for this entry.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{4BC470E5-DEDD-4148-ACE5-113B3B20A398}D:\games\it takes two\nuts\binaries\win64\ittakestwo.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D0A7778C-8729-4B19-801A-F7E50B27D8D5}D:\games\it takes two\nuts\binaries\win64\ittakestwo.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0E6F446D-9EF0-40E4-BE71-8CBCB3D2719F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{955D7072-E551-4DC2-933C-A4871A53E0BB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FC81CFDF-B092-4A59-AA12-B98091B2CF35}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8FF87285-89C4-4458-8F04-51967AF524E1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E78D98E7-A812-432E-9272-E1B18D78380B}D:\rocket league\rocketleague\binaries\win64\rocketleague.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D006495C-77E7-4AB4-8620-0A0AC477925C}D:\rocket league\rocketleague\binaries\win64\rocketleague.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6B47D931-868D-43B8-85B5-E6C79C554D5B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7326EDFA-2DA7-4357-BC3F-FD71EA77E09A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{77A89666-05FD-4272-BE23-9C23F0448B0E}D:\far cry 3 complete collection\far cry 3\bin\farcry3.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{700B55B9-091B-4B2A-A4B5-8B336775B72F}D:\far cry 3 complete collection\far cry 3\bin\farcry3.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6DA96EE0-8836-4A62-9EA7-F7CCCB5BF230}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{865B3285-62B8-42AB-B882-0A2BC5C62074}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C7CDAF38-7D87-47D6-98F3-6917A48CCA7D}E:\hry\hogwarts legacy\phoenix\binaries\win64\hogwartslegacy.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B203CECA-6E95-43B0-871F-2861AAB5634A}E:\hry\hogwarts legacy\phoenix\binaries\win64\hogwartslegacy.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{79C784ED-F6C6-4691-B9F0-E20513A0B975}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9DFFEB25-00AE-41CC-93EB-DBDB8C05404B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B59148D8-7602-42D9-B9C1-D10E6B5A1C9E}D:\games\age of mythology retold\aomrt_s.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C91BF65F-237C-40F8-82D1-306D33F15CCB}D:\games\age of mythology retold\aomrt_s.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E23BD57A-550B-4418-9CDD-D9BA5BA347EB}D:\games\age of mythology retold\battleserver.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{51658F84-E579-463B-802F-37C0B3B87D11}D:\games\age of mythology retold\battleserver.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{42B130E7-B899-4298-BBC8-2DAF8560E2F3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3DCCAB02-5EE8-4620-924E-4584BB3529C8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3E554EA5-87F7-4C01-9D20-1009A51C3AA6}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B670F3A8-ECCE-4A11-8C9E-CE95A8547ED2}" => removed successfully
=========== EmptyTemp: ==========
FlushDNS => completed
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13682165 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 365553310 B
Windows/system/drivers => 225 B
Edge => 0 B
Chrome => 398476862 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 6656 B
ProgramData => 6656 B
Public => 6656 B
systemprofile => 6656 B
systemprofile32 => 6656 B
LocalService => 578790 B
NetworkService => 8441228 B
Paulie => 38044032 B
RecycleBin => 162710 B
EmptyTemp: => 788 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 21:13:04 ====
-
Rudy
- Site Admin
- Příspěvky: 119309
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Podezření na zavirovaný PC
Smazáno, PC by již měl být čistý.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?