Asi malware nebo tak něco
Napsal: 27 čer 2021 07:56
Po zapnutí počítače se spustí prohlížeč se hrou world of tanks, případně ruleta nebo nějaké výherní stránky. Otevře se to vždy v prohlížeči, který je výchozí.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-06-2021
Ran by jasan (administrator) on JASAN-PC (Gigabyte Technology Co., Ltd. GA-MA770T-UD3) (26-06-2021 20:43:24)
Running from C:\Users\jasan\Desktop
Loaded Profiles: jasan
Platform: Windows 10 Pro Version 20H2 19042.1052 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(Cerberus, LLC -> Cerberus, LLC) C:\Program Files (x86)\Cerberus LLC\Cerberus FTP Server\CerberusGUI.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
(Macrovision Corporation) [File not signed] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MSPaint_6.2105.4017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12104.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1022_none_7e372e9e7c6ecccb\TiWorker.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> Thrustmaster®) C:\Program Files (x86)\Thrustmaster\Thrustmaster FFB Driver\drivers\amd64\tmGAInstall.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\NisSrv.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files\Java\jre1.8.0_291\bin\javaw.exe
(Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <8>
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4926664 2016-02-26] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM\...\Run: [snp2std] => C:\WINDOWS\vsnp2std.exe [344064 2007-09-28] (SONIX TECHNOLOGY CO. , LTD -> Sonix)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation) [File not signed]
HKLM-x32\...\Run: [FixCamera] => C:\Windows\FixCamera.exe [20480 2007-07-11] () [File not signed]
HKLM-x32\...\Run: [tsnp2std] => C:\Windows\tsnp2std.exe [270336 2007-05-12] () [File not signed]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706288 2021-04-09] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-08-11] (Macrovision Corporation) [File not signed]
HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4109032 2021-06-09] (Valve -> Valve Corporation)
HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\sidebar.exe [1475072 2013-10-02] (Microsoft Corporation) [File not signed] [File is in use]
HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\...\Run: [Discord] => C:\Users\jasan\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\...\Run: [jasan] => cmd.exe /c start www.exinariuminix.info
HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\...\MountPoints2: {57771de2-74b5-11ea-a858-1c6f652dda0b} - "F:\setup.exe"
HKLM\...\Windows x64\Print Processors\hpzppwn7: C:\Windows\System32\spool\prtprocs\x64\hpzppwn7.dll [101376 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\pdfcmon: C:\Windows\system32\pdfcmon.dll [116736 2020-01-18] (pdfforge GmbH) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\91.0.4472.114\Installer\chrmstp.exe [2021-06-18] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {02F2D77A-A278-4EEA-8C76-02F5B10A028E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {09A89A19-7C90-49CE-8D03-46C604E24660} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {1005EC77-363A-43F8-9DBD-EFE75C6DE5FA} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {123B28F4-C440-4727-92D5-7A0933537AD4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {138D1AFC-B7BC-4F47-96E9-DC079686344B} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3061804363-3326323613-1069145852-1001 => {CA22F5B1-E06F-4A2B-94FC-21E87FE53781}
Task: {166BECA3-8FA8-4239-B4A4-E24B23AE5A18} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {227A9375-5BBD-4A52-A7D1-2D0212F3B68E} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {245037B9-F013-4901-8E99-5630C15C1914} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {2507A576-46AF-49FC-9980-A9B616DE1DB0} - System32\Tasks\Opera scheduled Autoupdate 1582673436 => C:\Users\jasan\AppData\Local\Programs\Opera\launcher.exe
Task: {2C6BB4A3-7968-48DB-AAAD-5DB0121302F6} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2D062919-E916-49C3-B261-48D693A7B6A5} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe
Task: {2F89D2F6-E5AB-4624-96E8-7BBF62C2FB66} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {434E9CD5-00A9-4E0C-AAFC-1A074A3E5A82} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47c2-B62A-B7C4CED925CB}
Task: {4D17A584-B369-44B7-9279-B296DCA6175E} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {4E6AE4B1-5D62-4220-B9C4-7670E097BD15} - System32\Tasks\jasan => cmd.exe /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v jasan /t REG_SZ /d "cmd.exe /c start www.exinariuminix.info"
Task: {560B7F21-3CE6-4F2D-A480-D42396D2475D} - System32\Tasks\Microsoft\Windows\End Of Support\Notify2 => C:\WINDOWS\system32\sipnotify.exe
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {5D779BF9-D8BF-4801-92ED-9DF2EFEC3197} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {5E01A047-75D5-4D85-BDBA-6629696201E2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {60BA4F9A-409C-4202-B45F-EEDFCF35B221} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {65416C4F-D128-4C13-AE4C-4146D0265D33} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {69524F04-9C82-4A23-ACC0-A68D6D77525E} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
Task: {72B7F305-29FC-4A99-B78D-5FA6AA1799E7} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {7676981E-7340-41FB-BEB1-7B663B17A3F7} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {76FE7E08-113C-4003-A304-0E6CBCAC9B5F} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {77D16BB6-5F0F-4021-ABBB-0F738220A3B5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe [644888 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {78FAD5CA-EFA6-4DBB-989A-F5DB68318CEB} - System32\Tasks\{56FDD70A-618C-4699-BB4C-E8261257BF6B} => F:\TRANTYCO.ON\ENGLISH\INSTALL.EXE
Task: {7B2DF944-87E5-4A14-9EE3-9189133AA5D9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-01-04] (Google LLC -> Google LLC)
Task: {916F3E1A-EBEA-47F4-90D9-B7C80B236AB6} - System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => C:\WINDOWS\system32\sipnotify.exe
Task: {927FD3EB-C5A4-40CC-8499-7966FC86DC3C} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe [1504312 2020-12-08] (Adobe Inc. -> Adobe)
Task: {93DE6982-DD71-40C4-8C56-AE88EB1C4E99} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe [644888 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9880C5DF-9E50-4B1F-9BAD-8EC0BA3ACDA3} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe
Task: {A71AC368-7CF2-4FC1-9D95-2EDCADA8B9F3} - \Microsoft\Windows\Setup\EOSNotify2 -> No File <==== ATTENTION
Task: {A8231104-6742-421B-949C-6ACC2FBA7217} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AACFE3E1-BF80-4D77-8B97-C6DDDEF1768E} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {AB452472-0F40-429E-A3D6-771846269DDC} - System32\Tasks\SmartShare => C:\Program Files (x86)\LG Software\LG Smart Share\SmartShareStart.exe [513216 2017-12-12] (LG Electronics Inc. -> LG Electronics Inc.)
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40b4-8963-D3C761B18371}
Task: {B2D8D0F6-B8E9-414E-AB60-07C2ABC62F9D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe [644888 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B798433C-7294-4E31-B5D4-4C2C89CDE1F2} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B82E866A-9E8B-4F1C-A8A7-000C957E5F5C} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B96365E7-0AD4-44A2-8015-CED065BFABB0} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BB1BD0F4-F627-4206-A5BA-B26841C15A18} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
Task: {BD77CEDA-5902-412A-9EA4-76750E582B0F} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61}
Task: {BF8B24C6-C6DD-45ED-BEB3-FD68F0AFEA5F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe [644888 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C1EB6948-7A4D-4680-9A80-647825C19CB9} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [690616 2021-06-24] (Mozilla Corporation -> Mozilla Foundation)
Task: {C59A7950-ACF5-4907-89C9-10B26019245B} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D423F539-8645-456A-A50B-7996ED42167A} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {D6E209AF-CD11-429B-9A26-ACCC930C8448} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1}
Task: {E2803BF2-2FB9-4B65-8D04-F27E61111CE5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-01-04] (Google LLC -> Google LLC)
Task: {E40ABF5D-F8D5-417C-BEE0-A2A9D21133D5} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe
Task: {E6AEF7DD-BFE4-4213-A4D9-40394CC3DA7C} - System32\Tasks\Opera scheduled assistant Autoupdate 1582673439 => C:\Users\jasan\AppData\Local\Programs\Opera\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\jasan\AppData\Local\Programs\Opera\assistant" $(Arg0)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{CB16339B-9B11-47C5-B456-42DA0E23620C}: [DhcpNameServer] 192.168.2.1
Edge:
=======
Edge Profile: C:\Users\jasan\AppData\Local\Microsoft\Edge\User Data\Default [2021-06-24]
FireFox:
========
FF DefaultProfile: b3mcko8g.default
FF ProfilePath: C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\b3mcko8g.default [2020-01-18]
FF NewTab: Mozilla\Firefox\Profiles\b3mcko8g.default -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10421__200118
FF ProfilePath: C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release [2021-06-26]
FF NewTab: Mozilla\Firefox\Profiles\ezqv6kcr.default-release -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10421__200118
FF Notifications: Mozilla\Firefox\Profiles\ezqv6kcr.default-release -> hxxps://meet.google.com
FF Extension: (Český slovník pro kontrolu pravopisu) - C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release\Extensions\cs@dictionaries.addons.mozilla.org.xpi [2021-06-19]
FF Extension: (Easy Screenshot) - C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release\Extensions\easyscreenshot@mozillaonline.com.xpi [2021-05-19]
FF Extension: (fx_cast) - C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release\Extensions\fx_cast@matt.tf.xpi [2021-03-17] [UpdateUrl:hxxps://hensm.github.io/fx_cast/updates.json]
FF Extension: (Tab Reloader (page auto refresh)) - C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release\Extensions\jid0-bnmfwWw2w2w4e4edvcdDbnMhdVg@jetpack.xpi [2021-03-10]
FF Extension: (Czech (CZ) Language Pack) - C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release\Extensions\langpack-cs@firefox.mozilla.org.xpi [2021-06-04]
FF Extension: (Gesturefy) - C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release\Extensions\{506e023c-7f2b-40a3-8066-bc5deb40aebe}.xpi [2021-06-23]
FF Extension: (Mercator Studio for Google Meet) - C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release\Extensions\{55ba4b5e-908a-471e-907f-4d0fb7ce9bbb}.xpi [2021-05-31]
FF Extension: (Adblocker for YouTube™) - C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release\Extensions\{ab2186b0-8c0b-4921-a2d4-95e6e05c0e3c}.xpi [2019-12-28]
FF Extension: (Easy Youtube Video Downloader Express) - C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2021-06-23]
FF Extension: (Video DownloadHelper) - C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2020-12-16]
FF Extension: (No Name) - C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2021-05-19]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_465.dll [2020-12-08] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.291.2 -> C:\Program Files\Java\jre1.8.0_291\bin\dtplugin\npDeployJava1.dll [2021-05-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.291.2 -> C:\Program Files\Java\jre1.8.0_291\bin\plugin2\npjp2.dll [2021-05-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_465.dll [2020-12-08] (Adobe Inc. -> )
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-05-28] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\jasan\AppData\Local\Google\Chrome\User Data\Default [2021-06-13]
CHR Notifications: Default -> hxxps://meet.google.com
CHR Extension: (Prezentace) - C:\Users\jasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-10-17]
CHR Extension: (Dokumenty) - C:\Users\jasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-10-17]
CHR Extension: (Disk Google) - C:\Users\jasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-17]
CHR Extension: (YouTube) - C:\Users\jasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-10-17]
CHR Extension: (Tabulky) - C:\Users\jasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-10-17]
CHR Extension: (Dokumenty Google offline) - C:\Users\jasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-13]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\jasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-03]
CHR Extension: (Gmail) - C:\Users\jasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-27]
CHR Extension: (Chrome Media Router) - C:\Users\jasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-13]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-11-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R2 Cerberus FTP Server; C:\Program Files (x86)\Cerberus LLC\Cerberus FTP Server\CerberusGUI.exe [18565624 2019-01-03] (Cerberus, LLC -> Cerberus, LLC)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4507328 2020-04-03] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [64512 2009-07-14] (Microsoft Windows -> Hewlett-Packard)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5393304 2021-06-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 tmGAInstall; C:\Program Files (x86)\Thrustmaster\Thrustmaster FFB Driver\drivers\amd64\tmGAInstall.EXE [48344 2018-12-03] (Microsoft Windows Hardware Compatibility Publisher -> Thrustmaster®)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\NisSrv.exe [2644776 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe [136656 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2020-04-03] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [59360 2020-04-03] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 SNP2STD; C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [12528768 2007-09-10] (SONIX TECHNOLOGY CO. , LTD -> )
S3 SNP2STD; C:\Windows\SysWOW64\DRIVERS\snp2sxp.sys [12212864 2007-09-05] (SONIX TECHNOLOGY CO. , LTD -> )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49568 2021-06-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [425184 2021-06-12] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [76000 2021-06-12] (Microsoft Windows -> Microsoft Corporation)
U3 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-06-26 19:21 - 2021-06-26 20:45 - 000025946 _____ C:\Users\jasan\Desktop\FRST.txt
2021-06-26 19:21 - 2021-06-26 20:44 - 000000000 ____D C:\FRST
2021-06-26 19:20 - 2021-06-26 19:20 - 002300416 _____ (Farbar) C:\Users\jasan\Desktop\FRST64.exe
2021-06-26 19:19 - 2021-06-26 19:19 - 000002036 _____ C:\Users\jasan\AppData\Roaming\Microsoft\Windows\Start Menu\Розыгрыш ключей Steam.lnk
2021-06-26 19:19 - 2021-06-26 19:19 - 000002026 _____ C:\Users\jasan\AppData\Roaming\Microsoft\Windows\Start Menu\World of Warships.lnk
2021-06-26 19:19 - 2021-06-26 19:19 - 000002014 _____ C:\Users\jasan\AppData\Roaming\Microsoft\Windows\Start Menu\War Thunder.lnk
2021-06-26 19:18 - 2021-06-26 19:18 - 000002016 _____ C:\Users\jasan\AppData\Roaming\Microsoft\Windows\Start Menu\World of Tanks.lnk
2021-06-26 19:12 - 2021-06-26 19:12 - 000000053 _____ C:\WINDOWS\WrpYGF74DrEm.ini
2021-06-26 07:42 - 2021-06-26 07:42 - 000000000 ____D C:\Users\jasan\AppData\Roaming\Goldberg SteamEmu Saves
2021-06-24 21:47 - 2021-06-24 21:47 - 000000790 _____ C:\Users\jasan\Desktop\Mafia III.lnk
2021-06-24 21:47 - 2021-06-24 21:47 - 000000762 _____ C:\Users\jasan\Desktop\launcherMafia III.lnk
2021-06-24 21:47 - 2021-06-24 21:47 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2021-06-24 21:47 - 2021-06-24 21:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\by.xatab
2021-06-24 19:06 - 2021-06-24 19:06 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-06-24 19:05 - 2021-06-24 19:06 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-06-23 19:27 - 2021-06-23 19:27 - 000000000 ____D C:\Users\jasan\AppData\Local\UnrealEngine
2021-06-23 19:27 - 2021-06-23 19:27 - 000000000 ____D C:\Users\jasan\AppData\Local\GSS2
2021-06-23 19:27 - 2021-06-23 19:27 - 000000000 ____D C:\Users\jasan\AppData\Local\CrashReportClient
2021-06-23 19:27 - 2021-06-23 19:27 - 000000000 ____D C:\Program Files (x86)\AGEIA Technologies
2021-06-23 18:59 - 2021-06-23 18:59 - 000000223 _____ C:\Users\jasan\Desktop\Gas Station Simulator Prologue - Early Days.url
2021-06-23 18:47 - 2021-06-23 18:47 - 000009423 _____ C:\Users\jasan\Documents\projekty.xlsx
2021-06-22 20:29 - 2021-06-22 20:29 - 000000223 _____ C:\Users\jasan\Desktop\OpenTTD.url
2021-06-20 17:03 - 2021-06-20 17:03 - 000160496 _____ C:\Users\jasan\Downloads\ceník.pdf
2021-06-19 20:30 - 2021-06-19 20:30 - 000185168 _____ C:\Users\jasan\Downloads\odpadky-nakladani-201025.pdf
2021-06-19 20:28 - 2021-06-19 20:28 - 000176993 _____ C:\Users\jasan\Downloads\listy165-cerven2021.pdf
2021-06-19 20:28 - 2021-06-19 20:28 - 000176993 _____ C:\Users\jasan\Downloads\listy165-cerven2021(2).pdf
2021-06-19 20:28 - 2021-06-19 20:28 - 000176993 _____ C:\Users\jasan\Downloads\listy165-cerven2021(1).pdf
2021-06-13 20:28 - 2021-06-13 20:28 - 000077106 _____ C:\Users\jasan\Desktop\kamyk-nad-vltavou-1985-orig-fotografie-83436171.jpeg
2021-06-13 16:00 - 2021-06-13 16:00 - 000098470 _____ C:\Users\jasan\Downloads\L300073_210613_304114.pdf
2021-06-13 16:00 - 2021-06-13 16:00 - 000098111 _____ C:\Users\jasan\Downloads\L300073_210405_298560.pdf
2021-06-13 15:39 - 2021-06-13 15:39 - 000440542 _____ C:\Users\jasan\Downloads\U7n4xFnqjrWmOVkQoJAAZ1Gn0P3qbZIx.pdf
2021-06-13 15:39 - 2021-06-13 15:39 - 000147462 _____ C:\Users\jasan\Downloads\B4bPKo5zt9ijXeND5AIkqoBzOcjQFuuf.pdf
2021-06-13 15:39 - 2021-06-13 15:39 - 000134191 _____ C:\Users\jasan\Downloads\MVt0itU0Phoifc2JnQz3tjkllXMAaGfm.pdf
2021-06-13 15:32 - 2021-06-13 15:32 - 000208106 _____ C:\Users\jasan\Downloads\oznameni-110060780102-c2srqqsd3ihheu7458u0.pdf
2021-06-13 15:32 - 2021-06-13 15:32 - 000151641 _____ C:\Users\jasan\Downloads\oznameni-110060780103-c2qshqsd3ihheu744v50.pdf
2021-06-13 15:30 - 2021-06-13 15:30 - 008798168 _____ C:\Users\jasan\Downloads\dl-letak-app-pidlitacka-cz-final-tiskova-data.pdf
2021-06-11 10:40 - 2021-06-11 10:40 - 000136514 _____ C:\Users\jasan\Downloads\15-zo-24-5-2021.pdf
2021-06-11 07:03 - 2021-06-11 07:03 - 000367015 _____ C:\Users\jasan\Downloads\Cestne_prohlaseni___vzor.pdf
2021-06-11 07:02 - 2021-06-11 07:02 - 000104893 _____ C:\Users\jasan\Downloads\cestne-prohlaseni-covid.pdf
2021-06-11 07:02 - 2021-06-11 07:02 - 000092894 _____ C:\Users\jasan\Downloads\320-cestne-prohlaseni.pdf
2021-06-11 07:01 - 2021-06-11 07:01 - 000400543 _____ C:\Users\jasan\Downloads\Cestne-prohlaseni-samotestovani-posilovna.pdf
2021-06-11 07:01 - 2021-06-11 07:01 - 000102910 _____ C:\Users\jasan\Downloads\cestne prohlaseni samotest.pdf
2021-06-10 10:39 - 2021-06-10 10:39 - 000017795 _____ C:\Users\jasan\Downloads\300088-12.pdf
2021-06-09 16:22 - 2021-06-09 16:22 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-06-09 16:22 - 2021-06-09 16:22 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-06-09 16:22 - 2021-06-09 16:22 - 001864192 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll
2021-06-09 16:22 - 2021-06-09 16:22 - 001314120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-06-09 16:22 - 2021-06-09 16:22 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-06-09 16:22 - 2021-06-09 16:22 - 000468440 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-06-09 16:22 - 2021-06-09 16:22 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-06-09 16:22 - 2021-06-09 16:22 - 000011353 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-06-09 16:21 - 2021-06-09 16:21 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-06-09 16:21 - 2021-06-09 16:21 - 001823792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-06-09 16:21 - 2021-06-09 16:21 - 001393496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-06-09 16:21 - 2021-06-09 16:21 - 000657464 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-06-09 16:21 - 2021-06-09 16:21 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-06-09 16:21 - 2021-06-09 16:21 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-06-09 16:21 - 2021-06-09 16:21 - 000097280 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-06-09 16:20 - 2021-06-09 16:20 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-06-09 16:20 - 2021-06-09 16:20 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-06-09 16:20 - 2021-06-09 16:20 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-06-08 20:49 - 2021-06-08 20:49 - 000132761 _____ C:\Users\jasan\Downloads\priloha_915825092_0_RocniVypisROB.pdf
2021-06-07 20:29 - 2020-11-11 03:54 - 000167280 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2021-06-07 20:29 - 2020-11-11 03:54 - 000159600 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudbus2.sys
2021-06-07 12:29 - 2021-06-07 12:29 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2021-06-07 12:04 - 2021-06-07 12:24 - 350493319 _____ C:\Users\jasan\Desktop\Mark Manson - Důmyslné umění, jak mít všechno u prdele.rar
2021-06-06 18:29 - 2021-06-06 18:29 - 018982239 _____ C:\Users\jasan\Downloads\matomo-latest.zip
2021-06-05 20:25 - 2021-06-05 20:25 - 000689241 _____ C:\Users\jasan\Downloads\1761_cz_L003_sazebnik_platny_od_01012021.pdf
2021-06-05 20:23 - 2021-06-05 20:23 - 000078561 _____ C:\Users\jasan\Downloads\2806-cenik.pdf
2021-06-05 20:22 - 2021-06-05 20:22 - 000068017 _____ C:\Users\jasan\Downloads\pravidla-akce-ziskejte-500-kc-na-vyzkouseni-uctu-v-aplikaci-my-air.pdf
2021-06-05 20:22 - 2021-06-05 20:22 - 000068017 _____ C:\Users\jasan\Downloads\pravidla-akce-ziskejte-500-kc-na-vyzkouseni-uctu-v-aplikaci-my-air(1).pdf
2021-06-05 17:16 - 2021-06-05 17:58 - 000000000 ____D C:\Users\jasan\AppData\Roaming\obs-studio
2021-06-05 17:16 - 2021-06-05 17:16 - 000001052 _____ C:\Users\Public\Desktop\OBS Studio.lnk
2021-06-05 17:16 - 2021-06-05 17:16 - 000000000 ____D C:\ProgramData\obs-studio-hook
2021-06-05 17:16 - 2021-06-05 17:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2021-06-05 17:15 - 2021-06-05 17:16 - 000000000 ____D C:\Program Files\obs-studio
2021-06-05 17:14 - 2021-06-05 17:15 - 076720824 _____ (obsproject.com) C:\Users\jasan\Downloads\OBS-Studio-27.0-Full-Installer-x64.exe
2021-06-05 15:58 - 2021-06-05 15:58 - 000306968 _____ C:\Users\jasan\Documents\817 p. Mareš.pdf
2021-06-05 08:32 - 2021-06-05 11:39 - 000000000 ____D C:\Program Files\Mozilla Thunderbird
2021-05-31 21:01 - 2021-06-01 18:18 - 000456141 _____ C:\Users\jasan\Downloads\Zadost-o-DP-placene.pdf
2021-05-31 17:25 - 2021-05-31 17:30 - 001014100 _____ C:\WINDOWS\Minidump\053121-40250-01.dmp
2021-05-30 21:41 - 2021-05-30 21:42 - 000000000 ____D C:\Users\jasan\Downloads\PID
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-06-26 20:43 - 2020-01-08 22:13 - 000037342 _____ C:\Users\jasan\Desktop\note.txt
2021-06-26 20:43 - 2019-12-28 12:54 - 000000000 ____D C:\Users\jasan\AppData\LocalLow\Mozilla
2021-06-26 20:42 - 2020-11-19 00:46 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-06-26 20:37 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-06-26 20:35 - 2021-01-10 13:20 - 000000000 ____D C:\Program Files (x86)\Steam
2021-06-26 19:49 - 2020-01-04 13:13 - 000890880 _____ C:\Users\jasan\Documents\kamejk návštěvnost.xls
2021-06-26 19:28 - 2020-02-04 21:34 - 000000000 ____D C:\Games
2021-06-26 19:18 - 2019-12-28 19:06 - 000000000 ____D C:\ProgramData\Package Cache
2021-06-26 19:14 - 2021-03-30 18:22 - 000000000 ____D C:\Users\jasan\Desktop\Moje
2021-06-26 14:47 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-06-26 09:41 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-06-26 07:12 - 2020-11-19 01:48 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-06-25 14:41 - 2021-03-20 10:42 - 000000000 ____D C:\Users\jasan\AppData\Roaming\Mr.Mine
2021-06-24 22:18 - 2021-02-06 13:09 - 000000000 ____D C:\Users\jasan
2021-06-24 20:31 - 2021-04-02 11:31 - 000000000 ____D C:\Users\jasan\AppData\Roaming\discord
2021-06-24 20:31 - 2021-04-02 11:31 - 000000000 ____D C:\Users\jasan\AppData\Local\Discord
2021-06-24 20:29 - 2021-04-02 11:31 - 000002231 _____ C:\Users\jasan\Desktop\Discord.lnk
2021-06-24 19:49 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-06-24 19:06 - 2019-12-28 12:54 - 000000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-06-24 19:06 - 2019-12-28 12:54 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-06-24 10:33 - 2020-11-19 01:55 - 001899856 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-06-24 10:33 - 2019-12-07 16:43 - 000780030 _____ C:\WINDOWS\system32\perfh005.dat
2021-06-24 10:33 - 2019-12-07 16:43 - 000178016 _____ C:\WINDOWS\system32\perfc005.dat
2021-06-24 10:26 - 2021-02-06 13:01 - 000008192 ___SH C:\DumpStack.log.tmp
2021-06-24 10:26 - 2020-11-19 01:46 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-06-24 08:48 - 2020-12-23 17:47 - 000000000 ____D C:\Users\jasan\Desktop\básničky
2021-06-23 19:27 - 2019-12-28 19:08 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2021-06-23 18:59 - 2021-01-10 13:26 - 000000000 ____D C:\Users\jasan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2021-06-22 20:35 - 2020-01-04 13:12 - 000000000 ____D C:\Users\jasan\Documents\OpenTTD
2021-06-21 20:15 - 2020-01-04 13:13 - 003163623 _____ C:\Users\jasan\Documents\FoE.xlsx
2021-06-20 11:27 - 2020-01-04 13:13 - 001140143 _____ C:\Users\jasan\Documents\FoE2.xlsx
2021-06-19 13:54 - 2021-02-20 15:54 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-06-18 20:50 - 2020-08-14 15:10 - 000000000 ____D C:\RoboZonky
2021-06-18 06:53 - 2020-10-17 16:00 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-06-18 06:53 - 2020-10-17 16:00 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-06-17 18:24 - 2021-02-06 13:42 - 000003366 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3061804363-3326323613-1069145852-1001
2021-06-17 18:24 - 2021-02-06 13:42 - 000000000 ___RD C:\Users\jasan\OneDrive
2021-06-17 18:24 - 2021-02-06 13:09 - 000002381 _____ C:\Users\jasan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-06-13 16:17 - 2020-01-28 21:08 - 000000000 ____D C:\Users\jasan\Desktop\kamejk
2021-06-13 15:34 - 2020-01-04 13:13 - 000029057 _____ C:\Users\jasan\Documents\forgedb-idpoints-makro.xlsm
2021-06-12 07:08 - 2020-11-19 01:46 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-06-11 14:08 - 2020-01-03 18:43 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-06-11 14:07 - 2021-02-06 13:18 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-06-11 06:53 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-06-10 21:57 - 2020-01-04 13:13 - 000740864 _____ C:\Users\jasan\Documents\Plán příjmů a výdajů.xls
2021-06-10 21:45 - 2020-01-04 13:13 - 000017922 _____ C:\Users\jasan\Documents\Zonky.xlsx
2021-06-10 19:24 - 2021-01-02 23:40 - 000117487 _____ C:\Users\jasan\Documents\Simt.xlsx
2021-06-10 08:21 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-06-10 08:13 - 2020-11-19 00:46 - 000450720 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-06-09 21:33 - 2019-12-07 16:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-06-09 16:28 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-06-09 16:04 - 2020-01-01 04:17 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-06-09 15:59 - 2020-01-01 04:16 - 132447432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-06-08 20:47 - 2020-01-04 13:10 - 000000000 ____D C:\Users\jasan\Documents\_Sipo
2021-06-06 18:27 - 2019-12-28 12:51 - 000000000 ____D C:\Users\jasan\AppData\Local\GHISLER
2021-06-06 12:14 - 2020-01-04 13:11 - 000000000 ____D C:\Users\jasan\Documents\_Vodafone vyúčtování
2021-06-05 17:58 - 2020-10-28 18:58 - 000000000 ____D C:\Users\jasan\AppData\Roaming\vlc
2021-06-05 11:39 - 2019-12-31 13:56 - 000000986 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2021-06-04 22:38 - 2020-12-15 19:39 - 000001239 _____ C:\Users\jasan\Desktop\robozonky-exec – zástupce.lnk
2021-06-04 14:41 - 2019-12-28 12:54 - 000000000 ____D C:\ProgramData\Mozilla
2021-06-01 19:21 - 2020-01-04 13:10 - 000000000 ____D C:\Users\jasan\Documents\_Hypotéka
2021-05-31 18:17 - 2020-01-04 13:13 - 000000000 ____D C:\Users\jasan\Documents\Sponzoři
2021-05-31 17:30 - 2021-05-21 13:44 - 000000000 ____D C:\WINDOWS\Minidump
2021-05-31 17:25 - 2021-05-21 13:44 - 816780958 _____ C:\WINDOWS\MEMORY.DMP
==================== Files in the root of some directories ========
2020-03-26 14:06 - 2020-03-26 14:06 - 000040708 _____ () C:\Users\jasan\AppData\Roaming\d8j_0F1F1C1H1T2Z0F1T1R2Z1F1C2U1V0F0StJ1V1S1F1F1J1L1G1NtF1R1F1H.txt
2020-03-26 14:06 - 2020-03-26 14:06 - 000284010 _____ () C:\Users\jasan\AppData\Roaming\d8j_1N1I1F1S1T1I0M1F1Q2Y1I1P1B0C1F1Q1P.txt
2002-08-29 17:33 - 2002-08-29 17:33 - 000319488 ____R () C:\Users\jasan\AppData\Roaming\MafiaSetup.exe
2020-12-17 17:35 - 2020-12-17 17:35 - 000003584 _____ () C:\Users\jasan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2020-04-07 19:04 - 2020-04-07 19:04 - 000000093 _____ () C:\Users\jasan\AppData\Local\fusioncache.dat
2020-09-28 21:49 - 2020-09-28 21:49 - 000000000 _____ () C:\Users\jasan\AppData\Local\{A310FDA0-B978-4215-AC39-A153FFB157B9}
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-06-2021
Ran by jasan (administrator) on JASAN-PC (Gigabyte Technology Co., Ltd. GA-MA770T-UD3) (26-06-2021 20:43:24)
Running from C:\Users\jasan\Desktop
Loaded Profiles: jasan
Platform: Windows 10 Pro Version 20H2 19042.1052 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(Cerberus, LLC -> Cerberus, LLC) C:\Program Files (x86)\Cerberus LLC\Cerberus FTP Server\CerberusGUI.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
(Macrovision Corporation) [File not signed] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MSPaint_6.2105.4017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12104.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1022_none_7e372e9e7c6ecccb\TiWorker.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> Thrustmaster®) C:\Program Files (x86)\Thrustmaster\Thrustmaster FFB Driver\drivers\amd64\tmGAInstall.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\NisSrv.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files\Java\jre1.8.0_291\bin\javaw.exe
(Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <8>
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4926664 2016-02-26] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM\...\Run: [snp2std] => C:\WINDOWS\vsnp2std.exe [344064 2007-09-28] (SONIX TECHNOLOGY CO. , LTD -> Sonix)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation) [File not signed]
HKLM-x32\...\Run: [FixCamera] => C:\Windows\FixCamera.exe [20480 2007-07-11] () [File not signed]
HKLM-x32\...\Run: [tsnp2std] => C:\Windows\tsnp2std.exe [270336 2007-05-12] () [File not signed]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706288 2021-04-09] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-08-11] (Macrovision Corporation) [File not signed]
HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4109032 2021-06-09] (Valve -> Valve Corporation)
HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\sidebar.exe [1475072 2013-10-02] (Microsoft Corporation) [File not signed] [File is in use]
HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\...\Run: [Discord] => C:\Users\jasan\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\...\Run: [jasan] => cmd.exe /c start www.exinariuminix.info
HKU\S-1-5-21-3061804363-3326323613-1069145852-1001\...\MountPoints2: {57771de2-74b5-11ea-a858-1c6f652dda0b} - "F:\setup.exe"
HKLM\...\Windows x64\Print Processors\hpzppwn7: C:\Windows\System32\spool\prtprocs\x64\hpzppwn7.dll [101376 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\pdfcmon: C:\Windows\system32\pdfcmon.dll [116736 2020-01-18] (pdfforge GmbH) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\91.0.4472.114\Installer\chrmstp.exe [2021-06-18] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {02F2D77A-A278-4EEA-8C76-02F5B10A028E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {09A89A19-7C90-49CE-8D03-46C604E24660} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {1005EC77-363A-43F8-9DBD-EFE75C6DE5FA} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {123B28F4-C440-4727-92D5-7A0933537AD4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {138D1AFC-B7BC-4F47-96E9-DC079686344B} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3061804363-3326323613-1069145852-1001 => {CA22F5B1-E06F-4A2B-94FC-21E87FE53781}
Task: {166BECA3-8FA8-4239-B4A4-E24B23AE5A18} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {227A9375-5BBD-4A52-A7D1-2D0212F3B68E} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {245037B9-F013-4901-8E99-5630C15C1914} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {2507A576-46AF-49FC-9980-A9B616DE1DB0} - System32\Tasks\Opera scheduled Autoupdate 1582673436 => C:\Users\jasan\AppData\Local\Programs\Opera\launcher.exe
Task: {2C6BB4A3-7968-48DB-AAAD-5DB0121302F6} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2D062919-E916-49C3-B261-48D693A7B6A5} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe
Task: {2F89D2F6-E5AB-4624-96E8-7BBF62C2FB66} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {434E9CD5-00A9-4E0C-AAFC-1A074A3E5A82} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47c2-B62A-B7C4CED925CB}
Task: {4D17A584-B369-44B7-9279-B296DCA6175E} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {4E6AE4B1-5D62-4220-B9C4-7670E097BD15} - System32\Tasks\jasan => cmd.exe /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v jasan /t REG_SZ /d "cmd.exe /c start www.exinariuminix.info"
Task: {560B7F21-3CE6-4F2D-A480-D42396D2475D} - System32\Tasks\Microsoft\Windows\End Of Support\Notify2 => C:\WINDOWS\system32\sipnotify.exe
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {5D779BF9-D8BF-4801-92ED-9DF2EFEC3197} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {5E01A047-75D5-4D85-BDBA-6629696201E2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {60BA4F9A-409C-4202-B45F-EEDFCF35B221} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {65416C4F-D128-4C13-AE4C-4146D0265D33} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {69524F04-9C82-4A23-ACC0-A68D6D77525E} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
Task: {72B7F305-29FC-4A99-B78D-5FA6AA1799E7} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {7676981E-7340-41FB-BEB1-7B663B17A3F7} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {76FE7E08-113C-4003-A304-0E6CBCAC9B5F} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {77D16BB6-5F0F-4021-ABBB-0F738220A3B5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe [644888 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {78FAD5CA-EFA6-4DBB-989A-F5DB68318CEB} - System32\Tasks\{56FDD70A-618C-4699-BB4C-E8261257BF6B} => F:\TRANTYCO.ON\ENGLISH\INSTALL.EXE
Task: {7B2DF944-87E5-4A14-9EE3-9189133AA5D9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-01-04] (Google LLC -> Google LLC)
Task: {916F3E1A-EBEA-47F4-90D9-B7C80B236AB6} - System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => C:\WINDOWS\system32\sipnotify.exe
Task: {927FD3EB-C5A4-40CC-8499-7966FC86DC3C} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe [1504312 2020-12-08] (Adobe Inc. -> Adobe)
Task: {93DE6982-DD71-40C4-8C56-AE88EB1C4E99} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe [644888 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9880C5DF-9E50-4B1F-9BAD-8EC0BA3ACDA3} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe
Task: {A71AC368-7CF2-4FC1-9D95-2EDCADA8B9F3} - \Microsoft\Windows\Setup\EOSNotify2 -> No File <==== ATTENTION
Task: {A8231104-6742-421B-949C-6ACC2FBA7217} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AACFE3E1-BF80-4D77-8B97-C6DDDEF1768E} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {AB452472-0F40-429E-A3D6-771846269DDC} - System32\Tasks\SmartShare => C:\Program Files (x86)\LG Software\LG Smart Share\SmartShareStart.exe [513216 2017-12-12] (LG Electronics Inc. -> LG Electronics Inc.)
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40b4-8963-D3C761B18371}
Task: {B2D8D0F6-B8E9-414E-AB60-07C2ABC62F9D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe [644888 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B798433C-7294-4E31-B5D4-4C2C89CDE1F2} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B82E866A-9E8B-4F1C-A8A7-000C957E5F5C} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B96365E7-0AD4-44A2-8015-CED065BFABB0} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BB1BD0F4-F627-4206-A5BA-B26841C15A18} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
Task: {BD77CEDA-5902-412A-9EA4-76750E582B0F} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61}
Task: {BF8B24C6-C6DD-45ED-BEB3-FD68F0AFEA5F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe [644888 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C1EB6948-7A4D-4680-9A80-647825C19CB9} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [690616 2021-06-24] (Mozilla Corporation -> Mozilla Foundation)
Task: {C59A7950-ACF5-4907-89C9-10B26019245B} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D423F539-8645-456A-A50B-7996ED42167A} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {D6E209AF-CD11-429B-9A26-ACCC930C8448} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1}
Task: {E2803BF2-2FB9-4B65-8D04-F27E61111CE5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-01-04] (Google LLC -> Google LLC)
Task: {E40ABF5D-F8D5-417C-BEE0-A2A9D21133D5} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe
Task: {E6AEF7DD-BFE4-4213-A4D9-40394CC3DA7C} - System32\Tasks\Opera scheduled assistant Autoupdate 1582673439 => C:\Users\jasan\AppData\Local\Programs\Opera\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\jasan\AppData\Local\Programs\Opera\assistant" $(Arg0)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{CB16339B-9B11-47C5-B456-42DA0E23620C}: [DhcpNameServer] 192.168.2.1
Edge:
=======
Edge Profile: C:\Users\jasan\AppData\Local\Microsoft\Edge\User Data\Default [2021-06-24]
FireFox:
========
FF DefaultProfile: b3mcko8g.default
FF ProfilePath: C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\b3mcko8g.default [2020-01-18]
FF NewTab: Mozilla\Firefox\Profiles\b3mcko8g.default -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10421__200118
FF ProfilePath: C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release [2021-06-26]
FF NewTab: Mozilla\Firefox\Profiles\ezqv6kcr.default-release -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10421__200118
FF Notifications: Mozilla\Firefox\Profiles\ezqv6kcr.default-release -> hxxps://meet.google.com
FF Extension: (Český slovník pro kontrolu pravopisu) - C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release\Extensions\cs@dictionaries.addons.mozilla.org.xpi [2021-06-19]
FF Extension: (Easy Screenshot) - C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release\Extensions\easyscreenshot@mozillaonline.com.xpi [2021-05-19]
FF Extension: (fx_cast) - C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release\Extensions\fx_cast@matt.tf.xpi [2021-03-17] [UpdateUrl:hxxps://hensm.github.io/fx_cast/updates.json]
FF Extension: (Tab Reloader (page auto refresh)) - C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release\Extensions\jid0-bnmfwWw2w2w4e4edvcdDbnMhdVg@jetpack.xpi [2021-03-10]
FF Extension: (Czech (CZ) Language Pack) - C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release\Extensions\langpack-cs@firefox.mozilla.org.xpi [2021-06-04]
FF Extension: (Gesturefy) - C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release\Extensions\{506e023c-7f2b-40a3-8066-bc5deb40aebe}.xpi [2021-06-23]
FF Extension: (Mercator Studio for Google Meet) - C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release\Extensions\{55ba4b5e-908a-471e-907f-4d0fb7ce9bbb}.xpi [2021-05-31]
FF Extension: (Adblocker for YouTube™) - C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release\Extensions\{ab2186b0-8c0b-4921-a2d4-95e6e05c0e3c}.xpi [2019-12-28]
FF Extension: (Easy Youtube Video Downloader Express) - C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2021-06-23]
FF Extension: (Video DownloadHelper) - C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2020-12-16]
FF Extension: (No Name) - C:\Users\jasan\AppData\Roaming\Mozilla\Firefox\Profiles\ezqv6kcr.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2021-05-19]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_465.dll [2020-12-08] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.291.2 -> C:\Program Files\Java\jre1.8.0_291\bin\dtplugin\npDeployJava1.dll [2021-05-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.291.2 -> C:\Program Files\Java\jre1.8.0_291\bin\plugin2\npjp2.dll [2021-05-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_465.dll [2020-12-08] (Adobe Inc. -> )
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-05-28] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\jasan\AppData\Local\Google\Chrome\User Data\Default [2021-06-13]
CHR Notifications: Default -> hxxps://meet.google.com
CHR Extension: (Prezentace) - C:\Users\jasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-10-17]
CHR Extension: (Dokumenty) - C:\Users\jasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-10-17]
CHR Extension: (Disk Google) - C:\Users\jasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-17]
CHR Extension: (YouTube) - C:\Users\jasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-10-17]
CHR Extension: (Tabulky) - C:\Users\jasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-10-17]
CHR Extension: (Dokumenty Google offline) - C:\Users\jasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-13]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\jasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-03]
CHR Extension: (Gmail) - C:\Users\jasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-27]
CHR Extension: (Chrome Media Router) - C:\Users\jasan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-13]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-11-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R2 Cerberus FTP Server; C:\Program Files (x86)\Cerberus LLC\Cerberus FTP Server\CerberusGUI.exe [18565624 2019-01-03] (Cerberus, LLC -> Cerberus, LLC)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4507328 2020-04-03] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [64512 2009-07-14] (Microsoft Windows -> Hewlett-Packard)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5393304 2021-06-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 tmGAInstall; C:\Program Files (x86)\Thrustmaster\Thrustmaster FFB Driver\drivers\amd64\tmGAInstall.EXE [48344 2018-12-03] (Microsoft Windows Hardware Compatibility Publisher -> Thrustmaster®)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\NisSrv.exe [2644776 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe [136656 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2020-04-03] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [59360 2020-04-03] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 SNP2STD; C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [12528768 2007-09-10] (SONIX TECHNOLOGY CO. , LTD -> )
S3 SNP2STD; C:\Windows\SysWOW64\DRIVERS\snp2sxp.sys [12212864 2007-09-05] (SONIX TECHNOLOGY CO. , LTD -> )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49568 2021-06-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [425184 2021-06-12] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [76000 2021-06-12] (Microsoft Windows -> Microsoft Corporation)
U3 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-06-26 19:21 - 2021-06-26 20:45 - 000025946 _____ C:\Users\jasan\Desktop\FRST.txt
2021-06-26 19:21 - 2021-06-26 20:44 - 000000000 ____D C:\FRST
2021-06-26 19:20 - 2021-06-26 19:20 - 002300416 _____ (Farbar) C:\Users\jasan\Desktop\FRST64.exe
2021-06-26 19:19 - 2021-06-26 19:19 - 000002036 _____ C:\Users\jasan\AppData\Roaming\Microsoft\Windows\Start Menu\Розыгрыш ключей Steam.lnk
2021-06-26 19:19 - 2021-06-26 19:19 - 000002026 _____ C:\Users\jasan\AppData\Roaming\Microsoft\Windows\Start Menu\World of Warships.lnk
2021-06-26 19:19 - 2021-06-26 19:19 - 000002014 _____ C:\Users\jasan\AppData\Roaming\Microsoft\Windows\Start Menu\War Thunder.lnk
2021-06-26 19:18 - 2021-06-26 19:18 - 000002016 _____ C:\Users\jasan\AppData\Roaming\Microsoft\Windows\Start Menu\World of Tanks.lnk
2021-06-26 19:12 - 2021-06-26 19:12 - 000000053 _____ C:\WINDOWS\WrpYGF74DrEm.ini
2021-06-26 07:42 - 2021-06-26 07:42 - 000000000 ____D C:\Users\jasan\AppData\Roaming\Goldberg SteamEmu Saves
2021-06-24 21:47 - 2021-06-24 21:47 - 000000790 _____ C:\Users\jasan\Desktop\Mafia III.lnk
2021-06-24 21:47 - 2021-06-24 21:47 - 000000762 _____ C:\Users\jasan\Desktop\launcherMafia III.lnk
2021-06-24 21:47 - 2021-06-24 21:47 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2021-06-24 21:47 - 2021-06-24 21:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\by.xatab
2021-06-24 19:06 - 2021-06-24 19:06 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-06-24 19:05 - 2021-06-24 19:06 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-06-23 19:27 - 2021-06-23 19:27 - 000000000 ____D C:\Users\jasan\AppData\Local\UnrealEngine
2021-06-23 19:27 - 2021-06-23 19:27 - 000000000 ____D C:\Users\jasan\AppData\Local\GSS2
2021-06-23 19:27 - 2021-06-23 19:27 - 000000000 ____D C:\Users\jasan\AppData\Local\CrashReportClient
2021-06-23 19:27 - 2021-06-23 19:27 - 000000000 ____D C:\Program Files (x86)\AGEIA Technologies
2021-06-23 18:59 - 2021-06-23 18:59 - 000000223 _____ C:\Users\jasan\Desktop\Gas Station Simulator Prologue - Early Days.url
2021-06-23 18:47 - 2021-06-23 18:47 - 000009423 _____ C:\Users\jasan\Documents\projekty.xlsx
2021-06-22 20:29 - 2021-06-22 20:29 - 000000223 _____ C:\Users\jasan\Desktop\OpenTTD.url
2021-06-20 17:03 - 2021-06-20 17:03 - 000160496 _____ C:\Users\jasan\Downloads\ceník.pdf
2021-06-19 20:30 - 2021-06-19 20:30 - 000185168 _____ C:\Users\jasan\Downloads\odpadky-nakladani-201025.pdf
2021-06-19 20:28 - 2021-06-19 20:28 - 000176993 _____ C:\Users\jasan\Downloads\listy165-cerven2021.pdf
2021-06-19 20:28 - 2021-06-19 20:28 - 000176993 _____ C:\Users\jasan\Downloads\listy165-cerven2021(2).pdf
2021-06-19 20:28 - 2021-06-19 20:28 - 000176993 _____ C:\Users\jasan\Downloads\listy165-cerven2021(1).pdf
2021-06-13 20:28 - 2021-06-13 20:28 - 000077106 _____ C:\Users\jasan\Desktop\kamyk-nad-vltavou-1985-orig-fotografie-83436171.jpeg
2021-06-13 16:00 - 2021-06-13 16:00 - 000098470 _____ C:\Users\jasan\Downloads\L300073_210613_304114.pdf
2021-06-13 16:00 - 2021-06-13 16:00 - 000098111 _____ C:\Users\jasan\Downloads\L300073_210405_298560.pdf
2021-06-13 15:39 - 2021-06-13 15:39 - 000440542 _____ C:\Users\jasan\Downloads\U7n4xFnqjrWmOVkQoJAAZ1Gn0P3qbZIx.pdf
2021-06-13 15:39 - 2021-06-13 15:39 - 000147462 _____ C:\Users\jasan\Downloads\B4bPKo5zt9ijXeND5AIkqoBzOcjQFuuf.pdf
2021-06-13 15:39 - 2021-06-13 15:39 - 000134191 _____ C:\Users\jasan\Downloads\MVt0itU0Phoifc2JnQz3tjkllXMAaGfm.pdf
2021-06-13 15:32 - 2021-06-13 15:32 - 000208106 _____ C:\Users\jasan\Downloads\oznameni-110060780102-c2srqqsd3ihheu7458u0.pdf
2021-06-13 15:32 - 2021-06-13 15:32 - 000151641 _____ C:\Users\jasan\Downloads\oznameni-110060780103-c2qshqsd3ihheu744v50.pdf
2021-06-13 15:30 - 2021-06-13 15:30 - 008798168 _____ C:\Users\jasan\Downloads\dl-letak-app-pidlitacka-cz-final-tiskova-data.pdf
2021-06-11 10:40 - 2021-06-11 10:40 - 000136514 _____ C:\Users\jasan\Downloads\15-zo-24-5-2021.pdf
2021-06-11 07:03 - 2021-06-11 07:03 - 000367015 _____ C:\Users\jasan\Downloads\Cestne_prohlaseni___vzor.pdf
2021-06-11 07:02 - 2021-06-11 07:02 - 000104893 _____ C:\Users\jasan\Downloads\cestne-prohlaseni-covid.pdf
2021-06-11 07:02 - 2021-06-11 07:02 - 000092894 _____ C:\Users\jasan\Downloads\320-cestne-prohlaseni.pdf
2021-06-11 07:01 - 2021-06-11 07:01 - 000400543 _____ C:\Users\jasan\Downloads\Cestne-prohlaseni-samotestovani-posilovna.pdf
2021-06-11 07:01 - 2021-06-11 07:01 - 000102910 _____ C:\Users\jasan\Downloads\cestne prohlaseni samotest.pdf
2021-06-10 10:39 - 2021-06-10 10:39 - 000017795 _____ C:\Users\jasan\Downloads\300088-12.pdf
2021-06-09 16:22 - 2021-06-09 16:22 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-06-09 16:22 - 2021-06-09 16:22 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-06-09 16:22 - 2021-06-09 16:22 - 001864192 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll
2021-06-09 16:22 - 2021-06-09 16:22 - 001314120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-06-09 16:22 - 2021-06-09 16:22 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-06-09 16:22 - 2021-06-09 16:22 - 000468440 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-06-09 16:22 - 2021-06-09 16:22 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-06-09 16:22 - 2021-06-09 16:22 - 000011353 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-06-09 16:21 - 2021-06-09 16:21 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-06-09 16:21 - 2021-06-09 16:21 - 001823792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-06-09 16:21 - 2021-06-09 16:21 - 001393496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-06-09 16:21 - 2021-06-09 16:21 - 000657464 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-06-09 16:21 - 2021-06-09 16:21 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-06-09 16:21 - 2021-06-09 16:21 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-06-09 16:21 - 2021-06-09 16:21 - 000097280 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-06-09 16:20 - 2021-06-09 16:20 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-06-09 16:20 - 2021-06-09 16:20 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-06-09 16:20 - 2021-06-09 16:20 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-06-08 20:49 - 2021-06-08 20:49 - 000132761 _____ C:\Users\jasan\Downloads\priloha_915825092_0_RocniVypisROB.pdf
2021-06-07 20:29 - 2020-11-11 03:54 - 000167280 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2021-06-07 20:29 - 2020-11-11 03:54 - 000159600 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudbus2.sys
2021-06-07 12:29 - 2021-06-07 12:29 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2021-06-07 12:04 - 2021-06-07 12:24 - 350493319 _____ C:\Users\jasan\Desktop\Mark Manson - Důmyslné umění, jak mít všechno u prdele.rar
2021-06-06 18:29 - 2021-06-06 18:29 - 018982239 _____ C:\Users\jasan\Downloads\matomo-latest.zip
2021-06-05 20:25 - 2021-06-05 20:25 - 000689241 _____ C:\Users\jasan\Downloads\1761_cz_L003_sazebnik_platny_od_01012021.pdf
2021-06-05 20:23 - 2021-06-05 20:23 - 000078561 _____ C:\Users\jasan\Downloads\2806-cenik.pdf
2021-06-05 20:22 - 2021-06-05 20:22 - 000068017 _____ C:\Users\jasan\Downloads\pravidla-akce-ziskejte-500-kc-na-vyzkouseni-uctu-v-aplikaci-my-air.pdf
2021-06-05 20:22 - 2021-06-05 20:22 - 000068017 _____ C:\Users\jasan\Downloads\pravidla-akce-ziskejte-500-kc-na-vyzkouseni-uctu-v-aplikaci-my-air(1).pdf
2021-06-05 17:16 - 2021-06-05 17:58 - 000000000 ____D C:\Users\jasan\AppData\Roaming\obs-studio
2021-06-05 17:16 - 2021-06-05 17:16 - 000001052 _____ C:\Users\Public\Desktop\OBS Studio.lnk
2021-06-05 17:16 - 2021-06-05 17:16 - 000000000 ____D C:\ProgramData\obs-studio-hook
2021-06-05 17:16 - 2021-06-05 17:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2021-06-05 17:15 - 2021-06-05 17:16 - 000000000 ____D C:\Program Files\obs-studio
2021-06-05 17:14 - 2021-06-05 17:15 - 076720824 _____ (obsproject.com) C:\Users\jasan\Downloads\OBS-Studio-27.0-Full-Installer-x64.exe
2021-06-05 15:58 - 2021-06-05 15:58 - 000306968 _____ C:\Users\jasan\Documents\817 p. Mareš.pdf
2021-06-05 08:32 - 2021-06-05 11:39 - 000000000 ____D C:\Program Files\Mozilla Thunderbird
2021-05-31 21:01 - 2021-06-01 18:18 - 000456141 _____ C:\Users\jasan\Downloads\Zadost-o-DP-placene.pdf
2021-05-31 17:25 - 2021-05-31 17:30 - 001014100 _____ C:\WINDOWS\Minidump\053121-40250-01.dmp
2021-05-30 21:41 - 2021-05-30 21:42 - 000000000 ____D C:\Users\jasan\Downloads\PID
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-06-26 20:43 - 2020-01-08 22:13 - 000037342 _____ C:\Users\jasan\Desktop\note.txt
2021-06-26 20:43 - 2019-12-28 12:54 - 000000000 ____D C:\Users\jasan\AppData\LocalLow\Mozilla
2021-06-26 20:42 - 2020-11-19 00:46 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-06-26 20:37 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-06-26 20:35 - 2021-01-10 13:20 - 000000000 ____D C:\Program Files (x86)\Steam
2021-06-26 19:49 - 2020-01-04 13:13 - 000890880 _____ C:\Users\jasan\Documents\kamejk návštěvnost.xls
2021-06-26 19:28 - 2020-02-04 21:34 - 000000000 ____D C:\Games
2021-06-26 19:18 - 2019-12-28 19:06 - 000000000 ____D C:\ProgramData\Package Cache
2021-06-26 19:14 - 2021-03-30 18:22 - 000000000 ____D C:\Users\jasan\Desktop\Moje
2021-06-26 14:47 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-06-26 09:41 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-06-26 07:12 - 2020-11-19 01:48 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-06-25 14:41 - 2021-03-20 10:42 - 000000000 ____D C:\Users\jasan\AppData\Roaming\Mr.Mine
2021-06-24 22:18 - 2021-02-06 13:09 - 000000000 ____D C:\Users\jasan
2021-06-24 20:31 - 2021-04-02 11:31 - 000000000 ____D C:\Users\jasan\AppData\Roaming\discord
2021-06-24 20:31 - 2021-04-02 11:31 - 000000000 ____D C:\Users\jasan\AppData\Local\Discord
2021-06-24 20:29 - 2021-04-02 11:31 - 000002231 _____ C:\Users\jasan\Desktop\Discord.lnk
2021-06-24 19:49 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-06-24 19:06 - 2019-12-28 12:54 - 000000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-06-24 19:06 - 2019-12-28 12:54 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-06-24 10:33 - 2020-11-19 01:55 - 001899856 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-06-24 10:33 - 2019-12-07 16:43 - 000780030 _____ C:\WINDOWS\system32\perfh005.dat
2021-06-24 10:33 - 2019-12-07 16:43 - 000178016 _____ C:\WINDOWS\system32\perfc005.dat
2021-06-24 10:26 - 2021-02-06 13:01 - 000008192 ___SH C:\DumpStack.log.tmp
2021-06-24 10:26 - 2020-11-19 01:46 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-06-24 08:48 - 2020-12-23 17:47 - 000000000 ____D C:\Users\jasan\Desktop\básničky
2021-06-23 19:27 - 2019-12-28 19:08 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2021-06-23 18:59 - 2021-01-10 13:26 - 000000000 ____D C:\Users\jasan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2021-06-22 20:35 - 2020-01-04 13:12 - 000000000 ____D C:\Users\jasan\Documents\OpenTTD
2021-06-21 20:15 - 2020-01-04 13:13 - 003163623 _____ C:\Users\jasan\Documents\FoE.xlsx
2021-06-20 11:27 - 2020-01-04 13:13 - 001140143 _____ C:\Users\jasan\Documents\FoE2.xlsx
2021-06-19 13:54 - 2021-02-20 15:54 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-06-18 20:50 - 2020-08-14 15:10 - 000000000 ____D C:\RoboZonky
2021-06-18 06:53 - 2020-10-17 16:00 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-06-18 06:53 - 2020-10-17 16:00 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-06-17 18:24 - 2021-02-06 13:42 - 000003366 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3061804363-3326323613-1069145852-1001
2021-06-17 18:24 - 2021-02-06 13:42 - 000000000 ___RD C:\Users\jasan\OneDrive
2021-06-17 18:24 - 2021-02-06 13:09 - 000002381 _____ C:\Users\jasan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-06-13 16:17 - 2020-01-28 21:08 - 000000000 ____D C:\Users\jasan\Desktop\kamejk
2021-06-13 15:34 - 2020-01-04 13:13 - 000029057 _____ C:\Users\jasan\Documents\forgedb-idpoints-makro.xlsm
2021-06-12 07:08 - 2020-11-19 01:46 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-06-11 14:08 - 2020-01-03 18:43 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-06-11 14:07 - 2021-02-06 13:18 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-06-11 06:53 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-06-10 21:57 - 2020-01-04 13:13 - 000740864 _____ C:\Users\jasan\Documents\Plán příjmů a výdajů.xls
2021-06-10 21:45 - 2020-01-04 13:13 - 000017922 _____ C:\Users\jasan\Documents\Zonky.xlsx
2021-06-10 19:24 - 2021-01-02 23:40 - 000117487 _____ C:\Users\jasan\Documents\Simt.xlsx
2021-06-10 08:21 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-06-10 08:13 - 2020-11-19 00:46 - 000450720 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-06-09 21:33 - 2019-12-07 16:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-06-09 21:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-06-09 16:28 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-06-09 16:04 - 2020-01-01 04:17 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-06-09 15:59 - 2020-01-01 04:16 - 132447432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-06-08 20:47 - 2020-01-04 13:10 - 000000000 ____D C:\Users\jasan\Documents\_Sipo
2021-06-06 18:27 - 2019-12-28 12:51 - 000000000 ____D C:\Users\jasan\AppData\Local\GHISLER
2021-06-06 12:14 - 2020-01-04 13:11 - 000000000 ____D C:\Users\jasan\Documents\_Vodafone vyúčtování
2021-06-05 17:58 - 2020-10-28 18:58 - 000000000 ____D C:\Users\jasan\AppData\Roaming\vlc
2021-06-05 11:39 - 2019-12-31 13:56 - 000000986 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2021-06-04 22:38 - 2020-12-15 19:39 - 000001239 _____ C:\Users\jasan\Desktop\robozonky-exec – zástupce.lnk
2021-06-04 14:41 - 2019-12-28 12:54 - 000000000 ____D C:\ProgramData\Mozilla
2021-06-01 19:21 - 2020-01-04 13:10 - 000000000 ____D C:\Users\jasan\Documents\_Hypotéka
2021-05-31 18:17 - 2020-01-04 13:13 - 000000000 ____D C:\Users\jasan\Documents\Sponzoři
2021-05-31 17:30 - 2021-05-21 13:44 - 000000000 ____D C:\WINDOWS\Minidump
2021-05-31 17:25 - 2021-05-21 13:44 - 816780958 _____ C:\WINDOWS\MEMORY.DMP
==================== Files in the root of some directories ========
2020-03-26 14:06 - 2020-03-26 14:06 - 000040708 _____ () C:\Users\jasan\AppData\Roaming\d8j_0F1F1C1H1T2Z0F1T1R2Z1F1C2U1V0F0StJ1V1S1F1F1J1L1G1NtF1R1F1H.txt
2020-03-26 14:06 - 2020-03-26 14:06 - 000284010 _____ () C:\Users\jasan\AppData\Roaming\d8j_1N1I1F1S1T1I0M1F1Q2Y1I1P1B0C1F1Q1P.txt
2002-08-29 17:33 - 2002-08-29 17:33 - 000319488 ____R () C:\Users\jasan\AppData\Roaming\MafiaSetup.exe
2020-12-17 17:35 - 2020-12-17 17:35 - 000003584 _____ () C:\Users\jasan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2020-04-07 19:04 - 2020-04-07 19:04 - 000000093 _____ () C:\Users\jasan\AppData\Local\fusioncache.dat
2020-09-28 21:49 - 2020-09-28 21:49 - 000000000 _____ () C:\Users\jasan\AppData\Local\{A310FDA0-B978-4215-AC39-A153FFB157B9}
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================