Nabouraný účet - email
Napsal: 09 pro 2020 11:48
Dobrý den,
dnes mi přiša na můj hlavní email zpráva z jednoho z mých sekundárních emailů, zkratkový odkaz kamsi (neklikal jsem). Zdá se, že se někdo dostal do sekundární mailu, rozeslal několik spamů, změnil heslo na steamu (to už mám zpět). Lokace byla Vietnam. Prosím o kontrolu PC, zda zde není keylogger nebo něco podobného.
Děkuji.
Zde log FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-12-2020
Ran by L (administrator) on DESKTOP-32STAAT (Gigabyte Technology Co., Ltd. P67A-UD3-B3) (09-12-2020 10:47:57)
Running from C:\Users\L\Desktop
Loaded Profiles: L
Platform: Windows 10 Home Version 1909 18363.1198 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
(Ghisler Software GmbH -> Ghisler Software GmbH) C:\Program Files (x86)\totalcmd\TOTALCMD64.EXE
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ICM\ICM-Service-NET.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <11>
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [326448 2019-06-06] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
HKU\S-1-5-21-3246024947-146863970-1688253747-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files (x86)\DAEMON Tools Lite\DTAgent.exe [371304 2019-06-15] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-3246024947-146863970-1688253747-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3421984 2020-12-07] (Valve -> Valve Corporation)
HKLM\...\Print\Monitors\HP B011 Status Monitor: C:\WINDOWS\system32\hpinkstsB011LM.dll [331664 2012-06-13] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Deskjet 3520 series): C:\WINDOWS\system32\HPDiscoPMB011.dll [741480 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {08D2F711-3250-4CAD-8F40-5978E97F36AB} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {1D9A65D9-85A9-4655-BB85-C5D144ED1AF3} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {371DC6CA-EE81-4888-A140-DE6605930899} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_453_Plugin.exe [1502776 2020-11-14] (Adobe Inc. -> Adobe)
Task: {50FBBAE4-3B4B-419C-BBF7-3942DE051D4A} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6E592A11-3DB2-45A4-A762-A71E2B30DD2E} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6F5F6AE1-C9B2-443A-94BD-A4441F63AA80} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {774C2C4E-EE97-449F-AF7E-9C21FB5F4DB0} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7B6CA9E4-1889-4183-A5B7-20FC5F44614C} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3301176 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A867E59A-E9BA-43E9-88B3-CF528334FCB3} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B552A264-41F2-4709-9F1A-2848B6589416} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [670928 2020-11-18] (Mozilla Corporation -> Mozilla Foundation)
Task: {D1054889-9745-4CA2-BDB7-EC9B7745FD4F} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646456 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D1EF71B7-491B-49D3-8A36-8F00F4AF663E} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {E1CEFBAB-E71B-4612-8C26-7C4E79393C02} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.38 213.46.172.39
Tcpip\..\Interfaces\{472b527d-5058-45a2-ac57-0aebd5a3e0e4}: [DhcpNameServer] 213.46.172.38 213.46.172.39
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
Edge:
======
Edge DefaultProfile: Default
Edge Profile: C:\Users\L\AppData\Local\Microsoft\Edge\User Data\Default [2020-11-14]
FireFox:
========
FF DefaultProfile: 8yeav4tp.default
FF ProfilePath: C:\Users\L\AppData\Roaming\Mozilla\Firefox\Profiles\8yeav4tp.default [2019-06-15]
FF NewTab: Mozilla\Firefox\Profiles\8yeav4tp.default -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10440__190615
FF ProfilePath: C:\Users\L\AppData\Roaming\Mozilla\Firefox\Profiles\za7g8ypn.default-release [2020-12-09]
FF Homepage: Mozilla\Firefox\Profiles\za7g8ypn.default-release -> www.seznam.cz
FF NewTab: Mozilla\Firefox\Profiles\za7g8ypn.default-release -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10440__190615
FF Extension: (BetterTTV) - C:\Users\L\AppData\Roaming\Mozilla\Firefox\Profiles\za7g8ypn.default-release\Extensions\firefox@betterttv.net.xpi [2020-11-29]
FF Extension: (Tampermonkey) - C:\Users\L\AppData\Roaming\Mozilla\Firefox\Profiles\za7g8ypn.default-release\Extensions\firefox@tampermonkey.net.xpi [2020-11-05]
FF Extension: (uBlock Origin) - C:\Users\L\AppData\Roaming\Mozilla\Firefox\Profiles\za7g8ypn.default-release\Extensions\uBlock0@raymondhill.net.xpi [2020-11-20]
FF Extension: (No Name) - C:\Users\L\AppData\Roaming\Mozilla\Firefox\Profiles\za7g8ypn.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2020-11-17]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_453.dll [2020-11-14] (Adobe Inc. -> )
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_453.dll [2020-11-14] (Adobe Inc. -> )
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-11-19] (Adobe Inc. -> Adobe Systems Inc.)
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6076936 2019-10-19] (BattlEye Innovations e.K. -> )
R3 Disc Soft Lite Bus Service; C:\Program Files (x86)\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4452456 2019-06-15] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [287720 2020-10-19] (NVIDIA Corporation -> NVIDIA)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [4501544 2019-06-04] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\NisSrv.exe [2467088 2020-11-28] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MsMpEng.exe [128376 2020-11-28] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ZA NET ICM Service; C:\Program Files (x86)\CheckPoint\ICM\ICM-Service-NET.exe [42208 2020-03-13] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S3 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114936 2019-06-06] (Check Point Software Technologies Ltd. -> Check Point Software Technologies, Ltd.)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [231936 2020-03-10] (Microsoft Corporation) [File not signed]
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2019-06-15] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [59360 2019-06-15] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 HPMoA407; C:\WINDOWS\System32\drivers\HPMoA407.sys [25088 2011-10-31] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard.)
R3 HPubA407; C:\WINDOWS\System32\Drivers\HPubA407.sys [18944 2012-06-14] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard.)
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [528576 2019-06-06] (Kaspersky Lab -> AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [29208 2019-06-06] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [220352 2019-06-06] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\system32\DRIVERS\klhk.sys [1191624 2019-06-06] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1086656 2019-06-06] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [257208 2020-10-29] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [99152 2019-06-15] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [310232 2020-10-29] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [117456 2020-10-29] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [207352 2020-10-30] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klupd_klif_swmon; C:\WINDOWS\System32\Drivers\klupd_klif_swmon.sys [241112 2020-10-30] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 ManyCam; C:\WINDOWS\system32\DRIVERS\mcvidrv.sys [66952 2018-07-29] (ManyCam (VISICOM MÉDIA INC.) -> Visicom Media Inc.)
S3 mcaudrv_simple; C:\WINDOWS\system32\drivers\mcaudrv_x64.sys [35960 2014-12-29] (ManyCam -> Visicom Media Inc.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166760 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64912 2017-05-18] (Samsung Electronics Co., Ltd. -> QUALCOMM Incorporated)
R1 Vsdatant; C:\WINDOWS\system32\DRIVERS\vsdatant.sys [461240 2019-06-06] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2020-11-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [429288 2020-11-28] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [71912 2020-11-28] (Microsoft Windows -> Microsoft Corporation)
U3 iswSvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-12-09 10:47 - 2020-12-09 10:48 - 000015730 _____ C:\Users\L\Desktop\FRST.txt
2020-12-09 10:47 - 2020-12-09 10:48 - 000000000 ____D C:\FRST
2020-12-09 10:46 - 2020-12-09 10:46 - 002288640 _____ (Farbar) C:\Users\L\Desktop\FRST64.exe
2020-12-06 18:29 - 2020-12-06 18:29 - 000000000 ____D C:\Users\L\AppData\Local\DOSBox
2020-12-06 16:22 - 2020-12-06 16:22 - 000000000 ____D C:\Users\L\Documents\Bandicam
2020-12-06 16:13 - 2020-12-06 16:13 - 000000000 ____D C:\Users\L\AppData\Roaming\Bandicam Company
2020-12-06 16:12 - 2020-12-06 16:13 - 000000000 ____D C:\Users\L\AppData\LocalLow\uTorrent
2020-12-03 15:05 - 2020-12-03 15:05 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2020-12-03 15:04 - 2020-11-23 15:40 - 001769688 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2020-12-03 15:04 - 2020-11-23 15:40 - 001769688 _____ C:\WINDOWS\system32\vulkaninfo.exe
2020-12-03 15:04 - 2020-11-23 15:40 - 001370328 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2020-12-03 15:04 - 2020-11-23 15:40 - 001370328 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2020-12-03 15:04 - 2020-11-23 15:40 - 001054944 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2020-12-03 15:04 - 2020-11-23 15:40 - 001054944 _____ C:\WINDOWS\system32\vulkan-1.dll
2020-12-03 15:04 - 2020-11-23 15:40 - 000917728 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2020-12-03 15:04 - 2020-11-23 15:40 - 000917728 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2020-12-03 15:04 - 2020-11-23 15:40 - 000456600 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2020-12-03 15:04 - 2020-11-23 15:40 - 000349936 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2020-12-03 15:04 - 2020-11-23 15:38 - 002096880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2020-12-03 15:04 - 2020-11-23 15:38 - 001585560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2020-12-03 15:04 - 2020-11-23 15:38 - 001507224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2020-12-03 15:04 - 2020-11-23 15:38 - 001159920 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2020-12-03 15:04 - 2020-11-23 15:38 - 000816368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2020-12-03 15:04 - 2020-11-23 15:38 - 000813464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2020-12-03 15:04 - 2020-11-23 15:38 - 000674712 _____ C:\WINDOWS\system32\nvofapi64.dll
2020-12-03 15:04 - 2020-11-23 15:38 - 000670616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2020-12-03 15:04 - 2020-11-23 15:38 - 000656112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2020-12-03 15:04 - 2020-11-23 15:38 - 000556440 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2020-12-03 15:04 - 2020-11-23 15:38 - 000543128 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2020-12-03 15:04 - 2020-11-23 15:37 - 007706352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2020-12-03 15:04 - 2020-11-23 15:37 - 006860184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2020-12-03 15:04 - 2020-11-23 15:37 - 004175256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2020-12-03 15:04 - 2020-11-23 15:37 - 002508528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2020-12-03 15:04 - 2020-11-23 15:37 - 001733016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6445751.dll
2020-12-03 15:04 - 2020-11-23 15:37 - 001482992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6445751.dll
2020-12-03 15:04 - 2020-11-23 15:32 - 005978008 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2020-11-26 15:05 - 2020-11-28 14:59 - 000000000 ____D C:\Users\L\AppData\Roaming\My The Lord of the Rings, The Rise of the Witch-king Files
2020-11-26 15:05 - 2020-11-26 15:05 - 000000000 ____D C:\Users\L\AppData\Roaming\My Battle for Middle-earth(tm) II Files
2020-11-26 14:57 - 2020-11-26 14:57 - 000002559 _____ C:\Users\Public\Desktop\The Lord of the Rings, The Rise of the Witch-king.lnk
2020-11-26 14:57 - 2020-11-26 14:57 - 000002559 _____ C:\ProgramData\Desktop\The Lord of the Rings, The Rise of the Witch-king.lnk
2020-11-26 14:54 - 2020-11-26 14:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
2020-11-26 14:54 - 2020-11-26 14:54 - 000002418 _____ C:\Users\Public\Desktop\The Battle for Middle-earth (tm) II.lnk
2020-11-26 14:54 - 2020-11-26 14:54 - 000002418 _____ C:\ProgramData\Desktop\The Battle for Middle-earth (tm) II.lnk
2020-11-26 14:53 - 2020-11-26 14:57 - 000000000 ____D C:\Program Files (x86)\Electronic Arts
2020-11-18 08:03 - 2020-11-18 08:03 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2020-11-13 19:57 - 2012-06-14 09:37 - 000018944 _____ (Hewlett-Packard.) C:\WINDOWS\system32\Drivers\HPubA407.sys
2020-11-13 19:57 - 2011-10-31 17:12 - 000025088 _____ (Hewlett-Packard.) C:\WINDOWS\system32\Drivers\HPMoA407.sys
2020-11-12 17:49 - 2020-11-12 17:49 - 001101312 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2020-11-12 17:49 - 2020-11-12 17:49 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2020-11-12 17:49 - 2020-11-12 17:49 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-11-12 17:49 - 2020-11-12 17:49 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-11-12 17:49 - 2020-11-12 17:49 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-11-12 17:49 - 2020-11-12 17:49 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-11-12 17:49 - 2020-11-12 17:49 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-11-12 17:49 - 2020-11-12 17:49 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-11-12 17:49 - 2020-11-12 17:49 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-11-12 17:49 - 2020-11-12 17:49 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2020-11-12 17:49 - 2020-11-12 17:49 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2020-11-12 17:49 - 2020-11-12 17:49 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2020-11-12 17:49 - 2020-11-12 17:49 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2020-11-12 17:48 - 2020-11-12 17:48 - 001841152 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2020-11-12 17:48 - 2020-11-12 17:48 - 000200704 _____ C:\WINDOWS\system32\IHDS.dll
2020-11-12 17:48 - 2020-11-12 17:48 - 000164864 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2020-11-10 12:23 - 2020-11-10 12:23 - 000000000 ____D C:\Users\L\AppData\Local\LucasArts
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-12-09 10:47 - 2018-11-30 19:04 - 000000000 ____D C:\Temp
2020-12-09 10:38 - 2019-06-15 11:03 - 000000000 ____D C:\Program Files (x86)\Steam
2020-12-09 09:25 - 2020-03-10 11:41 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-12-09 08:04 - 2018-11-30 19:05 - 000000000 ____D C:\Users\L\AppData\LocalLow\Mozilla
2020-12-09 08:03 - 2019-06-14 22:43 - 000000000 ____D C:\ProgramData\NVIDIA
2020-12-08 23:09 - 2020-10-05 15:08 - 002787896 _____ C:\WINDOWS\ntbtlog.txt
2020-12-08 18:33 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-12-08 18:21 - 2020-06-07 10:04 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-12-08 17:55 - 2019-06-15 10:28 - 000000000 ____D C:\Users\L\AppData\Roaming\vlc
2020-12-08 14:13 - 2020-03-10 11:54 - 001693640 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-12-08 14:13 - 2019-03-19 12:55 - 000716944 _____ C:\WINDOWS\system32\perfh005.dat
2020-12-08 14:13 - 2019-03-19 12:55 - 000145024 _____ C:\WINDOWS\system32\perfc005.dat
2020-12-08 14:13 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF
2020-12-08 14:09 - 2019-06-15 10:50 - 000000000 ____D C:\Users\L\AppData\Roaming\Exodus
2020-12-08 14:06 - 2020-03-10 11:52 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-12-08 14:05 - 2019-03-19 05:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-12-07 22:50 - 2019-08-15 16:42 - 000000000 ____D C:\Lukas
2020-12-07 11:23 - 2019-09-08 23:59 - 000000000 ____D C:\Knihy
2020-12-06 23:50 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-12-06 23:50 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-12-06 16:20 - 2019-03-19 05:37 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2020-12-06 16:13 - 2019-06-15 10:46 - 000000000 ____D C:\Users\L\AppData\Roaming\uTorrent
2020-12-06 16:12 - 2019-12-28 00:34 - 000000000 ____D C:\Program Files (x86)\BandiMPEG1
2020-12-06 16:12 - 2019-06-15 10:46 - 000000000 ____D C:\Users\L\AppData\Local\BitTorrentHelper
2020-12-05 11:08 - 2020-10-10 16:42 - 000002203 _____ C:\Users\L\Desktop\Exodus.lnk
2020-12-05 11:08 - 2020-10-10 16:42 - 000000000 ____D C:\Users\L\AppData\Local\exodus
2020-12-05 11:07 - 2018-11-30 19:51 - 000000000 ____D C:\Users\L\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Exodus Movement Inc
2020-12-03 15:05 - 2019-06-15 10:04 - 000000000 ____D C:\Users\L\AppData\Local\NVIDIA
2020-12-02 09:36 - 2019-06-14 22:50 - 000000000 ____D C:\Users\L\AppData\Local\Packages
2020-12-01 17:56 - 2019-06-15 12:13 - 000000000 ____D C:\Users\L\AppData\Local\Battle.net
2020-11-28 20:46 - 2019-06-15 10:42 - 000000000 ____D C:\Users\L\AppData\Local\CrashDumps
2020-11-28 15:44 - 2019-06-14 22:46 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-11-28 15:44 - 2019-03-19 05:52 - 000000000 ____D C:\Program Files\Windows Defender
2020-11-28 10:45 - 2020-06-07 10:03 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-11-28 10:45 - 2020-06-07 10:03 - 000003460 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-11-24 15:20 - 2020-03-10 11:52 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2020-11-24 15:20 - 2018-12-07 17:23 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-11-23 15:32 - 2020-10-05 16:30 - 007006712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2020-11-22 14:29 - 2020-03-01 20:01 - 000058620 _____ C:\WINDOWS\system32\nvinfo.pb
2020-11-22 10:45 - 2019-07-19 19:50 - 001759032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2020-11-22 10:45 - 2019-07-19 19:50 - 000991032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2020-11-22 10:45 - 2019-07-19 19:50 - 000084456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2020-11-22 10:45 - 2019-07-19 19:43 - 005510968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2020-11-22 10:45 - 2019-07-19 19:43 - 002636264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2020-11-22 10:45 - 2019-07-19 19:43 - 000194360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2020-11-22 10:45 - 2019-07-19 19:43 - 000121144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2020-11-20 23:50 - 2020-10-01 15:58 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2020-11-20 19:29 - 2019-06-15 12:12 - 000000000 ____D C:\Program Files (x86)\Battle.net
2020-11-20 18:56 - 2019-06-15 12:14 - 000000000 ____D C:\Program Files (x86)\Overwatch
2020-11-20 12:47 - 2020-05-12 07:40 - 000000000 ____D C:\Users\L\AppData\Local\ElevatedDiagnostics
2020-11-20 12:47 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\NDF
2020-11-20 12:32 - 2019-06-15 09:31 - 000795000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2020-11-18 19:48 - 2019-07-13 18:43 - 000007621 _____ C:\Users\L\AppData\Local\resmon.resmoncfg
2020-11-18 19:20 - 2019-06-15 09:33 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-11-18 19:20 - 2019-06-15 09:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-11-18 08:03 - 2019-06-15 09:33 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-11-14 15:53 - 2020-03-10 11:52 - 000004604 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-11-14 15:53 - 2019-06-15 10:10 - 000000000 ____D C:\Users\L\AppData\Local\Adobe
2020-11-14 15:53 - 2019-03-19 05:56 - 000842296 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2020-11-14 15:53 - 2019-03-19 05:56 - 000175160 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2020-11-14 15:52 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-11-14 15:52 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-11-14 13:26 - 2019-07-12 16:47 - 000000000 ____D C:\Users\L\AppData\Roaming\The Creative Assembly
2020-11-12 20:27 - 2020-03-10 11:41 - 000301704 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-11-12 20:27 - 2018-11-30 18:56 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-11-12 20:27 - 2018-11-30 18:56 - 000000000 ___RD C:\Users\L\3D Objects
2020-11-12 20:26 - 2019-03-19 05:52 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2020-11-12 20:26 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\TextInput
2020-11-12 20:26 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2020-11-12 20:26 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SystemResources
2020-11-12 20:26 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\setup
2020-11-12 20:26 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\oobe
2020-11-12 20:26 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-11-12 20:26 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-11-12 20:26 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2020-11-12 20:26 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-11-12 17:56 - 2019-06-15 09:33 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-11-12 17:54 - 2019-06-15 09:33 - 133736600 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-11-12 17:54 - 2019-03-19 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-11-12 17:49 - 2019-06-14 23:41 - 000410818 __RSH C:\bootmgr
2020-11-12 17:48 - 2020-03-10 11:44 - 002876928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2020-11-12 11:00 - 2020-02-29 18:14 - 000907064 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll
==================== Files in the root of some directories ========
2019-07-13 18:43 - 2020-11-18 19:48 - 000007621 _____ () C:\Users\L\AppData\Local\resmon.resmoncfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
dnes mi přiša na můj hlavní email zpráva z jednoho z mých sekundárních emailů, zkratkový odkaz kamsi (neklikal jsem). Zdá se, že se někdo dostal do sekundární mailu, rozeslal několik spamů, změnil heslo na steamu (to už mám zpět). Lokace byla Vietnam. Prosím o kontrolu PC, zda zde není keylogger nebo něco podobného.
Děkuji.
Zde log FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-12-2020
Ran by L (administrator) on DESKTOP-32STAAT (Gigabyte Technology Co., Ltd. P67A-UD3-B3) (09-12-2020 10:47:57)
Running from C:\Users\L\Desktop
Loaded Profiles: L
Platform: Windows 10 Home Version 1909 18363.1198 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
(Ghisler Software GmbH -> Ghisler Software GmbH) C:\Program Files (x86)\totalcmd\TOTALCMD64.EXE
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ICM\ICM-Service-NET.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <11>
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [326448 2019-06-06] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
HKU\S-1-5-21-3246024947-146863970-1688253747-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files (x86)\DAEMON Tools Lite\DTAgent.exe [371304 2019-06-15] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-3246024947-146863970-1688253747-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3421984 2020-12-07] (Valve -> Valve Corporation)
HKLM\...\Print\Monitors\HP B011 Status Monitor: C:\WINDOWS\system32\hpinkstsB011LM.dll [331664 2012-06-13] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Deskjet 3520 series): C:\WINDOWS\system32\HPDiscoPMB011.dll [741480 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {08D2F711-3250-4CAD-8F40-5978E97F36AB} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {1D9A65D9-85A9-4655-BB85-C5D144ED1AF3} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {371DC6CA-EE81-4888-A140-DE6605930899} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_453_Plugin.exe [1502776 2020-11-14] (Adobe Inc. -> Adobe)
Task: {50FBBAE4-3B4B-419C-BBF7-3942DE051D4A} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6E592A11-3DB2-45A4-A762-A71E2B30DD2E} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6F5F6AE1-C9B2-443A-94BD-A4441F63AA80} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {774C2C4E-EE97-449F-AF7E-9C21FB5F4DB0} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7B6CA9E4-1889-4183-A5B7-20FC5F44614C} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3301176 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A867E59A-E9BA-43E9-88B3-CF528334FCB3} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B552A264-41F2-4709-9F1A-2848B6589416} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [670928 2020-11-18] (Mozilla Corporation -> Mozilla Foundation)
Task: {D1054889-9745-4CA2-BDB7-EC9B7745FD4F} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646456 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D1EF71B7-491B-49D3-8A36-8F00F4AF663E} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {E1CEFBAB-E71B-4612-8C26-7C4E79393C02} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.38 213.46.172.39
Tcpip\..\Interfaces\{472b527d-5058-45a2-ac57-0aebd5a3e0e4}: [DhcpNameServer] 213.46.172.38 213.46.172.39
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
Edge:
======
Edge DefaultProfile: Default
Edge Profile: C:\Users\L\AppData\Local\Microsoft\Edge\User Data\Default [2020-11-14]
FireFox:
========
FF DefaultProfile: 8yeav4tp.default
FF ProfilePath: C:\Users\L\AppData\Roaming\Mozilla\Firefox\Profiles\8yeav4tp.default [2019-06-15]
FF NewTab: Mozilla\Firefox\Profiles\8yeav4tp.default -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10440__190615
FF ProfilePath: C:\Users\L\AppData\Roaming\Mozilla\Firefox\Profiles\za7g8ypn.default-release [2020-12-09]
FF Homepage: Mozilla\Firefox\Profiles\za7g8ypn.default-release -> www.seznam.cz
FF NewTab: Mozilla\Firefox\Profiles\za7g8ypn.default-release -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10440__190615
FF Extension: (BetterTTV) - C:\Users\L\AppData\Roaming\Mozilla\Firefox\Profiles\za7g8ypn.default-release\Extensions\firefox@betterttv.net.xpi [2020-11-29]
FF Extension: (Tampermonkey) - C:\Users\L\AppData\Roaming\Mozilla\Firefox\Profiles\za7g8ypn.default-release\Extensions\firefox@tampermonkey.net.xpi [2020-11-05]
FF Extension: (uBlock Origin) - C:\Users\L\AppData\Roaming\Mozilla\Firefox\Profiles\za7g8ypn.default-release\Extensions\uBlock0@raymondhill.net.xpi [2020-11-20]
FF Extension: (No Name) - C:\Users\L\AppData\Roaming\Mozilla\Firefox\Profiles\za7g8ypn.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2020-11-17]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_453.dll [2020-11-14] (Adobe Inc. -> )
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_453.dll [2020-11-14] (Adobe Inc. -> )
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-11-19] (Adobe Inc. -> Adobe Systems Inc.)
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6076936 2019-10-19] (BattlEye Innovations e.K. -> )
R3 Disc Soft Lite Bus Service; C:\Program Files (x86)\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4452456 2019-06-15] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [287720 2020-10-19] (NVIDIA Corporation -> NVIDIA)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [4501544 2019-06-04] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\NisSrv.exe [2467088 2020-11-28] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MsMpEng.exe [128376 2020-11-28] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ZA NET ICM Service; C:\Program Files (x86)\CheckPoint\ICM\ICM-Service-NET.exe [42208 2020-03-13] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S3 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114936 2019-06-06] (Check Point Software Technologies Ltd. -> Check Point Software Technologies, Ltd.)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [231936 2020-03-10] (Microsoft Corporation) [File not signed]
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2019-06-15] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [59360 2019-06-15] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 HPMoA407; C:\WINDOWS\System32\drivers\HPMoA407.sys [25088 2011-10-31] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard.)
R3 HPubA407; C:\WINDOWS\System32\Drivers\HPubA407.sys [18944 2012-06-14] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard.)
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [528576 2019-06-06] (Kaspersky Lab -> AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [29208 2019-06-06] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [220352 2019-06-06] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\system32\DRIVERS\klhk.sys [1191624 2019-06-06] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1086656 2019-06-06] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [257208 2020-10-29] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [99152 2019-06-15] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [310232 2020-10-29] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [117456 2020-10-29] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [207352 2020-10-30] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klupd_klif_swmon; C:\WINDOWS\System32\Drivers\klupd_klif_swmon.sys [241112 2020-10-30] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 ManyCam; C:\WINDOWS\system32\DRIVERS\mcvidrv.sys [66952 2018-07-29] (ManyCam (VISICOM MÉDIA INC.) -> Visicom Media Inc.)
S3 mcaudrv_simple; C:\WINDOWS\system32\drivers\mcaudrv_x64.sys [35960 2014-12-29] (ManyCam -> Visicom Media Inc.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166760 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64912 2017-05-18] (Samsung Electronics Co., Ltd. -> QUALCOMM Incorporated)
R1 Vsdatant; C:\WINDOWS\system32\DRIVERS\vsdatant.sys [461240 2019-06-06] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2020-11-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [429288 2020-11-28] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [71912 2020-11-28] (Microsoft Windows -> Microsoft Corporation)
U3 iswSvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-12-09 10:47 - 2020-12-09 10:48 - 000015730 _____ C:\Users\L\Desktop\FRST.txt
2020-12-09 10:47 - 2020-12-09 10:48 - 000000000 ____D C:\FRST
2020-12-09 10:46 - 2020-12-09 10:46 - 002288640 _____ (Farbar) C:\Users\L\Desktop\FRST64.exe
2020-12-06 18:29 - 2020-12-06 18:29 - 000000000 ____D C:\Users\L\AppData\Local\DOSBox
2020-12-06 16:22 - 2020-12-06 16:22 - 000000000 ____D C:\Users\L\Documents\Bandicam
2020-12-06 16:13 - 2020-12-06 16:13 - 000000000 ____D C:\Users\L\AppData\Roaming\Bandicam Company
2020-12-06 16:12 - 2020-12-06 16:13 - 000000000 ____D C:\Users\L\AppData\LocalLow\uTorrent
2020-12-03 15:05 - 2020-12-03 15:05 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2020-12-03 15:04 - 2020-11-23 15:40 - 001769688 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2020-12-03 15:04 - 2020-11-23 15:40 - 001769688 _____ C:\WINDOWS\system32\vulkaninfo.exe
2020-12-03 15:04 - 2020-11-23 15:40 - 001370328 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2020-12-03 15:04 - 2020-11-23 15:40 - 001370328 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2020-12-03 15:04 - 2020-11-23 15:40 - 001054944 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2020-12-03 15:04 - 2020-11-23 15:40 - 001054944 _____ C:\WINDOWS\system32\vulkan-1.dll
2020-12-03 15:04 - 2020-11-23 15:40 - 000917728 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2020-12-03 15:04 - 2020-11-23 15:40 - 000917728 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2020-12-03 15:04 - 2020-11-23 15:40 - 000456600 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2020-12-03 15:04 - 2020-11-23 15:40 - 000349936 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2020-12-03 15:04 - 2020-11-23 15:38 - 002096880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2020-12-03 15:04 - 2020-11-23 15:38 - 001585560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2020-12-03 15:04 - 2020-11-23 15:38 - 001507224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2020-12-03 15:04 - 2020-11-23 15:38 - 001159920 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2020-12-03 15:04 - 2020-11-23 15:38 - 000816368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2020-12-03 15:04 - 2020-11-23 15:38 - 000813464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2020-12-03 15:04 - 2020-11-23 15:38 - 000674712 _____ C:\WINDOWS\system32\nvofapi64.dll
2020-12-03 15:04 - 2020-11-23 15:38 - 000670616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2020-12-03 15:04 - 2020-11-23 15:38 - 000656112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2020-12-03 15:04 - 2020-11-23 15:38 - 000556440 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2020-12-03 15:04 - 2020-11-23 15:38 - 000543128 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2020-12-03 15:04 - 2020-11-23 15:37 - 007706352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2020-12-03 15:04 - 2020-11-23 15:37 - 006860184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2020-12-03 15:04 - 2020-11-23 15:37 - 004175256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2020-12-03 15:04 - 2020-11-23 15:37 - 002508528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2020-12-03 15:04 - 2020-11-23 15:37 - 001733016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6445751.dll
2020-12-03 15:04 - 2020-11-23 15:37 - 001482992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6445751.dll
2020-12-03 15:04 - 2020-11-23 15:32 - 005978008 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2020-11-26 15:05 - 2020-11-28 14:59 - 000000000 ____D C:\Users\L\AppData\Roaming\My The Lord of the Rings, The Rise of the Witch-king Files
2020-11-26 15:05 - 2020-11-26 15:05 - 000000000 ____D C:\Users\L\AppData\Roaming\My Battle for Middle-earth(tm) II Files
2020-11-26 14:57 - 2020-11-26 14:57 - 000002559 _____ C:\Users\Public\Desktop\The Lord of the Rings, The Rise of the Witch-king.lnk
2020-11-26 14:57 - 2020-11-26 14:57 - 000002559 _____ C:\ProgramData\Desktop\The Lord of the Rings, The Rise of the Witch-king.lnk
2020-11-26 14:54 - 2020-11-26 14:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
2020-11-26 14:54 - 2020-11-26 14:54 - 000002418 _____ C:\Users\Public\Desktop\The Battle for Middle-earth (tm) II.lnk
2020-11-26 14:54 - 2020-11-26 14:54 - 000002418 _____ C:\ProgramData\Desktop\The Battle for Middle-earth (tm) II.lnk
2020-11-26 14:53 - 2020-11-26 14:57 - 000000000 ____D C:\Program Files (x86)\Electronic Arts
2020-11-18 08:03 - 2020-11-18 08:03 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2020-11-13 19:57 - 2012-06-14 09:37 - 000018944 _____ (Hewlett-Packard.) C:\WINDOWS\system32\Drivers\HPubA407.sys
2020-11-13 19:57 - 2011-10-31 17:12 - 000025088 _____ (Hewlett-Packard.) C:\WINDOWS\system32\Drivers\HPMoA407.sys
2020-11-12 17:49 - 2020-11-12 17:49 - 001101312 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2020-11-12 17:49 - 2020-11-12 17:49 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2020-11-12 17:49 - 2020-11-12 17:49 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-11-12 17:49 - 2020-11-12 17:49 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-11-12 17:49 - 2020-11-12 17:49 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-11-12 17:49 - 2020-11-12 17:49 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-11-12 17:49 - 2020-11-12 17:49 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-11-12 17:49 - 2020-11-12 17:49 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-11-12 17:49 - 2020-11-12 17:49 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-11-12 17:49 - 2020-11-12 17:49 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2020-11-12 17:49 - 2020-11-12 17:49 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2020-11-12 17:49 - 2020-11-12 17:49 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2020-11-12 17:49 - 2020-11-12 17:49 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2020-11-12 17:48 - 2020-11-12 17:48 - 001841152 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2020-11-12 17:48 - 2020-11-12 17:48 - 000200704 _____ C:\WINDOWS\system32\IHDS.dll
2020-11-12 17:48 - 2020-11-12 17:48 - 000164864 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2020-11-10 12:23 - 2020-11-10 12:23 - 000000000 ____D C:\Users\L\AppData\Local\LucasArts
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-12-09 10:47 - 2018-11-30 19:04 - 000000000 ____D C:\Temp
2020-12-09 10:38 - 2019-06-15 11:03 - 000000000 ____D C:\Program Files (x86)\Steam
2020-12-09 09:25 - 2020-03-10 11:41 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-12-09 08:04 - 2018-11-30 19:05 - 000000000 ____D C:\Users\L\AppData\LocalLow\Mozilla
2020-12-09 08:03 - 2019-06-14 22:43 - 000000000 ____D C:\ProgramData\NVIDIA
2020-12-08 23:09 - 2020-10-05 15:08 - 002787896 _____ C:\WINDOWS\ntbtlog.txt
2020-12-08 18:33 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-12-08 18:21 - 2020-06-07 10:04 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-12-08 17:55 - 2019-06-15 10:28 - 000000000 ____D C:\Users\L\AppData\Roaming\vlc
2020-12-08 14:13 - 2020-03-10 11:54 - 001693640 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-12-08 14:13 - 2019-03-19 12:55 - 000716944 _____ C:\WINDOWS\system32\perfh005.dat
2020-12-08 14:13 - 2019-03-19 12:55 - 000145024 _____ C:\WINDOWS\system32\perfc005.dat
2020-12-08 14:13 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF
2020-12-08 14:09 - 2019-06-15 10:50 - 000000000 ____D C:\Users\L\AppData\Roaming\Exodus
2020-12-08 14:06 - 2020-03-10 11:52 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-12-08 14:05 - 2019-03-19 05:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-12-07 22:50 - 2019-08-15 16:42 - 000000000 ____D C:\Lukas
2020-12-07 11:23 - 2019-09-08 23:59 - 000000000 ____D C:\Knihy
2020-12-06 23:50 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-12-06 23:50 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-12-06 16:20 - 2019-03-19 05:37 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2020-12-06 16:13 - 2019-06-15 10:46 - 000000000 ____D C:\Users\L\AppData\Roaming\uTorrent
2020-12-06 16:12 - 2019-12-28 00:34 - 000000000 ____D C:\Program Files (x86)\BandiMPEG1
2020-12-06 16:12 - 2019-06-15 10:46 - 000000000 ____D C:\Users\L\AppData\Local\BitTorrentHelper
2020-12-05 11:08 - 2020-10-10 16:42 - 000002203 _____ C:\Users\L\Desktop\Exodus.lnk
2020-12-05 11:08 - 2020-10-10 16:42 - 000000000 ____D C:\Users\L\AppData\Local\exodus
2020-12-05 11:07 - 2018-11-30 19:51 - 000000000 ____D C:\Users\L\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Exodus Movement Inc
2020-12-03 15:05 - 2019-06-15 10:04 - 000000000 ____D C:\Users\L\AppData\Local\NVIDIA
2020-12-02 09:36 - 2019-06-14 22:50 - 000000000 ____D C:\Users\L\AppData\Local\Packages
2020-12-01 17:56 - 2019-06-15 12:13 - 000000000 ____D C:\Users\L\AppData\Local\Battle.net
2020-11-28 20:46 - 2019-06-15 10:42 - 000000000 ____D C:\Users\L\AppData\Local\CrashDumps
2020-11-28 15:44 - 2019-06-14 22:46 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-11-28 15:44 - 2019-03-19 05:52 - 000000000 ____D C:\Program Files\Windows Defender
2020-11-28 10:45 - 2020-06-07 10:03 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-11-28 10:45 - 2020-06-07 10:03 - 000003460 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-11-24 15:20 - 2020-03-10 11:52 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2020-11-24 15:20 - 2018-12-07 17:23 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-11-23 15:32 - 2020-10-05 16:30 - 007006712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2020-11-22 14:29 - 2020-03-01 20:01 - 000058620 _____ C:\WINDOWS\system32\nvinfo.pb
2020-11-22 10:45 - 2019-07-19 19:50 - 001759032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2020-11-22 10:45 - 2019-07-19 19:50 - 000991032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2020-11-22 10:45 - 2019-07-19 19:50 - 000084456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2020-11-22 10:45 - 2019-07-19 19:43 - 005510968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2020-11-22 10:45 - 2019-07-19 19:43 - 002636264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2020-11-22 10:45 - 2019-07-19 19:43 - 000194360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2020-11-22 10:45 - 2019-07-19 19:43 - 000121144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2020-11-20 23:50 - 2020-10-01 15:58 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2020-11-20 19:29 - 2019-06-15 12:12 - 000000000 ____D C:\Program Files (x86)\Battle.net
2020-11-20 18:56 - 2019-06-15 12:14 - 000000000 ____D C:\Program Files (x86)\Overwatch
2020-11-20 12:47 - 2020-05-12 07:40 - 000000000 ____D C:\Users\L\AppData\Local\ElevatedDiagnostics
2020-11-20 12:47 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\NDF
2020-11-20 12:32 - 2019-06-15 09:31 - 000795000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2020-11-18 19:48 - 2019-07-13 18:43 - 000007621 _____ C:\Users\L\AppData\Local\resmon.resmoncfg
2020-11-18 19:20 - 2019-06-15 09:33 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-11-18 19:20 - 2019-06-15 09:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-11-18 08:03 - 2019-06-15 09:33 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-11-14 15:53 - 2020-03-10 11:52 - 000004604 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-11-14 15:53 - 2019-06-15 10:10 - 000000000 ____D C:\Users\L\AppData\Local\Adobe
2020-11-14 15:53 - 2019-03-19 05:56 - 000842296 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2020-11-14 15:53 - 2019-03-19 05:56 - 000175160 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2020-11-14 15:52 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-11-14 15:52 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-11-14 13:26 - 2019-07-12 16:47 - 000000000 ____D C:\Users\L\AppData\Roaming\The Creative Assembly
2020-11-12 20:27 - 2020-03-10 11:41 - 000301704 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-11-12 20:27 - 2018-11-30 18:56 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-11-12 20:27 - 2018-11-30 18:56 - 000000000 ___RD C:\Users\L\3D Objects
2020-11-12 20:26 - 2019-03-19 05:52 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2020-11-12 20:26 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\TextInput
2020-11-12 20:26 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2020-11-12 20:26 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SystemResources
2020-11-12 20:26 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\setup
2020-11-12 20:26 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\oobe
2020-11-12 20:26 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-11-12 20:26 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-11-12 20:26 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2020-11-12 20:26 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-11-12 17:56 - 2019-06-15 09:33 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-11-12 17:54 - 2019-06-15 09:33 - 133736600 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-11-12 17:54 - 2019-03-19 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-11-12 17:49 - 2019-06-14 23:41 - 000410818 __RSH C:\bootmgr
2020-11-12 17:48 - 2020-03-10 11:44 - 002876928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2020-11-12 11:00 - 2020-02-29 18:14 - 000907064 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll
==================== Files in the root of some directories ========
2019-07-13 18:43 - 2020-11-18 19:48 - 000007621 _____ () C:\Users\L\AppData\Local\resmon.resmoncfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================