VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Kontrola po spuštění fake aplikace (Phishing)

https://forum.viry.cz:443/viewtopic.php?t=158291

Stránka 1 z 1

Kontrola po spuštění fake aplikace (Phishing)

Napsal: 07 říj 2021 23:48
od windyOMG
Dobrý den,

s velkou pravděpodobností se mi povedlo spustit fake aplikaci z fake stránek:
, originální doména má com
Děkuji za kontrolu, nebo rady co teď :) (PC zatím funguje normálně)

Díky






Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-10-2021
Ran by winki (administrator) on DESKTOP-0S50FER (MSI MS-7816) (08-10-2021 00:38:52)
Running from C:\Users\winki\Desktop
Loaded Profiles: winki
Platform: Windows 10 Pro Version 21H1 19043.1237 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <2>
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Google LLC -> Google LLC) C:\Users\winki\AppData\Local\Google\Chrome\Application\chrome.exe <26>
(CHENGDU YIWO Tech Development Co., Ltd. -> ) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
(CHENGDU YIWO Tech Development Co., Ltd. -> ) C:\Program Files (x86)\EaseUS\Todo Backup\CMC\bin\EBCClient.exe
(CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(Locktime Software s.r.o. -> Locktime Software) C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe
(Logitech Inc -> Logitech) C:\ProgramData\LogiShrd\LogiOptions\Software\Current\LogiOverlay.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(Logitech Inc -> Logitech, Inc.) C:\ProgramData\LogiShrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\winki\AppData\Local\Microsoft\BingWallpaperApp\BingWallpaperApp.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2108.25001.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingApp_2110.1001.3.0_x64__8wekyb3d8bbwe\XboxAppServices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.57.20005.0_x64__8wekyb3d8bbwe\gamingservices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.57.20005.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12107.1001.15.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MpCopyAccelerator.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\NisSrv.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <10>
(Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_b8346c359fcd6093\Display.NvContainer\NVDisplay.Container.exe <2>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Plex, Inc. -> ) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe
(Plex, Inc. -> Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Plex, Inc. -> Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
(Plex, Inc. -> Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe <2>
(Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe <4>
(Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagicianSVC.exe
(SatoshiLabs, s.r.o. -> ) C:\Program Files (x86)\TREZOR Bridge\trezord.exe
(Skillbrains) [File not signed] C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-07-14] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [2176648 2018-06-27] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3952096 2020-03-11] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [339512 2021-08-04] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2623032 2019-07-05] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] (OOO Lightshot -> )
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [5314096 2020-03-06] (Adobe Inc. -> Adobe Systems Inc.)
HKLM-x32\...\Run: [Opera Browser Assistant] => C:\Program Files\Opera\assistant\browser_assistant.exe [4105424 2021-10-05] (Opera Software AS -> Opera Software)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2340224 2021-09-30] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [20229112 2020-08-27] (Plex, Inc. -> Plex, Inc.)
HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\Run: [Google Update] => C:\Users\winki\AppData\Local\Google\Update\1.3.36.112\GoogleUpdateCore.exe [223816 2021-10-01] (Google LLC -> Google LLC)
HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\Run: [Discord] => C:\Users\winki\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2020-09-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [68408 2020-09-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2020-09-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2020-09-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35093120 2021-09-10] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\Run: [Chromium] => "c:\users\winki\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-11-26] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\Run: [BingWallpaperApp] => C:\Users\winki\AppData\Local\Microsoft\BingWallpaperApp\BingWallpaperApp.exe [8537992 2021-08-23] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\MountPoints2: {51189c54-fea3-11e6-84cd-d43d7ebdf362} - "L:\setup.exe"
HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\MountPoints2: {51189c68-fea3-11e6-84cd-d43d7ebdf362} - "M:\setup.exe"
HKLM\...\Windows x64\Print Processors\HP1020PrintProc: C:\Windows\System32\spool\prtprocs\x64\pphp1020.dll [65024 2012-09-18] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [65488 2020-03-06] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\HPLJ1020LM: C:\Windows\system32\zlhp1020.dll [192512 2012-09-18] (Microsoft Windows Hardware Compatibility Publisher -> )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TREZOR Bridge.lnk [2021-04-19]
ShortcutTarget: TREZOR Bridge.lnk -> C:\Program Files (x86)\TREZOR Bridge\trezord.exe (SatoshiLabs, s.r.o. -> )
Startup: C:\Users\winki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TREZOR Bridge.lnk [2018-11-20]
ShortcutTarget: TREZOR Bridge.lnk -> C:\Program Files (x86)\TREZOR Bridge\trezord.exe (SatoshiLabs, s.r.o. -> )
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0CBBB98C-185E-4E3F-9534-378A7B6AA85F} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1844488 2017-10-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {1EE03511-592B-4CE9-86D3-7347A05D6666} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {22433C11-6461-48E1-A7D7-C7BC91E3B3C9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {225032E8-C932-4DE4-8C3E-29331FFA3B8E} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335872 2019-02-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {29496495-DBEA-4A25-8A1B-F1A2E6758D3E} - System32\Tasks\BlueStacksHelper => E:\BlueStacks\BlueStacks\Client\Helper\BlueStacksHelper.exe [754104 2021-01-07] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
Task: {365BA5C9-DA36-4487-A189-94FCA75D566E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MpCmdRun.exe [884544 2021-10-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {37FCFF72-FB4C-43E8-8E6F-44F3C5C8325D} - System32\Tasks\CCleanerSkipUAC - winki => C:\Program Files\CCleaner\CCleaner.exe [29155968 2021-09-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {4546E0B9-1CAE-45C8-A5D9-3909CA58A036} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {47DE83FC-56A5-47CE-8CE7-EFC3F8BBD991} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MpCmdRun.exe [884544 2021-10-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5852828C-5F23-4BBC-8398-A87BAF28FA4C} - System32\Tasks\update-S-1-5-21-116116240-444440880-2871013289-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {5C779B50-E435-4927-96B5-2DD5019408B7} - System32\Tasks\Red Giant Link => C:\Program Files\Red Giant Link\Red Giant Link.exe
Task: {618F94CF-8D2C-44F6-8A75-D879641D0389} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6325AA52-C076-457C-8B4C-D1A8936425DC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {6806018A-361B-4255-9B9C-D4CB6D759316} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [1967880 2017-10-11] (Microsoft Corporation -> Microsoft)
Task: {688B931F-ABB5-4F77-92D3-18F4F7A3D913} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {6A6D4688-3816-41D1-AEB0-C1F5020E2F5E} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {71688812-9B43-4196-8392-ED30620DBB6F} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [110660344 2021-09-16] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
Task: {7238502E-7979-4C81-9689-EF6C98D0F531} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-07-14] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {7306F5F2-F345-43BD-B903-82068DC5492E} - System32\Tasks\Microsoft\Windows\rempl\shell => C:\Program Files\rempl\sedlauncher.exe
Task: {7E185508-AB5F-4E3D-AF92-D727B92ED555} - System32\Tasks\Opera scheduled assistant Autoupdate 1600814896 => C:\Program Files\Opera\launcher.exe [42731728 2021-09-28] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Program Files\Opera\assistant" $(Arg0)
Task: {7F7FFB5C-9549-43CF-BC93-7F788ED456E2} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_142_Plugin.exe [1457152 2019-02-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {81D5CB1A-E49C-40BD-BF83-03D22B51AF1E} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2497800 2017-10-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {85BA77A5-7847-4FCE-8BF3-5C8E42E54FCA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MpCmdRun.exe [884544 2021-10-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {85D780AF-E3CD-4EC2-9F6E-451ACA91817E} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {95203962-B68A-4868-95A1-B4B317918CC0} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2497800 2017-10-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {9C3B4B18-C671-4402-8872-CD0C2B97AD8B} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {9CE455CC-F7D6-4FD5-83AB-F84D314E641A} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-09-10] (Piriform Software Ltd -> Piriform)
Task: {9FF06ED2-C1C1-40D0-9E0A-A6A935FAA6D3} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-0S50FER-winki => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {A2D0BDBB-44F7-430A-B6F8-FF363BCB30AB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MpCmdRun.exe [884544 2021-10-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A4A0E901-69F7-46B4-9CD2-B719D143A794} - System32\Tasks\Opera scheduled Autoupdate 1525300582 => C:\Program Files\Opera\launcher.exe [42731728 2021-09-28] (Opera Software AS -> Opera Software)
Task: {A5CFED16-5809-4D56-A84B-6223E5E4875A} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [645488 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A62F56C3-1646-41BA-8694-6C56ED09F572} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [29155968 2021-09-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {AAC03E66-81F8-45AF-91AD-2A45F90B641D} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1844488 2017-10-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {AAFFAAD3-7110-4AE3-AF5A-A0E361CD54CE} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3339120 2021-06-15] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {AC38554B-50DD-4AB5-A97F-A43BFFED0CFB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {B13AE8B6-9ACC-4FA3-A220-D79E3300EA89} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-116116240-444440880-2871013289-1001UA => C:\Users\winki\AppData\Local\Google\Update\GoogleUpdate.exe [153752 2017-02-26] (Google Inc -> Google Inc.)
Task: {B62C7899-F0EE-4494-BB2A-A1802E5B5065} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {BB0935CC-BD63-464F-886F-D1CC7280830E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-08-15] (Google Inc -> Google Inc.)
Task: {BBA3FD37-275D-4B33-A946-D68E471B46A1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-116116240-444440880-2871013289-1001Core => C:\Users\winki\AppData\Local\Google\Update\GoogleUpdate.exe [153752 2017-02-26] (Google Inc -> Google Inc.)
Task: {C0C1754E-C513-417D-9E3B-DD500587F2DF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {C35C5792-B244-49A0-90E4-556E4999A02A} - System32\Tasks\Microsoft_MKC_Logon_Task_ceip.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ceip.exe [39176 2017-10-11] (Microsoft Corporation -> Microsoft)
Task: {C3854B7A-2F25-4BA7-B66B-8844F2E12BE1} - System32\Tasks\ProtonVPN Update => C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [61760 2020-09-01] (ProtonVPN AG -> )
Task: {C9DCDCDF-B853-4F86-8282-B2C28762A32E} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D10E0421-F103-4AA3-998A-D5BBDDDA0C61} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {D59A6508-6049-4F6C-802D-3047A26F7FE1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-08-15] (Google Inc -> Google Inc.)
Task: {D652AFA8-4973-45FA-8155-F46F17329808} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {DCF73F1E-2CE2-4139-8AAF-D303E5CA75EC} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [316632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {E7A8EDEC-A7E6-439E-B333-0C3E1130D771} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [3977072 2021-09-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {EFE93434-60D4-4446-A1CA-457F3C800134} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [680888 2021-10-06] (Mozilla Corporation -> Mozilla Foundation)
Task: {F6F527BD-98C3-4B47-A272-F4F4A8BA5FD1} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {FD3D6E59-19D1-4E34-A813-430D0A075BBA} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\update-S-1-5-21-116116240-444440880-2871013289-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{f6f79c62-3dd4-4c57-afbc-ad196e28e681}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\winki\AppData\Local\Microsoft\Edge\User Data\Default [2021-10-08]

FireFox:
========
FF DefaultProfile: 8k8cupjw.default
FF ProfilePath: C:\Users\winki\AppData\Roaming\Mozilla\Firefox\Profiles\z37zlo3y.default-release-1580922384981 [2021-10-08]
FF Extension: (Disconnect) - C:\Users\winki\AppData\Roaming\Mozilla\Firefox\Profiles\z37zlo3y.default-release-1580922384981\Extensions\2.0@disconnect.me.xpi [2021-02-22]
FF Extension: (TubeBuddy) - C:\Users\winki\AppData\Roaming\Mozilla\Firefox\Profiles\z37zlo3y.default-release-1580922384981\Extensions\e389d8c2-5554-4ba2-a36e-ac7a57093130@gmail.com.xpi [2021-09-22]
FF Extension: (BetterTTV) - C:\Users\winki\AppData\Roaming\Mozilla\Firefox\Profiles\z37zlo3y.default-release-1580922384981\Extensions\firefox@betterttv.net.xpi [2021-10-07]
FF Extension: (vidIQ Vision for YouTube) - C:\Users\winki\AppData\Roaming\Mozilla\Firefox\Profiles\z37zlo3y.default-release-1580922384981\Extensions\firefox@vid.io.xpi [2021-09-29]
FF Extension: (Twitch Clip Downloader) - C:\Users\winki\AppData\Roaming\Mozilla\Firefox\Profiles\z37zlo3y.default-release-1580922384981\Extensions\{242c2204-f50c-4495-8ec1-57c9d722524a}.xpi [2021-06-28]
FF Extension: (Downloader for Instagram™) - C:\Users\winki\AppData\Roaming\Mozilla\Firefox\Profiles\z37zlo3y.default-release-1580922384981\Extensions\{83bdc210-e037-4d76-8889-2e127ecc06c7}.xpi [2020-05-12]
FF Extension: (The Unofficial Social Blade Extension) - C:\Users\winki\AppData\Roaming\Mozilla\Firefox\Profiles\z37zlo3y.default-release-1580922384981\Extensions\{a5213d5f-2958-4370-848c-91caac3d96bc}.xpi [2020-05-16]
FF Extension: (Video DownloadHelper) - C:\Users\winki\AppData\Roaming\Mozilla\Firefox\Profiles\z37zlo3y.default-release-1580922384981\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2021-07-03]
FF Extension: (No Name) - C:\Users\winki\AppData\Roaming\Mozilla\Firefox\Profiles\z37zlo3y.default-release-1580922384981\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2021-09-03]
FF Extension: (M Clip Twitch) - C:\Users\winki\AppData\Roaming\Mozilla\Firefox\Profiles\z37zlo3y.default-release-1580922384981\Extensions\{d663b001-775c-4cef-aa5f-b757be3d896b}.xpi [2020-06-12]
FF ProfilePath: C:\Users\winki\AppData\Roaming\Mozilla\Firefox\Profiles\8k8cupjw.default [2021-02-22]
FF Extension: (Seznam doplněk - Esko) - C:\Users\winki\AppData\Roaming\Mozilla\Firefox\Profiles\8k8cupjw.default\Extensions\sko-extension@firma.seznam.cz.xpi [2020-01-29]
FF Extension: (Avast SafePrice | Srovnání, výhodné nabídky, kupóny) - C:\Users\winki\AppData\Roaming\Mozilla\Firefox\Profiles\8k8cupjw.default\Extensions\sp@avast.com.xpi [2020-01-18]
FF Extension: (Avast Online Security) - C:\Users\winki\AppData\Roaming\Mozilla\Firefox\Profiles\8k8cupjw.default\Extensions\wrc@avast.com.xpi [2019-10-06] [UpdateUrl:hxxps://firefoxext.avcdn.net/firefoxext/avast/aos/update.json]
FF Extension: (No Name) - C:\Users\winki\AppData\Roaming\Mozilla\Firefox\Profiles\8k8cupjw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-11-25]
FF Extension: (M Clip Twitch) - C:\Users\winki\AppData\Roaming\Mozilla\Firefox\Profiles\8k8cupjw.default\Extensions\{d663b001-775c-4cef-aa5f-b757be3d896b}.xpi [2020-02-01]
FF Extension: (No Name) - C:\Users\winki\AppData\Roaming\Mozilla\Firefox\Profiles\8k8cupjw.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [not found]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2020-03-05]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_142.dll [2019-02-12] (Adobe Systems Incorporated -> )
FF Plugin: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-08-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-08-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_142.dll [2019-02-12] (Adobe Systems Incorporated -> )
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2020-03-06] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-09-25] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default [2021-10-08]
CHR HomePage: Default -> hxxps://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://seznam.cz/"
CHR Extension: (Easy Auto Refresh) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2021-04-12]
CHR Extension: (Překladač Google) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2021-08-14]
CHR Extension: (Prezentace) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (BetterTTV) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2021-10-06]
CHR Extension: (Dokumenty) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Disk Google) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-25]
CHR Extension: (YouTube) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-26]
CHR Extension: (Honey) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2021-09-28]
CHR Extension: (Social Blade) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfidkbgamfhdgmedldkagjopnbobdmdn [2021-05-31] [UpdateUrl:hxxps://addon.socialblade.com/updates.json] <==== ATTENTION
CHR Extension: (NeatClip) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhflbphjbcnpeebdbgbambmohadfaok [2020-05-16]
CHR Extension: (Adobe Acrobat) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-09-07]
CHR Extension: (Fonts Ninja) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\eljapbgkmlngdpckoiiibecpemleclhh [2021-08-19]
CHR Extension: (FrankerFaceZ) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadndhdgpmmaapbmfcknlfgcflmmmieb [2019-03-27]
CHR Extension: (GoFullPage - Full Page Screen Capture) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2021-07-17]
CHR Extension: (Tabulky) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Plex) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpniocchabmgenibceglhnfeimmdhdfm [2017-10-11]
CHR Extension: (Vzdálená plocha Chrome) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2019-07-17]
CHR Extension: (Night Mode Pro) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbilbeoogenjmnabenfjfoockmpfnjoh [2021-07-20]
CHR Extension: (Dokumenty Google offline) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-09-28]
CHR Extension: (FormApps Extension) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilfoopambfaclfjmpiaijnccgcmbeigi [2017-06-14]
CHR Extension: (M Clip Twitch) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaipghhkfodkjbodidbgnekkkdbagade [2021-02-22]
CHR Extension: (TREZOR Chrome Extension) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcjjhjgimijdkoamemaghajlhegmoclj [2017-12-11]
CHR Extension: (WavesLiteApp) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfmcaklajknfekomaflnhkjjkcjabogm [2018-09-04]
CHR Extension: (Google Play) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2017-02-26]
CHR Extension: (Mapy Google) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2017-02-26]
CHR Extension: (Morpheon Dark) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad [2018-09-14]
CHR Extension: (Twitch Clip Downloader 2020) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnenbmhckgnahghjhelklajobocdiijf [2021-02-22]
CHR Extension: (MetaMask) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2021-09-23]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Enhanced Steam) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2019-02-01]
CHR Extension: (Twitch Channel Points Autoclicker) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbeamibpehihpjljabhnchghlbneiane [2021-02-22]
CHR Extension: (Evernote Web Clipper) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2021-07-27]
CHR Extension: (Gmail) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Extension: (Hlídač Shopů) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlonggbfebcjelncogcnclagkmkikk [2021-09-17]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

Opera:
=======
OPR Profile: C:\Users\winki\AppData\Roaming\Opera Software\Opera Stable [2021-10-08]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=o ... utEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\winki\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-07-14]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335872 2019-02-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [816184 2019-07-05] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3779840 2021-07-14] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3547904 2021-07-14] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [99104 2021-03-16] (Apple Inc. -> Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8901968 2021-08-26] (BattlEye Innovations e.K. -> )
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-02-07] (Disc Soft Ltd -> Disc Soft Ltd)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [42632 2020-04-15] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
R2 EBC Client; C:\Program Files (x86)\EaseUS\Todo Backup\CMC\bin\EBCClient.exe [95880 2020-04-16] (CHENGDU YIWO Tech Development Co., Ltd. -> )
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\21.180.0905.0007\FileSyncHelper.exe [3249520 2021-09-30] (Microsoft Corporation -> Microsoft Corporation)
S3 MagicianSVC; C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagicianSVC.exe [348728 2021-09-16] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 nlsvc; C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe [314232 2020-08-05] (Locktime Software s.r.o. -> Locktime Software)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\21.180.0905.0007\OneDriveUpdaterService.exe [3718016 2021-09-30] (Microsoft Corporation -> Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2557144 2021-10-01] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3475680 2021-10-01] (Electronic Arts, Inc. -> Electronic Arts)
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [1412592 2020-08-27] (Plex, Inc. -> Plex, Inc.)
S3 ProtonVPN Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe [98624 2020-09-01] (ProtonVPN AG -> )
S3 ProtonVPN Update Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [61760 2020-09-01] (ProtonVPN AG -> )
R2 SamsungMagicianSVC; C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagicianSVC.exe [348728 2021-09-16] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5394872 2021-09-17] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13353768 2021-09-15] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\NisSrv.exe [2855512 2021-10-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MsMpEng.exe [128392 2021-10-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe [495720 2018-07-04] (Wondershare Technology Co.,Ltd -> Wondershare)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_b8346c359fcd6093\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_b8346c359fcd6093\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 anvsnddrv; C:\WINDOWS\system32\drivers\anvsnddrv.sys [34416 2016-03-24] (Anvsoft Inc. -> AnvSoft Inc.)
R2 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv_bgp.sys [315976 2020-10-05] (Bluestack Systems, Inc -> Bluestack System Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-03-01] (Disc Soft Ltd -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-03-01] (Disc Soft Ltd -> Disc Soft Ltd)
R0 EUBAKUP; C:\WINDOWS\System32\drivers\eubakup.sys [73448 2020-02-24] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R0 EUBKMON; C:\WINDOWS\System32\drivers\EUBKMON.sys [53504 2020-02-24] (Microsoft Windows Hardware Compatibility Publisher -> )
R1 EUDSKACS; C:\WINDOWS\system32\drivers\eudskacs.sys [22784 2020-02-24] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R1 EUFDDISK; C:\WINDOWS\system32\drivers\EuFdDisk.sys [341760 2020-02-24] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2017-10-11] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R0 nldrv; C:\WINDOWS\System32\drivers\nldrv.sys [183528 2020-08-05] (Locktime Software s.r.o. -> Locktime Software)
S3 ProtonVPNSplitTunnel; C:\Program Files (x86)\Proton Technologies\ProtonVPN\x64\Win10\ProtonVPN.SplitTunnelDriver.sys [31584 2020-08-19] (Microsoft Windows Hardware Compatibility Publisher -> Proton Technologies AG)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
R3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [49008 2020-08-19] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2017-10-11] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48520 2021-10-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [434424 2021-10-06] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86264 2021-10-06] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-10-08 01:24 - 2021-10-08 01:24 - 110100480 _____ C:\WINDOWS\system32\config\SOFTWARE
2021-10-08 01:20 - 2021-10-08 01:24 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2021-10-08 00:38 - 2021-10-08 00:39 - 000046902 ____C C:\Users\winki\Desktop\FRST.txt
2021-10-08 00:38 - 2021-10-08 00:39 - 000000000 ____D C:\FRST
2021-10-08 00:37 - 2021-10-08 00:37 - 002308096 _____ (Farbar) C:\Users\winki\Desktop\FRST64.exe
2021-10-08 00:32 - 2021-10-08 00:32 - 020049213 _____ C:\Users\winki\Downloads\CzechCloud_1633645962735.mp4
2021-10-08 00:00 - 2021-10-08 00:00 - 000000000 ____D C:\Users\winki\AppData\Local\Yandex
2021-10-07 23:59 - 2021-10-07 23:59 - 000000000 ____D C:\Users\winki\Downloads\LetaSoft_Sound_Booster
2021-10-07 19:15 - 2021-10-07 19:15 - 009311798 _____ C:\Users\winki\Downloads\MichalDecit_1633626912109.mp4
2021-10-07 19:03 - 2021-10-07 19:03 - 038019751 _____ C:\Users\winki\Downloads\TommyQuestionMark_1633626183260.mp4
2021-10-07 18:45 - 2021-10-07 18:45 - 013677898 _____ C:\Users\winki\Downloads\LadyHoonigan_1633625118326.mp4
2021-10-07 18:43 - 2021-10-07 18:43 - 006343796 _____ C:\Users\winki\Downloads\LadyHoonigan_1633624989107.mp4
2021-10-07 15:39 - 2021-10-07 15:39 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsignd35d656c894c5254
2021-10-07 15:39 - 2021-10-07 15:39 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsignc61808b9b4e611ac
2021-10-07 15:39 - 2021-10-07 15:39 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsign96c5100ed341cc31
2021-10-07 15:39 - 2021-10-07 15:39 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsign438be2a159abfef6
2021-10-07 15:39 - 2021-10-07 15:39 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsign21868dc2bb330680
2021-10-06 20:33 - 2021-10-06 20:33 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-10-04 14:40 - 2021-10-04 14:40 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsignfea7eeda10b488e2
2021-10-04 14:40 - 2021-10-04 14:40 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsigne9617f44df25e024
2021-10-04 14:40 - 2021-10-04 14:40 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsign5faef233732d4b57
2021-10-04 14:40 - 2021-10-04 14:40 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsign1a66f7f7af69ec84
2021-10-04 14:40 - 2021-10-04 14:40 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsign0d80ec30daac9ffb
2021-10-04 11:25 - 2021-10-04 11:25 - 000000000 ____D C:\ProgramData\MisterHorse
2021-10-04 11:19 - 2021-10-04 11:19 - 000001035 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mister Horse Product Manager.lnk
2021-10-04 11:19 - 2021-10-04 11:19 - 000000000 ____D C:\Program Files\Mister Horse Product Manager
2021-10-01 16:08 - 2021-10-01 16:08 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsign7ffa8645d77248ea
2021-10-01 16:08 - 2021-10-01 16:08 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsign5d09c92f4e366c97
2021-10-01 16:08 - 2021-10-01 16:08 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsign448f7c893d418a32
2021-10-01 16:08 - 2021-10-01 16:08 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsign112c6f201cb45eb4
2021-10-01 16:08 - 2021-10-01 16:08 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsign0ad97743e7e5056f
2021-09-30 09:57 - 2021-10-08 00:25 - 000000000 ____D C:\Users\winki\AppData\Roaming\Samsung Magician
2021-09-30 09:56 - 2021-09-30 09:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician
2021-09-29 12:55 - 2021-09-29 12:55 - 000000000 ____D C:\ProgramData\obs-studio-hook
2021-09-29 12:51 - 2021-09-29 12:51 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsignf24d6d8fbeace066
2021-09-29 12:51 - 2021-09-29 12:51 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsign7d5e077878c175db
2021-09-29 12:51 - 2021-09-29 12:51 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsign6e6a46a1f6a8b565
2021-09-29 12:51 - 2021-09-29 12:51 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsign5544b13200ce83c1
2021-09-29 12:51 - 2021-09-29 12:51 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsign3142bfa8ac30eeb2
2021-09-28 15:14 - 2021-09-28 15:14 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsignad878ce8351eda02
2021-09-28 15:05 - 2021-09-28 15:05 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsignfc2726b2f5a23c34
2021-09-28 15:05 - 2021-09-28 15:05 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsignf096127ac11ffb49
2021-09-28 15:05 - 2021-09-28 15:05 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsignd48a327a02481dc1
2021-09-28 15:05 - 2021-09-28 15:05 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsign02646bfec6f23f98
2021-09-24 20:12 - 2021-09-24 20:12 - 000000976 _____ C:\Users\Public\Desktop\Mafia - Definitve Edition.lnk
2021-09-24 20:12 - 2021-09-24 20:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mafia - Definitve Edition
2021-09-22 17:11 - 2021-09-22 17:11 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsignc9f9d1132b7628d9
2021-09-22 17:11 - 2021-09-22 17:11 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsignb50aa54adaaf6bdb
2021-09-22 17:11 - 2021-09-22 17:11 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsign7f29fc86089fdb08
2021-09-22 17:11 - 2021-09-22 17:11 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsign11c262b46da5fa16
2021-09-22 17:11 - 2021-09-22 17:11 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsign03a5a58ffd752a8a
2021-09-21 22:19 - 2021-09-21 22:19 - 000000000 ____D C:\Users\winki\AppData\Local\Kena
2021-09-21 19:05 - 2021-09-21 19:05 - 000000754 ____C C:\Users\winki\Desktop\Kena Bridge of Spirits.lnk
2021-09-21 19:05 - 2021-09-21 19:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kena Bridge of Spirits
2021-09-20 14:14 - 2021-09-20 14:14 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsigne7d18d7a5e4bdf3c
2021-09-20 14:14 - 2021-09-20 14:14 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsigndfb4a061bdfd6a48
2021-09-20 14:14 - 2021-09-20 14:14 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsignbcd6a6232eec1e57
2021-09-20 14:14 - 2021-09-20 14:14 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsign8b077e82aba62c03
2021-09-20 14:14 - 2021-09-20 14:14 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsign1fa36c4fc10f3045
2021-09-20 10:51 - 2021-09-20 10:51 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2021-09-17 13:23 - 2021-09-17 13:23 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsignfbf058ed866cd640
2021-09-17 13:22 - 2021-09-17 13:22 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsignf1c9895ca7d5faa1
2021-09-17 13:22 - 2021-09-17 13:22 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsignc45a2b640df51291
2021-09-17 13:22 - 2021-09-17 13:22 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsign7b9f1d426052269e
2021-09-17 13:22 - 2021-09-17 13:22 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsign7399cd02574ef573
2021-09-17 13:22 - 2021-09-17 13:22 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsign6bb2c9d2853c9b38
2021-09-17 12:30 - 2021-09-17 12:30 - 002111488 _____ (Digimarc) C:\WINDOWS\SysWOW64\DMRCDecoder.dll
2021-09-17 12:30 - 2021-09-17 12:30 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-09-17 12:30 - 2021-09-17 12:30 - 001313608 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-09-17 12:30 - 2021-09-17 12:30 - 001164288 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-09-17 12:30 - 2021-09-17 12:30 - 000672768 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-09-17 12:30 - 2021-09-17 12:30 - 000570368 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-09-17 12:30 - 2021-09-17 12:30 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-09-17 12:30 - 2021-09-17 12:30 - 000426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-09-17 12:30 - 2021-09-17 12:30 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-09-17 12:30 - 2021-09-17 12:30 - 000170496 _____ C:\WINDOWS\system32\DeviceUpdateCenterCsp.dll
2021-09-17 12:30 - 2021-09-17 12:30 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2021-09-17 12:30 - 2021-09-17 12:30 - 000122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2021-09-17 12:30 - 2021-09-17 12:30 - 000011355 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-09-17 12:29 - 2021-09-17 12:29 - 002295296 _____ (Digimarc) C:\WINDOWS\system32\DMRCDecoder.dll
2021-09-17 12:29 - 2021-09-17 12:29 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-09-17 12:29 - 2021-09-17 12:29 - 001823304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-09-17 12:29 - 2021-09-17 12:29 - 001393480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-09-17 12:29 - 2021-09-17 12:29 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-09-17 12:29 - 2021-09-17 12:29 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-09-17 12:29 - 2021-09-17 12:29 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-09-17 12:29 - 2021-09-17 12:29 - 000098816 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-09-17 12:23 - 2021-09-17 12:23 - 000000000 ___HD C:\$WinREAgent
2021-09-16 16:25 - 2021-09-16 16:25 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsignfdaa669ef0df864e
2021-09-16 16:25 - 2021-09-16 16:25 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsignea481d8cd5307a14
2021-09-16 16:25 - 2021-09-16 16:25 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsign5b7174a54622a7fc
2021-09-16 16:25 - 2021-09-16 16:25 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsign511901f3bf70c2eb
2021-09-16 16:25 - 2021-09-16 16:25 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsign40931290d88d6d37
2021-09-15 19:37 - 2021-09-15 19:37 - 000000223 ____C C:\Users\winki\Desktop\Gas Station Simulator.url
2021-09-13 18:15 - 2021-09-13 18:15 - 000000681 ____C C:\Users\winki\Desktop\NBA 2K22.lnk
2021-09-13 18:15 - 2021-09-13 18:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NBA 2K22
2021-09-13 16:20 - 2021-09-13 16:20 - 003596530 _____ C:\Users\winki\Downloads\KouKiShaK_1631542801675.mp4
2021-09-10 17:17 - 2021-09-10 17:17 - 000000916 ____C C:\Users\winki\Desktop\Life is Strange True Colors.lnk
2021-09-10 17:17 - 2021-09-10 17:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Life is Strange True Colors

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-10-08 00:37 - 2019-10-03 23:11 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-10-08 00:32 - 2021-05-14 23:34 - 001693136 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-10-08 00:32 - 2019-12-07 16:43 - 000716762 _____ C:\WINDOWS\system32\perfh005.dat
2021-10-08 00:32 - 2019-12-07 16:43 - 000144940 _____ C:\WINDOWS\system32\perfc005.dat
2021-10-08 00:32 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-10-08 00:27 - 2019-02-18 13:18 - 000000000 ____D C:\ProgramData\Mozilla
2021-10-08 00:27 - 2018-08-15 19:23 - 000000000 ____D C:\Program Files (x86)\Google
2021-10-08 00:27 - 2017-05-17 15:10 - 000000000 ____D C:\Program Files\CCleaner
2021-10-08 00:27 - 2017-04-19 12:03 - 000000000 ____D C:\ProgramData\NVIDIA
2021-10-08 00:26 - 2017-04-07 11:43 - 000000000 ___DC C:\Users\winki\AppData\LocalLow\Mozilla
2021-10-08 00:25 - 2021-05-14 23:34 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-10-08 00:25 - 2021-05-14 22:59 - 000008192 ___SH C:\DumpStack.log.tmp
2021-10-08 00:25 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-10-08 00:25 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-10-08 00:25 - 2019-01-07 02:55 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-10-08 00:25 - 2018-01-04 22:49 - 000000000 ___RD C:\Users\winki\iCloudDrive
2021-10-08 00:25 - 2017-03-13 02:38 - 000000000 ___DC C:\Users\winki\AppData\Local\Plex Media Server
2021-10-08 00:25 - 2017-02-26 11:31 - 000000000 ___RD C:\Users\winki\OneDrive
2021-10-08 00:20 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-10-08 00:11 - 2017-03-01 23:17 - 000000000 ___DC C:\Users\winki\AppData\Roaming\DAEMON Tools Lite
2021-10-08 00:11 - 2017-02-26 23:35 - 000000000 ____D C:\Program Files (x86)\Steam
2021-10-08 00:11 - 2017-02-26 11:39 - 000000000 ___DC C:\Users\winki\AppData\Local\CrashDumps
2021-10-08 00:08 - 2017-07-21 19:37 - 000000000 ___DC C:\Users\winki\AppData\Roaming\discord
2021-10-08 00:03 - 2017-12-07 14:17 - 000000000 ___DC C:\Users\winki\AppData\Local\Packages
2021-10-07 23:17 - 2017-07-21 19:37 - 000000000 ___DC C:\Users\winki\AppData\Local\Discord
2021-10-07 19:27 - 2017-10-27 09:59 - 000000000 ___DC C:\Users\winki\AppData\Local\Ubisoft Game Launcher
2021-10-07 16:14 - 2020-10-20 21:48 - 000000000 ____D C:\Users\winki\AppData\Local\Ori and the Blind Forest DE
2021-10-07 16:03 - 2017-03-02 19:39 - 000000000 ___DC C:\Users\winki\AppData\Local\Spotify
2021-10-07 16:03 - 2017-03-02 19:37 - 000000000 ___DC C:\Users\winki\AppData\Roaming\Spotify
2021-10-07 15:20 - 2017-02-26 12:02 - 000000000 ____D C:\ProgramData\boost_interprocess
2021-10-07 15:16 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-10-07 15:16 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-10-07 13:44 - 2017-02-27 11:44 - 000000000 ___DC C:\Users\winki\AppData\Roaming\vlc
2021-10-07 12:20 - 2020-04-18 10:19 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2021-10-07 12:20 - 2019-12-14 20:37 - 000315856 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
2021-10-07 12:20 - 2019-10-10 11:27 - 000061880 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamemodcontrol.exe
2021-10-07 12:20 - 2019-06-13 22:25 - 002208184 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll
2021-10-07 12:20 - 2019-06-13 22:25 - 000213432 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingservicesproxy.dll
2021-10-07 12:20 - 2019-06-13 22:25 - 000188880 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll
2021-10-07 11:16 - 2020-02-05 19:00 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-10-07 11:16 - 2017-04-07 11:43 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-10-06 20:33 - 2020-02-05 19:00 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-10-06 19:37 - 2017-02-26 23:26 - 000000000 ___DC C:\Users\winki\AppData\Roaming\Origin
2021-10-06 19:37 - 2017-02-26 23:26 - 000000000 ____D C:\Program Files (x86)\Origin
2021-10-06 19:37 - 2017-02-26 23:22 - 000000000 ___DC C:\Users\winki\AppData\Local\Origin
2021-10-06 19:37 - 2017-02-26 23:22 - 000000000 ____D C:\ProgramData\Origin
2021-10-06 15:25 - 2017-02-26 11:37 - 000002543 ____C C:\Users\winki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-10-06 15:25 - 2017-02-26 11:37 - 000002506 ____C C:\Users\winki\Desktop\Google Chrome.lnk
2021-10-06 14:57 - 2018-05-20 13:02 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-10-05 23:56 - 2018-05-03 00:35 - 000000000 ____D C:\Program Files\Opera
2021-10-05 17:32 - 2021-05-14 23:34 - 000004170 _____ C:\WINDOWS\system32\Tasks\Opera scheduled assistant Autoupdate 1600814896
2021-10-05 15:24 - 2021-05-14 22:59 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-10-05 13:52 - 2021-05-14 23:34 - 000003958 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1525300582
2021-10-05 13:52 - 2018-05-03 00:36 - 000001113 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prohlížeč Opera.lnk
2021-10-04 11:47 - 2017-03-06 21:03 - 000000000 ___DC C:\Users\winki\AppData\Local\MisterHorse
2021-10-04 10:10 - 2017-03-10 14:48 - 000000000 ___DC C:\Users\winki\AppData\Roaming\Anvsoft
2021-10-03 13:17 - 2020-10-01 13:55 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-10-02 22:10 - 2020-08-22 02:14 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-10-02 22:10 - 2020-08-22 02:14 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-10-02 21:24 - 2017-02-26 23:52 - 000000000 ___DC C:\Users\winki\AppData\Roaming\uTorrent
2021-10-02 12:05 - 2021-06-29 21:06 - 000003490 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d7694fd9bd15f6
2021-10-02 12:05 - 2021-05-14 23:34 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-10-01 17:36 - 2017-02-26 19:42 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-10-01 10:20 - 2021-06-22 14:21 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2021-10-01 00:06 - 2021-05-14 23:34 - 000003730 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-116116240-444440880-2871013289-1001UA
2021-10-01 00:06 - 2021-05-14 23:34 - 000003462 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-116116240-444440880-2871013289-1001Core
2021-09-30 23:38 - 2021-05-14 23:34 - 000003474 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-09-30 23:38 - 2021-05-14 23:34 - 000003350 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-09-30 17:24 - 2021-05-14 23:34 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2021-09-30 17:24 - 2021-05-14 21:55 - 000002130 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-09-30 09:56 - 2021-05-17 12:39 - 000003352 _____ C:\WINDOWS\system32\Tasks\SamsungMagician
2021-09-29 12:58 - 2017-03-21 13:33 - 000000000 ___DC C:\Users\winki\AppData\Roaming\obs-studio
2021-09-28 22:51 - 2018-01-04 22:49 - 000000000 ___DC C:\Users\winki\Documents\Soubory Outlooku
2021-09-24 20:43 - 2017-03-23 21:11 - 000000000 ___DC C:\Users\winki\Documents\My Games
2021-09-23 11:16 - 2017-07-21 19:37 - 000002272 ____C C:\Users\winki\Desktop\Discord.lnk
2021-09-21 22:19 - 2018-05-30 15:29 - 000000000 ___DC C:\Users\winki\AppData\Local\D3DSCache
2021-09-18 17:43 - 2019-04-18 22:12 - 000000000 ___DC C:\Users\winki\Documents\Euro Truck Simulator 2
2021-09-17 19:01 - 2021-05-14 22:59 - 007073336 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-09-17 16:25 - 2019-12-07 16:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-09-17 16:25 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-09-17 16:25 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-09-17 16:25 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-09-17 16:25 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-09-17 16:25 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-09-17 16:25 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-09-17 16:25 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-09-17 16:25 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-09-17 16:25 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-09-17 16:25 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-09-17 16:25 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2021-09-17 16:25 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2021-09-17 16:25 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-09-17 16:25 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-09-17 16:25 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-09-17 16:25 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-09-17 16:25 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\servicing
2021-09-17 13:22 - 2017-03-06 21:24 - 000000033 _____ C:\Users\winki\AppData\Roaming\AdobeWLCMCache.dat
2021-09-17 12:33 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-09-17 12:23 - 2017-02-26 19:28 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-09-17 12:19 - 2017-02-26 19:28 - 135637312 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-09-15 21:15 - 2021-05-14 23:34 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-09-15 13:09 - 2021-04-18 16:35 - 000000000 ___DC C:\WINDOWS\Panther
2021-09-15 12:45 - 2021-05-14 23:34 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-09-10 17:14 - 2021-08-18 21:08 - 000000000 ____D C:\Games
2021-09-08 21:47 - 2020-10-01 13:55 - 000605520 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll
2021-09-08 21:47 - 2020-10-01 13:55 - 000486736 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll

==================== Files in the root of some directories ========

2017-03-06 21:24 - 2021-09-17 13:22 - 000000033 _____ () C:\Users\winki\AppData\Roaming\AdobeWLCMCache.dat
2020-10-25 22:06 - 2020-10-25 22:06 - 000000047 _____ () C:\Users\winki\AppData\Roaming\~SiMPLEX.ini
2018-07-24 17:29 - 2021-06-19 18:04 - 000001480 ____C () C:\Users\winki\AppData\Local\Adobe Uložit pro web 13.0 Prefs
2017-02-26 22:32 - 2020-08-27 22:55 - 000000081 ____C () C:\Users\winki\AppData\Local\FILM_AE_LogFile.txt
2018-09-27 21:16 - 2018-09-27 21:16 - 000000000 ____C () C:\Users\winki\AppData\Local\oobelibMkey.log
2020-07-19 22:59 - 2020-08-17 13:58 - 000004995 _____ () C:\Users\winki\AppData\Local\PlariumPlay.log
2017-03-12 12:39 - 2021-05-22 12:33 - 000007640 ____C () C:\Users\winki\AppData\Local\Resmon.ResmonCfg
2018-06-29 12:57 - 2018-06-29 12:57 - 000000003 ____C () C:\Users\winki\AppData\Local\updater.log
2018-06-29 12:57 - 2018-06-29 12:57 - 000000425 ____C () C:\Users\winki\AppData\Local\UserProducts.xml

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Re: Kontrola po spuštění fake aplikace (Phishing)

Napsal: 07 říj 2021 23:48
od windyOMG
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2021
Ran by winki (08-10-2021 00:40:52)
Running from C:\Users\winki\Desktop
Windows 10 Pro Version 21H1 19043.1237 (X64) (2021-05-14 21:35:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-116116240-444440880-2871013289-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-116116240-444440880-2871013289-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-116116240-444440880-2871013289-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-116116240-444440880-2871013289-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-116116240-444440880-2871013289-1003 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-116116240-444440880-2871013289-504 - Limited - Disabled)
winki (S-1-5-21-116116240-444440880-2871013289-1001 - Administrator - Enabled) => C:\Users\winki

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4K Video Downloader (HKLM\...\{29F889EE-CD6A-48B7-8197-9E37E54336C9}) (Version: 4.18.1.4500 - Open Media LLC)
A Plague Tale Innocence (HKLM-x32\...\A Plague Tale Innocence_is1) (Version: - )
ADATA SSD ToolBox version 4.1.0 (HKLM-x32\...\{C0991D3E-8786-48E7-A5DB-57FBACB0A03A}_is1) (Version: 4.1.0 - ADATA, Inc.)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 20.006.20042 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 21.007.20095 - Adobe Systems Incorporated)
Adobe After Effects 2020 (HKLM-x32\...\AEFT_17_0_2) (Version: 17.0.2 - Adobe Inc.)
Adobe After Effects CC 2017 (HKLM-x32\...\AEFT_14_0_0) (Version: 14.0.0 - Adobe Systems Incorporated)
Adobe Audition CC 2017 (HKLM-x32\...\AUDT_10_0_0) (Version: 10.0.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.9.0.504 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.142 - Adobe Systems Incorporated)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: - Adobe)
Adobe Illustrator 2020 (HKLM-x32\...\ILST_24_1_2) (Version: 24.1.2 - Adobe Inc.)
Adobe Illustrator CC 2017 (HKLM-x32\...\ILST_21_0_0) (Version: 21.0.0 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2017 (HKLM-x32\...\AME_11_0_0) (Version: 11.0.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0) (Version: 18.0.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2017 (HKLM-x32\...\PPRO_11_0_0) (Version: 11.0.0 - Adobe Systems Incorporated)
Aegisub 3.2.2 (HKLM-x32\...\{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1) (Version: 3.2.2 - Aegisub Team)
AIMP (HKLM-x32\...\AIMP) (Version: v4.13.1887, 19.02.2017 - AIMP DevTeam)
Any Video Converter Ultimate 6.0.4 (HKLM-x32\...\Any Video Converter Ultimate_is1) (Version: - Any-Video-Converter.com)
A-PDF Split 2.7 (HKLM-x32\...\A-PDF Split_is1) (Version: - A-PDF.com)
Apeaksoft Data Recovery 1.2.18 (HKLM-x32\...\{DB8A74C3-8F3E-4711-B152-436BDD91DAE1}_is1) (Version: 1.2.18 - Apeaksoft Studio)
Apple Mobile Device Support (HKLM\...\{74CC99EB-7DC0-4CB0-847A-F8C2FE39690C}) (Version: 14.5.0.7 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Ashampoo Burning Studio 19 (HKLM-x32\...\{91B33C97-BA3F-5C99-C2A6-0EB17CC9054B}_is1) (Version: 19.0.2 - Ashampoo GmbH & Co. KG)
Balíček ovladače systému Windows - Sony Computer Entertainment Inc. Wireless controller for PLAYSTATION(R)3 Driver Package (01/20/2012 1.4.0.0) (HKLM\...\D5410AE5FA467EF0F19558D5F60C991A79E11B51) (Version: 01/20/2012 1.4.0.0 - Sony Computer Entertainment Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bing Wallpaper (HKLM-x32\...\{9C94D5E4-22D6-457B-9263-9C68DBF669DD}) (Version: 1.0.9.3 - Microsoft Corporation)
BitLord 2.4 (HKLM-x32\...\BitLord) (Version: 2.4.6-350 - House of Life)
Blender (HKLM\...\{F343C69A-4ABA-434C-9C73-12A519D269CD}) (Version: 2.80.0 - Blender Foundation)
BlueStacks App Player (HKLM\...\BlueStacks) (Version: 4.280.0.1022 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.85 - Piriform)
Cities Skylines Industries (HKLM-x32\...\Cities Skylines Industries_is1) (Version: - )
Cooking Simulator Pizza (HKLM-x32\...\Cooking Simulator Pizza_is1) (Version: - )
Core Temp 1.7 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.7 - ALCPU)
Crucial Storage Executive (HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\Crucial Storage Executive 3.55.032018.04) (Version: 7.01.012021.03 - Crucial)
CrystalDiskInfo 8.12.0 (HKLM\...\CrystalDiskInfo_is1) (Version: 8.12.0 - Crystal Dew World)
CrystalDiskMark 8.0.1 (HKLM\...\CrystalDiskMark8_is1) (Version: 8.0.1 - Crystal Dew World)
Cyberpunk 2077 (HKLM-x32\...\1423049311_is1) (Version: Build_3214677Change_4155897 - GOG.com)
Cyberpunk 2077 (HKLM-x32\...\Cyberpunk 2077_is1) (Version: - )
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.5.1.0230 - Disc Soft Ltd)
Deezloader Remix 4.3.0 (HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\5eed4b40-1ed5-51be-ab52-56cdb94a998f) (Version: 4.3.0 - RemixDevs)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Delta 0.9.2 (only current user) (HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\0161ecdc-2041-5655-9e4e-ee442fb322e0) (Version: 0.9.2 - Opus Labs CVBA)
Desperados III (HKLM-x32\...\Desperados III_is1) (Version: - )
Discord (HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
EaseUS Todo Backup 13.2 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 13.2 - CHENGDU YIWO Tech Development Co., Ltd)
Effects Suite 64-bit (HKLM\...\{A9462025-681A-44C7-9F6F-70C96320F4C2}) (Version: 11.0.0 - Red Giant Software) Hidden
Effects Suite 64-bit (HKLM-x32\...\InstallShield_{A9462025-681A-44C7-9F6F-70C96320F4C2}) (Version: 11.0.0 - Red Giant Software)
Electrum (HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\Electrum) (Version: 2.9.3 - Electrum Technologies GmbH)
Epic Games Launcher (HKLM-x32\...\{AFC6C4B8-57A3-43C3-9F1C-C4239CAECDAC}) (Version: 1.1.215.0 - Epic Games, Inc.)
Folder Marker Pro (HKLM\...\Folder Marker Pro_is1) (Version: 4.2 - ArcticLine Software)
FontForge verze 31-07-2017 (HKLM-x32\...\{56748B9C-19AE-4689-B8C5-5A45AE0A993A}_is1) (Version: 31-07-2017 - FontForgeBuilds)
FormApps Signing Extension (HKLM-x32\...\{ACA43D91-8B42-4D42-8C8B-A893BD6AA40D}) (Version: 2.8.2.28 - Software602 a.s.)
Fotogalerie (HKLM-x32\...\{F37D360D-9308-4BB1-8515-DC6B637B9486}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
FreeFileSync 9.9 (HKLM-x32\...\FreeFileSync_is1) (Version: 9.9 - FreeFileSync.org)
GameInput Redistributable (HKLM-x32\...\{7E52156F-18FE-B953-BEA9-6BE6A77AFDFF}) (Version: 10.1.19041.3906 - Microsoft Corporation)
Garden Flipper (HKLM-x32\...\1833342145_is1) (Version: 1.2189 (43428) - GOG.com)
Ghostbusters The Video Game Remastered (HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\Ghostbusters The Video Game Remastered) (Version: - HOODLUM)
Going Medieval (HKLM-x32\...\1697094317_is1) (Version: 0.5.28.4-REL - GOG.com)
Google Chrome (HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\Google Chrome) (Version: 94.0.4606.71 - Google LLC)
Google Web Designer (HKLM\...\{811767F4-C586-4673-A41F-E9D767497222}) (Version: 9.0.7.0 - Google LLC.)
GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games)
HGTV Flipper (HKLM-x32\...\1689378242_is1) (Version: 1.2189 (43428) - GOG.com)
House Flipper (HKLM-x32\...\1140907376_is1) (Version: 1.2189 (43428) - GOG.com)
HUMANKIND™ (HKLM-x32\...\FLT_Humankind) (Version: - )
Chia Blockchain (HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\chia-blockchain) (Version: 1.1.7 - Chia Network)
iCloud (HKLM\...\{8808B208-87D1-4725-8192-76D257E9DEAE}) (Version: 7.21.0.23 - Apple Inc.)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
IOTA Wallet 2.5.6 (only current user) (HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\85125e2a-0211-5c49-9018-9358da1074b1) (Version: 2.5.6 - IOTA Foundation)
iTunes (HKLM\...\{81B253F3-31F6-48CD-96D1-5325EA0E093F}) (Version: 12.11.4.15 - Apple Inc.)
Java 8 Update 181 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
Kena Bridge of Spirits (HKLM-x32\...\Kena Bridge of Spirits_is1) (Version: - )
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Life is Strange True Colors (HKLM-x32\...\Life is Strange True Colors_is1) (Version: - )
Lightshot-5.4.0.35 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.35 - Skillbrains)
Link Shell Extension (HKLM\...\HardlinkShellExt) (Version: 3.9.3.5 - Hermann Schinagl)
Little Nightmares II (HKLM-x32\...\Little Nightmares II_is1) (Version: - )
Logitech Options (HKLM\...\LogiOptions) (Version: 6.90.135 - Logitech)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Mafia - Definitve Edition (HKLM-x32\...\{D383B15E-3CE1-4B7F-8E88-F93D39BB2E5C}_is1) (Version: - hangar 13)
Magic Bullet Suite v12.1.4 (HKLM-x32\...\{99487911-8011-42BC-B594-8B02BFD32B1D}_is1) (Version: 12.1.4 - Red Giant, LLC)
MediaInfo 18.05 (HKLM\...\MediaInfo) (Version: 18.05 - MediaArea.net)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 94.0.992.38 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 94.0.992.38 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 3.2.116.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 21.180.0905.0007 - Microsoft Corporation)
Microsoft Server Speech Platform Runtime (x64) (HKLM\...\{3B433087-E62E-4BF5-97F9-4AF6E1C2409C}) (Version: 11.0.7400.345 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Mister Horse Product Manager (HKLM\...\Mister Horse Product Manager_is1) (Version: 2.0.3 - )
Movie Maker (HKLM-x32\...\{3D2CF65C-B544-4308-B996-700D3E5F6C4C}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 cs) (HKLM\...\Mozilla Firefox 93.0 (x64 cs)) (Version: 93.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 72.0.2 - Mozilla)
MultiBit HD 0.5.1 (HKLM\...\6925-4794-5772-4956) (Version: 0.5.1 - KeepKey,LLC)
Nástroje kontroly pravopisu pro Microsoft Office 2016 – čeština (HKLM\...\{90160000-001F-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2016 - slovenčina (HKLM\...\{90160000-001F-041B-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
NBA 2K22 (HKLM-x32\...\NBA 2K22_is1) (Version: - )
Neon 2.0.0 (only current user) (HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\211a501f-25dd-501b-8c98-509ac17aedfa) (Version: 2.0.0 - Ethan Fast)
NetLimiter 4 (HKLM\...\{B3EE94C1-7558-41F1-90B3-EBD718193F95}) (Version: 4.0.68.0 - Locktime Software) Hidden
NetLimiter 4 (HKLM-x32\...\NetLimiter 4 4.0.68.0) (Version: 4.0.68.0 - Locktime Software)
NVIDIA FrameView SDK 1.1.4923.29968894 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29968894 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.23.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.23.0.74 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.38.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.60 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 471.96 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 471.96 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 18.0.1 - OBS Project)
Opera Stable 79.0.4143.72 (HKLM-x32\...\Opera 79.0.4143.72) (Version: 79.0.4143.72 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 10.5.105.49133 - Electronic Arts, Inc.)
Paradox Launcher v2 (HKLM\...\{F0072197-FCF6-41BF-9D38-832B145922DC}) (Version: 2.0.0.0 - Paradox Interactive)
Plex Media Server (HKLM-x32\...\{b5de1a1d-c377-415c-8d61-6513b39c0b0a}) (Version: 1.20.1.3252 - Plex, Inc.)
Plex Media Server (HKLM-x32\...\{ED54B00E-46E5-42F2-9590-7727CCE52133}) (Version: 1.20.1252 - Plex, Inc.) Hidden
Podpora aplikací Apple (32bitová) (HKLM-x32\...\{CCA8C50D-785B-4896-8675-FFE0C4ECCBC3}) (Version: 8.7 - Apple Inc.)
Podpora aplikací Apple (64bitová) (HKLM\...\{75BEF7E8-4370-4D42-94F3-B5AA77057965}) (Version: 8.7 - Apple Inc.)
Pomocník s aktualizací Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22807 - Microsoft Corporation)
Project CARS 3 (HKLM-x32\...\Project CARS 3_is1) (Version: - )
ProtonVPN (HKLM-x32\...\{3047853A-7C09-4DF6-9B3C-3758F1DBC82F}) (Version: 1.17.1 - Proton Technologies AG) Hidden
ProtonVPN (HKLM-x32\...\ProtonVPN 1.17.1) (Version: 1.17.1 - Proton Technologies AG)
ProtonVPNTap (HKLM-x32\...\{BCB82CD9-F514-4F93-A6D9-F898494DC927}) (Version: 1.1.0 - Proton Technologies AG)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Red Giant Link (HKLM-x32\...\{10F82E5B-B611-4C65-8F29-666A9EC5680A}_is1) (Version: 1.9.10.0 - Red Giant, LLC)
Revo Uninstaller Pro 4.1.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 4.1.5 - VS Revo Group, Ltd.)
RidersRepublic (HKLM-x32\...\Uplay Install 5719) (Version: - Ubisoft)
RimWorld Ideology (HKLM-x32\...\RimWorld Ideology_is1) (Version: - )
Road 96 (HKLM-x32\...\Road 96_is1) (Version: - )
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.4.0 - Rockstar Games)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 7.0.0.510 - Samsung Electronics)
Skype verze 8.25 (HKLM-x32\...\Skype_is1) (Version: 8.25 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\Spotify) (Version: 1.1.69.612.gb7409abc - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stopping Plex (HKLM-x32\...\{4AE34600-E4A1-4025-831A-F95EA1EF0FC2}) (Version: 1.20.1252 - Plex, Inc.) Hidden
SuperLuminal StarDust v1.1.2 CE for After Effects (HKLM\...\StarDust_is1) (Version: 1.1.2 - Team V.R)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.22.3 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
Telegram Desktop version 1.5.15 (HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.5.15 - Telegram Messenger LLP)
The Wolf Among Us čeština verze 5.0 (HKLM-x32\...\{47E808C7-0C07-4DF8-877F-7FD653DCDE7B}_is1) (Version: 5.0 - )
Thumbnail me 3.0 (HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\Thumbnail me 3.0) (Version: - )
Trackmania (HKLM-x32\...\Uplay Install 5595) (Version: - Ubisoft)
Train Valley 2 (HKLM\...\TinyISO - Train Valley 2) (Version: - TinyISO)
Trapcode Suite v13.0.1 (HKLM-x32\...\{DFD2DC6B-C634-4C1C-81CC-5EF852E71CEE}_is1) (Version: 13.0.1 - Red Giant, LLC)
TrucksBook Client verze 1.3.2 (HKLM-x32\...\TrucksBook Client_is1) (Version: 1.3.2 - TrucksBook)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 50.0 - Ubisoft)
UE4 Prerequisites (x64) (HKLM\...\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Update for Skype for Business 2016 (KB4493155) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{5376168B-3DBF-4B19-9F74-2ECBDC1BFB46}) (Version: - Microsoft)
Update for Skype for Business 2016 (KB4493155) 64-Bit Edition (HKLM\...\{90160000-00C1-0000-1000-0000000FF1CE}_Office16.PROPLUS_{5376168B-3DBF-4B19-9F74-2ECBDC1BFB46}) (Version: - Microsoft)
Update for Skype for Business 2016 (KB4493155) 64-Bit Edition (HKLM\...\{90160000-012B-0405-1000-0000000FF1CE}_Office16.PROPLUS_{5376168B-3DBF-4B19-9F74-2ECBDC1BFB46}) (Version: - Microsoft)
VdhCoApp 1.6.0 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.8 - VideoLAN)
Waves Client 1.0.21 (only current user) (HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\f077d7c1-dd13-50a1-8533-9deb9aba8648) (Version: 1.0.21 - Waves Platform)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)
WizTree v3.25 (HKLM\...\WizTree_is1) (Version: - Antibody Software)
WRC 10 FIA World Rally Championship (HKLM-x32\...\WRC 10 FIA World Rally Championship_is1) (Version: - )
ZXP Installer (HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\5dbc225fc0bf0a3b) (Version: 0.5.0.124 - aescripts + aeplugins)

Packages:
=========
A Plague Tale: Innocence -> C:\Program Files\WindowsApps\FocusHomeInteractiveSA.APlagueTaleInnocence-Window_1.0.6.0_x64__4hny5m903y3g0 [2020-08-17] (Focus Home Interactive SA)
Daily Desktop Wallpaper -> C:\Program Files\WindowsApps\41879VbfnetApps.DailyBingWallpaper_2.9.6.0_x64__7casf8sqhfy78 [2020-12-27] (Vbfnet Apps)
Deezer Music -> C:\Program Files\WindowsApps\Deezer.62021768415AF_5.30.70.0_x86__q7m17pa7q8kj0 [2021-10-01] (Deezer SA)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-01-24] (Microsoft Corporation)
Facebook -> C:\Program Files\WindowsApps\FACEBOOK.FACEBOOK_2021.927.1.0_neutral__8xx8rvfyw5nnt [2021-09-29] (Facebook Inc)
Forza Horizon 4 -> C:\Program Files\WindowsApps\Microsoft.SunriseBaseGame_1.474.687.2_x64__8wekyb3d8bbwe [2021-09-06] (Microsoft Studios)
Forza Horizon 4 Formula Drift Car Pack -> C:\Program Files\WindowsApps\Microsoft.FormulaDriftCarPack_1.0.3.2_neutral__8wekyb3d8bbwe [2021-05-16] (Microsoft Studios)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.17.0_neutral__8xx8rvfyw5nnt [2021-10-02] (Instagram)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-05-14] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-05-14] (Microsoft Corporation) [MS Ad]
Microsoft Flight Simulator -> C:\Program Files\WindowsApps\Microsoft.FlightSimulator_1.18.15.0_x64__8wekyb3d8bbwe [2021-08-07] (Microsoft Studios)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.7290.0_x64__8wekyb3d8bbwe [2021-08-05] (Microsoft Studios) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-09-03] (NVIDIA Corp.)
Rozšíření pro video MPEG-2 -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.42152.0_x64__8wekyb3d8bbwe [2021-08-25] (Microsoft Corporation)
Samsung Printer Experience -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungPrinterExperience_1.3.15.0_x64__3c1yjt4zspk6g [2021-04-06] (Samsung Electronics Co. Ltd.)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2021-06-11] (Twitter Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{041F9391-C79D-44EE-AA4E-AF4E029C4B47}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.36.112\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{46406D82-6EC0-47CC-8A75-1F33C6DEDBBE}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.35.442\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{540C17A8-04F2-4B66-95D7-B2FEF9A19B54}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.35.422\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{6D264B70-DA18-401D-910C-B202D89670C6}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.36.32\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{84EB3779-151B-4C71-AEF0-A0FEE9481401}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.35.342\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{85D8EE2F-794F-41F0-BB03-49D56A23BEF4}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.36.112\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{86508D42-E5D7-4D10-9C6F-D427AEEB85B5}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.34.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{8B480070-D37D-4090-A063-7A429F849652}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.36.93\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{9B57F475-CCB0-4C85-88A9-2AA9A6C0809A} -> [Amazon Drive] => C:\Users\winki\Amazon Drive
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\localserver32 -> C:\Users\winki\AppData\Local\Google\Chrome\Application\94.0.4606.71\notification_helper.exe (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{bb271103-d1ae-4967-855f-b2a5c5d165e3}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{BE5C2E39-090F-46A2-AFAA-47540743B4FE}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.36.102\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{CA8FA699-91CD-412F-9D13-9B1222F4370E}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.36.82\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{CA919489-0396-4164-A6E7-94CDED45A707}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.36.52\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{DEDF773D-E27B-485E-8E7D-85C5B0EB5A67}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.36.72\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.36.112\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{E9E7529D-7F09-410B-AF2A-CC154473B19C}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.35.452\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{EF076C91-DC9E-43E3-84ED-3D219E065A4F}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.35.302\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\21.180.0905.0007\FileSyncShell64.dll [2021-09-30] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\21.180.0905.0007\FileSyncShell64.dll [2021-09-30] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\21.180.0905.0007\FileSyncShell64.dll [2021-09-30] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\21.180.0905.0007\FileSyncShell64.dll [2021-09-30] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\21.180.0905.0007\FileSyncShell64.dll [2021-09-30] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\21.180.0905.0007\FileSyncShell64.dll [2021-09-30] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\21.180.0905.0007\FileSyncShell64.dll [2021-09-30] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2021-01-17] (schinagl.priv.at -> )
ShellIconOverlayIdentifiers: [IconOverlayJunction] -> {0A479751-02BC-11d3-A855-0004AC2568FF} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2021-01-17] (schinagl.priv.at -> )
ShellIconOverlayIdentifiers: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2021-01-17] (schinagl.priv.at -> )
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\21.180.0905.0007\FileSyncShell64.dll [2021-09-30] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\21.180.0905.0007\FileSyncShell64.dll [2021-09-30] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\21.180.0905.0007\FileSyncShell64.dll [2021-09-30] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\21.180.0905.0007\FileSyncShell64.dll [2021-09-30] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\21.180.0905.0007\FileSyncShell64.dll [2021-09-30] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\21.180.0905.0007\FileSyncShell64.dll [2021-09-30] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\21.180.0905.0007\FileSyncShell64.dll [2021-09-30] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2021-01-17] (schinagl.priv.at -> )
ShellIconOverlayIdentifiers-x32: [IconOverlayJunction] -> {0A479751-02BC-11d3-A855-0004AC2568FF} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2021-01-17] (schinagl.priv.at -> )
ShellIconOverlayIdentifiers-x32: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2021-01-17] (schinagl.priv.at -> )
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\21.180.0905.0007\FileSyncShell64.dll [2021-09-30] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2020-03-06] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll [2017-03-07] (Artem Izmaylov -> AIMP DevTeam) [File not signed]
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers1: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2021-01-17] (schinagl.priv.at -> )
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2020-09-08] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2020-04-16] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2020-04-16] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\21.180.0905.0007\FileSyncShell64.dll [2021-09-30] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll [2017-03-07] (Artem Izmaylov -> AIMP DevTeam) [File not signed]
ContextMenuHandlers4: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2020-04-16] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\21.180.0905.0007\FileSyncShell64.dll [2021-09-30] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2021-01-17] (schinagl.priv.at -> )
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_b8346c359fcd6093\nvshext.dll [2021-08-28] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2020-03-06] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [FMMenuExt] -> {47C91696-894C-46A1-B196-2C7CA1952F45} => C:\Program Files (x86)\Folder Marker\ShellExt64.dll [2013-08-21] (ArcticLine Software) [File not signed]
ContextMenuHandlers6: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2021-01-17] (schinagl.priv.at -> )
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2019-03-29] (VS Revo Group Ltd. -> VS Revo Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\winki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Link Shell Extension\Donate.lnk -> hxxp://schinagl.priv.at/nt/hardlinkshellext/linkshellextension.htm
ShortcutWithArgument: C:\Users\winki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\Plex.lnk -> C:\Users\winki\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=fpniocchabmgenibceglhnfeimmdhdfm
ShortcutWithArgument: C:\Users\winki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\TREZOR Chrome Extension.lnk -> C:\Users\winki\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=jcjjhjgimijdkoamemaghajlhegmoclj
ShortcutWithArgument: C:\Users\winki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\Vzdálená plocha Chrome.lnk -> C:\Users\winki\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
ShortcutWithArgument: C:\Users\winki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\WavesLiteApp.lnk -> C:\Users\winki\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=kfmcaklajknfekomaflnhkjjkcjabogm

==================== Loaded Modules (Whitelisted) =============

2020-10-04 11:04 - 2020-10-04 11:04 - 000336896 ____C () [File not signed] \\?\C:\Users\winki\AppData\Local\Plex Media Server\Codecs\96550d8-3281-windows-x86\ac3_decoder.dll
2020-10-04 11:04 - 2020-10-04 11:04 - 000394752 ____C () [File not signed] \\?\C:\Users\winki\AppData\Local\Plex Media Server\Codecs\96550d8-3281-windows-x86\ac3_encoder.dll
2020-10-04 11:04 - 2020-10-04 11:04 - 000608256 ____C () [File not signed] \\?\C:\Users\winki\AppData\Local\Plex Media Server\Codecs\96550d8-3281-windows-x86\dca_decoder.dll
2020-10-04 11:04 - 2020-10-04 11:04 - 001558528 ____C () [File not signed] \\?\C:\Users\winki\AppData\Local\Plex Media Server\Codecs\96550d8-3281-windows-x86\h264_decoder.dll
2020-10-04 11:04 - 2020-10-04 11:04 - 000818176 ____C () [File not signed] \\?\C:\Users\winki\AppData\Local\Plex Media Server\Codecs\96550d8-3281-windows-x86\hevc_decoder.dll
2020-10-04 11:04 - 2020-10-04 11:04 - 001800704 ____C () [File not signed] \\?\C:\Users\winki\AppData\Local\Plex Media Server\Codecs\96550d8-3281-windows-x86\libx264_encoder.dll
2020-10-04 11:04 - 2020-10-04 11:04 - 000560640 ____C () [File not signed] \\?\C:\Users\winki\AppData\Local\Plex Media Server\Codecs\96550d8-3281-windows-x86\mpeg2video_decoder.dll
2020-10-04 11:04 - 2020-10-04 11:04 - 001268224 ____C () [File not signed] \\?\C:\Users\winki\AppData\Local\Plex Media Server\Codecs\96550d8-3281-windows-x86\mpeg4_decoder.dll
2020-10-04 11:04 - 2020-10-04 11:04 - 002117632 ____C () [File not signed] \\?\C:\Users\winki\AppData\Local\Plex Media Server\Codecs\96550d8-3281-windows-x86\vc1_decoder.dll
2015-03-17 01:34 - 2015-03-17 01:34 - 000010240 _____ () [File not signed] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\locale\cs_cz\acrotray.cze
2021-05-14 19:24 - 2020-02-24 13:05 - 001291264 _____ () [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
2021-05-14 19:24 - 2020-02-24 13:05 - 000055808 _____ () [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
2021-09-30 09:56 - 2021-09-16 10:46 - 002661888 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung Magician\ffmpeg.dll
2021-09-30 09:56 - 2021-09-16 10:46 - 000367104 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung Magician\libegl.dll
2021-09-30 09:56 - 2021-09-16 10:46 - 006631936 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung Magician\libglesv2.dll
2021-09-30 09:56 - 2021-09-16 10:46 - 000458752 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung Magician\resources\app\dist\magutils-napi.node
2021-09-30 09:56 - 2021-09-16 10:46 - 000445440 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung Magician\resources\app\dist\magvibrancy-napi.node
2021-09-30 09:56 - 2021-09-16 10:46 - 001411072 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung Magician\resources\app\dist\uimpewrapper-napi.node
2020-03-06 00:11 - 2020-03-06 00:11 - 000021504 _____ (Adobe Systems Inc.) [File not signed] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\locale\cs_cz\Acrobat Elements\ContextMenuShim64.cze
2017-03-07 18:22 - 2017-03-07 18:22 - 002059848 _____ (Artem Izmaylov -> AIMP DevTeam) [File not signed] C:\Program Files (x86)\AIMP\System\aimp_menu64.dll
2021-05-14 19:24 - 2020-02-24 13:05 - 000892928 _____ (Free Software Foundation) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\iconv.dll
2018-06-29 12:57 - 2017-05-23 14:59 - 000494080 _____ (Skillbrains) [File not signed] C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.dll
2018-06-29 12:57 - 2017-05-23 14:59 - 000256000 _____ (Skillbrains) [File not signed] C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\uploader.dll
2021-05-14 19:23 - 2020-02-24 13:06 - 001359872 _____ (The OpenSSL Project, http://www.openssl.org/) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\LIBEAY32.dll
2021-05-14 19:23 - 2020-02-24 13:06 - 000365056 _____ (The OpenSSL Project, http://www.openssl.org/) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\SSLEAY32.dll
2021-05-14 19:23 - 2020-02-24 11:45 - 001359872 _____ (The OpenSSL Project, http://www.openssl.org/) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\CMC\bin\LIBEAY32.dll
2017-02-26 23:26 - 2020-03-16 15:05 - 001282048 _____ (The OpenSSL Project, http://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2017-02-26 23:26 - 2020-03-16 15:06 - 000279040 _____ (The OpenSSL Project, http://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2017-02-26 23:26 - 2020-01-22 21:30 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2021-10-06 19:37 - 2020-01-22 21:30 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2021-10-06 19:37 - 2020-01-22 21:30 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2021-10-06 19:37 - 2020-01-22 21:30 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2021-10-06 19:37 - 2020-01-22 21:30 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2021-10-06 19:37 - 2020-01-22 21:30 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2021-10-06 19:37 - 2020-01-22 21:30 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:4FC01C57 [294]
AlternateDataStreams: C:\Users\winki\Desktop\Metro: 2033 Redux.url [269]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

SearchScopes: HKU\S-1-5-21-116116240-444440880-2871013289-1001 -> {574D8BD1-9409-46EB-818C-BE355B2D96B5} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_29530
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_181\bin\ssv.dll [2018-08-02] (Oracle America, Inc. -> Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-20] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-08-02] (Oracle America, Inc. -> Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-22] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2021-08-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2021-08-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2021-08-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2021-08-18] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 13:47 - 2021-05-14 19:27 - 000000342 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 activation.easeus.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %INTEL_DEV_REDIST%redist\intel64\compiler;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Crucial\Crucial Storage Executive;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\EaseUS\Todo Backup\bin
HKU\S-1-5-21-116116240-444440880-2871013289-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-116116240-444440880-2871013289-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\winki\AppData\Local\Microsoft\BingWallpaperApp\WPImages\20211007.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
HKLM\...\StartupApproved\Run32: => "Live Update"
HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\StartupApproved\Run: => "Discord"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{712E6954-992E-4ADE-872E-401F36F95A9E}A:0\users\winki\appdata\local\google\chrome\application\chrome.exe] => (Allow) A:0\users\winki\appdata\local\google\chrome\application\chrome.exe => No File
FirewallRules: [TCP Query User{4E9BC4ED-1BED-4EFF-BDF9-3B0CB75BBC59}A:0\users\winki\appdata\local\google\chrome\application\chrome.exe] => (Allow) A:0\users\winki\appdata\local\google\chrome\application\chrome.exe => No File
FirewallRules: [{FC52BCC8-16E6-4B40-8074-0EACF022CEE5}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> )
FirewallRules: [{D37209DF-594E-4C4D-80FB-5480E4D506B8}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> )
FirewallRules: [{3F09E09F-D892-4D2E-979E-00E4B7CED378}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{AABBE277-15DF-4F02-82D0-1FCDB05EEC71}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{D4AF6A38-4D28-4361-AE50-35DB7954ED5C}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{407A8AA3-05DE-4C9B-8919-5F2194A31864}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{D3D8139F-5023-44EF-BB38-8797A6B900E9}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\CMC\bin\EBCClient.exe (CHENGDU YIWO Tech Development Co., Ltd. -> )
FirewallRules: [{551C27F3-3016-49B0-ABE1-D54834201848}] => (Allow) C:\Program Files (x86)\AOMEI\AOMEI Backupper\6.5.0\ABService.exe => No File
FirewallRules: [{91AB568A-6D21-476A-80F0-C73A3989D3F7}] => (Allow) C:\Program Files (x86)\AOMEI\AOMEI Backupper\6.5.0\ABService.exe => No File
FirewallRules: [{222D03B8-EEAD-4EFB-9315-C4F84594C262}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> )
FirewallRules: [{71FC3D61-FB46-40FB-861A-405FBD33DF23}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> )
FirewallRules: [UDP Query User{35861AA1-490B-4515-B118-78A1F3AB0C1C}C:\users\winki\appdata\local\chia-blockchain\app-1.1.4\resources\app.asar.unpacked\daemon\start_farmer.exe] => (Allow) C:\users\winki\appdata\local\chia-blockchain\app-1.1.4\resources\app.asar.unpacked\daemon\start_farmer.exe => No File
FirewallRules: [TCP Query User{E226A334-7229-4576-8693-9CDA80D512A1}C:\users\winki\appdata\local\chia-blockchain\app-1.1.4\resources\app.asar.unpacked\daemon\start_farmer.exe] => (Allow) C:\users\winki\appdata\local\chia-blockchain\app-1.1.4\resources\app.asar.unpacked\daemon\start_farmer.exe => No File
FirewallRules: [UDP Query User{2EB280D9-7230-411C-B0A8-473AEE45209E}C:\users\winki\appdata\local\chia-blockchain\app-1.1.4\resources\app.asar.unpacked\daemon\start_full_node.exe] => (Allow) C:\users\winki\appdata\local\chia-blockchain\app-1.1.4\resources\app.asar.unpacked\daemon\start_full_node.exe => No File
FirewallRules: [TCP Query User{61A9A55B-1C87-40B7-AF4C-3CA21FA3E964}C:\users\winki\appdata\local\chia-blockchain\app-1.1.4\resources\app.asar.unpacked\daemon\start_full_node.exe] => (Allow) C:\users\winki\appdata\local\chia-blockchain\app-1.1.4\resources\app.asar.unpacked\daemon\start_full_node.exe => No File
FirewallRules: [{CFCF6F53-7857-44F9-B151-0E4980626EA9}] => (Allow) E:\SteamLibrary\steamapps\common\Little Nightmares\Atlas\Binaries\Win64\LittleNightmares.exe (Tarsier Studios) [File not signed]
FirewallRules: [{7E719B94-8807-42D6-A39A-FFD33573448B}] => (Allow) E:\SteamLibrary\steamapps\common\Little Nightmares\Atlas\Binaries\Win64\LittleNightmares.exe (Tarsier Studios) [File not signed]
FirewallRules: [{63D5B6C5-6FB6-425E-93EF-70AD2A71A9BA}] => (Allow) E:\SteamLibrary\steamapps\common\Hobo Tough Life\HoboRPG.exe () [File not signed]
FirewallRules: [{6590DA4C-6706-42E0-B4AF-86A7053804A2}] => (Allow) E:\SteamLibrary\steamapps\common\Hobo Tough Life\HoboRPG.exe () [File not signed]
FirewallRules: [{4DCA0EA8-EFC6-4A70-8001-A121806E3980}] => (Allow) E:\SteamLibrary\steamapps\common\Mad Games Tycoon 2\Mad Games Tycoon 2.exe () [File not signed]
FirewallRules: [{43EFB8A8-2201-4557-834A-833C86CD86B1}] => (Allow) E:\SteamLibrary\steamapps\common\Mad Games Tycoon 2\Mad Games Tycoon 2.exe () [File not signed]
FirewallRules: [{81CC502F-8864-4C0B-8FEE-1AA3E881B282}] => (Allow) E:\SteamLibrary\steamapps\common\OpenTTD\openttd.exe (OpenTTD Development Team) [File not signed]
FirewallRules: [{8AECA067-250A-4305-AAA1-F1065654C7AF}] => (Allow) E:\SteamLibrary\steamapps\common\OpenTTD\openttd.exe (OpenTTD Development Team) [File not signed]
FirewallRules: [UDP Query User{5B492200-B9C9-4C70-AF37-A447F571795F}E:\hry\instal\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Block) E:\hry\instal\cyberpunk 2077\bin\x64\cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.)
FirewallRules: [TCP Query User{D91C7840-C720-42B4-86CB-02D4C80C9B0A}E:\hry\instal\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Block) E:\hry\instal\cyberpunk 2077\bin\x64\cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.)
FirewallRules: [{3DBC287B-EF2D-46CB-A20D-6F4BDBF7C316}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
FirewallRules: [{DF2E0085-55DC-43EB-A72A-04A6B40178DA}] => (Allow) E:\SteamLibrary\steamapps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe => No File
FirewallRules: [{974A3A82-8203-49D8-B4AE-50934E756C60}] => (Allow) E:\SteamLibrary\steamapps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe => No File
FirewallRules: [UDP Query User{A5F04EF0-884C-4754-9A17-C72F9C6BCCA9}D:\games\city car driving\bin\win32\starter.exe] => (Block) D:\games\city car driving\bin\win32\starter.exe => No File
FirewallRules: [TCP Query User{FA056E0D-F5EB-4C31-B5CC-B241F3912E94}D:\games\city car driving\bin\win32\starter.exe] => (Block) D:\games\city car driving\bin\win32\starter.exe => No File
FirewallRules: [{4C18741E-3914-42B5-BF43-1447B2B2893A}] => (Allow) E:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{1D70A612-8CC7-4843-961C-74F9A40A60D8}] => (Allow) E:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{78BF7E95-E701-4434-9058-EA461735AC63}] => (Allow) E:\SteamLibrary\steamapps\common\BloonsTD6\BloonsTD6.exe () [File not signed]
FirewallRules: [{07F4FD12-84BF-4701-A254-2293DCBFD7CE}] => (Allow) E:\SteamLibrary\steamapps\common\BloonsTD6\BloonsTD6.exe () [File not signed]
FirewallRules: [UDP Query User{4E5FD0AA-C28F-4B5D-96FB-90D855D0EFF7}E:\hry\instal\instal\the sims 4 snowy escape\game\bin\ts4_x64.exe] => (Block) E:\hry\instal\instal\the sims 4 snowy escape\game\bin\ts4_x64.exe => No File
FirewallRules: [TCP Query User{026527F2-C00B-4784-8404-298E56142F81}E:\hry\instal\instal\the sims 4 snowy escape\game\bin\ts4_x64.exe] => (Block) E:\hry\instal\instal\the sims 4 snowy escape\game\bin\ts4_x64.exe => No File
FirewallRules: [UDP Query User{7391A361-D1D0-4479-BFCD-344566ACCE06}E:\hry\instal\the sims 4 snowy escape\game\bin\ts4_x64.exe] => (Block) E:\hry\instal\the sims 4 snowy escape\game\bin\ts4_x64.exe => No File
FirewallRules: [TCP Query User{E17268C9-0DAF-4DB1-B93D-43C22D2739EE}E:\hry\instal\the sims 4 snowy escape\game\bin\ts4_x64.exe] => (Block) E:\hry\instal\the sims 4 snowy escape\game\bin\ts4_x64.exe => No File
FirewallRules: [UDP Query User{EE171875-6B91-4028-B430-14B53C699ADD}E:\hry\instal\instal\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Block) E:\hry\instal\instal\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [TCP Query User{C55BAC28-86FD-4DC6-AFAA-6D35DF8186F9}E:\hry\instal\instal\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Block) E:\hry\instal\instal\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [UDP Query User{D9718FCE-94D5-4254-B194-7F90CE057566}I:\hry\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Block) I:\hry\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [TCP Query User{3D35A7A2-382D-4477-BDC8-227532AC2F6A}I:\hry\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Block) I:\hry\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [{2D891445-E443-46E9-96F9-8C0ABA05D396}] => (Allow) E:\SteamLibrary\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe => No File
FirewallRules: [{67A4408F-681D-4AB1-96D9-429DBBA515EC}] => (Allow) E:\SteamLibrary\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe => No File
FirewallRules: [{353FC105-B594-4FA7-A80A-7631AE5418AA}] => (Allow) E:\UPLAY Game\Assassin's Creed Valhalla\ACValhalla_Plus.exe => No File
FirewallRules: [TCP Query User{6C532995-BF06-4F25-837F-257347D0C454}E:\uplay game\anno 1800\bin\win64\anno1800_plus.exe] => (Allow) E:\uplay game\anno 1800\bin\win64\anno1800_plus.exe => No File
FirewallRules: [{DE09F60F-5EEF-4CE2-A89A-BBA62BFF1E5C}] => (Allow) E:\UPLAY Game\Anno 1800\Bin\Win64\Anno1800.exe => No File
FirewallRules: [{7D451BEF-9906-41D7-9E6D-2570E2E96285}] => (Allow) E:\SteamLibrary\steamapps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe => No File
FirewallRules: [{939EA703-6FBB-4334-BF1E-185A556DE519}] => (Allow) E:\SteamLibrary\steamapps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe => No File
FirewallRules: [{25744F62-A558-4CF9-8F39-32C0FC384CCC}] => (Allow) E:\SteamLibrary\steamapps\common\Ori DE\oriDE.exe () [File not signed]
FirewallRules: [{AB332A27-5BA4-404D-AEAB-EE5B2BDE529D}] => (Allow) E:\SteamLibrary\steamapps\common\Ori DE\oriDE.exe () [File not signed]
FirewallRules: [{1A3D8CF9-FC85-41A7-85CC-2AE373975D54}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe (Plex, Inc. -> )
FirewallRules: [{AFB8B49B-E151-4250-999E-E9834F0CE8B6}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe (Plex, Inc. -> Plex, Inc.)
FirewallRules: [{050FDBFE-AA9C-444F-90AF-0B1575D1915B}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe (Plex, Inc. -> Python Software Foundation)
FirewallRules: [{4246A919-94EE-484E-B5F6-96E4DD07C4E6}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc. -> Plex, Inc.)
FirewallRules: [{73C8EE0F-1A90-4848-9D31-E4ECE7990A9D}] => (Allow) E:\SteamLibrary\steamapps\common\rocketleague\Binaries\RocketLeague.exe => No File
FirewallRules: [{F72C7959-10DF-4337-BBDD-2194573B79B9}] => (Allow) E:\SteamLibrary\steamapps\common\rocketleague\Binaries\RocketLeague.exe => No File
FirewallRules: [{7FCA6964-66E2-46B8-B68B-3B0DA03C93EE}] => (Allow) E:\Hry\Trackmania\trackmania.exe => No File
FirewallRules: [{E4A72B79-FD00-47AF-BA82-7AE5BE5DE867}] => (Allow) E:\Hry\Trackmania\trackmania.exe => No File
FirewallRules: [{24569E89-CD1B-46B7-BA13-D30B1127BBDD}] => (Allow) E:\SteamLibrary\steamapps\common\Cities_Skylines\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{1D75D7C2-B8FC-49B8-9E05-556BC403F9A0}] => (Allow) E:\SteamLibrary\steamapps\common\Cities_Skylines\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [UDP Query User{D2F7C868-7CDB-47BB-809B-6342EB6317B9}C:\users\winki\appdata\local\programs\deezloader remix\deezloader remix.exe] => (Allow) C:\users\winki\appdata\local\programs\deezloader remix\deezloader remix.exe (RemixDevs) [File not signed]
FirewallRules: [TCP Query User{09D01B29-97C9-4980-B792-ADC1973E30D5}C:\users\winki\appdata\local\programs\deezloader remix\deezloader remix.exe] => (Allow) C:\users\winki\appdata\local\programs\deezloader remix\deezloader remix.exe (RemixDevs) [File not signed]
FirewallRules: [UDP Query User{0A76A6D9-0CB6-4BAC-8674-F195C9A31E24}E:\hry\good.company.early.access\good company\goodcompany.exe] => (Block) E:\hry\good.company.early.access\good company\goodcompany.exe => No File
FirewallRules: [TCP Query User{34360024-7DB3-4A92-AF2A-B9E9D3C027A7}E:\hry\good.company.early.access\good company\goodcompany.exe] => (Block) E:\hry\good.company.early.access\good company\goodcompany.exe => No File
FirewallRules: [UDP Query User{A72D0A3F-576B-4D07-971E-DC7677454E8A}E:\battle net\call of duty modern warfare\modernwarfare.exe] => (Allow) E:\battle net\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [TCP Query User{FEB3AFA8-7D37-4365-BCA1-76D14B24FC6D}E:\battle net\call of duty modern warfare\modernwarfare.exe] => (Allow) E:\battle net\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [{C3E5334A-26DF-46DB-B982-B73A8AD22B79}] => (Allow) C:\Program Files (x86)\BitLord\BitLord.exe (House of Life) [File not signed]
FirewallRules: [{2ABDA6FA-AAF2-4162-BD87-4E00BF5A8DE2}] => (Allow) C:\Program Files (x86)\BitLord\BitLord.exe (House of Life) [File not signed]
FirewallRules: [{38C4353F-F999-42F3-954A-3F03D32AB33F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{79B3D9A5-C6F1-4033-A70F-B93214742DED}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6A09DA51-603D-4184-8940-E1405C4C6589}] => (Allow) E:\SteamLibrary\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed]
FirewallRules: [{67388E39-ED65-4CFD-85D0-EDEFEB47F3B5}] => (Allow) E:\SteamLibrary\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed]
FirewallRules: [{FE261482-3C81-43D6-8C16-0A94D4E1C4FC}] => (Allow) E:\SteamLibrary\steamapps\common\Prison Architect\Prison Architect.exe () [File not signed]
FirewallRules: [{7B7B5243-0311-421D-8F70-B5E1E024495B}] => (Allow) E:\SteamLibrary\steamapps\common\Prison Architect\Prison Architect.exe () [File not signed]
FirewallRules: [{E483D9C6-77FD-44CF-A99B-75B3AD798BE8}] => (Allow) E:\SteamLibrary\steamapps\common\Prison Architect\Launcher\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{3C697972-F5BD-460B-9E64-2A1CA73371CF}] => (Allow) E:\SteamLibrary\steamapps\common\Prison Architect\Launcher\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [UDP Query User{0DB031E1-A8F1-4E03-A5B1-65400B89BBC0}G:\origin\download\fifa 20\fifa20.exe] => (Allow) G:\origin\download\fifa 20\fifa20.exe => No File
FirewallRules: [TCP Query User{273C28A2-D4DD-4C92-9D8B-F5AD9B6C511A}G:\origin\download\fifa 20\fifa20.exe] => (Allow) G:\origin\download\fifa 20\fifa20.exe => No File
FirewallRules: [UDP Query User{0FA6194E-FDAC-413A-86D9-E17EE36B0318}E:\hry\rebel inc escalation\rebel inc. escalation.exe] => (Allow) E:\hry\rebel inc escalation\rebel inc. escalation.exe => No File
FirewallRules: [TCP Query User{A970B428-E095-4A68-8911-F5C09CBA6433}E:\hry\rebel inc escalation\rebel inc. escalation.exe] => (Allow) E:\hry\rebel inc escalation\rebel inc. escalation.exe => No File
FirewallRules: [UDP Query User{649EBA64-1A17-48DB-805B-F82A1EBD1A3C}E:\battle net\hearthstone\hearthstone.exe] => (Allow) E:\battle net\hearthstone\hearthstone.exe => No File
FirewallRules: [TCP Query User{C5B4F4CE-312B-415A-941F-1AAD4527384B}E:\battle net\hearthstone\hearthstone.exe] => (Allow) E:\battle net\hearthstone\hearthstone.exe => No File
FirewallRules: [UDP Query User{FD7FE6C4-C79B-4903-9EFC-B9628B6AA1F2}E:\battle net\call of duty modern warfare beta\modernwarfare.exe] => (Allow) E:\battle net\call of duty modern warfare beta\modernwarfare.exe => No File
FirewallRules: [TCP Query User{EFD94769-A765-4D5F-87BB-32626B5DB5F3}E:\battle net\call of duty modern warfare beta\modernwarfare.exe] => (Allow) E:\battle net\call of duty modern warfare beta\modernwarfare.exe => No File
FirewallRules: [UDP Query User{859BD477-FDCF-4D97-A669-408AFFA82CF1}E:\origin\fifa 20 demo\fifa20_demo.exe] => (Allow) E:\origin\fifa 20 demo\fifa20_demo.exe => No File
FirewallRules: [TCP Query User{508A4D26-B581-44B2-AB0D-2C4983C538FF}E:\origin\fifa 20 demo\fifa20_demo.exe] => (Allow) E:\origin\fifa 20 demo\fifa20_demo.exe => No File
FirewallRules: [UDP Query User{F3D96B2D-7276-46B8-B8D0-2B546FFCD0E8}E:\origin\fifa 18 demo\fifa18_demo.exe] => (Block) E:\origin\fifa 18 demo\fifa18_demo.exe => No File
FirewallRules: [TCP Query User{1D9494D8-42B6-49DA-9FC0-35F2CD7EAE34}E:\origin\fifa 18 demo\fifa18_demo.exe] => (Block) E:\origin\fifa 18 demo\fifa18_demo.exe => No File
FirewallRules: [{44C6BDC9-F009-4B7C-8988-39DA80968A24}] => (Allow) G:\STEAM Library\SteamApps\common\Project CARS 2\pCARS2.exe => No File
FirewallRules: [{279792C2-FDCF-43A5-A52C-94420DF28B0E}] => (Allow) G:\STEAM Library\SteamApps\common\Project CARS 2\pCARS2.exe => No File
FirewallRules: [{70B595F0-5A7F-4EB2-97CF-051429540B3E}] => (Allow) G:\STEAM Library\SteamApps\common\Factorio\bin\x64\factorio.exe => No File
FirewallRules: [{696DDBBA-0E13-4E84-A7B1-14BE80F22C71}] => (Allow) G:\STEAM Library\SteamApps\common\Factorio\bin\x64\factorio.exe => No File
FirewallRules: [{3E0D6E26-D68E-4FEC-A40B-AE1D7DAB2E18}] => (Allow) G:\STEAM Library\SteamApps\common\Call of Duty Modern Warfare 3\iw5mp_server.exe => No File
FirewallRules: [{F3919D95-47EB-4926-9181-D6ED4F2511D1}] => (Allow) G:\STEAM Library\SteamApps\common\Call of Duty Modern Warfare 3\iw5mp_server.exe => No File
FirewallRules: [UDP Query User{8B58F83A-B5BA-46EB-9B82-BAF2D42DCDE8}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe => No File
FirewallRules: [TCP Query User{E0A647E0-7A9E-4B4C-BB3F-D4EDA7C4629E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe => No File
FirewallRules: [UDP Query User{67C40BB5-F35A-4377-9810-4433D1EB70E8}C:\program files\adobe\adobe after effects cc 2017\support files\afterfx.exe] => (Block) C:\program files\adobe\adobe after effects cc 2017\support files\afterfx.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
FirewallRules: [TCP Query User{79F893DA-2B81-4CBD-A457-1FB0663A1E45}C:\program files\adobe\adobe after effects cc 2017\support files\afterfx.exe] => (Block) C:\program files\adobe\adobe after effects cc 2017\support files\afterfx.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
FirewallRules: [{0DA3F07D-37B8-473E-8A54-E80EC1BDFC96}] => (Allow) G:\STEAM Library\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe => No File
FirewallRules: [{EFE5EEA6-2333-4400-B2F6-01C23023BAB9}] => (Allow) G:\STEAM Library\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe => No File
FirewallRules: [{F91CC537-8729-404D-9538-8EB360472777}] => (Allow) G:\STEAM Library\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe => No File
FirewallRules: [{7BAC759C-0383-4869-8460-7E39C0867411}] => (Allow) G:\STEAM Library\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe => No File
FirewallRules: [{D6326257-FE76-4E23-86AE-6F6FC96F4FFA}] => (Allow) G:\STEAM Library\SteamApps\common\Farm Frenzy Collection\FarmFrenzyMegaPack.exe => No File
FirewallRules: [{B277E5A3-EA94-49D7-84A1-2971BF8E441D}] => (Allow) G:\STEAM Library\SteamApps\common\Farm Frenzy Collection\FarmFrenzyMegaPack.exe => No File
FirewallRules: [{44F406F2-FE8F-4CA3-B7BB-C6C5AA5ED1AC}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [UDP Query User{3B042E80-EF41-4180-9231-0CD57C64EB22}G:\steam library\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe] => (Allow) G:\steam library\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe => No File
FirewallRules: [TCP Query User{96732A90-2CB3-4F66-AF08-67107EC465EA}G:\steam library\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe] => (Allow) G:\steam library\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe => No File
FirewallRules: [{5FB29185-3694-4A3D-A5EC-7A94E686DE36}] => (Allow) G:\STEAM Library\SteamApps\common\Counter-Strike Global Offensive\csgo.exe => No File
FirewallRules: [{33C65872-C67B-45A9-8C50-A78C24835A46}] => (Allow) G:\STEAM Library\SteamApps\common\Counter-Strike Global Offensive\csgo.exe => No File
FirewallRules: [UDP Query User{BC720004-B591-4991-8CBC-09F255FA6D8E}C:\users\winki\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\winki\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{321C0D19-4A92-47DD-805F-E69FC4C43937}C:\users\winki\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\winki\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{82D90212-31DA-46C8-B17F-AE1F76F36B90}C:\users\winki\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\winki\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [TCP Query User{AD992CC5-1007-4A75-AAC1-46896643960E}C:\users\winki\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\winki\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [UDP Query User{98448801-6A94-4FDC-8753-0FA7E26387A0}C:\users\winki\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\winki\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{4640D0CC-06A5-4E12-9C68-4EE592A2EDD4}C:\users\winki\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\winki\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{D73785E6-F57E-4BB3-8E14-28658E56A164}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{3950A9A0-3AEB-45E2-918A-CD5A2E1E7DB2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{40A88AC0-48C7-4136-805A-B53F0DE10C8A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{CF014B45-129E-4139-A760-D7655A86EFF2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{74F693CD-A7C5-4666-953D-9817E47A3976}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A93CD9CE-565C-4E84-A2C4-7707613FE3A7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0FC46975-F27B-4599-A3CB-C05A89ADF97E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D18E68F1-86A8-4B5C-A038-4B99FEC095DB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2C2F5385-3762-4692-8FE3-39892BB0DB0A}] => (Allow) G:\ORIGIN\DOWNLOAD\Battlefield 1\bf1Trial.exe => No File
FirewallRules: [{D0548856-DD0B-4974-B77D-ABF9FC101DCF}] => (Allow) G:\ORIGIN\DOWNLOAD\Battlefield 1\bf1Trial.exe => No File
FirewallRules: [{A22787EB-FE2E-4490-8F2C-532C37D9C571}] => (Allow) G:\ORIGIN\DOWNLOAD\Battlefield 1\bf1.exe => No File
FirewallRules: [{4AE780DE-58DE-425E-8602-F394D398E881}] => (Allow) G:\ORIGIN\DOWNLOAD\Battlefield 1\bf1.exe => No File
FirewallRules: [{3D66F668-1BD2-4829-939B-EE058CD1FBF2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{EB5FF2BB-D37D-44BF-82B9-E75EA1633F71}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{EB510BBF-B05B-4D0C-9482-7FEBE9029E83}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A4753161-2B8C-4C6D-9017-00F3ABA24D98}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{24164311-B2FF-453F-A72B-B7B96213BE52}C:\program files\multibit hd\multibit-hd.exe] => (Allow) C:\program files\multibit hd\multibit-hd.exe () [File not signed]
FirewallRules: [UDP Query User{6FE118C4-47F6-4772-9E3D-E0F390D8AC3F}C:\program files\multibit hd\multibit-hd.exe] => (Allow) C:\program files\multibit hd\multibit-hd.exe () [File not signed]
FirewallRules: [TCP Query User{C92F4E0C-A7EA-4CCE-AAFF-6FB93F1A33DA}C:\users\winki\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\winki\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{4B81A7F8-A47F-464C-8AE7-48F27FFEFB9E}C:\users\winki\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\winki\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{0480E7B9-017A-4765-BA5C-8BB937FCC4F3}C:\users\winki\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\winki\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [UDP Query User{76DCFC87-3ACD-43AA-81BC-DACAEFA973AD}C:\users\winki\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\winki\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [TCP Query User{70C86191-A7B3-4C9A-9262-CFB5ECA36A94}C:\users\winki\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\winki\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{97B5893F-ED46-4BB9-9A2D-503A0B40F6E1}C:\users\winki\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\winki\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{52DDF782-1ED1-42E9-A542-8528B0E269F1}C:\program files\adobe\adobe after effects cc 2017\support files\afterfx.exe] => (Allow) C:\program files\adobe\adobe after effects cc 2017\support files\afterfx.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
FirewallRules: [UDP Query User{3FE3F6F6-C05E-4B84-AE3A-8149631D26AB}C:\program files\adobe\adobe after effects cc 2017\support files\afterfx.exe] => (Allow) C:\program files\adobe\adobe after effects cc 2017\support files\afterfx.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
FirewallRules: [TCP Query User{5733D149-3032-448F-A321-CE3F6F7A7071}G:\steam library\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) G:\steam library\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe => No File
FirewallRules: [UDP Query User{629C5957-8A9F-4ACE-867F-B6F52A6F304F}G:\steam library\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) G:\steam library\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe => No File
FirewallRules: [TCP Query User{2E0CD233-F733-4273-9F4C-D8A6E6FF55BD}C:\program files\multibit hd\multibit-hd.exe] => (Allow) C:\program files\multibit hd\multibit-hd.exe () [File not signed]
FirewallRules: [UDP Query User{3CEFF28C-33A9-475C-A3D6-D75E222E01C0}C:\program files\multibit hd\multibit-hd.exe] => (Allow) C:\program files\multibit hd\multibit-hd.exe () [File not signed]
FirewallRules: [{0BA9BC29-DF64-42CB-BD0B-FB0B15853978}] => (Allow) G:\STEAM Library\SteamApps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe => No File
FirewallRules: [{08E7DBBC-9BC6-47B4-AA38-D339B27C4DA1}] => (Allow) G:\STEAM Library\SteamApps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe => No File
FirewallRules: [TCP Query User{AC6B54F1-F24A-4D49-930D-AD8EE1F58288}C:\program files (x86)\fontforgebuilds\bin\vcxsrv\vcxsrv.exe] => (Allow) C:\program files (x86)\fontforgebuilds\bin\vcxsrv\vcxsrv.exe () [File not signed]
FirewallRules: [UDP Query User{61F5218F-6F20-4D08-9FA7-D4FEFA8C3319}C:\program files (x86)\fontforgebuilds\bin\vcxsrv\vcxsrv.exe] => (Allow) C:\program files (x86)\fontforgebuilds\bin\vcxsrv\vcxsrv.exe () [File not signed]
FirewallRules: [{28036375-0B3C-421D-8420-A4F9476A675C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BBE87F96-C1C6-470E-8B1D-FF975EFD6CB2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{76DD6E0D-11E1-47AD-87E9-9F7742E87271}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6DEC1814-18BB-4277-B53F-CA6B8AEA1A4F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{777339A6-2E89-435D-B5C5-BD24789DE2C2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{87183634-1B1F-40CC-A6F4-934ADC3342FE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{A20F4D63-C417-4B42-9350-4C4E1A5D1A33}D:\games\vampyr\avgame\binaries\win64\avgame-win64-shipping.exe] => (Block) D:\games\vampyr\avgame\binaries\win64\avgame-win64-shipping.exe => No File
FirewallRules: [UDP Query User{CE3D5D18-7BE1-47F1-935A-745F0A4D4546}D:\games\vampyr\avgame\binaries\win64\avgame-win64-shipping.exe] => (Block) D:\games\vampyr\avgame\binaries\win64\avgame-win64-shipping.exe => No File
FirewallRules: [{3F5D9630-D9B7-46F5-ABDC-D067A7F89DAF}] => (Allow) G:\STEAM Library\SteamApps\common\Football Tactics Demo\game.exe => No File
FirewallRules: [{4BDB7126-F233-4EF4-8598-3F65B0676AA6}] => (Allow) G:\STEAM Library\SteamApps\common\Football Tactics Demo\game.exe => No File
FirewallRules: [{16722EAD-07E5-4537-A614-69CC3AA25550}] => (Allow) G:\STEAM Library\SteamApps\common\FarCry5\bin\ArcadeEditor64.exe => No File
FirewallRules: [{DE9FB1E8-DCEC-45A4-9B41-9F50EC2F9B99}] => (Allow) G:\STEAM Library\SteamApps\common\FarCry5\bin\ArcadeEditor64.exe => No File
FirewallRules: [{B623CAE5-BD03-4CA8-8D9E-47FA6164DDF9}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.)
FirewallRules: [TCP Query User{B232DCA9-EC18-4B34-B1B3-865B7C8F56F1}C:\program files\crucial\crucial storage executive\java\bin\javaw.exe] => (Allow) C:\program files\crucial\crucial storage executive\java\bin\javaw.exe
FirewallRules: [UDP Query User{70B1534E-F5EE-46DB-AE23-AEF48404E2B2}C:\program files\crucial\crucial storage executive\java\bin\javaw.exe] => (Allow) C:\program files\crucial\crucial storage executive\java\bin\javaw.exe
FirewallRules: [TCP Query User{69E7DD0E-E56E-48A8-9244-C1148DB8317E}C:\program files\adobe\adobe photoshop cc 2017\required\dynamiclinkmediaserver\amecommand.exe] => (Block) C:\program files\adobe\adobe photoshop cc 2017\required\dynamiclinkmediaserver\amecommand.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
FirewallRules: [UDP Query User{DD8B28D5-4ECE-4034-91E8-BF9BAAE76D36}C:\program files\adobe\adobe photoshop cc 2017\required\dynamiclinkmediaserver\amecommand.exe] => (Block) C:\program files\adobe\adobe photoshop cc 2017\required\dynamiclinkmediaserver\amecommand.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
FirewallRules: [{96EB2E45-8869-4EBE-BEF6-9517348F045F}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8CE72AEB-2252-4402-8476-98963A87FBE1}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FB281968-A753-4D67-83ED-C143B85AD3F4}] => (Allow) C:\Users\winki\AppData\Roaming\uTorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{A47FDDDB-A196-44C6-9412-64378A364BB7}] => (Allow) C:\Users\winki\AppData\Roaming\uTorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{E589E35C-F7BD-44D1-833C-4E3954174AEC}] => (Allow) G:\STEAM Library\SteamApps\common\Desperados Wanted Dead or Alive\desperados.exe => No File
FirewallRules: [{AE5340C3-D8B5-487D-8569-521B1C3B9923}] => (Allow) G:\STEAM Library\SteamApps\common\Desperados Wanted Dead or Alive\desperados.exe => No File
FirewallRules: [{E421A2D8-BF18-43C8-BFFC-2177AE3565BC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{FCF9A245-AD99-4BAF-8CFB-2B0E7376301F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{B2D2AA65-844F-41A9-8FA9-56D87439A051}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{ABBC9076-091F-459B-B6EA-F256DC001CE9}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{981EBEB2-C33D-4ABB-BBCB-BE4B7D524A03}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1987EECD-1950-4C74-B5C2-3011B31D30E9}] => (Allow) LPort=2869
FirewallRules: [{A4CFA20E-A863-419E-85B1-FC2159BDD382}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{0194A920-600A-4472-913E-A3ABD71CF2EC}G:\hry\foundation.early.access\foundation\foundation.exe] => (Allow) G:\hry\foundation.early.access\foundation\foundation.exe => No File
FirewallRules: [UDP Query User{D432268D-8DDE-40F8-99FB-DC26DA5C884E}G:\hry\foundation.early.access\foundation\foundation.exe] => (Allow) G:\hry\foundation.early.access\foundation\foundation.exe => No File
FirewallRules: [{8F851BC9-D613-44AE-869C-E9E4598AA0D8}] => (Allow) G:\STEAM Library\SteamApps\common\Production Line\ProductionLine.exe => No File
FirewallRules: [{87719851-FD60-4E1C-9A04-DCE31E864214}] => (Allow) G:\STEAM Library\SteamApps\common\Production Line\ProductionLine.exe => No File
FirewallRules: [TCP Query User{7E398FA9-D8FE-49D1-8AD0-7471DEF60F29}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{9C8320E6-489E-4626-A679-65789BDA8891}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{1237AF2F-5865-4E29-9CCE-9D246098EFB2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{995C095B-24E1-4247-A296-359FD5D40648}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{9A5F928E-7B76-46CE-99BC-76BB8DADF46B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{92EFB39E-5D0D-4337-8242-446B61C31D6A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{DB7DF9CB-7F3D-42DF-930C-70651C48FC6A}] => (Allow) G:\STEAM Library\SteamApps\common\Factorio\bin\x64\factorio.exe => No File
FirewallRules: [{E267FE67-09EF-4BC4-AB3B-A099D807C552}] => (Allow) G:\STEAM Library\SteamApps\common\Factorio\bin\x64\factorio.exe => No File
FirewallRules: [TCP Query User{AC134181-674B-442D-81D7-B3CB2AAF17F8}C:\users\winki\appdata\local\chia-blockchain\app-1.1.5\resources\app.asar.unpacked\daemon\start_farmer.exe] => (Allow) C:\users\winki\appdata\local\chia-blockchain\app-1.1.5\resources\app.asar.unpacked\daemon\start_farmer.exe => No File
FirewallRules: [UDP Query User{BC36A58E-76F7-405D-B77A-972F99353008}C:\users\winki\appdata\local\chia-blockchain\app-1.1.5\resources\app.asar.unpacked\daemon\start_farmer.exe] => (Allow) C:\users\winki\appdata\local\chia-blockchain\app-1.1.5\resources\app.asar.unpacked\daemon\start_farmer.exe => No File
FirewallRules: [TCP Query User{7567D16C-3206-4164-A56C-8BD4B68F62CA}C:\users\winki\appdata\local\chia-blockchain\app-1.1.5\resources\app.asar.unpacked\daemon\start_full_node.exe] => (Allow) C:\users\winki\appdata\local\chia-blockchain\app-1.1.5\resources\app.asar.unpacked\daemon\start_full_node.exe => No File
FirewallRules: [UDP Query User{B72672E9-CAD8-44E4-A015-17EDB189A6A6}C:\users\winki\appdata\local\chia-blockchain\app-1.1.5\resources\app.asar.unpacked\daemon\start_full_node.exe] => (Allow) C:\users\winki\appdata\local\chia-blockchain\app-1.1.5\resources\app.asar.unpacked\daemon\start_full_node.exe => No File
FirewallRules: [{853332CE-3EE2-40A3-A5EB-7F27186ECF64}] => (Allow) E:\SteamLibrary\steamapps\common\Planet Zoo\PlanetZoo.exe (Frontier Developments) [File not signed]
FirewallRules: [{DA5BE6CC-6A12-49DF-81BA-DC87A0B59890}] => (Allow) E:\SteamLibrary\steamapps\common\Planet Zoo\PlanetZoo.exe (Frontier Developments) [File not signed]
FirewallRules: [TCP Query User{481C4EF9-CB4C-4D59-A208-22D177D94059}K:7\flightsimulator.exe] => (Allow) K:7\flightsimulator.exe => No File
FirewallRules: [UDP Query User{1AE3EB92-EC85-4663-AB44-BCD7E3B33C60}K:7\flightsimulator.exe] => (Allow) K:7\flightsimulator.exe => No File
FirewallRules: [TCP Query User{B8C2CD7F-6B67-4986-8FBD-C29C69AE4EDF}H:\games\sniper ghost warrior contracts 2\win_x64\sgwcontracts2.exe] => (Block) H:\games\sniper ghost warrior contracts 2\win_x64\sgwcontracts2.exe => No File
FirewallRules: [UDP Query User{3D8159EC-4410-46E0-A1BA-7EB0D34E0C8F}H:\games\sniper ghost warrior contracts 2\win_x64\sgwcontracts2.exe] => (Block) H:\games\sniper ghost warrior contracts 2\win_x64\sgwcontracts2.exe => No File
FirewallRules: [TCP Query User{94BBD6BB-F129-4DDD-8F6D-FFBE380EADF5}H:\steamlibrary\steamapps\common\fifa 21\fifa21.exe] => (Allow) H:\steamlibrary\steamapps\common\fifa 21\fifa21.exe => No File
FirewallRules: [UDP Query User{3C876C09-1C34-4394-81CD-38263710CA4E}H:\steamlibrary\steamapps\common\fifa 21\fifa21.exe] => (Allow) H:\steamlibrary\steamapps\common\fifa 21\fifa21.exe => No File
FirewallRules: [TCP Query User{0A184AF5-90DC-4AD8-8B23-127FB59AEBC3}C:\users\winki\appdata\local\chia-blockchain\app-1.1.7\resources\app.asar.unpacked\daemon\start_farmer.exe] => (Allow) C:\users\winki\appdata\local\chia-blockchain\app-1.1.7\resources\app.asar.unpacked\daemon\start_farmer.exe (CHIA NETWORK INC. -> )
FirewallRules: [UDP Query User{4F98B66C-A239-4D02-8F1D-8056E6644A9F}C:\users\winki\appdata\local\chia-blockchain\app-1.1.7\resources\app.asar.unpacked\daemon\start_farmer.exe] => (Allow) C:\users\winki\appdata\local\chia-blockchain\app-1.1.7\resources\app.asar.unpacked\daemon\start_farmer.exe (CHIA NETWORK INC. -> )
FirewallRules: [TCP Query User{3604C6F7-C39D-4276-A739-3087BC9B4096}C:\users\winki\appdata\local\chia-blockchain\app-1.1.7\resources\app.asar.unpacked\daemon\start_full_node.exe] => (Allow) C:\users\winki\appdata\local\chia-blockchain\app-1.1.7\resources\app.asar.unpacked\daemon\start_full_node.exe (CHIA NETWORK INC. -> )
FirewallRules: [UDP Query User{C28C3F18-00AF-42A7-8553-81415503AECE}C:\users\winki\appdata\local\chia-blockchain\app-1.1.7\resources\app.asar.unpacked\daemon\start_full_node.exe] => (Allow) C:\users\winki\appdata\local\chia-blockchain\app-1.1.7\resources\app.asar.unpacked\daemon\start_full_node.exe (CHIA NETWORK INC. -> )
FirewallRules: [{AF650B7F-4C27-4080-8306-5712572FB372}] => (Allow) H:\SteamLibrary\steamapps\common\Gas Station Simulator - Early Days\GSS2.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{A9E48391-1CCF-4BD5-8520-EFCED627C075}] => (Allow) H:\SteamLibrary\steamapps\common\Gas Station Simulator - Early Days\GSS2.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [TCP Query User{E7D01ABD-8402-4972-B31A-4AE2458BEB5E}G:\hry\mini.motorways\mini.motorways\mini motorways\mini motorways.exe] => (Block) G:\hry\mini.motorways\mini.motorways\mini motorways\mini motorways.exe () [File not signed]
FirewallRules: [UDP Query User{77CA0E98-FD1B-4776-86B8-BFE018C99EC0}G:\hry\mini.motorways\mini.motorways\mini motorways\mini motorways.exe] => (Block) G:\hry\mini.motorways\mini.motorways\mini motorways\mini motorways.exe () [File not signed]
FirewallRules: [{B25F81CA-E109-4993-B4F7-919C6A85E21A}] => (Allow) H:\SteamLibrary\steamapps\common\PapersPlease\PapersPlease.exe () [File not signed]
FirewallRules: [{218F28B3-904E-4499-934B-CD0F9545EB2C}] => (Allow) H:\SteamLibrary\steamapps\common\PapersPlease\PapersPlease.exe () [File not signed]
FirewallRules: [{306AFC88-7E91-4CA5-A479-7D13CA3C1124}] => (Allow) K:\SteamLibrary\steamapps\common\PapersPlease\PapersPlease.exe () [File not signed]
FirewallRules: [{4811FDA1-3B7E-4692-9C1C-6DE4C0F69535}] => (Allow) K:\SteamLibrary\steamapps\common\PapersPlease\PapersPlease.exe () [File not signed]
FirewallRules: [{948C15AA-CD49-44CF-95FB-A12EFF543BD3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{34F342DE-44CF-4170-AF62-8A97F6094471}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FA64D215-82D1-4FE0-AEF9-B8A2D1456E11}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{886092C7-E882-441D-B727-83D940F52A77}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{749FDDB0-97E9-4A85-96E0-274CD23D9C19}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\RidersRepublic\RidersRepublic.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [{1F8E32D3-03F7-44F8-AD78-C60A02B65144}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\RidersRepublic\RidersRepublic_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{BCDC3DC9-905D-4628-8C19-1C7962886440}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\RidersRepublic\RidersRepublic_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{5EAB39AD-DDCD-4876-9590-97D8E82955EE}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{585E418A-A565-4455-A19C-01C1381BFC97}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{1749CB2C-943E-4C2F-9415-87A17BD6A6DE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F8A3C8FD-4F19-4CD8-BB56-4229E57AE990}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{62C9C2EE-422F-4F68-90FA-3B6ED4FEF19F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{049E8D22-4680-4D47-A28F-C70D1E472B55}] => (Allow) K:\SteamLibrary\steamapps\common\Gas Station Simulator\GSS2.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{C7AF6440-F81A-4E98-9CC4-5D2F3F89B022}] => (Allow) K:\SteamLibrary\steamapps\common\Gas Station Simulator\GSS2.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{52C3161A-2160-4EF9-8756-BF03E7C49B18}] => (Allow) C:\Program Files\Opera\79.0.4143.50\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{81F08A38-30B9-44FC-8FE0-38A0D38B1FBE}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\94.0.992.38\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4C932917-4206-4FA7-83AF-EB227CA9382D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{64E9F5ED-2A98-46B4-8072-C5FC6C80C472}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{3DE85681-F361-4BAC-90BE-654483C95EB5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{37F3DEFB-4B6D-4108-9F08-A614F3A7C5FD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{1AFE280B-A952-4FAB-B2AF-3D05748606DD}] => (Allow) E:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{6F40BC70-AE73-426A-8F7E-7A6A89BB5C89}] => (Allow) E:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{211DEB12-7857-4402-991C-CAC0D6D32482}] => (Allow) E:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{F8A986C7-A677-4666-A172-80F306197826}] => (Allow) E:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{A72CC295-1251-42E9-849C-EB952BA5E5CA}] => (Allow) C:\Program Files\Opera\79.0.4143.72\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{3562F090-093B-4A2B-8540-B412ACD13FA9}] => (Allow) E:\SteamLibrary\steamapps\common\Factorio\bin\x64\factorio.exe (Wube Software) [File not signed]
FirewallRules: [{422D3C76-71D9-431F-9860-1DC9D8495BA0}] => (Allow) E:\SteamLibrary\steamapps\common\Factorio\bin\x64\factorio.exe (Wube Software) [File not signed]
FirewallRules: [{F42EA774-545D-4FCE-91F1-4E9761F18D94}] => (Allow) E:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win64\RocketLeague.exe (Psyonix, LLC) [File not signed]
FirewallRules: [{D14432E9-89B7-4BEA-8C68-F0565150D4C6}] => (Allow) E:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win64\RocketLeague.exe (Psyonix, LLC) [File not signed]

==================== Restore Points =========================


==================== Faulty Device Manager Devices ============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (10/08/2021 12:25:50 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro C:\Users\winki\AppData\Local\Chromium\Application\chrome.exe se nezdařilo.
Závislé sestavení 63.0.3237.0,language="&#x2a;",type="win32",version="63.0.3237.0" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (10/08/2021 12:15:02 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (10/08/2021 12:09:39 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro C:\Users\winki\AppData\Local\Chromium\Application\chrome.exe se nezdařilo.
Závislé sestavení 63.0.3237.0,language="&#x2a;",type="win32",version="63.0.3237.0" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (10/08/2021 12:08:17 AM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (10/08/2021 12:08:17 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (10/08/2021 12:08:17 AM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (10/07/2021 09:01:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: RocketLeague.exe, verze: 1.0.10897.0, časové razítko: 0x61527f30
Název chybujícího modulu: EOSSDK-Win64-Shipping.dll, verze: 1.13.0.0, časové razítko: 0x61252e78
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000407dcf
ID chybujícího procesu: 0xf40
Čas spuštění chybující aplikace: 0x01d7bba32d5cd48c
Cesta k chybující aplikaci: E:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win64\RocketLeague.exe
Cesta k chybujícímu modulu: E:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win64\EOSSDK-Win64-Shipping.dll
ID zprávy: 57d4f09a-04e8-4c99-823d-e111ed4f959d
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (10/07/2021 04:22:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: RocketLeague.exe, verze: 1.0.10897.0, časové razítko: 0x61527f30
Název chybujícího modulu: EOSSDK-Win64-Shipping.dll, verze: 1.13.0.0, časové razítko: 0x61252e78
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000407dcf
ID chybujícího procesu: 0x4ca4
Čas spuštění chybující aplikace: 0x01d7bb8638f9a45f
Cesta k chybující aplikaci: E:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win64\RocketLeague.exe
Cesta k chybujícímu modulu: E:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win64\EOSSDK-Win64-Shipping.dll
ID zprávy: fa8e754e-5ce1-4dbc-9cc4-69b4e99e5c91
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:


System errors:
=============
Error: (10/08/2021 12:11:52 AM) (Source: DCOM) (EventID: 10000) (User: DESKTOP-0S50FER)
Description: Nelze spustit server DCOM: {0358B920-0AC7-461F-98F4-58E32CD89148}. Došlo k chybě:
2147942767
při provádění příkazu:
C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (10/07/2021 04:14:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Steam Client Service neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (10/07/2021 04:14:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Steam Client Service bylo dosaženo časového limitu (30000 ms).

Error: (10/07/2021 12:20:31 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80073d02): 9MWPM2CQNLHN-Microsoft.GamingServices.

Error: (10/06/2021 04:20:58 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80073d02): 9MV0B5HZVK9Z-Microsoft.GamingApp.

Error: (10/05/2021 09:51:22 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {338B40F9-9D68-4B53-A793-6B9AA0C5F63B} se v daném časovém limitu neregistroval u služby DCOM.

Error: (10/03/2021 09:33:20 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Stínové kopie svazku C: byly přerušeny, protože z důvodu limitu stanoveného uživatelem se nepodařilo zvětšit úložiště stínové kopie.

Error: (10/03/2021 07:10:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba SysMain byla ukončena s následující chybou:
Parametr není správný.


Windows Defender:
================
Date: 2021-10-07 15:36:56
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {7AEF4776-563C-4D28-9AFA-C46C7A2C6B16}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-10-07 12:23:05
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {266001C3-D81C-45D3-907B-A6A738DC620E}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-10-05 16:52:12
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {C9D32EFB-2FF7-473C-BC15-4DA5FBFC3E4C}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-10-02 18:21:52
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {BDC54546-61F1-4640-8D39-BB5BCB86EDB4}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-10-01 12:44:23
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {588BCE22-4627-48F5-A23D-F90F6F46FF55}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

==================== Memory info ===========================

BIOS: American Megatrends Inc. V1.3 06/06/2013
Motherboard: MSI Z87-G43 (MS-7816)
Processor: Intel(R) Core(TM) i7-4770K CPU @ 3.50GHz
Percentage of memory in use: 26%
Total physical RAM: 32712.05 MB
Available physical RAM: 24120.7 MB
Total Virtual: 37576.05 MB
Available Virtual: 27070.41 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.13 GB) (Free:201.21 GB) NTFS
Drive d: (TOMAŠ) (Fixed) (Total:78.12 GB) (Free:20.99 GB) NTFS
Drive e: (DATA II) (Fixed) (Total:1863.01 GB) (Free:360.04 GB) NTFS
Drive f: (DAVID) (Fixed) (Total:146.48 GB) (Free:142.14 GB) NTFS
Drive g: (DATA) (Fixed) (Total:1638.4 GB) (Free:311.12 GB) NTFS
Drive h: (SSD) (Fixed) (Total:111.79 GB) (Free:84.36 GB) NTFS
Drive i: (AE) (Fixed) (Total:119.24 GB) (Free:75.37 GB) NTFS
Drive j: (Chia) (Fixed) (Total:3725.99 GB) (Free:76.4 GB) NTFS
Drive k: (SSD 1TB) (Fixed) (Total:953.87 GB) (Free:509.47 GB) NTFS

\\?\Volume{609ec42c-0000-0000-0080-000000000000}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{947c07af-575c-588f-8330-9332f450bc9d}\ () (Fixed) (Total:41.56 GB) (Free:0 GB) NTFS
\\?\Volume{a74463e5-eb45-4ae5-3791-12ad3e320325}\ () (Fixed) (Total:1.1 GB) (Free:0 GB) NTFS
\\?\Volume{609ec42c-0000-0000-0000-804e74000000}\ () (Fixed) (Total:0.53 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 609EC42C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=545 MB) - (Type=27)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 119.2 GB) (Disk ID: F41F2085)
Partition 1: (Active) - (Size=119.2 GB) - (Type=42)
Partition 2: (Not Active) - (Size=313 KB) - (Type=42)

==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 339FA51A)
Partition 1: (Not Active) - (Size=78.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1638.4 GB) - (Type=07 NTFS)

==========================================================
Disk: 3 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: B37CEE99)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==========================================================
Disk: 4 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: EB4C3A42)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS)

==========================================================
Disk: 5 (MBR Code: Windows 7/8/10) (Size: 953.9 GB) (Disk ID: 59C77ABE)
Partition 1: (Not Active) - (Size=953.9 GB) - (Type=07 NTFS)

==========================================================
Disk: 6 (Size: 3726 GB) (Disk ID: 16F2A91F)

Partition: GPT.
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 7.
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 8.

==================== End of Addition.txt =======================

Re: Kontrola po spuštění fake aplikace (Phishing)

Napsal: 11 říj 2021 14:37
od Rudy
Zdravím!
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

Re: Kontrola po spuštění fake aplikace (Phishing)

Napsal: 11 říj 2021 15:54
od windyOMG
Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 11.10.21
Čas skenování: 16:45
Logovací soubor: d653914e-2aa1-11ec-9f4b-d43d7ebdf362.json

-Informace o softwaru-
Verze: 4.4.8.137
Verze komponentů: 1.0.1474
Aktualizovat verzi balíku komponent: 1.0.45786
Licence: Zkušební

-Systémová informace-
OS: Windows 10 (Build 19043.1237)
CPU: x64
Systém souborů: NTFS
Uživatel: DESKTOP-0S50FER\winki

-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Spuštění skenování: Ruční
Výsledek: Dokončeno
Skenované objekty: 413100
Zjištěné hrozby: 1
Hrozby umístěné do karantény: 1
Uplynulý čas: 4 min, 46 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 1
PUP.Optional.InstallCore, HKU\S-1-5-21-116116240-444440880-2871013289-1001\SOFTWARE\CSASTATS\ic, V karanténě, 516, 586068, 1.0.45786, , ame, , ,

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 0
(Nebyly zjištěny žádné škodlivé položky)

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)

WMI: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)

Re: Kontrola po spuštění fake aplikace (Phishing)

Napsal: 11 říj 2021 16:49
od Rudy
Nalezenou položku smažte (dejte do karantény) a potom dejte nové logy FRST+Addition.

Re: Kontrola po spuštění fake aplikace (Phishing)

Napsal: 11 říj 2021 18:19
od windyOMG
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-10-2021
Ran by winki (administrator) on DESKTOP-0S50FER (MSI MS-7816) (11-10-2021 19:11:02)
Running from C:\Users\winki\Desktop\FRST-OlderVersion
Loaded Profiles: winki
Platform: Microsoft Windows 10 Pro Version 21H1 19043.1237 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <2>
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Discord Inc. -> Discord Inc.) C:\Users\winki\AppData\Local\Discord\app-1.0.9003\Discord.exe <6>
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Google LLC -> Google LLC) C:\Users\winki\AppData\Local\Google\Chrome\Application\chrome.exe <33>
(CHENGDU YIWO Tech Development Co., Ltd. -> ) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
(CHENGDU YIWO Tech Development Co., Ltd. -> ) C:\Program Files (x86)\EaseUS\Todo Backup\CMC\bin\EBCClient.exe
(CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(Locktime Software s.r.o. -> Locktime Software) C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe
(Logitech Inc -> Logitech) C:\ProgramData\LogiShrd\LogiOptions\Software\Current\LogiOverlay.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(Logitech Inc -> Logitech, Inc.) C:\ProgramData\LogiShrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\winki\AppData\Local\Microsoft\BingWallpaperApp\BingWallpaperApp.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2109.6305.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingApp_2110.1001.3.0_x64__8wekyb3d8bbwe\XboxAppServices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.57.20005.0_x64__8wekyb3d8bbwe\gamingservices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.57.20005.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12107.1001.15.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\GameBarPresenceWriter.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_19c79fb6254e3b11\Display.NvContainer\NVDisplay.Container.exe <2>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Plex, Inc. -> ) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe
(Plex, Inc. -> Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Plex, Inc. -> Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
(Plex, Inc. -> Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Psyonix, LLC) [File not signed] [File is in use] E:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win64\RocketLeague.exe
(Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe <4>
(Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagicianSVC.exe
(SatoshiLabs, s.r.o. -> ) C:\Program Files (x86)\TREZOR Bridge\trezord.exe
(Skillbrains) [File not signed] C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <8>
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\GameOverlayUI.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-07-14] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [2176648 2018-06-27] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3952096 2020-03-11] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [339512 2021-08-04] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2623032 2019-07-05] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] (OOO Lightshot -> )
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [5314096 2020-03-06] (Adobe Inc. -> Adobe Systems Inc.)
HKLM-x32\...\Run: [Opera Browser Assistant] => C:\Program Files\Opera\assistant\browser_assistant.exe [4105424 2021-10-05] (Opera Software AS -> Opera Software)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2340224 2021-09-30] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [20229112 2020-08-27] (Plex, Inc. -> Plex, Inc.)
HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\Run: [Google Update] => C:\Users\winki\AppData\Local\Google\Update\1.3.36.112\GoogleUpdateCore.exe [223816 2021-10-01] (Google LLC -> Google LLC)
HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\Run: [Discord] => C:\Users\winki\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2020-09-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [68408 2020-09-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2020-09-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2020-09-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35093120 2021-09-10] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\Run: [Chromium] => "c:\users\winki\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-11-26] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\Run: [BingWallpaperApp] => C:\Users\winki\AppData\Local\Microsoft\BingWallpaperApp\BingWallpaperApp.exe [8537992 2021-08-23] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\MountPoints2: {51189c54-fea3-11e6-84cd-d43d7ebdf362} - "L:\setup.exe"
HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\MountPoints2: {51189c68-fea3-11e6-84cd-d43d7ebdf362} - "M:\setup.exe"
HKLM\...\Windows x64\Print Processors\HP1020PrintProc: C:\Windows\System32\spool\prtprocs\x64\pphp1020.dll [65024 2012-09-18] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [65488 2020-03-06] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\HPLJ1020LM: C:\Windows\system32\zlhp1020.dll [192512 2012-09-18] (Microsoft Windows Hardware Compatibility Publisher -> )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TREZOR Bridge.lnk [2021-04-19]
ShortcutTarget: TREZOR Bridge.lnk -> C:\Program Files (x86)\TREZOR Bridge\trezord.exe (SatoshiLabs, s.r.o. -> )
Startup: C:\Users\winki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TREZOR Bridge.lnk [2018-11-20]
ShortcutTarget: TREZOR Bridge.lnk -> C:\Program Files (x86)\TREZOR Bridge\trezord.exe (SatoshiLabs, s.r.o. -> )
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0CBBB98C-185E-4E3F-9534-378A7B6AA85F} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1844488 2017-10-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {1EE03511-592B-4CE9-86D3-7347A05D6666} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {22433C11-6461-48E1-A7D7-C7BC91E3B3C9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {225032E8-C932-4DE4-8C3E-29331FFA3B8E} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335872 2019-02-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {29496495-DBEA-4A25-8A1B-F1A2E6758D3E} - System32\Tasks\BlueStacksHelper => E:\BlueStacks\BlueStacks\Client\Helper\BlueStacksHelper.exe [754104 2021-01-07] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
Task: {37FCFF72-FB4C-43E8-8E6F-44F3C5C8325D} - System32\Tasks\CCleanerSkipUAC - winki => C:\Program Files\CCleaner\CCleaner.exe [29155968 2021-09-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {4546E0B9-1CAE-45C8-A5D9-3909CA58A036} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5852828C-5F23-4BBC-8398-A87BAF28FA4C} - System32\Tasks\update-S-1-5-21-116116240-444440880-2871013289-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {5C779B50-E435-4927-96B5-2DD5019408B7} - System32\Tasks\Red Giant Link => C:\Program Files\Red Giant Link\Red Giant Link.exe
Task: {618F94CF-8D2C-44F6-8A75-D879641D0389} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6325AA52-C076-457C-8B4C-D1A8936425DC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {6806018A-361B-4255-9B9C-D4CB6D759316} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [1967880 2017-10-11] (Microsoft Corporation -> Microsoft)
Task: {688B931F-ABB5-4F77-92D3-18F4F7A3D913} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {6A6D4688-3816-41D1-AEB0-C1F5020E2F5E} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {71688812-9B43-4196-8392-ED30620DBB6F} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [110660344 2021-09-16] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
Task: {7238502E-7979-4C81-9689-EF6C98D0F531} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-07-14] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {7306F5F2-F345-43BD-B903-82068DC5492E} - System32\Tasks\Microsoft\Windows\rempl\shell => C:\Program Files\rempl\sedlauncher.exe
Task: {7E185508-AB5F-4E3D-AF92-D727B92ED555} - System32\Tasks\Opera scheduled assistant Autoupdate 1600814896 => C:\Program Files\Opera\launcher.exe [42731728 2021-09-28] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Program Files\Opera\assistant" $(Arg0)
Task: {7F7FFB5C-9549-43CF-BC93-7F788ED456E2} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_142_Plugin.exe [1457152 2019-02-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {81D5CB1A-E49C-40BD-BF83-03D22B51AF1E} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2497800 2017-10-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {85D780AF-E3CD-4EC2-9F6E-451ACA91817E} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {95203962-B68A-4868-95A1-B4B317918CC0} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2497800 2017-10-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {9C3B4B18-C671-4402-8872-CD0C2B97AD8B} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {9CE455CC-F7D6-4FD5-83AB-F84D314E641A} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-09-10] (Piriform Software Ltd -> Piriform)
Task: {9FF06ED2-C1C1-40D0-9E0A-A6A935FAA6D3} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-0S50FER-winki => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {A4A0E901-69F7-46B4-9CD2-B719D143A794} - System32\Tasks\Opera scheduled Autoupdate 1525300582 => C:\Program Files\Opera\launcher.exe [42731728 2021-09-28] (Opera Software AS -> Opera Software)
Task: {A5CFED16-5809-4D56-A84B-6223E5E4875A} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [645488 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A62F56C3-1646-41BA-8694-6C56ED09F572} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [29155968 2021-09-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {AAC03E66-81F8-45AF-91AD-2A45F90B641D} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1844488 2017-10-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {AAFFAAD3-7110-4AE3-AF5A-A0E361CD54CE} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3339120 2021-06-15] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {AC38554B-50DD-4AB5-A97F-A43BFFED0CFB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {B13AE8B6-9ACC-4FA3-A220-D79E3300EA89} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-116116240-444440880-2871013289-1001UA => C:\Users\winki\AppData\Local\Google\Update\GoogleUpdate.exe [153752 2017-02-26] (Google Inc -> Google Inc.)
Task: {B62C7899-F0EE-4494-BB2A-A1802E5B5065} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {BB0935CC-BD63-464F-886F-D1CC7280830E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-08-15] (Google Inc -> Google Inc.)
Task: {BBA3FD37-275D-4B33-A946-D68E471B46A1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-116116240-444440880-2871013289-1001Core => C:\Users\winki\AppData\Local\Google\Update\GoogleUpdate.exe [153752 2017-02-26] (Google Inc -> Google Inc.)
Task: {C0C1754E-C513-417D-9E3B-DD500587F2DF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {C35C5792-B244-49A0-90E4-556E4999A02A} - System32\Tasks\Microsoft_MKC_Logon_Task_ceip.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ceip.exe [39176 2017-10-11] (Microsoft Corporation -> Microsoft)
Task: {C3854B7A-2F25-4BA7-B66B-8844F2E12BE1} - System32\Tasks\ProtonVPN Update => C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [61760 2020-09-01] (ProtonVPN AG -> )
Task: {C9DCDCDF-B853-4F86-8282-B2C28762A32E} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D10E0421-F103-4AA3-998A-D5BBDDDA0C61} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {D59A6508-6049-4F6C-802D-3047A26F7FE1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-08-15] (Google Inc -> Google Inc.)
Task: {D652AFA8-4973-45FA-8155-F46F17329808} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {DCF73F1E-2CE2-4139-8AAF-D303E5CA75EC} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [316632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {E7A8EDEC-A7E6-439E-B333-0C3E1130D771} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [3977072 2021-09-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {EFE93434-60D4-4446-A1CA-457F3C800134} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [680888 2021-10-06] (Mozilla Corporation -> Mozilla Foundation)
Task: {F6F527BD-98C3-4B47-A272-F4F4A8BA5FD1} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {FD3D6E59-19D1-4E34-A813-430D0A075BBA} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\update-S-1-5-21-116116240-444440880-2871013289-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{f6f79c62-3dd4-4c57-afbc-ad196e28e681}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\winki\AppData\Local\Microsoft\Edge\User Data\Default [2021-10-08]

FireFox:
========
FF DefaultProfile: 8k8cupjw.default
FF ProfilePath: C:\Users\winki\AppData\Roaming\Mozilla\Firefox\Profiles\z37zlo3y.default-release-1580922384981 [2021-10-11]
FF Extension: (Disconnect) - C:\Users\winki\AppData\Roaming\Mozilla\Firefox\Profiles\z37zlo3y.default-release-1580922384981\Extensions\2.0@disconnect.me.xpi [2021-02-22]
FF Extension: (TubeBuddy) - C:\Users\winki\AppData\Roaming\Mozilla\Firefox\Profiles\z37zlo3y.default-release-1580922384981\Extensions\e389d8c2-5554-4ba2-a36e-ac7a57093130@gmail.com.xpi [2021-09-22]
FF Extension: (BetterTTV) - C:\Users\winki\AppData\Roaming\Mozilla\Firefox\Profiles\z37zlo3y.default-release-1580922384981\Extensions\firefox@betterttv.net.xpi [2021-10-07]
FF Extension: (vidIQ Vision for YouTube) - C:\Users\winki\AppData\Roaming\Mozilla\Firefox\Profiles\z37zlo3y.default-release-1580922384981\Extensions\firefox@vid.io.xpi [2021-09-29]
FF Extension: (Twitch Clip Downloader) - C:\Users\winki\AppData\Roaming\Mozilla\Firefox\Profiles\z37zlo3y.default-release-1580922384981\Extensions\{242c2204-f50c-4495-8ec1-57c9d722524a}.xpi [2021-06-28]
FF Extension: (Downloader for Instagram™) - C:\Users\winki\AppData\Roaming\Mozilla\Firefox\Profiles\z37zlo3y.default-release-1580922384981\Extensions\{83bdc210-e037-4d76-8889-2e127ecc06c7}.xpi [2020-05-12]
FF Extension: (The Unofficial Social Blade Extension) - C:\Users\winki\AppData\Roaming\Mozilla\Firefox\Profiles\z37zlo3y.default-release-1580922384981\Extensions\{a5213d5f-2958-4370-848c-91caac3d96bc}.xpi [2020-05-16]
FF Extension: (Video DownloadHelper) - C:\Users\winki\AppData\Roaming\Mozilla\Firefox\Profiles\z37zlo3y.default-release-1580922384981\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2021-07-03]
FF Extension: (No Name) - C:\Users\winki\AppData\Roaming\Mozilla\Firefox\Profiles\z37zlo3y.default-release-1580922384981\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2021-09-03]
FF Extension: (M Clip Twitch) - C:\Users\winki\AppData\Roaming\Mozilla\Firefox\Profiles\z37zlo3y.default-release-1580922384981\Extensions\{d663b001-775c-4cef-aa5f-b757be3d896b}.xpi [2020-06-12]
FF ProfilePath: C:\Users\winki\AppData\Roaming\Mozilla\Firefox\Profiles\8k8cupjw.default [2021-02-22]
FF Extension: (Seznam doplněk - Esko) - C:\Users\winki\AppData\Roaming\Mozilla\Firefox\Profiles\8k8cupjw.default\Extensions\sko-extension@firma.seznam.cz.xpi [2020-01-29]
FF Extension: (Avast SafePrice | Srovnání, výhodné nabídky, kupóny) - C:\Users\winki\AppData\Roaming\Mozilla\Firefox\Profiles\8k8cupjw.default\Extensions\sp@avast.com.xpi [2020-01-18]
FF Extension: (Avast Online Security) - C:\Users\winki\AppData\Roaming\Mozilla\Firefox\Profiles\8k8cupjw.default\Extensions\wrc@avast.com.xpi [2019-10-06] [UpdateUrl:hxxps://firefoxext.avcdn.net/firefoxext/avast/aos/update.json]
FF Extension: (No Name) - C:\Users\winki\AppData\Roaming\Mozilla\Firefox\Profiles\8k8cupjw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-11-25]
FF Extension: (M Clip Twitch) - C:\Users\winki\AppData\Roaming\Mozilla\Firefox\Profiles\8k8cupjw.default\Extensions\{d663b001-775c-4cef-aa5f-b757be3d896b}.xpi [2020-02-01]
FF Extension: (No Name) - C:\Users\winki\AppData\Roaming\Mozilla\Firefox\Profiles\8k8cupjw.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [not found]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2020-03-05]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_142.dll [2019-02-12] (Adobe Systems Incorporated -> )
FF Plugin: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-08-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-08-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_142.dll [2019-02-12] (Adobe Systems Incorporated -> )
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2020-03-06] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-09-25] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default [2021-10-11]
CHR HomePage: Default -> hxxps://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://seznam.cz/"
CHR Extension: (Easy Auto Refresh) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2021-04-12]
CHR Extension: (Překladač Google) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2021-08-14]
CHR Extension: (Prezentace) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (BetterTTV) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2021-10-06]
CHR Extension: (Dokumenty) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Disk Google) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-25]
CHR Extension: (YouTube) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-26]
CHR Extension: (Honey) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2021-09-28]
CHR Extension: (Social Blade) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfidkbgamfhdgmedldkagjopnbobdmdn [2021-05-31] [UpdateUrl:hxxps://addon.socialblade.com/updates.json] <==== ATTENTION
CHR Extension: (NeatClip) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhflbphjbcnpeebdbgbambmohadfaok [2020-05-16]
CHR Extension: (Adobe Acrobat) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-09-07]
CHR Extension: (Fonts Ninja) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\eljapbgkmlngdpckoiiibecpemleclhh [2021-08-19]
CHR Extension: (FrankerFaceZ) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadndhdgpmmaapbmfcknlfgcflmmmieb [2019-03-27]
CHR Extension: (GoFullPage - Full Page Screen Capture) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2021-07-17]
CHR Extension: (Tabulky) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Otto Numbers) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpffdbakgdicgjkjacckjegnafcfmjep [2021-10-10]
CHR Extension: (Plex) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpniocchabmgenibceglhnfeimmdhdfm [2017-10-11]
CHR Extension: (Vzdálená plocha Chrome) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2019-07-17]
CHR Extension: (Night Mode Pro) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbilbeoogenjmnabenfjfoockmpfnjoh [2021-07-20]
CHR Extension: (Dokumenty Google offline) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-09-28]
CHR Extension: (FormApps Extension) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilfoopambfaclfjmpiaijnccgcmbeigi [2017-06-14]
CHR Extension: (M Clip Twitch) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaipghhkfodkjbodidbgnekkkdbagade [2021-02-22]
CHR Extension: (TREZOR Chrome Extension) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcjjhjgimijdkoamemaghajlhegmoclj [2017-12-11]
CHR Extension: (WavesLiteApp) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfmcaklajknfekomaflnhkjjkcjabogm [2018-09-04]
CHR Extension: (Google Play) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2017-02-26]
CHR Extension: (Mapy Google) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2017-02-26]
CHR Extension: (Morpheon Dark) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad [2018-09-14]
CHR Extension: (Twitch Clip Downloader 2020) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnenbmhckgnahghjhelklajobocdiijf [2021-02-22]
CHR Extension: (MetaMask) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2021-10-11]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Enhanced Steam) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2019-02-01]
CHR Extension: (Twitch Channel Points Autoclicker) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbeamibpehihpjljabhnchghlbneiane [2021-02-22]
CHR Extension: (Evernote Web Clipper) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2021-07-27]
CHR Extension: (Gmail) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Extension: (Hlídač Shopů) - C:\Users\winki\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlonggbfebcjelncogcnclagkmkikk [2021-09-17]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

Opera:
=======
OPR Profile: C:\Users\winki\AppData\Roaming\Opera Software\Opera Stable [2021-10-11]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=o ... utEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\winki\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-07-14]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335872 2019-02-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [816184 2019-07-05] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3779840 2021-07-14] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3547904 2021-07-14] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [99104 2021-03-16] (Apple Inc. -> Apple Inc.)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-02-07] (Disc Soft Ltd -> Disc Soft Ltd)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [42632 2020-04-15] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [812976 2021-10-08] (EasyAntiCheat Oy -> Epic Games, Inc)
R2 EBC Client; C:\Program Files (x86)\EaseUS\Todo Backup\CMC\bin\EBCClient.exe [95880 2020-04-16] (CHENGDU YIWO Tech Development Co., Ltd. -> )
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\21.180.0905.0007\FileSyncHelper.exe [3249520 2021-09-30] (Microsoft Corporation -> Microsoft Corporation)
S3 MagicianSVC; C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagicianSVC.exe [348728 2021-09-16] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7801016 2021-10-11] (Malwarebytes Inc -> Malwarebytes)
R2 nlsvc; C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe [314232 2020-08-05] (Locktime Software s.r.o. -> Locktime Software)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\21.180.0905.0007\OneDriveUpdaterService.exe [3718016 2021-09-30] (Microsoft Corporation -> Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2557144 2021-10-01] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3475680 2021-10-01] (Electronic Arts, Inc. -> Electronic Arts)
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [1412592 2020-08-27] (Plex, Inc. -> Plex, Inc.)
S3 ProtonVPN Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe [98624 2020-09-01] (ProtonVPN AG -> )
S3 ProtonVPN Update Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [61760 2020-09-01] (ProtonVPN AG -> )
R2 SamsungMagicianSVC; C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagicianSVC.exe [348728 2021-09-16] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5394872 2021-09-17] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13353768 2021-09-15] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\NisSrv.exe [2855512 2021-10-06] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MsMpEng.exe [128392 2021-10-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe [495720 2018-07-04] (Wondershare Technology Co.,Ltd -> Wondershare)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_19c79fb6254e3b11\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_19c79fb6254e3b11\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 anvsnddrv; C:\WINDOWS\system32\drivers\anvsnddrv.sys [34416 2016-03-24] (Anvsoft Inc. -> AnvSoft Inc.)
R2 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv_bgp.sys [315976 2020-10-05] (Bluestack Systems, Inc -> Bluestack System Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-03-01] (Disc Soft Ltd -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-03-01] (Disc Soft Ltd -> Disc Soft Ltd)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [160176 2021-10-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R0 EUBAKUP; C:\WINDOWS\System32\drivers\eubakup.sys [73448 2020-02-24] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R0 EUBKMON; C:\WINDOWS\System32\drivers\EUBKMON.sys [53504 2020-02-24] (Microsoft Windows Hardware Compatibility Publisher -> )
R1 EUDSKACS; C:\WINDOWS\system32\drivers\eudskacs.sys [22784 2020-02-24] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R1 EUFDDISK; C:\WINDOWS\system32\drivers\EuFdDisk.sys [341760 2020-02-24] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210344 2021-10-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-10-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [193448 2021-10-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69040 2021-10-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-10-11] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [149424 2021-10-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2017-10-11] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R0 nldrv; C:\WINDOWS\System32\drivers\nldrv.sys [183528 2020-08-05] (Locktime Software s.r.o. -> Locktime Software)
S3 ProtonVPNSplitTunnel; C:\Program Files (x86)\Proton Technologies\ProtonVPN\x64\Win10\ProtonVPN.SplitTunnelDriver.sys [31584 2020-08-19] (Microsoft Windows Hardware Compatibility Publisher -> Proton Technologies AG)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
R3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [49008 2020-08-19] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2017-10-11] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48520 2021-10-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [434424 2021-10-06] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86264 2021-10-06] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-10-11 18:56 - 2021-10-11 19:11 - 000000000 ___DC C:\Users\winki\Desktop\FRST-OlderVersion
2021-10-11 16:54 - 2021-10-11 16:54 - 000001775 ____C C:\Users\winki\Desktop\2.txt
2021-10-11 16:51 - 2021-10-11 16:51 - 000001789 ____C C:\Users\winki\Desktop\1.txt
2021-10-11 16:44 - 2021-10-11 16:45 - 040148184 _____ C:\Users\winki\Downloads\CzechCloud_1633963479881.mp4
2021-10-11 16:44 - 2021-10-11 16:44 - 030416002 _____ C:\Users\winki\Downloads\Herdyn_1633963464128.mp4
2021-10-11 16:36 - 2021-10-11 16:37 - 043445128 _____ C:\Users\winki\Downloads\KouKiShaK_1633963002269.mp4
2021-10-11 16:24 - 2021-10-11 16:24 - 019417743 _____ C:\Users\winki\Downloads\TheDigitalAdventurers_1633962255152.mp4
2021-10-11 16:23 - 2021-10-11 16:23 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-10-11 16:23 - 2021-10-11 16:23 - 000210344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-10-11 16:23 - 2021-10-11 16:23 - 000193448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-10-11 16:23 - 2021-10-11 16:23 - 000149424 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-10-11 16:23 - 2021-10-11 16:23 - 000069040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-10-11 16:23 - 2021-10-11 16:23 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-10-11 16:23 - 2021-10-11 16:23 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-10-11 16:23 - 2021-10-11 16:23 - 000000000 ____D C:\Users\winki\AppData\Local\mbam
2021-10-11 16:23 - 2021-10-11 16:22 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-10-11 16:23 - 2021-10-11 16:22 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-10-11 16:13 - 2021-10-11 16:13 - 002101944 _____ (Malwarebytes) C:\Users\winki\Desktop\MBSetup-35891.35891-consumer.exe
2021-10-11 16:12 - 2021-10-11 16:12 - 024663882 _____ C:\Users\winki\Downloads\SRobinem_1633961521475.mp4
2021-10-11 16:06 - 2021-10-11 16:06 - 007956226 _____ C:\Users\winki\Downloads\grinderreborn_1633961157899.mp4
2021-10-11 15:39 - 2021-10-11 15:39 - 007537811 _____ C:\Users\winki\Downloads\Novby_1633959550232.mp4
2021-10-11 15:28 - 2021-10-11 15:28 - 024863309 _____ C:\Users\winki\Downloads\RobDiesALot_1633958881057.mp4
2021-10-11 14:58 - 2021-10-11 14:58 - 021356322 _____ C:\Users\winki\Downloads\CzechCloud_1633957081002.mp4
2021-10-11 14:58 - 2021-10-11 14:58 - 011837734 _____ C:\Users\winki\Downloads\Xnapycz_1633957119207.mp4
2021-10-11 14:50 - 2021-10-11 14:50 - 009241045 _____ C:\Users\winki\Downloads\2SekundovyMato_1633956606210.mp4
2021-10-11 14:49 - 2021-10-11 14:49 - 013601573 _____ C:\Users\winki\Downloads\2SekundovyMato_1633956571387.mp4
2021-10-11 14:48 - 2021-10-11 14:48 - 031603527 _____ C:\Users\winki\Downloads\DeeThane_1633956501421.mp4
2021-10-11 14:44 - 2021-10-11 14:44 - 056880974 _____ C:\Users\winki\Downloads\Agraelus_1633956245554.mp4
2021-10-11 14:43 - 2021-10-11 14:44 - 031345359 _____ C:\Users\winki\Downloads\Agraelus_1633956213788.mp4
2021-10-08 23:50 - 2021-10-08 23:50 - 000000000 ____D C:\WINDOWS\LastGood
2021-10-08 23:46 - 2021-09-16 05:28 - 001858672 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2021-10-08 23:46 - 2021-09-16 05:28 - 001858672 _____ C:\WINDOWS\system32\vulkaninfo.exe
2021-10-08 23:46 - 2021-09-16 05:28 - 001474688 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2021-10-08 23:46 - 2021-09-16 05:28 - 001438832 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-10-08 23:46 - 2021-09-16 05:28 - 001438832 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2021-10-08 23:46 - 2021-09-16 05:28 - 001212544 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2021-10-08 23:46 - 2021-09-16 05:28 - 001097832 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2021-10-08 23:46 - 2021-09-16 05:28 - 001097832 _____ C:\WINDOWS\system32\vulkan-1.dll
2021-10-08 23:46 - 2021-09-16 05:28 - 000951920 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2021-10-08 23:46 - 2021-09-16 05:28 - 000951920 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2021-10-08 23:46 - 2021-09-16 05:25 - 001520760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2021-10-08 23:46 - 2021-09-16 05:25 - 001171064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2021-10-08 23:46 - 2021-09-16 05:25 - 000716920 _____ C:\WINDOWS\system32\nvofapi64.dll
2021-10-08 23:46 - 2021-09-16 05:25 - 000676472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2021-10-08 23:46 - 2021-09-16 05:25 - 000645240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2021-10-08 23:46 - 2021-09-16 05:25 - 000577144 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2021-10-08 23:46 - 2021-09-16 05:25 - 000564344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2021-10-08 23:46 - 2021-09-16 05:24 - 008854144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2021-10-08 23:46 - 2021-09-16 05:24 - 002112120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2021-10-08 23:46 - 2021-09-16 05:24 - 001595512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2021-10-08 23:46 - 2021-09-16 05:24 - 000919160 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2021-10-08 23:46 - 2021-09-16 05:24 - 000706168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2021-10-08 23:46 - 2021-09-16 05:24 - 000447096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2021-10-08 23:46 - 2021-09-16 05:23 - 007920760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2021-10-08 23:46 - 2021-09-16 05:23 - 005681280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2021-10-08 23:46 - 2021-09-16 05:23 - 004987512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2021-10-08 23:46 - 2021-09-16 05:23 - 002925688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2021-10-08 23:46 - 2021-09-16 05:23 - 000849016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2021-10-08 23:46 - 2021-09-16 05:21 - 006216336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2021-10-08 23:46 - 2021-09-14 05:39 - 000083133 _____ C:\WINDOWS\system32\nvinfo.pb
2021-10-08 23:40 - 2021-10-11 00:24 - 000000363 ____C C:\Users\winki\Documents\rendercapslog.txt
2021-10-08 22:57 - 2021-10-08 22:58 - 000000000 ___DC C:\Users\winki\Documents\Battlefield 2042 Open Beta
2021-10-08 22:54 - 2021-10-08 22:54 - 000000000 ____D C:\Users\winki\AppData\Roaming\EasyAntiCheat
2021-10-08 22:52 - 2021-10-08 22:56 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2021-10-08 19:51 - 2021-10-08 19:51 - 000000223 ____C C:\Users\winki\Desktop\Battlefield™ 2042 Open Beta.url
2021-10-08 01:24 - 2021-10-11 00:58 - 111935488 _____ C:\WINDOWS\system32\config\SOFTWARE
2021-10-08 01:20 - 2021-10-08 01:24 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2021-10-08 00:40 - 2021-10-08 00:43 - 000109210 ____C C:\Users\winki\Desktop\Addition.txt
2021-10-08 00:38 - 2021-10-11 19:11 - 000000000 ____D C:\FRST
2021-10-08 00:38 - 2021-10-08 00:43 - 000069238 ____C C:\Users\winki\Desktop\FRST.txt
2021-10-08 00:37 - 2021-10-11 18:56 - 002310656 _____ (Farbar) C:\Users\winki\Desktop\FRST64.exe
2021-10-08 00:00 - 2021-10-08 00:00 - 000000000 ____D C:\Users\winki\AppData\Local\Yandex
2021-10-07 23:59 - 2021-10-07 23:59 - 000000000 ____D C:\Users\winki\Downloads\LetaSoft_Sound_Booster
2021-10-07 15:39 - 2021-10-07 15:39 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsignd35d656c894c5254
2021-10-07 15:39 - 2021-10-07 15:39 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsignc61808b9b4e611ac
2021-10-07 15:39 - 2021-10-07 15:39 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsign96c5100ed341cc31
2021-10-07 15:39 - 2021-10-07 15:39 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsign438be2a159abfef6
2021-10-07 15:39 - 2021-10-07 15:39 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsign21868dc2bb330680
2021-10-06 20:33 - 2021-10-06 20:33 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-10-04 14:40 - 2021-10-04 14:40 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsignfea7eeda10b488e2
2021-10-04 14:40 - 2021-10-04 14:40 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsigne9617f44df25e024
2021-10-04 14:40 - 2021-10-04 14:40 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsign5faef233732d4b57
2021-10-04 14:40 - 2021-10-04 14:40 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsign1a66f7f7af69ec84
2021-10-04 14:40 - 2021-10-04 14:40 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsign0d80ec30daac9ffb
2021-10-04 11:25 - 2021-10-04 11:25 - 000000000 ____D C:\ProgramData\MisterHorse
2021-10-04 11:19 - 2021-10-04 11:19 - 000001035 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mister Horse Product Manager.lnk
2021-10-04 11:19 - 2021-10-04 11:19 - 000000000 ____D C:\Program Files\Mister Horse Product Manager
2021-10-01 16:08 - 2021-10-01 16:08 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsign7ffa8645d77248ea
2021-10-01 16:08 - 2021-10-01 16:08 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsign5d09c92f4e366c97
2021-10-01 16:08 - 2021-10-01 16:08 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsign448f7c893d418a32
2021-10-01 16:08 - 2021-10-01 16:08 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsign112c6f201cb45eb4
2021-10-01 16:08 - 2021-10-01 16:08 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsign0ad97743e7e5056f
2021-09-30 09:57 - 2021-10-11 14:29 - 000000000 ____D C:\Users\winki\AppData\Roaming\Samsung Magician
2021-09-30 09:56 - 2021-09-30 09:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician
2021-09-29 12:55 - 2021-09-29 12:55 - 000000000 ____D C:\ProgramData\obs-studio-hook
2021-09-29 12:51 - 2021-09-29 12:51 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsignf24d6d8fbeace066
2021-09-29 12:51 - 2021-09-29 12:51 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsign7d5e077878c175db
2021-09-29 12:51 - 2021-09-29 12:51 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsign6e6a46a1f6a8b565
2021-09-29 12:51 - 2021-09-29 12:51 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsign5544b13200ce83c1
2021-09-29 12:51 - 2021-09-29 12:51 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsign3142bfa8ac30eeb2
2021-09-28 15:14 - 2021-09-28 15:14 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsignad878ce8351eda02
2021-09-28 15:05 - 2021-09-28 15:05 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsignfc2726b2f5a23c34
2021-09-28 15:05 - 2021-09-28 15:05 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsignf096127ac11ffb49
2021-09-28 15:05 - 2021-09-28 15:05 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsignd48a327a02481dc1
2021-09-28 15:05 - 2021-09-28 15:05 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsign02646bfec6f23f98
2021-09-24 20:12 - 2021-09-24 20:12 - 000000976 _____ C:\Users\Public\Desktop\Mafia - Definitve Edition.lnk
2021-09-24 20:12 - 2021-09-24 20:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mafia - Definitve Edition
2021-09-22 17:11 - 2021-09-22 17:11 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsignc9f9d1132b7628d9
2021-09-22 17:11 - 2021-09-22 17:11 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsignb50aa54adaaf6bdb
2021-09-22 17:11 - 2021-09-22 17:11 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsign7f29fc86089fdb08
2021-09-22 17:11 - 2021-09-22 17:11 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsign11c262b46da5fa16
2021-09-22 17:11 - 2021-09-22 17:11 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsign03a5a58ffd752a8a
2021-09-21 22:19 - 2021-09-21 22:19 - 000000000 ____D C:\Users\winki\AppData\Local\Kena
2021-09-21 19:05 - 2021-09-21 19:05 - 000000754 ____C C:\Users\winki\Desktop\Kena Bridge of Spirits.lnk
2021-09-21 19:05 - 2021-09-21 19:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kena Bridge of Spirits
2021-09-20 14:14 - 2021-09-20 14:14 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsigne7d18d7a5e4bdf3c
2021-09-20 14:14 - 2021-09-20 14:14 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsigndfb4a061bdfd6a48
2021-09-20 14:14 - 2021-09-20 14:14 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsignbcd6a6232eec1e57
2021-09-20 14:14 - 2021-09-20 14:14 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsign8b077e82aba62c03
2021-09-20 14:14 - 2021-09-20 14:14 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsign1fa36c4fc10f3045
2021-09-20 10:51 - 2021-09-20 10:51 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2021-09-17 13:23 - 2021-09-17 13:23 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsignfbf058ed866cd640
2021-09-17 13:22 - 2021-09-17 13:22 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsignf1c9895ca7d5faa1
2021-09-17 13:22 - 2021-09-17 13:22 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsignc45a2b640df51291
2021-09-17 13:22 - 2021-09-17 13:22 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsign7b9f1d426052269e
2021-09-17 13:22 - 2021-09-17 13:22 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsign7399cd02574ef573
2021-09-17 13:22 - 2021-09-17 13:22 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsign6bb2c9d2853c9b38
2021-09-17 12:30 - 2021-09-17 12:30 - 002111488 _____ (Digimarc) C:\WINDOWS\SysWOW64\DMRCDecoder.dll
2021-09-17 12:30 - 2021-09-17 12:30 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-09-17 12:30 - 2021-09-17 12:30 - 001313608 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-09-17 12:30 - 2021-09-17 12:30 - 001164288 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-09-17 12:30 - 2021-09-17 12:30 - 000672768 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-09-17 12:30 - 2021-09-17 12:30 - 000570368 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-09-17 12:30 - 2021-09-17 12:30 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-09-17 12:30 - 2021-09-17 12:30 - 000426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-09-17 12:30 - 2021-09-17 12:30 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-09-17 12:30 - 2021-09-17 12:30 - 000170496 _____ C:\WINDOWS\system32\DeviceUpdateCenterCsp.dll
2021-09-17 12:30 - 2021-09-17 12:30 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2021-09-17 12:30 - 2021-09-17 12:30 - 000122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2021-09-17 12:30 - 2021-09-17 12:30 - 000011355 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-09-17 12:29 - 2021-09-17 12:29 - 002295296 _____ (Digimarc) C:\WINDOWS\system32\DMRCDecoder.dll
2021-09-17 12:29 - 2021-09-17 12:29 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-09-17 12:29 - 2021-09-17 12:29 - 001823304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-09-17 12:29 - 2021-09-17 12:29 - 001393480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-09-17 12:29 - 2021-09-17 12:29 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-09-17 12:29 - 2021-09-17 12:29 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-09-17 12:29 - 2021-09-17 12:29 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-09-17 12:29 - 2021-09-17 12:29 - 000098816 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-09-17 12:23 - 2021-09-17 12:23 - 000000000 ___HD C:\$WinREAgent
2021-09-16 16:25 - 2021-09-16 16:25 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsignfdaa669ef0df864e
2021-09-16 16:25 - 2021-09-16 16:25 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsignea481d8cd5307a14
2021-09-16 16:25 - 2021-09-16 16:25 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsign5b7174a54622a7fc
2021-09-16 16:25 - 2021-09-16 16:25 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsign511901f3bf70c2eb
2021-09-16 16:25 - 2021-09-16 16:25 - 000000000 ____D C:\Users\winki\AppData\Local\Tempzxpsign40931290d88d6d37
2021-09-15 19:37 - 2021-09-15 19:37 - 000000223 ____C C:\Users\winki\Desktop\Gas Station Simulator.url
2021-09-13 18:15 - 2021-09-13 18:15 - 000000681 ____C C:\Users\winki\Desktop\NBA 2K22.lnk
2021-09-13 18:15 - 2021-09-13 18:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NBA 2K22
2021-09-13 16:20 - 2021-09-13 16:20 - 003596530 _____ C:\Users\winki\Downloads\KouKiShaK_1631542801675.mp4

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-10-11 19:12 - 2017-07-21 19:37 - 000000000 ___DC C:\Users\winki\AppData\Roaming\discord
2021-10-11 19:03 - 2017-02-26 23:35 - 000000000 ____D C:\Program Files (x86)\Steam
2021-10-11 18:58 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-10-11 18:51 - 2017-04-19 12:03 - 000000000 ____D C:\ProgramData\NVIDIA
2021-10-11 18:43 - 2018-08-15 19:23 - 000000000 ____D C:\Program Files (x86)\Google
2021-10-11 18:37 - 2017-04-07 11:43 - 000000000 ___DC C:\Users\winki\AppData\LocalLow\Mozilla
2021-10-11 18:29 - 2017-07-21 19:37 - 000000000 ___DC C:\Users\winki\AppData\Local\Discord
2021-10-11 16:55 - 2019-02-18 13:18 - 000000000 ____D C:\ProgramData\Mozilla
2021-10-11 16:23 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-10-11 16:05 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-10-11 15:58 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-10-11 14:41 - 2019-10-03 23:11 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-10-11 14:35 - 2021-05-14 23:34 - 001693136 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-10-11 14:35 - 2019-12-07 16:43 - 000716762 _____ C:\WINDOWS\system32\perfh005.dat
2021-10-11 14:35 - 2019-12-07 16:43 - 000144940 _____ C:\WINDOWS\system32\perfc005.dat
2021-10-11 14:35 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-10-11 14:30 - 2017-05-17 15:10 - 000000000 ____D C:\Program Files\CCleaner
2021-10-11 14:29 - 2018-01-04 22:49 - 000000000 ___RD C:\Users\winki\iCloudDrive
2021-10-11 14:29 - 2017-03-13 02:38 - 000000000 ___DC C:\Users\winki\AppData\Local\Plex Media Server
2021-10-11 14:29 - 2017-02-26 11:31 - 000000000 ___RD C:\Users\winki\OneDrive
2021-10-11 14:28 - 2021-05-14 23:34 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-10-11 14:28 - 2021-05-14 22:59 - 000008192 ___SH C:\DumpStack.log.tmp
2021-10-11 14:28 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-10-11 14:28 - 2019-01-07 02:55 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-10-11 00:58 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-10-11 00:58 - 2017-10-27 09:59 - 000000000 ___DC C:\Users\winki\AppData\Local\Ubisoft Game Launcher
2021-10-10 22:03 - 2017-02-26 11:39 - 000000000 ___DC C:\Users\winki\AppData\Local\CrashDumps
2021-10-10 18:02 - 2017-02-26 12:02 - 000000000 ____D C:\ProgramData\boost_interprocess
2021-10-10 12:35 - 2021-06-29 21:06 - 000003490 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d7694fd9bd15f6
2021-10-10 12:35 - 2021-05-14 23:34 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-10-09 20:35 - 2021-05-14 22:59 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-10-09 12:06 - 2018-05-30 15:29 - 000000000 ___DC C:\Users\winki\AppData\Local\D3DSCache
2021-10-08 23:53 - 2018-08-07 22:23 - 000000000 ___DC C:\Users\winki\AppData\Local\BattlEye
2021-10-08 23:50 - 2017-02-26 11:52 - 000000000 ___DC C:\Users\winki\AppData\Local\NVIDIA
2021-10-08 23:48 - 2017-04-19 12:03 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2021-10-08 23:40 - 2017-03-23 21:11 - 000000000 ___DC C:\Users\winki\Documents\My Games
2021-10-08 23:40 - 2017-02-26 11:52 - 000000000 ____D C:\ProgramData\Package Cache
2021-10-08 23:25 - 2017-02-26 23:26 - 000000000 ___DC C:\Users\winki\AppData\Roaming\Origin
2021-10-08 23:25 - 2017-02-26 23:22 - 000000000 ____D C:\ProgramData\Origin
2021-10-08 23:07 - 2017-02-26 23:22 - 000000000 ___DC C:\Users\winki\AppData\Local\Origin
2021-10-08 00:11 - 2017-03-01 23:17 - 000000000 ___DC C:\Users\winki\AppData\Roaming\DAEMON Tools Lite
2021-10-08 00:03 - 2017-12-07 14:17 - 000000000 ___DC C:\Users\winki\AppData\Local\Packages
2021-10-07 16:14 - 2020-10-20 21:48 - 000000000 ____D C:\Users\winki\AppData\Local\Ori and the Blind Forest DE
2021-10-07 16:03 - 2017-03-02 19:39 - 000000000 ___DC C:\Users\winki\AppData\Local\Spotify
2021-10-07 16:03 - 2017-03-02 19:37 - 000000000 ___DC C:\Users\winki\AppData\Roaming\Spotify
2021-10-07 13:44 - 2017-02-27 11:44 - 000000000 ___DC C:\Users\winki\AppData\Roaming\vlc
2021-10-07 12:20 - 2020-04-18 10:19 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2021-10-07 12:20 - 2019-12-14 20:37 - 000315856 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
2021-10-07 12:20 - 2019-10-10 11:27 - 000061880 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamemodcontrol.exe
2021-10-07 12:20 - 2019-06-13 22:25 - 002208184 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll
2021-10-07 12:20 - 2019-06-13 22:25 - 000213432 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingservicesproxy.dll
2021-10-07 12:20 - 2019-06-13 22:25 - 000188880 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll
2021-10-07 11:16 - 2020-02-05 19:00 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-10-07 11:16 - 2017-04-07 11:43 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-10-06 20:33 - 2020-02-05 19:00 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-10-06 19:37 - 2017-02-26 23:26 - 000000000 ____D C:\Program Files (x86)\Origin
2021-10-06 15:25 - 2017-02-26 11:37 - 000002543 ____C C:\Users\winki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-10-06 15:25 - 2017-02-26 11:37 - 000002506 ____C C:\Users\winki\Desktop\Google Chrome.lnk
2021-10-06 14:57 - 2018-05-20 13:02 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-10-05 23:56 - 2018-05-03 00:35 - 000000000 ____D C:\Program Files\Opera
2021-10-05 17:32 - 2021-05-14 23:34 - 000004170 _____ C:\WINDOWS\system32\Tasks\Opera scheduled assistant Autoupdate 1600814896
2021-10-05 13:52 - 2021-05-14 23:34 - 000003958 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1525300582
2021-10-05 13:52 - 2018-05-03 00:36 - 000001113 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prohlížeč Opera.lnk
2021-10-04 11:47 - 2017-03-06 21:03 - 000000000 ___DC C:\Users\winki\AppData\Local\MisterHorse
2021-10-04 10:10 - 2017-03-10 14:48 - 000000000 ___DC C:\Users\winki\AppData\Roaming\Anvsoft
2021-10-03 13:17 - 2020-10-01 13:55 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-10-02 22:10 - 2020-08-22 02:14 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-10-02 22:10 - 2020-08-22 02:14 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-10-02 21:24 - 2017-02-26 23:52 - 000000000 ___DC C:\Users\winki\AppData\Roaming\uTorrent
2021-10-01 17:36 - 2017-02-26 19:42 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-10-01 10:20 - 2021-06-22 14:21 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2021-10-01 00:06 - 2021-05-14 23:34 - 000003730 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-116116240-444440880-2871013289-1001UA
2021-10-01 00:06 - 2021-05-14 23:34 - 000003462 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-116116240-444440880-2871013289-1001Core
2021-09-30 23:38 - 2021-05-14 23:34 - 000003474 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-09-30 23:38 - 2021-05-14 23:34 - 000003350 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-09-30 17:24 - 2021-05-14 23:34 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2021-09-30 17:24 - 2021-05-14 21:55 - 000002130 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-09-30 09:56 - 2021-05-17 12:39 - 000003352 _____ C:\WINDOWS\system32\Tasks\SamsungMagician
2021-09-29 12:58 - 2017-03-21 13:33 - 000000000 ___DC C:\Users\winki\AppData\Roaming\obs-studio
2021-09-28 22:51 - 2018-01-04 22:49 - 000000000 ___DC C:\Users\winki\Documents\Soubory Outlooku
2021-09-23 11:16 - 2017-07-21 19:37 - 000002272 ____C C:\Users\winki\Desktop\Discord.lnk
2021-09-18 17:43 - 2019-04-18 22:12 - 000000000 ___DC C:\Users\winki\Documents\Euro Truck Simulator 2
2021-09-17 19:01 - 2021-05-14 22:59 - 007073336 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-09-17 16:25 - 2019-12-07 16:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-09-17 16:25 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-09-17 16:25 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-09-17 16:25 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-09-17 16:25 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-09-17 16:25 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-09-17 16:25 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-09-17 16:25 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-09-17 16:25 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-09-17 16:25 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-09-17 16:25 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-09-17 16:25 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2021-09-17 16:25 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2021-09-17 16:25 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-09-17 16:25 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-09-17 16:25 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-09-17 16:25 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-09-17 16:25 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\servicing
2021-09-17 13:22 - 2017-03-06 21:24 - 000000033 _____ C:\Users\winki\AppData\Roaming\AdobeWLCMCache.dat
2021-09-17 12:33 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-09-17 12:23 - 2017-02-26 19:28 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-09-17 12:19 - 2017-02-26 19:28 - 135637312 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-09-16 05:24 - 2021-01-02 14:46 - 000750200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2021-09-16 05:22 - 2021-01-02 14:46 - 007280840 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2021-09-15 21:15 - 2021-05-14 23:34 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-09-15 13:09 - 2021-04-18 16:35 - 000000000 ___DC C:\WINDOWS\Panther
2021-09-15 12:45 - 2021-05-14 23:34 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update

==================== Files in the root of some directories ========

2017-03-06 21:24 - 2021-09-17 13:22 - 000000033 _____ () C:\Users\winki\AppData\Roaming\AdobeWLCMCache.dat
2020-10-25 22:06 - 2020-10-25 22:06 - 000000047 _____ () C:\Users\winki\AppData\Roaming\~SiMPLEX.ini
2018-07-24 17:29 - 2021-06-19 18:04 - 000001480 ____C () C:\Users\winki\AppData\Local\Adobe Uložit pro web 13.0 Prefs
2017-02-26 22:32 - 2020-08-27 22:55 - 000000081 ____C () C:\Users\winki\AppData\Local\FILM_AE_LogFile.txt
2018-09-27 21:16 - 2018-09-27 21:16 - 000000000 ____C () C:\Users\winki\AppData\Local\oobelibMkey.log
2020-07-19 22:59 - 2020-08-17 13:58 - 000004995 _____ () C:\Users\winki\AppData\Local\PlariumPlay.log
2017-03-12 12:39 - 2021-05-22 12:33 - 000007640 ____C () C:\Users\winki\AppData\Local\Resmon.ResmonCfg
2018-06-29 12:57 - 2018-06-29 12:57 - 000000003 ____C () C:\Users\winki\AppData\Local\updater.log
2018-06-29 12:57 - 2018-06-29 12:57 - 000000425 ____C () C:\Users\winki\AppData\Local\UserProducts.xml

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Re: Kontrola po spuštění fake aplikace (Phishing)

Napsal: 11 říj 2021 18:54
od Rudy
Rudy píše: 11 říj 2021 16:49 Nalezenou položku smažte (dejte do karantény) a potom dejte nové logy FRST+Addition.
Log Addition tu nevidím. Měl by být v souboru addition.txt v C:\Users\winki\Desktop\FRST-OlderVersion.

Re: Kontrola po spuštění fake aplikace (Phishing)

Napsal: 11 říj 2021 19:17
od windyOMG
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-10-2021
Ran by winki (11-10-2021 19:12:58)
Running from C:\Users\winki\Desktop\FRST-OlderVersion
Microsoft Windows 10 Pro Version 21H1 19043.1237 (X64) (2021-05-14 21:35:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-116116240-444440880-2871013289-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-116116240-444440880-2871013289-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-116116240-444440880-2871013289-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-116116240-444440880-2871013289-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-116116240-444440880-2871013289-1003 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-116116240-444440880-2871013289-504 - Limited - Disabled)
winki (S-1-5-21-116116240-444440880-2871013289-1001 - Administrator - Enabled) => C:\Users\winki

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4K Video Downloader (HKLM\...\{29F889EE-CD6A-48B7-8197-9E37E54336C9}) (Version: 4.18.1.4500 - Open Media LLC)
A Plague Tale Innocence (HKLM-x32\...\A Plague Tale Innocence_is1) (Version: - )
ADATA SSD ToolBox version 4.1.0 (HKLM-x32\...\{C0991D3E-8786-48E7-A5DB-57FBACB0A03A}_is1) (Version: 4.1.0 - ADATA, Inc.)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 20.006.20042 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 21.007.20095 - Adobe Systems Incorporated)
Adobe After Effects 2020 (HKLM-x32\...\AEFT_17_0_2) (Version: 17.0.2 - Adobe Inc.)
Adobe After Effects CC 2017 (HKLM-x32\...\AEFT_14_0_0) (Version: 14.0.0 - Adobe Systems Incorporated)
Adobe Audition CC 2017 (HKLM-x32\...\AUDT_10_0_0) (Version: 10.0.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.9.0.504 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.142 - Adobe Systems Incorporated)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: - Adobe)
Adobe Illustrator 2020 (HKLM-x32\...\ILST_24_1_2) (Version: 24.1.2 - Adobe Inc.)
Adobe Illustrator CC 2017 (HKLM-x32\...\ILST_21_0_0) (Version: 21.0.0 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2017 (HKLM-x32\...\AME_11_0_0) (Version: 11.0.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0) (Version: 18.0.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2017 (HKLM-x32\...\PPRO_11_0_0) (Version: 11.0.0 - Adobe Systems Incorporated)
Aegisub 3.2.2 (HKLM-x32\...\{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1) (Version: 3.2.2 - Aegisub Team)
AIMP (HKLM-x32\...\AIMP) (Version: v4.13.1887, 19.02.2017 - AIMP DevTeam)
Any Video Converter Ultimate 6.0.4 (HKLM-x32\...\Any Video Converter Ultimate_is1) (Version: - Any-Video-Converter.com)
A-PDF Split 2.7 (HKLM-x32\...\A-PDF Split_is1) (Version: - A-PDF.com)
Apeaksoft Data Recovery 1.2.18 (HKLM-x32\...\{DB8A74C3-8F3E-4711-B152-436BDD91DAE1}_is1) (Version: 1.2.18 - Apeaksoft Studio)
Apple Mobile Device Support (HKLM\...\{74CC99EB-7DC0-4CB0-847A-F8C2FE39690C}) (Version: 14.5.0.7 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Ashampoo Burning Studio 19 (HKLM-x32\...\{91B33C97-BA3F-5C99-C2A6-0EB17CC9054B}_is1) (Version: 19.0.2 - Ashampoo GmbH & Co. KG)
Balíček ovladače systému Windows - Sony Computer Entertainment Inc. Wireless controller for PLAYSTATION(R)3 Driver Package (01/20/2012 1.4.0.0) (HKLM\...\D5410AE5FA467EF0F19558D5F60C991A79E11B51) (Version: 01/20/2012 1.4.0.0 - Sony Computer Entertainment Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bing Wallpaper (HKLM-x32\...\{9C94D5E4-22D6-457B-9263-9C68DBF669DD}) (Version: 1.0.9.3 - Microsoft Corporation)
BitLord 2.4 (HKLM-x32\...\BitLord) (Version: 2.4.6-350 - House of Life)
Blender (HKLM\...\{F343C69A-4ABA-434C-9C73-12A519D269CD}) (Version: 2.80.0 - Blender Foundation)
BlueStacks App Player (HKLM\...\BlueStacks) (Version: 4.280.0.1022 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.85 - Piriform)
Cities Skylines Industries (HKLM-x32\...\Cities Skylines Industries_is1) (Version: - )
Cooking Simulator Pizza (HKLM-x32\...\Cooking Simulator Pizza_is1) (Version: - )
Core Temp 1.7 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.7 - ALCPU)
Crucial Storage Executive (HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\Crucial Storage Executive 3.55.032018.04) (Version: 7.01.012021.03 - Crucial)
CrystalDiskInfo 8.12.0 (HKLM\...\CrystalDiskInfo_is1) (Version: 8.12.0 - Crystal Dew World)
CrystalDiskMark 8.0.1 (HKLM\...\CrystalDiskMark8_is1) (Version: 8.0.1 - Crystal Dew World)
Cyberpunk 2077 (HKLM-x32\...\1423049311_is1) (Version: Build_3214677Change_4155897 - GOG.com)
Cyberpunk 2077 (HKLM-x32\...\Cyberpunk 2077_is1) (Version: - )
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.5.1.0230 - Disc Soft Ltd)
Deezloader Remix 4.3.0 (HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\5eed4b40-1ed5-51be-ab52-56cdb94a998f) (Version: 4.3.0 - RemixDevs)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Delta 0.9.2 (only current user) (HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\0161ecdc-2041-5655-9e4e-ee442fb322e0) (Version: 0.9.2 - Opus Labs CVBA)
Desperados III (HKLM-x32\...\Desperados III_is1) (Version: - )
Discord (HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
EaseUS Todo Backup 13.2 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 13.2 - CHENGDU YIWO Tech Development Co., Ltd)
Effects Suite 64-bit (HKLM\...\{A9462025-681A-44C7-9F6F-70C96320F4C2}) (Version: 11.0.0 - Red Giant Software) Hidden
Effects Suite 64-bit (HKLM-x32\...\InstallShield_{A9462025-681A-44C7-9F6F-70C96320F4C2}) (Version: 11.0.0 - Red Giant Software)
Electrum (HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\Electrum) (Version: 2.9.3 - Electrum Technologies GmbH)
Epic Games Launcher (HKLM-x32\...\{AFC6C4B8-57A3-43C3-9F1C-C4239CAECDAC}) (Version: 1.1.215.0 - Epic Games, Inc.)
Far Cry 6 (HKLM-x32\...\Uplay Install 5266) (Version: - Ubisoft)
Folder Marker Pro (HKLM\...\Folder Marker Pro_is1) (Version: 4.2 - ArcticLine Software)
FontForge verze 31-07-2017 (HKLM-x32\...\{56748B9C-19AE-4689-B8C5-5A45AE0A993A}_is1) (Version: 31-07-2017 - FontForgeBuilds)
FormApps Signing Extension (HKLM-x32\...\{ACA43D91-8B42-4D42-8C8B-A893BD6AA40D}) (Version: 2.8.2.28 - Software602 a.s.)
Fotogalerie (HKLM-x32\...\{F37D360D-9308-4BB1-8515-DC6B637B9486}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
FreeFileSync 9.9 (HKLM-x32\...\FreeFileSync_is1) (Version: 9.9 - FreeFileSync.org)
GameInput Redistributable (HKLM-x32\...\{7E52156F-18FE-B953-BEA9-6BE6A77AFDFF}) (Version: 10.1.19041.3906 - Microsoft Corporation)
Garden Flipper (HKLM-x32\...\1833342145_is1) (Version: 1.2189 (43428) - GOG.com)
Ghostbusters The Video Game Remastered (HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\Ghostbusters The Video Game Remastered) (Version: - HOODLUM)
Going Medieval (HKLM-x32\...\1697094317_is1) (Version: 0.5.28.4-REL - GOG.com)
Google Chrome (HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\Google Chrome) (Version: 94.0.4606.71 - Google LLC)
Google Web Designer (HKLM\...\{811767F4-C586-4673-A41F-E9D767497222}) (Version: 9.0.7.0 - Google LLC.)
GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games)
HGTV Flipper (HKLM-x32\...\1689378242_is1) (Version: 1.2189 (43428) - GOG.com)
House Flipper (HKLM-x32\...\1140907376_is1) (Version: 1.2189 (43428) - GOG.com)
HUMANKIND™ (HKLM-x32\...\FLT_Humankind) (Version: - )
Chia Blockchain (HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\chia-blockchain) (Version: 1.1.7 - Chia Network)
iCloud (HKLM\...\{8808B208-87D1-4725-8192-76D257E9DEAE}) (Version: 7.21.0.23 - Apple Inc.)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
IOTA Wallet 2.5.6 (only current user) (HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\85125e2a-0211-5c49-9018-9358da1074b1) (Version: 2.5.6 - IOTA Foundation)
iTunes (HKLM\...\{81B253F3-31F6-48CD-96D1-5325EA0E093F}) (Version: 12.11.4.15 - Apple Inc.)
Java 8 Update 181 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
Kena Bridge of Spirits (HKLM-x32\...\Kena Bridge of Spirits_is1) (Version: - )
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Life is Strange True Colors (HKLM-x32\...\Life is Strange True Colors_is1) (Version: - )
Lightshot-5.4.0.35 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.35 - Skillbrains)
Link Shell Extension (HKLM\...\HardlinkShellExt) (Version: 3.9.3.5 - Hermann Schinagl)
Little Nightmares II (HKLM-x32\...\Little Nightmares II_is1) (Version: - )
Logitech Options (HKLM\...\LogiOptions) (Version: 6.90.135 - Logitech)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Mafia - Definitve Edition (HKLM-x32\...\{D383B15E-3CE1-4B7F-8E88-F93D39BB2E5C}_is1) (Version: - hangar 13)
Magic Bullet Suite v12.1.4 (HKLM-x32\...\{99487911-8011-42BC-B594-8B02BFD32B1D}_is1) (Version: 12.1.4 - Red Giant, LLC)
Malwarebytes version 4.4.8.137 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.8.137 - Malwarebytes)
MediaInfo 18.05 (HKLM\...\MediaInfo) (Version: 18.05 - MediaArea.net)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 94.0.992.38 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 94.0.992.38 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 3.2.116.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 21.180.0905.0007 - Microsoft Corporation)
Microsoft Server Speech Platform Runtime (x64) (HKLM\...\{3B433087-E62E-4BF5-97F9-4AF6E1C2409C}) (Version: 11.0.7400.345 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29913 (HKLM-x32\...\{855e31d2-9031-46e1-b06d-c9d7777deefb}) (Version: 14.28.29913.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Mister Horse Product Manager (HKLM\...\Mister Horse Product Manager_is1) (Version: 2.0.3 - )
Movie Maker (HKLM-x32\...\{3D2CF65C-B544-4308-B996-700D3E5F6C4C}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 cs) (HKLM\...\Mozilla Firefox 93.0 (x64 cs)) (Version: 93.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 72.0.2 - Mozilla)
MultiBit HD 0.5.1 (HKLM\...\6925-4794-5772-4956) (Version: 0.5.1 - KeepKey,LLC)
Nástroje kontroly pravopisu pro Microsoft Office 2016 – čeština (HKLM\...\{90160000-001F-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2016 - slovenčina (HKLM\...\{90160000-001F-041B-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
NBA 2K22 (HKLM-x32\...\NBA 2K22_is1) (Version: - )
Neon 2.0.0 (only current user) (HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\211a501f-25dd-501b-8c98-509ac17aedfa) (Version: 2.0.0 - Ethan Fast)
NetLimiter 4 (HKLM\...\{B3EE94C1-7558-41F1-90B3-EBD718193F95}) (Version: 4.0.68.0 - Locktime Software) Hidden
NetLimiter 4 (HKLM-x32\...\NetLimiter 4 4.0.68.0) (Version: 4.0.68.0 - Locktime Software)
NVIDIA FrameView SDK 1.1.4923.29968894 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29968894 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.23.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.23.0.74 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.38.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.60 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 472.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 472.12 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 18.0.1 - OBS Project)
Opera Stable 79.0.4143.72 (HKLM-x32\...\Opera 79.0.4143.72) (Version: 79.0.4143.72 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 10.5.105.49133 - Electronic Arts, Inc.)
Paradox Launcher v2 (HKLM\...\{F0072197-FCF6-41BF-9D38-832B145922DC}) (Version: 2.0.0.0 - Paradox Interactive)
Plex Media Server (HKLM-x32\...\{b5de1a1d-c377-415c-8d61-6513b39c0b0a}) (Version: 1.20.1.3252 - Plex, Inc.)
Plex Media Server (HKLM-x32\...\{ED54B00E-46E5-42F2-9590-7727CCE52133}) (Version: 1.20.1252 - Plex, Inc.) Hidden
Podpora aplikací Apple (32bitová) (HKLM-x32\...\{CCA8C50D-785B-4896-8675-FFE0C4ECCBC3}) (Version: 8.7 - Apple Inc.)
Podpora aplikací Apple (64bitová) (HKLM\...\{75BEF7E8-4370-4D42-94F3-B5AA77057965}) (Version: 8.7 - Apple Inc.)
Pomocník s aktualizací Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22807 - Microsoft Corporation)
Project CARS 3 (HKLM-x32\...\Project CARS 3_is1) (Version: - )
ProtonVPN (HKLM-x32\...\{3047853A-7C09-4DF6-9B3C-3758F1DBC82F}) (Version: 1.17.1 - Proton Technologies AG) Hidden
ProtonVPN (HKLM-x32\...\ProtonVPN 1.17.1) (Version: 1.17.1 - Proton Technologies AG)
ProtonVPNTap (HKLM-x32\...\{BCB82CD9-F514-4F93-A6D9-F898494DC927}) (Version: 1.1.0 - Proton Technologies AG)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Red Giant Link (HKLM-x32\...\{10F82E5B-B611-4C65-8F29-666A9EC5680A}_is1) (Version: 1.9.10.0 - Red Giant, LLC)
Revo Uninstaller Pro 4.1.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 4.1.5 - VS Revo Group, Ltd.)
RimWorld Ideology (HKLM-x32\...\RimWorld Ideology_is1) (Version: - )
Road 96 (HKLM-x32\...\Road 96_is1) (Version: - )
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.4.0 - Rockstar Games)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 7.0.0.510 - Samsung Electronics)
Skype verze 8.25 (HKLM-x32\...\Skype_is1) (Version: 8.25 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\Spotify) (Version: 1.1.69.612.gb7409abc - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stopping Plex (HKLM-x32\...\{4AE34600-E4A1-4025-831A-F95EA1EF0FC2}) (Version: 1.20.1252 - Plex, Inc.) Hidden
SuperLuminal StarDust v1.1.2 CE for After Effects (HKLM\...\StarDust_is1) (Version: 1.1.2 - Team V.R)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.22.3 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
Telegram Desktop version 1.5.15 (HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.5.15 - Telegram Messenger LLP)
The Wolf Among Us čeština verze 5.0 (HKLM-x32\...\{47E808C7-0C07-4DF8-877F-7FD653DCDE7B}_is1) (Version: 5.0 - )
Thumbnail me 3.0 (HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\Thumbnail me 3.0) (Version: - )
Trackmania (HKLM-x32\...\Uplay Install 5595) (Version: - Ubisoft)
Train Valley 2 (HKLM\...\TinyISO - Train Valley 2) (Version: - TinyISO)
Trapcode Suite v13.0.1 (HKLM-x32\...\{DFD2DC6B-C634-4C1C-81CC-5EF852E71CEE}_is1) (Version: 13.0.1 - Red Giant, LLC)
TrucksBook Client verze 1.3.2 (HKLM-x32\...\TrucksBook Client_is1) (Version: 1.3.2 - TrucksBook)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 50.0 - Ubisoft)
UE4 Prerequisites (x64) (HKLM\...\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Update for Skype for Business 2016 (KB4493155) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{5376168B-3DBF-4B19-9F74-2ECBDC1BFB46}) (Version: - Microsoft)
Update for Skype for Business 2016 (KB4493155) 64-Bit Edition (HKLM\...\{90160000-00C1-0000-1000-0000000FF1CE}_Office16.PROPLUS_{5376168B-3DBF-4B19-9F74-2ECBDC1BFB46}) (Version: - Microsoft)
Update for Skype for Business 2016 (KB4493155) 64-Bit Edition (HKLM\...\{90160000-012B-0405-1000-0000000FF1CE}_Office16.PROPLUS_{5376168B-3DBF-4B19-9F74-2ECBDC1BFB46}) (Version: - Microsoft)
VdhCoApp 1.6.0 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.8 - VideoLAN)
Waves Client 1.0.21 (only current user) (HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\f077d7c1-dd13-50a1-8533-9deb9aba8648) (Version: 1.0.21 - Waves Platform)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)
WizTree v3.25 (HKLM\...\WizTree_is1) (Version: - Antibody Software)
WRC 10 FIA World Rally Championship (HKLM-x32\...\WRC 10 FIA World Rally Championship_is1) (Version: - )
ZXP Installer (HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\5dbc225fc0bf0a3b) (Version: 0.5.0.124 - aescripts + aeplugins)

Packages:
=========
A Plague Tale: Innocence -> C:\Program Files\WindowsApps\FocusHomeInteractiveSA.APlagueTaleInnocence-Window_1.0.6.0_x64__4hny5m903y3g0 [2020-08-17] (Focus Home Interactive SA)
Daily Desktop Wallpaper -> C:\Program Files\WindowsApps\41879VbfnetApps.DailyBingWallpaper_2.9.6.0_x64__7casf8sqhfy78 [2021-10-11] (Vbfnet Apps)
Deezer Music -> C:\Program Files\WindowsApps\Deezer.62021768415AF_5.30.70.0_x86__q7m17pa7q8kj0 [2021-10-01] (Deezer SA)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-01-24] (Microsoft Corporation)
Facebook -> C:\Program Files\WindowsApps\FACEBOOK.FACEBOOK_2021.927.1.0_neutral__8xx8rvfyw5nnt [2021-09-29] (Facebook Inc)
Forza Horizon 4 -> C:\Program Files\WindowsApps\Microsoft.SunriseBaseGame_1.474.687.2_x64__8wekyb3d8bbwe [2021-09-06] (Microsoft Studios)
Forza Horizon 4 Formula Drift Car Pack -> C:\Program Files\WindowsApps\Microsoft.FormulaDriftCarPack_1.0.3.2_neutral__8wekyb3d8bbwe [2021-05-16] (Microsoft Studios)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.17.0_neutral__8xx8rvfyw5nnt [2021-10-02] (Instagram)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-05-14] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-05-14] (Microsoft Corporation) [MS Ad]
Microsoft Flight Simulator -> C:\Program Files\WindowsApps\Microsoft.FlightSimulator_1.19.9.0_x64__8wekyb3d8bbwe [2021-10-08] (Microsoft Studios)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.7290.0_x64__8wekyb3d8bbwe [2021-10-11] (Microsoft Studios) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-10-08] (NVIDIA Corp.)
Rozšíření pro video MPEG-2 -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.42152.0_x64__8wekyb3d8bbwe [2021-08-25] (Microsoft Corporation)
Samsung Printer Experience -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungPrinterExperience_1.3.15.0_x64__3c1yjt4zspk6g [2021-04-06] (Samsung Electronics Co. Ltd.)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2021-06-11] (Twitter Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{041F9391-C79D-44EE-AA4E-AF4E029C4B47}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.36.112\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{46406D82-6EC0-47CC-8A75-1F33C6DEDBBE}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.35.442\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{540C17A8-04F2-4B66-95D7-B2FEF9A19B54}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.35.422\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{6D264B70-DA18-401D-910C-B202D89670C6}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.36.32\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{84EB3779-151B-4C71-AEF0-A0FEE9481401}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.35.342\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{85D8EE2F-794F-41F0-BB03-49D56A23BEF4}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.36.112\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{86508D42-E5D7-4D10-9C6F-D427AEEB85B5}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.34.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{8B480070-D37D-4090-A063-7A429F849652}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.36.93\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{9B57F475-CCB0-4C85-88A9-2AA9A6C0809A} -> [Amazon Drive] => C:\Users\winki\Amazon Drive
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\localserver32 -> C:\Users\winki\AppData\Local\Google\Chrome\Application\94.0.4606.71\notification_helper.exe (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{bb271103-d1ae-4967-855f-b2a5c5d165e3}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{BE5C2E39-090F-46A2-AFAA-47540743B4FE}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.36.102\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{CA8FA699-91CD-412F-9D13-9B1222F4370E}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.36.82\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{CA919489-0396-4164-A6E7-94CDED45A707}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.36.52\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{DEDF773D-E27B-485E-8E7D-85C5B0EB5A67}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.36.72\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.36.112\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{E9E7529D-7F09-410B-AF2A-CC154473B19C}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.35.452\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{EF076C91-DC9E-43E3-84ED-3D219E065A4F}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.35.302\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\21.180.0905.0007\FileSyncShell64.dll [2021-09-30] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\21.180.0905.0007\FileSyncShell64.dll [2021-09-30] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\21.180.0905.0007\FileSyncShell64.dll [2021-09-30] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\21.180.0905.0007\FileSyncShell64.dll [2021-09-30] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\21.180.0905.0007\FileSyncShell64.dll [2021-09-30] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\21.180.0905.0007\FileSyncShell64.dll [2021-09-30] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\21.180.0905.0007\FileSyncShell64.dll [2021-09-30] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2021-01-17] (schinagl.priv.at -> )
ShellIconOverlayIdentifiers: [IconOverlayJunction] -> {0A479751-02BC-11d3-A855-0004AC2568FF} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2021-01-17] (schinagl.priv.at -> )
ShellIconOverlayIdentifiers: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2021-01-17] (schinagl.priv.at -> )
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\21.180.0905.0007\FileSyncShell64.dll [2021-09-30] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\21.180.0905.0007\FileSyncShell64.dll [2021-09-30] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\21.180.0905.0007\FileSyncShell64.dll [2021-09-30] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\21.180.0905.0007\FileSyncShell64.dll [2021-09-30] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\21.180.0905.0007\FileSyncShell64.dll [2021-09-30] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\21.180.0905.0007\FileSyncShell64.dll [2021-09-30] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\21.180.0905.0007\FileSyncShell64.dll [2021-09-30] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2021-01-17] (schinagl.priv.at -> )
ShellIconOverlayIdentifiers-x32: [IconOverlayJunction] -> {0A479751-02BC-11d3-A855-0004AC2568FF} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2021-01-17] (schinagl.priv.at -> )
ShellIconOverlayIdentifiers-x32: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2021-01-17] (schinagl.priv.at -> )
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\21.180.0905.0007\FileSyncShell64.dll [2021-09-30] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2020-03-06] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll [2017-03-07] (Artem Izmaylov -> AIMP DevTeam) [File not signed]
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers1: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2021-01-17] (schinagl.priv.at -> )
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2020-09-08] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2020-04-16] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2020-04-16] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-10-11] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\21.180.0905.0007\FileSyncShell64.dll [2021-09-30] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll [2017-03-07] (Artem Izmaylov -> AIMP DevTeam) [File not signed]
ContextMenuHandlers4: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2020-04-16] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\21.180.0905.0007\FileSyncShell64.dll [2021-09-30] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2021-01-17] (schinagl.priv.at -> )
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_19c79fb6254e3b11\nvshext.dll [2021-09-16] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2020-03-06] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [FMMenuExt] -> {47C91696-894C-46A1-B196-2C7CA1952F45} => C:\Program Files (x86)\Folder Marker\ShellExt64.dll [2013-08-21] (ArcticLine Software) [File not signed]
ContextMenuHandlers6: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2021-01-17] (schinagl.priv.at -> )
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-10-11] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2019-03-29] (VS Revo Group Ltd. -> VS Revo Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\winki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Link Shell Extension\Donate.lnk -> hxxp://schinagl.priv.at/nt/hardlinkshellext/linkshellextension.htm
ShortcutWithArgument: C:\Users\winki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\Plex.lnk -> C:\Users\winki\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=fpniocchabmgenibceglhnfeimmdhdfm
ShortcutWithArgument: C:\Users\winki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\TREZOR Chrome Extension.lnk -> C:\Users\winki\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=jcjjhjgimijdkoamemaghajlhegmoclj
ShortcutWithArgument: C:\Users\winki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\Vzdálená plocha Chrome.lnk -> C:\Users\winki\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
ShortcutWithArgument: C:\Users\winki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\WavesLiteApp.lnk -> C:\Users\winki\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=kfmcaklajknfekomaflnhkjjkcjabogm

==================== Loaded Modules (Whitelisted) =============

2020-10-04 11:04 - 2020-10-04 11:04 - 000336896 ____C () [File not signed] \\?\C:\Users\winki\AppData\Local\Plex Media Server\Codecs\96550d8-3281-windows-x86\ac3_decoder.dll
2020-10-04 11:04 - 2020-10-04 11:04 - 000394752 ____C () [File not signed] \\?\C:\Users\winki\AppData\Local\Plex Media Server\Codecs\96550d8-3281-windows-x86\ac3_encoder.dll
2020-10-04 11:04 - 2020-10-04 11:04 - 000608256 ____C () [File not signed] \\?\C:\Users\winki\AppData\Local\Plex Media Server\Codecs\96550d8-3281-windows-x86\dca_decoder.dll
2020-10-04 11:04 - 2020-10-04 11:04 - 001558528 ____C () [File not signed] \\?\C:\Users\winki\AppData\Local\Plex Media Server\Codecs\96550d8-3281-windows-x86\h264_decoder.dll
2020-10-04 11:04 - 2020-10-04 11:04 - 000818176 ____C () [File not signed] \\?\C:\Users\winki\AppData\Local\Plex Media Server\Codecs\96550d8-3281-windows-x86\hevc_decoder.dll
2020-10-04 11:04 - 2020-10-04 11:04 - 001800704 ____C () [File not signed] \\?\C:\Users\winki\AppData\Local\Plex Media Server\Codecs\96550d8-3281-windows-x86\libx264_encoder.dll
2020-10-04 11:04 - 2020-10-04 11:04 - 000560640 ____C () [File not signed] \\?\C:\Users\winki\AppData\Local\Plex Media Server\Codecs\96550d8-3281-windows-x86\mpeg2video_decoder.dll
2020-10-04 11:04 - 2020-10-04 11:04 - 001268224 ____C () [File not signed] \\?\C:\Users\winki\AppData\Local\Plex Media Server\Codecs\96550d8-3281-windows-x86\mpeg4_decoder.dll
2020-10-04 11:04 - 2020-10-04 11:04 - 002117632 ____C () [File not signed] \\?\C:\Users\winki\AppData\Local\Plex Media Server\Codecs\96550d8-3281-windows-x86\vc1_decoder.dll
2015-03-17 01:34 - 2015-03-17 01:34 - 000010240 _____ () [File not signed] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\locale\cs_cz\acrotray.cze
2021-05-14 19:24 - 2020-02-24 13:05 - 001291264 _____ () [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
2021-05-14 19:24 - 2020-02-24 13:05 - 000055808 _____ () [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
2021-09-30 09:56 - 2021-09-16 10:46 - 002661888 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung Magician\ffmpeg.dll
2021-09-30 09:56 - 2021-09-16 10:46 - 000367104 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung Magician\libegl.dll
2021-09-30 09:56 - 2021-09-16 10:46 - 006631936 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung Magician\libglesv2.dll
2021-09-30 09:56 - 2021-09-16 10:46 - 000458752 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung Magician\resources\app\dist\magutils-napi.node
2021-09-30 09:56 - 2021-09-16 10:46 - 000445440 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung Magician\resources\app\dist\magvibrancy-napi.node
2021-09-30 09:56 - 2021-09-16 10:46 - 001411072 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung Magician\resources\app\dist\uimpewrapper-napi.node
2020-03-06 00:11 - 2020-03-06 00:11 - 000021504 _____ (Adobe Systems Inc.) [File not signed] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\locale\cs_cz\Acrobat Elements\ContextMenuShim64.cze
2017-03-07 18:22 - 2017-03-07 18:22 - 002059848 _____ (Artem Izmaylov -> AIMP DevTeam) [File not signed] C:\Program Files (x86)\AIMP\System\aimp_menu64.dll
2021-05-14 19:24 - 2020-02-24 13:05 - 000892928 _____ (Free Software Foundation) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\iconv.dll
2018-06-29 12:57 - 2017-05-23 14:59 - 000494080 _____ (Skillbrains) [File not signed] C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.dll
2018-06-29 12:57 - 2017-05-23 14:59 - 000256000 _____ (Skillbrains) [File not signed] C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\uploader.dll
2021-05-14 19:23 - 2020-02-24 13:06 - 001359872 _____ (The OpenSSL Project, http://www.openssl.org/) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\LIBEAY32.dll
2021-05-14 19:23 - 2020-02-24 13:06 - 000365056 _____ (The OpenSSL Project, http://www.openssl.org/) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\SSLEAY32.dll
2021-05-14 19:23 - 2020-02-24 11:45 - 001359872 _____ (The OpenSSL Project, http://www.openssl.org/) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\CMC\bin\LIBEAY32.dll
2017-02-26 23:26 - 2020-03-16 15:05 - 001282048 _____ (The OpenSSL Project, http://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2017-02-26 23:26 - 2020-03-16 15:06 - 000279040 _____ (The OpenSSL Project, http://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2017-02-26 23:26 - 2020-01-22 21:30 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2021-10-06 19:37 - 2020-01-22 21:30 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2021-10-06 19:37 - 2020-01-22 21:30 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2021-10-06 19:37 - 2020-01-22 21:30 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2021-10-06 19:37 - 2020-01-22 21:30 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2021-10-06 19:37 - 2020-01-22 21:30 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2021-10-06 19:37 - 2020-01-22 21:30 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:4FC01C57 [294]
AlternateDataStreams: C:\Users\winki\Desktop\Metro: 2033 Redux.url [269]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

SearchScopes: HKU\S-1-5-21-116116240-444440880-2871013289-1001 -> {574D8BD1-9409-46EB-818C-BE355B2D96B5} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_29530
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_181\bin\ssv.dll [2018-08-02] (Oracle America, Inc. -> Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-20] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-08-02] (Oracle America, Inc. -> Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-22] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2021-08-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2021-08-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2021-08-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2021-08-18] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 13:47 - 2021-05-14 19:27 - 000000342 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 activation.easeus.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %INTEL_DEV_REDIST%redist\intel64\compiler;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Crucial\Crucial Storage Executive;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\EaseUS\Todo Backup\bin
HKU\S-1-5-21-116116240-444440880-2871013289-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-116116240-444440880-2871013289-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\winki\AppData\Local\Microsoft\BingWallpaperApp\WPImages\20211011.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
HKLM\...\StartupApproved\Run32: => "Live Update"
HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\StartupApproved\Run: => "Discord"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{712E6954-992E-4ADE-872E-401F36F95A9E}A:0\users\winki\appdata\local\google\chrome\application\chrome.exe] => (Allow) A:0\users\winki\appdata\local\google\chrome\application\chrome.exe => No File
FirewallRules: [TCP Query User{4E9BC4ED-1BED-4EFF-BDF9-3B0CB75BBC59}A:0\users\winki\appdata\local\google\chrome\application\chrome.exe] => (Allow) A:0\users\winki\appdata\local\google\chrome\application\chrome.exe => No File
FirewallRules: [{FC52BCC8-16E6-4B40-8074-0EACF022CEE5}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> )
FirewallRules: [{D37209DF-594E-4C4D-80FB-5480E4D506B8}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> )
FirewallRules: [{3F09E09F-D892-4D2E-979E-00E4B7CED378}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{AABBE277-15DF-4F02-82D0-1FCDB05EEC71}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{D4AF6A38-4D28-4361-AE50-35DB7954ED5C}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{407A8AA3-05DE-4C9B-8919-5F2194A31864}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{D3D8139F-5023-44EF-BB38-8797A6B900E9}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\CMC\bin\EBCClient.exe (CHENGDU YIWO Tech Development Co., Ltd. -> )
FirewallRules: [{551C27F3-3016-49B0-ABE1-D54834201848}] => (Allow) C:\Program Files (x86)\AOMEI\AOMEI Backupper\6.5.0\ABService.exe => No File
FirewallRules: [{91AB568A-6D21-476A-80F0-C73A3989D3F7}] => (Allow) C:\Program Files (x86)\AOMEI\AOMEI Backupper\6.5.0\ABService.exe => No File
FirewallRules: [{222D03B8-EEAD-4EFB-9315-C4F84594C262}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> )
FirewallRules: [{71FC3D61-FB46-40FB-861A-405FBD33DF23}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> )
FirewallRules: [UDP Query User{35861AA1-490B-4515-B118-78A1F3AB0C1C}C:\users\winki\appdata\local\chia-blockchain\app-1.1.4\resources\app.asar.unpacked\daemon\start_farmer.exe] => (Allow) C:\users\winki\appdata\local\chia-blockchain\app-1.1.4\resources\app.asar.unpacked\daemon\start_farmer.exe => No File
FirewallRules: [TCP Query User{E226A334-7229-4576-8693-9CDA80D512A1}C:\users\winki\appdata\local\chia-blockchain\app-1.1.4\resources\app.asar.unpacked\daemon\start_farmer.exe] => (Allow) C:\users\winki\appdata\local\chia-blockchain\app-1.1.4\resources\app.asar.unpacked\daemon\start_farmer.exe => No File
FirewallRules: [UDP Query User{2EB280D9-7230-411C-B0A8-473AEE45209E}C:\users\winki\appdata\local\chia-blockchain\app-1.1.4\resources\app.asar.unpacked\daemon\start_full_node.exe] => (Allow) C:\users\winki\appdata\local\chia-blockchain\app-1.1.4\resources\app.asar.unpacked\daemon\start_full_node.exe => No File
FirewallRules: [TCP Query User{61A9A55B-1C87-40B7-AF4C-3CA21FA3E964}C:\users\winki\appdata\local\chia-blockchain\app-1.1.4\resources\app.asar.unpacked\daemon\start_full_node.exe] => (Allow) C:\users\winki\appdata\local\chia-blockchain\app-1.1.4\resources\app.asar.unpacked\daemon\start_full_node.exe => No File
FirewallRules: [{CFCF6F53-7857-44F9-B151-0E4980626EA9}] => (Allow) E:\SteamLibrary\steamapps\common\Little Nightmares\Atlas\Binaries\Win64\LittleNightmares.exe (Tarsier Studios) [File not signed]
FirewallRules: [{7E719B94-8807-42D6-A39A-FFD33573448B}] => (Allow) E:\SteamLibrary\steamapps\common\Little Nightmares\Atlas\Binaries\Win64\LittleNightmares.exe (Tarsier Studios) [File not signed]
FirewallRules: [{63D5B6C5-6FB6-425E-93EF-70AD2A71A9BA}] => (Allow) E:\SteamLibrary\steamapps\common\Hobo Tough Life\HoboRPG.exe () [File not signed]
FirewallRules: [{6590DA4C-6706-42E0-B4AF-86A7053804A2}] => (Allow) E:\SteamLibrary\steamapps\common\Hobo Tough Life\HoboRPG.exe () [File not signed]
FirewallRules: [{4DCA0EA8-EFC6-4A70-8001-A121806E3980}] => (Allow) E:\SteamLibrary\steamapps\common\Mad Games Tycoon 2\Mad Games Tycoon 2.exe () [File not signed]
FirewallRules: [{43EFB8A8-2201-4557-834A-833C86CD86B1}] => (Allow) E:\SteamLibrary\steamapps\common\Mad Games Tycoon 2\Mad Games Tycoon 2.exe () [File not signed]
FirewallRules: [{81CC502F-8864-4C0B-8FEE-1AA3E881B282}] => (Allow) E:\SteamLibrary\steamapps\common\OpenTTD\openttd.exe (OpenTTD Development Team) [File not signed]
FirewallRules: [{8AECA067-250A-4305-AAA1-F1065654C7AF}] => (Allow) E:\SteamLibrary\steamapps\common\OpenTTD\openttd.exe (OpenTTD Development Team) [File not signed]
FirewallRules: [UDP Query User{5B492200-B9C9-4C70-AF37-A447F571795F}E:\hry\instal\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Block) E:\hry\instal\cyberpunk 2077\bin\x64\cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.)
FirewallRules: [TCP Query User{D91C7840-C720-42B4-86CB-02D4C80C9B0A}E:\hry\instal\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Block) E:\hry\instal\cyberpunk 2077\bin\x64\cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.)
FirewallRules: [{3DBC287B-EF2D-46CB-A20D-6F4BDBF7C316}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
FirewallRules: [{DF2E0085-55DC-43EB-A72A-04A6B40178DA}] => (Allow) E:\SteamLibrary\steamapps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe => No File
FirewallRules: [{974A3A82-8203-49D8-B4AE-50934E756C60}] => (Allow) E:\SteamLibrary\steamapps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe => No File
FirewallRules: [UDP Query User{A5F04EF0-884C-4754-9A17-C72F9C6BCCA9}D:\games\city car driving\bin\win32\starter.exe] => (Block) D:\games\city car driving\bin\win32\starter.exe => No File
FirewallRules: [TCP Query User{FA056E0D-F5EB-4C31-B5CC-B241F3912E94}D:\games\city car driving\bin\win32\starter.exe] => (Block) D:\games\city car driving\bin\win32\starter.exe => No File
FirewallRules: [{4C18741E-3914-42B5-BF43-1447B2B2893A}] => (Allow) E:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{1D70A612-8CC7-4843-961C-74F9A40A60D8}] => (Allow) E:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{78BF7E95-E701-4434-9058-EA461735AC63}] => (Allow) E:\SteamLibrary\steamapps\common\BloonsTD6\BloonsTD6.exe () [File not signed]
FirewallRules: [{07F4FD12-84BF-4701-A254-2293DCBFD7CE}] => (Allow) E:\SteamLibrary\steamapps\common\BloonsTD6\BloonsTD6.exe () [File not signed]
FirewallRules: [UDP Query User{4E5FD0AA-C28F-4B5D-96FB-90D855D0EFF7}E:\hry\instal\instal\the sims 4 snowy escape\game\bin\ts4_x64.exe] => (Block) E:\hry\instal\instal\the sims 4 snowy escape\game\bin\ts4_x64.exe => No File
FirewallRules: [TCP Query User{026527F2-C00B-4784-8404-298E56142F81}E:\hry\instal\instal\the sims 4 snowy escape\game\bin\ts4_x64.exe] => (Block) E:\hry\instal\instal\the sims 4 snowy escape\game\bin\ts4_x64.exe => No File
FirewallRules: [UDP Query User{7391A361-D1D0-4479-BFCD-344566ACCE06}E:\hry\instal\the sims 4 snowy escape\game\bin\ts4_x64.exe] => (Block) E:\hry\instal\the sims 4 snowy escape\game\bin\ts4_x64.exe => No File
FirewallRules: [TCP Query User{E17268C9-0DAF-4DB1-B93D-43C22D2739EE}E:\hry\instal\the sims 4 snowy escape\game\bin\ts4_x64.exe] => (Block) E:\hry\instal\the sims 4 snowy escape\game\bin\ts4_x64.exe => No File
FirewallRules: [UDP Query User{EE171875-6B91-4028-B430-14B53C699ADD}E:\hry\instal\instal\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Block) E:\hry\instal\instal\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [TCP Query User{C55BAC28-86FD-4DC6-AFAA-6D35DF8186F9}E:\hry\instal\instal\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Block) E:\hry\instal\instal\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [UDP Query User{D9718FCE-94D5-4254-B194-7F90CE057566}I:\hry\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Block) I:\hry\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [TCP Query User{3D35A7A2-382D-4477-BDC8-227532AC2F6A}I:\hry\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Block) I:\hry\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [{2D891445-E443-46E9-96F9-8C0ABA05D396}] => (Allow) E:\SteamLibrary\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe => No File
FirewallRules: [{67A4408F-681D-4AB1-96D9-429DBBA515EC}] => (Allow) E:\SteamLibrary\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe => No File
FirewallRules: [{353FC105-B594-4FA7-A80A-7631AE5418AA}] => (Allow) E:\UPLAY Game\Assassin's Creed Valhalla\ACValhalla_Plus.exe => No File
FirewallRules: [TCP Query User{6C532995-BF06-4F25-837F-257347D0C454}E:\uplay game\anno 1800\bin\win64\anno1800_plus.exe] => (Allow) E:\uplay game\anno 1800\bin\win64\anno1800_plus.exe => No File
FirewallRules: [{DE09F60F-5EEF-4CE2-A89A-BBA62BFF1E5C}] => (Allow) E:\UPLAY Game\Anno 1800\Bin\Win64\Anno1800.exe => No File
FirewallRules: [{7D451BEF-9906-41D7-9E6D-2570E2E96285}] => (Allow) E:\SteamLibrary\steamapps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe => No File
FirewallRules: [{939EA703-6FBB-4334-BF1E-185A556DE519}] => (Allow) E:\SteamLibrary\steamapps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe => No File
FirewallRules: [{25744F62-A558-4CF9-8F39-32C0FC384CCC}] => (Allow) E:\SteamLibrary\steamapps\common\Ori DE\oriDE.exe () [File not signed]
FirewallRules: [{AB332A27-5BA4-404D-AEAB-EE5B2BDE529D}] => (Allow) E:\SteamLibrary\steamapps\common\Ori DE\oriDE.exe () [File not signed]
FirewallRules: [{1A3D8CF9-FC85-41A7-85CC-2AE373975D54}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe (Plex, Inc. -> )
FirewallRules: [{AFB8B49B-E151-4250-999E-E9834F0CE8B6}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe (Plex, Inc. -> Plex, Inc.)
FirewallRules: [{050FDBFE-AA9C-444F-90AF-0B1575D1915B}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe (Plex, Inc. -> Python Software Foundation)
FirewallRules: [{4246A919-94EE-484E-B5F6-96E4DD07C4E6}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc. -> Plex, Inc.)
FirewallRules: [{73C8EE0F-1A90-4848-9D31-E4ECE7990A9D}] => (Allow) E:\SteamLibrary\steamapps\common\rocketleague\Binaries\RocketLeague.exe => No File
FirewallRules: [{F72C7959-10DF-4337-BBDD-2194573B79B9}] => (Allow) E:\SteamLibrary\steamapps\common\rocketleague\Binaries\RocketLeague.exe => No File
FirewallRules: [{7FCA6964-66E2-46B8-B68B-3B0DA03C93EE}] => (Allow) E:\Hry\Trackmania\trackmania.exe => No File
FirewallRules: [{E4A72B79-FD00-47AF-BA82-7AE5BE5DE867}] => (Allow) E:\Hry\Trackmania\trackmania.exe => No File
FirewallRules: [{24569E89-CD1B-46B7-BA13-D30B1127BBDD}] => (Allow) E:\SteamLibrary\steamapps\common\Cities_Skylines\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{1D75D7C2-B8FC-49B8-9E05-556BC403F9A0}] => (Allow) E:\SteamLibrary\steamapps\common\Cities_Skylines\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [UDP Query User{D2F7C868-7CDB-47BB-809B-6342EB6317B9}C:\users\winki\appdata\local\programs\deezloader remix\deezloader remix.exe] => (Allow) C:\users\winki\appdata\local\programs\deezloader remix\deezloader remix.exe (RemixDevs) [File not signed]
FirewallRules: [TCP Query User{09D01B29-97C9-4980-B792-ADC1973E30D5}C:\users\winki\appdata\local\programs\deezloader remix\deezloader remix.exe] => (Allow) C:\users\winki\appdata\local\programs\deezloader remix\deezloader remix.exe (RemixDevs) [File not signed]
FirewallRules: [UDP Query User{0A76A6D9-0CB6-4BAC-8674-F195C9A31E24}E:\hry\good.company.early.access\good company\goodcompany.exe] => (Block) E:\hry\good.company.early.access\good company\goodcompany.exe => No File
FirewallRules: [TCP Query User{34360024-7DB3-4A92-AF2A-B9E9D3C027A7}E:\hry\good.company.early.access\good company\goodcompany.exe] => (Block) E:\hry\good.company.early.access\good company\goodcompany.exe => No File
FirewallRules: [UDP Query User{A72D0A3F-576B-4D07-971E-DC7677454E8A}E:\battle net\call of duty modern warfare\modernwarfare.exe] => (Allow) E:\battle net\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [TCP Query User{FEB3AFA8-7D37-4365-BCA1-76D14B24FC6D}E:\battle net\call of duty modern warfare\modernwarfare.exe] => (Allow) E:\battle net\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [{C3E5334A-26DF-46DB-B982-B73A8AD22B79}] => (Allow) C:\Program Files (x86)\BitLord\BitLord.exe (House of Life) [File not signed]
FirewallRules: [{2ABDA6FA-AAF2-4162-BD87-4E00BF5A8DE2}] => (Allow) C:\Program Files (x86)\BitLord\BitLord.exe (House of Life) [File not signed]
FirewallRules: [{38C4353F-F999-42F3-954A-3F03D32AB33F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{79B3D9A5-C6F1-4033-A70F-B93214742DED}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6A09DA51-603D-4184-8940-E1405C4C6589}] => (Allow) E:\SteamLibrary\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed]
FirewallRules: [{67388E39-ED65-4CFD-85D0-EDEFEB47F3B5}] => (Allow) E:\SteamLibrary\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed]
FirewallRules: [{FE261482-3C81-43D6-8C16-0A94D4E1C4FC}] => (Allow) E:\SteamLibrary\steamapps\common\Prison Architect\Prison Architect.exe () [File not signed]
FirewallRules: [{7B7B5243-0311-421D-8F70-B5E1E024495B}] => (Allow) E:\SteamLibrary\steamapps\common\Prison Architect\Prison Architect.exe () [File not signed]
FirewallRules: [{E483D9C6-77FD-44CF-A99B-75B3AD798BE8}] => (Allow) E:\SteamLibrary\steamapps\common\Prison Architect\Launcher\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{3C697972-F5BD-460B-9E64-2A1CA73371CF}] => (Allow) E:\SteamLibrary\steamapps\common\Prison Architect\Launcher\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [UDP Query User{0DB031E1-A8F1-4E03-A5B1-65400B89BBC0}G:\origin\download\fifa 20\fifa20.exe] => (Allow) G:\origin\download\fifa 20\fifa20.exe => No File
FirewallRules: [TCP Query User{273C28A2-D4DD-4C92-9D8B-F5AD9B6C511A}G:\origin\download\fifa 20\fifa20.exe] => (Allow) G:\origin\download\fifa 20\fifa20.exe => No File
FirewallRules: [UDP Query User{0FA6194E-FDAC-413A-86D9-E17EE36B0318}E:\hry\rebel inc escalation\rebel inc. escalation.exe] => (Allow) E:\hry\rebel inc escalation\rebel inc. escalation.exe => No File
FirewallRules: [TCP Query User{A970B428-E095-4A68-8911-F5C09CBA6433}E:\hry\rebel inc escalation\rebel inc. escalation.exe] => (Allow) E:\hry\rebel inc escalation\rebel inc. escalation.exe => No File
FirewallRules: [UDP Query User{649EBA64-1A17-48DB-805B-F82A1EBD1A3C}E:\battle net\hearthstone\hearthstone.exe] => (Allow) E:\battle net\hearthstone\hearthstone.exe => No File
FirewallRules: [TCP Query User{C5B4F4CE-312B-415A-941F-1AAD4527384B}E:\battle net\hearthstone\hearthstone.exe] => (Allow) E:\battle net\hearthstone\hearthstone.exe => No File
FirewallRules: [UDP Query User{FD7FE6C4-C79B-4903-9EFC-B9628B6AA1F2}E:\battle net\call of duty modern warfare beta\modernwarfare.exe] => (Allow) E:\battle net\call of duty modern warfare beta\modernwarfare.exe => No File
FirewallRules: [TCP Query User{EFD94769-A765-4D5F-87BB-32626B5DB5F3}E:\battle net\call of duty modern warfare beta\modernwarfare.exe] => (Allow) E:\battle net\call of duty modern warfare beta\modernwarfare.exe => No File
FirewallRules: [UDP Query User{859BD477-FDCF-4D97-A669-408AFFA82CF1}E:\origin\fifa 20 demo\fifa20_demo.exe] => (Allow) E:\origin\fifa 20 demo\fifa20_demo.exe => No File
FirewallRules: [TCP Query User{508A4D26-B581-44B2-AB0D-2C4983C538FF}E:\origin\fifa 20 demo\fifa20_demo.exe] => (Allow) E:\origin\fifa 20 demo\fifa20_demo.exe => No File
FirewallRules: [UDP Query User{F3D96B2D-7276-46B8-B8D0-2B546FFCD0E8}E:\origin\fifa 18 demo\fifa18_demo.exe] => (Block) E:\origin\fifa 18 demo\fifa18_demo.exe => No File
FirewallRules: [TCP Query User{1D9494D8-42B6-49DA-9FC0-35F2CD7EAE34}E:\origin\fifa 18 demo\fifa18_demo.exe] => (Block) E:\origin\fifa 18 demo\fifa18_demo.exe => No File
FirewallRules: [{44C6BDC9-F009-4B7C-8988-39DA80968A24}] => (Allow) G:\STEAM Library\SteamApps\common\Project CARS 2\pCARS2.exe => No File
FirewallRules: [{279792C2-FDCF-43A5-A52C-94420DF28B0E}] => (Allow) G:\STEAM Library\SteamApps\common\Project CARS 2\pCARS2.exe => No File
FirewallRules: [{70B595F0-5A7F-4EB2-97CF-051429540B3E}] => (Allow) G:\STEAM Library\SteamApps\common\Factorio\bin\x64\factorio.exe => No File
FirewallRules: [{696DDBBA-0E13-4E84-A7B1-14BE80F22C71}] => (Allow) G:\STEAM Library\SteamApps\common\Factorio\bin\x64\factorio.exe => No File
FirewallRules: [{3E0D6E26-D68E-4FEC-A40B-AE1D7DAB2E18}] => (Allow) G:\STEAM Library\SteamApps\common\Call of Duty Modern Warfare 3\iw5mp_server.exe => No File
FirewallRules: [{F3919D95-47EB-4926-9181-D6ED4F2511D1}] => (Allow) G:\STEAM Library\SteamApps\common\Call of Duty Modern Warfare 3\iw5mp_server.exe => No File
FirewallRules: [UDP Query User{8B58F83A-B5BA-46EB-9B82-BAF2D42DCDE8}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe => No File
FirewallRules: [TCP Query User{E0A647E0-7A9E-4B4C-BB3F-D4EDA7C4629E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe => No File
FirewallRules: [UDP Query User{67C40BB5-F35A-4377-9810-4433D1EB70E8}C:\program files\adobe\adobe after effects cc 2017\support files\afterfx.exe] => (Block) C:\program files\adobe\adobe after effects cc 2017\support files\afterfx.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
FirewallRules: [TCP Query User{79F893DA-2B81-4CBD-A457-1FB0663A1E45}C:\program files\adobe\adobe after effects cc 2017\support files\afterfx.exe] => (Block) C:\program files\adobe\adobe after effects cc 2017\support files\afterfx.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
FirewallRules: [{0DA3F07D-37B8-473E-8A54-E80EC1BDFC96}] => (Allow) G:\STEAM Library\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe => No File
FirewallRules: [{EFE5EEA6-2333-4400-B2F6-01C23023BAB9}] => (Allow) G:\STEAM Library\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe => No File
FirewallRules: [{F91CC537-8729-404D-9538-8EB360472777}] => (Allow) G:\STEAM Library\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe => No File
FirewallRules: [{7BAC759C-0383-4869-8460-7E39C0867411}] => (Allow) G:\STEAM Library\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe => No File
FirewallRules: [{D6326257-FE76-4E23-86AE-6F6FC96F4FFA}] => (Allow) G:\STEAM Library\SteamApps\common\Farm Frenzy Collection\FarmFrenzyMegaPack.exe => No File
FirewallRules: [{B277E5A3-EA94-49D7-84A1-2971BF8E441D}] => (Allow) G:\STEAM Library\SteamApps\common\Farm Frenzy Collection\FarmFrenzyMegaPack.exe => No File
FirewallRules: [{44F406F2-FE8F-4CA3-B7BB-C6C5AA5ED1AC}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [UDP Query User{3B042E80-EF41-4180-9231-0CD57C64EB22}G:\steam library\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe] => (Allow) G:\steam library\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe => No File
FirewallRules: [TCP Query User{96732A90-2CB3-4F66-AF08-67107EC465EA}G:\steam library\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe] => (Allow) G:\steam library\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe => No File
FirewallRules: [{5FB29185-3694-4A3D-A5EC-7A94E686DE36}] => (Allow) G:\STEAM Library\SteamApps\common\Counter-Strike Global Offensive\csgo.exe => No File
FirewallRules: [{33C65872-C67B-45A9-8C50-A78C24835A46}] => (Allow) G:\STEAM Library\SteamApps\common\Counter-Strike Global Offensive\csgo.exe => No File
FirewallRules: [UDP Query User{BC720004-B591-4991-8CBC-09F255FA6D8E}C:\users\winki\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\winki\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{321C0D19-4A92-47DD-805F-E69FC4C43937}C:\users\winki\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\winki\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{82D90212-31DA-46C8-B17F-AE1F76F36B90}C:\users\winki\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\winki\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [TCP Query User{AD992CC5-1007-4A75-AAC1-46896643960E}C:\users\winki\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\winki\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [UDP Query User{98448801-6A94-4FDC-8753-0FA7E26387A0}C:\users\winki\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\winki\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{4640D0CC-06A5-4E12-9C68-4EE592A2EDD4}C:\users\winki\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\winki\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{D73785E6-F57E-4BB3-8E14-28658E56A164}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{3950A9A0-3AEB-45E2-918A-CD5A2E1E7DB2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{40A88AC0-48C7-4136-805A-B53F0DE10C8A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{CF014B45-129E-4139-A760-D7655A86EFF2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{74F693CD-A7C5-4666-953D-9817E47A3976}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A93CD9CE-565C-4E84-A2C4-7707613FE3A7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0FC46975-F27B-4599-A3CB-C05A89ADF97E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D18E68F1-86A8-4B5C-A038-4B99FEC095DB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2C2F5385-3762-4692-8FE3-39892BB0DB0A}] => (Allow) G:\ORIGIN\DOWNLOAD\Battlefield 1\bf1Trial.exe => No File
FirewallRules: [{D0548856-DD0B-4974-B77D-ABF9FC101DCF}] => (Allow) G:\ORIGIN\DOWNLOAD\Battlefield 1\bf1Trial.exe => No File
FirewallRules: [{A22787EB-FE2E-4490-8F2C-532C37D9C571}] => (Allow) G:\ORIGIN\DOWNLOAD\Battlefield 1\bf1.exe => No File
FirewallRules: [{4AE780DE-58DE-425E-8602-F394D398E881}] => (Allow) G:\ORIGIN\DOWNLOAD\Battlefield 1\bf1.exe => No File
FirewallRules: [{3D66F668-1BD2-4829-939B-EE058CD1FBF2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{EB5FF2BB-D37D-44BF-82B9-E75EA1633F71}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{EB510BBF-B05B-4D0C-9482-7FEBE9029E83}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A4753161-2B8C-4C6D-9017-00F3ABA24D98}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{24164311-B2FF-453F-A72B-B7B96213BE52}C:\program files\multibit hd\multibit-hd.exe] => (Allow) C:\program files\multibit hd\multibit-hd.exe () [File not signed]
FirewallRules: [UDP Query User{6FE118C4-47F6-4772-9E3D-E0F390D8AC3F}C:\program files\multibit hd\multibit-hd.exe] => (Allow) C:\program files\multibit hd\multibit-hd.exe () [File not signed]
FirewallRules: [TCP Query User{C92F4E0C-A7EA-4CCE-AAFF-6FB93F1A33DA}C:\users\winki\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\winki\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{4B81A7F8-A47F-464C-8AE7-48F27FFEFB9E}C:\users\winki\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\winki\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{0480E7B9-017A-4765-BA5C-8BB937FCC4F3}C:\users\winki\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\winki\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [UDP Query User{76DCFC87-3ACD-43AA-81BC-DACAEFA973AD}C:\users\winki\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\winki\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [TCP Query User{70C86191-A7B3-4C9A-9262-CFB5ECA36A94}C:\users\winki\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\winki\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{97B5893F-ED46-4BB9-9A2D-503A0B40F6E1}C:\users\winki\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\winki\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{52DDF782-1ED1-42E9-A542-8528B0E269F1}C:\program files\adobe\adobe after effects cc 2017\support files\afterfx.exe] => (Allow) C:\program files\adobe\adobe after effects cc 2017\support files\afterfx.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
FirewallRules: [UDP Query User{3FE3F6F6-C05E-4B84-AE3A-8149631D26AB}C:\program files\adobe\adobe after effects cc 2017\support files\afterfx.exe] => (Allow) C:\program files\adobe\adobe after effects cc 2017\support files\afterfx.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
FirewallRules: [TCP Query User{5733D149-3032-448F-A321-CE3F6F7A7071}G:\steam library\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) G:\steam library\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe => No File
FirewallRules: [UDP Query User{629C5957-8A9F-4ACE-867F-B6F52A6F304F}G:\steam library\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) G:\steam library\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe => No File
FirewallRules: [TCP Query User{2E0CD233-F733-4273-9F4C-D8A6E6FF55BD}C:\program files\multibit hd\multibit-hd.exe] => (Allow) C:\program files\multibit hd\multibit-hd.exe () [File not signed]
FirewallRules: [UDP Query User{3CEFF28C-33A9-475C-A3D6-D75E222E01C0}C:\program files\multibit hd\multibit-hd.exe] => (Allow) C:\program files\multibit hd\multibit-hd.exe () [File not signed]
FirewallRules: [{0BA9BC29-DF64-42CB-BD0B-FB0B15853978}] => (Allow) G:\STEAM Library\SteamApps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe => No File
FirewallRules: [{08E7DBBC-9BC6-47B4-AA38-D339B27C4DA1}] => (Allow) G:\STEAM Library\SteamApps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe => No File
FirewallRules: [TCP Query User{AC6B54F1-F24A-4D49-930D-AD8EE1F58288}C:\program files (x86)\fontforgebuilds\bin\vcxsrv\vcxsrv.exe] => (Allow) C:\program files (x86)\fontforgebuilds\bin\vcxsrv\vcxsrv.exe () [File not signed]
FirewallRules: [UDP Query User{61F5218F-6F20-4D08-9FA7-D4FEFA8C3319}C:\program files (x86)\fontforgebuilds\bin\vcxsrv\vcxsrv.exe] => (Allow) C:\program files (x86)\fontforgebuilds\bin\vcxsrv\vcxsrv.exe () [File not signed]
FirewallRules: [{28036375-0B3C-421D-8420-A4F9476A675C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BBE87F96-C1C6-470E-8B1D-FF975EFD6CB2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{76DD6E0D-11E1-47AD-87E9-9F7742E87271}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6DEC1814-18BB-4277-B53F-CA6B8AEA1A4F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{777339A6-2E89-435D-B5C5-BD24789DE2C2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{87183634-1B1F-40CC-A6F4-934ADC3342FE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{A20F4D63-C417-4B42-9350-4C4E1A5D1A33}D:\games\vampyr\avgame\binaries\win64\avgame-win64-shipping.exe] => (Block) D:\games\vampyr\avgame\binaries\win64\avgame-win64-shipping.exe => No File
FirewallRules: [UDP Query User{CE3D5D18-7BE1-47F1-935A-745F0A4D4546}D:\games\vampyr\avgame\binaries\win64\avgame-win64-shipping.exe] => (Block) D:\games\vampyr\avgame\binaries\win64\avgame-win64-shipping.exe => No File
FirewallRules: [{3F5D9630-D9B7-46F5-ABDC-D067A7F89DAF}] => (Allow) G:\STEAM Library\SteamApps\common\Football Tactics Demo\game.exe => No File
FirewallRules: [{4BDB7126-F233-4EF4-8598-3F65B0676AA6}] => (Allow) G:\STEAM Library\SteamApps\common\Football Tactics Demo\game.exe => No File
FirewallRules: [{16722EAD-07E5-4537-A614-69CC3AA25550}] => (Allow) G:\STEAM Library\SteamApps\common\FarCry5\bin\ArcadeEditor64.exe => No File
FirewallRules: [{DE9FB1E8-DCEC-45A4-9B41-9F50EC2F9B99}] => (Allow) G:\STEAM Library\SteamApps\common\FarCry5\bin\ArcadeEditor64.exe => No File
FirewallRules: [{B623CAE5-BD03-4CA8-8D9E-47FA6164DDF9}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.)
FirewallRules: [TCP Query User{B232DCA9-EC18-4B34-B1B3-865B7C8F56F1}C:\program files\crucial\crucial storage executive\java\bin\javaw.exe] => (Allow) C:\program files\crucial\crucial storage executive\java\bin\javaw.exe
FirewallRules: [UDP Query User{70B1534E-F5EE-46DB-AE23-AEF48404E2B2}C:\program files\crucial\crucial storage executive\java\bin\javaw.exe] => (Allow) C:\program files\crucial\crucial storage executive\java\bin\javaw.exe
FirewallRules: [TCP Query User{69E7DD0E-E56E-48A8-9244-C1148DB8317E}C:\program files\adobe\adobe photoshop cc 2017\required\dynamiclinkmediaserver\amecommand.exe] => (Block) C:\program files\adobe\adobe photoshop cc 2017\required\dynamiclinkmediaserver\amecommand.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
FirewallRules: [UDP Query User{DD8B28D5-4ECE-4034-91E8-BF9BAAE76D36}C:\program files\adobe\adobe photoshop cc 2017\required\dynamiclinkmediaserver\amecommand.exe] => (Block) C:\program files\adobe\adobe photoshop cc 2017\required\dynamiclinkmediaserver\amecommand.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
FirewallRules: [{96EB2E45-8869-4EBE-BEF6-9517348F045F}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8CE72AEB-2252-4402-8476-98963A87FBE1}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FB281968-A753-4D67-83ED-C143B85AD3F4}] => (Allow) C:\Users\winki\AppData\Roaming\uTorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{A47FDDDB-A196-44C6-9412-64378A364BB7}] => (Allow) C:\Users\winki\AppData\Roaming\uTorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{E589E35C-F7BD-44D1-833C-4E3954174AEC}] => (Allow) G:\STEAM Library\SteamApps\common\Desperados Wanted Dead or Alive\desperados.exe => No File
FirewallRules: [{AE5340C3-D8B5-487D-8569-521B1C3B9923}] => (Allow) G:\STEAM Library\SteamApps\common\Desperados Wanted Dead or Alive\desperados.exe => No File
FirewallRules: [{E421A2D8-BF18-43C8-BFFC-2177AE3565BC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{FCF9A245-AD99-4BAF-8CFB-2B0E7376301F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{B2D2AA65-844F-41A9-8FA9-56D87439A051}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{ABBC9076-091F-459B-B6EA-F256DC001CE9}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{981EBEB2-C33D-4ABB-BBCB-BE4B7D524A03}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1987EECD-1950-4C74-B5C2-3011B31D30E9}] => (Allow) LPort=2869
FirewallRules: [{A4CFA20E-A863-419E-85B1-FC2159BDD382}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{0194A920-600A-4472-913E-A3ABD71CF2EC}G:\hry\foundation.early.access\foundation\foundation.exe] => (Allow) G:\hry\foundation.early.access\foundation\foundation.exe => No File
FirewallRules: [UDP Query User{D432268D-8DDE-40F8-99FB-DC26DA5C884E}G:\hry\foundation.early.access\foundation\foundation.exe] => (Allow) G:\hry\foundation.early.access\foundation\foundation.exe => No File
FirewallRules: [{8F851BC9-D613-44AE-869C-E9E4598AA0D8}] => (Allow) G:\STEAM Library\SteamApps\common\Production Line\ProductionLine.exe => No File
FirewallRules: [{87719851-FD60-4E1C-9A04-DCE31E864214}] => (Allow) G:\STEAM Library\SteamApps\common\Production Line\ProductionLine.exe => No File
FirewallRules: [TCP Query User{7E398FA9-D8FE-49D1-8AD0-7471DEF60F29}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{9C8320E6-489E-4626-A679-65789BDA8891}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{1237AF2F-5865-4E29-9CCE-9D246098EFB2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{995C095B-24E1-4247-A296-359FD5D40648}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{9A5F928E-7B76-46CE-99BC-76BB8DADF46B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{92EFB39E-5D0D-4337-8242-446B61C31D6A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{DB7DF9CB-7F3D-42DF-930C-70651C48FC6A}] => (Allow) G:\STEAM Library\SteamApps\common\Factorio\bin\x64\factorio.exe => No File
FirewallRules: [{E267FE67-09EF-4BC4-AB3B-A099D807C552}] => (Allow) G:\STEAM Library\SteamApps\common\Factorio\bin\x64\factorio.exe => No File
FirewallRules: [TCP Query User{AC134181-674B-442D-81D7-B3CB2AAF17F8}C:\users\winki\appdata\local\chia-blockchain\app-1.1.5\resources\app.asar.unpacked\daemon\start_farmer.exe] => (Allow) C:\users\winki\appdata\local\chia-blockchain\app-1.1.5\resources\app.asar.unpacked\daemon\start_farmer.exe => No File
FirewallRules: [UDP Query User{BC36A58E-76F7-405D-B77A-972F99353008}C:\users\winki\appdata\local\chia-blockchain\app-1.1.5\resources\app.asar.unpacked\daemon\start_farmer.exe] => (Allow) C:\users\winki\appdata\local\chia-blockchain\app-1.1.5\resources\app.asar.unpacked\daemon\start_farmer.exe => No File
FirewallRules: [TCP Query User{7567D16C-3206-4164-A56C-8BD4B68F62CA}C:\users\winki\appdata\local\chia-blockchain\app-1.1.5\resources\app.asar.unpacked\daemon\start_full_node.exe] => (Allow) C:\users\winki\appdata\local\chia-blockchain\app-1.1.5\resources\app.asar.unpacked\daemon\start_full_node.exe => No File
FirewallRules: [UDP Query User{B72672E9-CAD8-44E4-A015-17EDB189A6A6}C:\users\winki\appdata\local\chia-blockchain\app-1.1.5\resources\app.asar.unpacked\daemon\start_full_node.exe] => (Allow) C:\users\winki\appdata\local\chia-blockchain\app-1.1.5\resources\app.asar.unpacked\daemon\start_full_node.exe => No File
FirewallRules: [{853332CE-3EE2-40A3-A5EB-7F27186ECF64}] => (Allow) E:\SteamLibrary\steamapps\common\Planet Zoo\PlanetZoo.exe (Frontier Developments) [File not signed]
FirewallRules: [{DA5BE6CC-6A12-49DF-81BA-DC87A0B59890}] => (Allow) E:\SteamLibrary\steamapps\common\Planet Zoo\PlanetZoo.exe (Frontier Developments) [File not signed]
FirewallRules: [TCP Query User{481C4EF9-CB4C-4D59-A208-22D177D94059}K:7\flightsimulator.exe] => (Allow) K:7\flightsimulator.exe => No File
FirewallRules: [UDP Query User{1AE3EB92-EC85-4663-AB44-BCD7E3B33C60}K:7\flightsimulator.exe] => (Allow) K:7\flightsimulator.exe => No File
FirewallRules: [TCP Query User{B8C2CD7F-6B67-4986-8FBD-C29C69AE4EDF}H:\games\sniper ghost warrior contracts 2\win_x64\sgwcontracts2.exe] => (Block) H:\games\sniper ghost warrior contracts 2\win_x64\sgwcontracts2.exe => No File
FirewallRules: [UDP Query User{3D8159EC-4410-46E0-A1BA-7EB0D34E0C8F}H:\games\sniper ghost warrior contracts 2\win_x64\sgwcontracts2.exe] => (Block) H:\games\sniper ghost warrior contracts 2\win_x64\sgwcontracts2.exe => No File
FirewallRules: [TCP Query User{94BBD6BB-F129-4DDD-8F6D-FFBE380EADF5}H:\steamlibrary\steamapps\common\fifa 21\fifa21.exe] => (Allow) H:\steamlibrary\steamapps\common\fifa 21\fifa21.exe => No File
FirewallRules: [UDP Query User{3C876C09-1C34-4394-81CD-38263710CA4E}H:\steamlibrary\steamapps\common\fifa 21\fifa21.exe] => (Allow) H:\steamlibrary\steamapps\common\fifa 21\fifa21.exe => No File
FirewallRules: [TCP Query User{0A184AF5-90DC-4AD8-8B23-127FB59AEBC3}C:\users\winki\appdata\local\chia-blockchain\app-1.1.7\resources\app.asar.unpacked\daemon\start_farmer.exe] => (Allow) C:\users\winki\appdata\local\chia-blockchain\app-1.1.7\resources\app.asar.unpacked\daemon\start_farmer.exe (CHIA NETWORK INC. -> )
FirewallRules: [UDP Query User{4F98B66C-A239-4D02-8F1D-8056E6644A9F}C:\users\winki\appdata\local\chia-blockchain\app-1.1.7\resources\app.asar.unpacked\daemon\start_farmer.exe] => (Allow) C:\users\winki\appdata\local\chia-blockchain\app-1.1.7\resources\app.asar.unpacked\daemon\start_farmer.exe (CHIA NETWORK INC. -> )
FirewallRules: [TCP Query User{3604C6F7-C39D-4276-A739-3087BC9B4096}C:\users\winki\appdata\local\chia-blockchain\app-1.1.7\resources\app.asar.unpacked\daemon\start_full_node.exe] => (Allow) C:\users\winki\appdata\local\chia-blockchain\app-1.1.7\resources\app.asar.unpacked\daemon\start_full_node.exe (CHIA NETWORK INC. -> )
FirewallRules: [UDP Query User{C28C3F18-00AF-42A7-8553-81415503AECE}C:\users\winki\appdata\local\chia-blockchain\app-1.1.7\resources\app.asar.unpacked\daemon\start_full_node.exe] => (Allow) C:\users\winki\appdata\local\chia-blockchain\app-1.1.7\resources\app.asar.unpacked\daemon\start_full_node.exe (CHIA NETWORK INC. -> )
FirewallRules: [{AF650B7F-4C27-4080-8306-5712572FB372}] => (Allow) H:\SteamLibrary\steamapps\common\Gas Station Simulator - Early Days\GSS2.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{A9E48391-1CCF-4BD5-8520-EFCED627C075}] => (Allow) H:\SteamLibrary\steamapps\common\Gas Station Simulator - Early Days\GSS2.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [TCP Query User{E7D01ABD-8402-4972-B31A-4AE2458BEB5E}G:\hry\mini.motorways\mini.motorways\mini motorways\mini motorways.exe] => (Block) G:\hry\mini.motorways\mini.motorways\mini motorways\mini motorways.exe () [File not signed]
FirewallRules: [UDP Query User{77CA0E98-FD1B-4776-86B8-BFE018C99EC0}G:\hry\mini.motorways\mini.motorways\mini motorways\mini motorways.exe] => (Block) G:\hry\mini.motorways\mini.motorways\mini motorways\mini motorways.exe () [File not signed]
FirewallRules: [{B25F81CA-E109-4993-B4F7-919C6A85E21A}] => (Allow) H:\SteamLibrary\steamapps\common\PapersPlease\PapersPlease.exe () [File not signed]
FirewallRules: [{218F28B3-904E-4499-934B-CD0F9545EB2C}] => (Allow) H:\SteamLibrary\steamapps\common\PapersPlease\PapersPlease.exe () [File not signed]
FirewallRules: [{306AFC88-7E91-4CA5-A479-7D13CA3C1124}] => (Allow) K:\SteamLibrary\steamapps\common\PapersPlease\PapersPlease.exe () [File not signed]
FirewallRules: [{4811FDA1-3B7E-4692-9C1C-6DE4C0F69535}] => (Allow) K:\SteamLibrary\steamapps\common\PapersPlease\PapersPlease.exe () [File not signed]
FirewallRules: [{948C15AA-CD49-44CF-95FB-A12EFF543BD3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{34F342DE-44CF-4170-AF62-8A97F6094471}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FA64D215-82D1-4FE0-AEF9-B8A2D1456E11}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{886092C7-E882-441D-B727-83D940F52A77}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5EAB39AD-DDCD-4876-9590-97D8E82955EE}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{585E418A-A565-4455-A19C-01C1381BFC97}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{1749CB2C-943E-4C2F-9415-87A17BD6A6DE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F8A3C8FD-4F19-4CD8-BB56-4229E57AE990}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{62C9C2EE-422F-4F68-90FA-3B6ED4FEF19F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{049E8D22-4680-4D47-A28F-C70D1E472B55}] => (Allow) K:\SteamLibrary\steamapps\common\Gas Station Simulator\GSS2.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{C7AF6440-F81A-4E98-9CC4-5D2F3F89B022}] => (Allow) K:\SteamLibrary\steamapps\common\Gas Station Simulator\GSS2.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{52C3161A-2160-4EF9-8756-BF03E7C49B18}] => (Allow) C:\Program Files\Opera\79.0.4143.50\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{81F08A38-30B9-44FC-8FE0-38A0D38B1FBE}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\94.0.992.38\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4C932917-4206-4FA7-83AF-EB227CA9382D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{64E9F5ED-2A98-46B4-8072-C5FC6C80C472}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{3DE85681-F361-4BAC-90BE-654483C95EB5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{37F3DEFB-4B6D-4108-9F08-A614F3A7C5FD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{A72CC295-1251-42E9-849C-EB952BA5E5CA}] => (Allow) C:\Program Files\Opera\79.0.4143.72\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{F42EA774-545D-4FCE-91F1-4E9761F18D94}] => (Allow) E:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win64\RocketLeague.exe (Psyonix, LLC) [File not signed] [File is in use]
FirewallRules: [{D14432E9-89B7-4BEA-8C68-F0565150D4C6}] => (Allow) E:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win64\RocketLeague.exe (Psyonix, LLC) [File not signed] [File is in use]
FirewallRules: [TCP Query User{6A8BC594-99B4-4DED-AE43-D90E2AD43FD6}K:\steamlibrary\steamapps\common\battlefield 2042 open beta\bf.exe] => (Allow) K:\steamlibrary\steamapps\common\battlefield 2042 open beta\bf.exe (Electronic Arts, Inc. -> EA Digital Illusions CE AB)
FirewallRules: [UDP Query User{67BB9519-F5A7-40AF-AA0B-7280C5453C11}K:\steamlibrary\steamapps\common\battlefield 2042 open beta\bf.exe] => (Allow) K:\steamlibrary\steamapps\common\battlefield 2042 open beta\bf.exe (Electronic Arts, Inc. -> EA Digital Illusions CE AB)
FirewallRules: [{31D86E91-299D-43F6-95F4-758B91128EA5}] => (Allow) K:\Games\Far Cry 6\bin\FarCry6.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft Entertainment)
FirewallRules: [{16DAF5E8-C00C-4B04-B394-CCCC51ADC6C4}] => (Allow) K:\Games\Far Cry 6\bin\FarCry6.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft Entertainment)
FirewallRules: [{0CCC9882-3C29-4A09-9099-369C84D5E89C}] => (Allow) K:\Games\Far Cry 6\bin_plus\FarCry6.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft Entertainment)
FirewallRules: [{AD281155-4570-4EBC-9254-31D9C124EE89}] => (Allow) K:\Games\Far Cry 6\bin_plus\FarCry6.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft Entertainment)
FirewallRules: [{9A0C3674-D2B4-42FC-9364-280CCAB5CB2E}] => (Allow) E:\SteamLibrary\steamapps\common\Factorio\bin\x64\factorio.exe (Wube Software) [File not signed]
FirewallRules: [{F14D9FCD-C0D8-44E3-9BFE-A92CB1895174}] => (Allow) E:\SteamLibrary\steamapps\common\Factorio\bin\x64\factorio.exe (Wube Software) [File not signed]
FirewallRules: [{4397833A-A84B-4D6D-813A-22A4CF3D91E7}] => (Allow) E:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{CC904883-D654-4CF1-A7D7-AEE206F45576}] => (Allow) E:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{7FFA999C-0BAA-49CD-A81C-A9F086A836B8}] => (Allow) E:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{5596212C-A97F-4E71-9010-949DB11DB596}] => (Allow) E:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)

==================== Restore Points =========================

08-10-2021 11:54:32 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices ============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (10/11/2021 04:50:39 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na TOMAŠ (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (10/11/2021 03:57:03 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na TOMAŠ (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (10/11/2021 02:29:35 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro C:\Users\winki\AppData\Local\Chromium\Application\chrome.exe se nezdařilo.
Závislé sestavení 63.0.3237.0,language="&#x2a;",type="win32",version="63.0.3237.0" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (10/11/2021 12:48:42 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (10/10/2021 10:03:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: RocketLeague.exe, verze: 1.0.10897.0, časové razítko: 0x61527f30
Název chybujícího modulu: EOSSDK-Win64-Shipping.dll, verze: 1.13.0.0, časové razítko: 0x61252e78
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000407dcf
ID chybujícího procesu: 0x19b8
Čas spuštění chybující aplikace: 0x01d7be0c6265da16
Cesta k chybující aplikaci: E:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win64\RocketLeague.exe
Cesta k chybujícímu modulu: E:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win64\EOSSDK-Win64-Shipping.dll
ID zprávy: ebef4b84-390c-4dce-85c0-5043c4ad3b03
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (10/10/2021 07:26:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: RocketLeague.exe, verze: 1.0.10897.0, časové razítko: 0x61527f30
Název chybujícího modulu: EOSSDK-Win64-Shipping.dll, verze: 1.13.0.0, časové razítko: 0x61252e78
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000407dcf
ID chybujícího procesu: 0x143c
Čas spuštění chybující aplikace: 0x01d7bdf7ecba3fe8
Cesta k chybující aplikaci: E:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win64\RocketLeague.exe
Cesta k chybujícímu modulu: E:\SteamLibrary\steamapps\common\rocketleague\Binaries\Win64\EOSSDK-Win64-Shipping.dll
ID zprávy: 0509f4f1-ca6f-4fde-879c-9da0b5010049
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (10/10/2021 05:59:54 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro C:\Users\winki\AppData\Local\Chromium\Application\chrome.exe se nezdařilo.
Závislé sestavení 63.0.3237.0,language="&#x2a;",type="win32",version="63.0.3237.0" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (10/10/2021 03:06:20 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro C:\Users\winki\AppData\Local\Chromium\Application\chrome.exe se nezdařilo.
Závislé sestavení 63.0.3237.0,language="&#x2a;",type="win32",version="63.0.3237.0" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.


System errors:
=============
Error: (10/11/2021 03:58:35 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80073d02): 9MV0B5HZVK9Z-Microsoft.GamingApp.

Error: (10/11/2021 03:58:26 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80073d02): 9NZKPSTSNW4P-Microsoft.XboxGamingOverlay.

Error: (10/08/2021 11:50:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA LocalSystem Container byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 6000 milisekund: Restartovat službu.

Error: (10/08/2021 11:50:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba NVIDIA LocalSystem Container byla ukončena s následující chybou:
Obecný spustitelný příkaz vrátil výsledek označující selhání.

Error: (10/08/2021 12:11:52 AM) (Source: DCOM) (EventID: 10000) (User: DESKTOP-0S50FER)
Description: Nelze spustit server DCOM: {0358B920-0AC7-461F-98F4-58E32CD89148}. Došlo k chybě:
2147942767
při provádění příkazu:
C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (10/07/2021 04:14:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Steam Client Service neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (10/07/2021 04:14:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Steam Client Service bylo dosaženo časového limitu (30000 ms).

Error: (10/07/2021 12:20:31 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80073d02): 9MWPM2CQNLHN-Microsoft.GamingServices.


Windows Defender:
================
Date: 2021-10-11 16:00:29
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {355D8943-5327-415F-AA13-B579093485D0}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-10-08 00:57:28
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {16C57CC9-66B5-43C5-B990-2D738D011D44}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Úplné prohledávání
Uživatel: DESKTOP-0S50FER\winki

Date: 2021-10-07 15:36:56
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {7AEF4776-563C-4D28-9AFA-C46C7A2C6B16}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-10-07 12:23:05
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {266001C3-D81C-45D3-907B-A6A738DC620E}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-10-05 16:52:12
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {C9D32EFB-2FF7-473C-BC15-4DA5FBFC3E4C}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

CodeIntegrity:
===============
Date: 2021-10-11 16:23:25
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Mozilla Firefox\firefox.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. V1.3 06/06/2013
Motherboard: MSI Z87-G43 (MS-7816)
Processor: Intel(R) Core(TM) i7-4770K CPU @ 3.50GHz
Percentage of memory in use: 39%
Total physical RAM: 32712.05 MB
Available physical RAM: 19815.98 MB
Total Virtual: 37576.05 MB
Available Virtual: 20111.99 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.13 GB) (Free:215.76 GB) NTFS
Drive d: (TOMAŠ) (Fixed) (Total:78.12 GB) (Free:20.99 GB) NTFS
Drive e: (DATA II) (Fixed) (Total:1863.01 GB) (Free:359.31 GB) NTFS
Drive f: (DAVID) (Fixed) (Total:146.48 GB) (Free:142.14 GB) NTFS
Drive g: (DATA) (Fixed) (Total:1638.4 GB) (Free:309.19 GB) NTFS
Drive h: (SSD) (Fixed) (Total:111.79 GB) (Free:84.36 GB) NTFS
Drive i: (AE) (Fixed) (Total:119.24 GB) (Free:75.36 GB) NTFS
Drive j: (Chia) (Fixed) (Total:3725.99 GB) (Free:76.4 GB) NTFS
Drive k: (SSD 1TB) (Fixed) (Total:953.87 GB) (Free:451.42 GB) NTFS

\\?\Volume{609ec42c-0000-0000-0080-000000000000}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{947c07af-575c-588f-8330-9332f450bc9d}\ () (Fixed) (Total:41.56 GB) (Free:0 GB) NTFS
\\?\Volume{7e8a192f-53d3-82e6-50ae-cf7d7e7f54d7}\ () (Fixed) (Total:1.12 GB) (Free:0 GB) NTFS
\\?\Volume{609ec42c-0000-0000-0000-804e74000000}\ () (Fixed) (Total:0.53 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 609EC42C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=545 MB) - (Type=27)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 119.2 GB) (Disk ID: F41F2085)
Partition 1: (Active) - (Size=119.2 GB) - (Type=42)
Partition 2: (Not Active) - (Size=313 KB) - (Type=42)

==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 339FA51A)
Partition 1: (Not Active) - (Size=78.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1638.4 GB) - (Type=07 NTFS)

==========================================================
Disk: 3 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: B37CEE99)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==========================================================
Disk: 4 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: EB4C3A42)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS)

==========================================================
Disk: 5 (MBR Code: Windows 7/8/10) (Size: 953.9 GB) (Disk ID: 59C77ABE)
Partition 1: (Not Active) - (Size=953.9 GB) - (Type=07 NTFS)

==========================================================
Disk: 6 (Size: 3726 GB) (Disk ID: 16F2A91F)

Partition: GPT.
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 7.
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 8.

==================== End of Addition.txt =======================

Re: Kontrola po spuštění fake aplikace (Phishing)

Napsal: 11 říj 2021 20:07
od Rudy
OK. Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{46406D82-6EC0-47CC-8A75-1F33C6DEDBBE}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.35.442\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{540C17A8-04F2-4B66-95D7-B2FEF9A19B54}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.35.422\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{6D264B70-DA18-401D-910C-B202D89670C6}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.36.32\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{84EB3779-151B-4C71-AEF0-A0FEE9481401}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.35.342\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{86508D42-E5D7-4D10-9C6F-D427AEEB85B5}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.34.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{8B480070-D37D-4090-A063-7A429F849652}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.36.93\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{BE5C2E39-090F-46A2-AFAA-47540743B4FE}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.36.102\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{CA8FA699-91CD-412F-9D13-9B1222F4370E}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.36.82\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{CA919489-0396-4164-A6E7-94CDED45A707}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.36.52\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{DEDF773D-E27B-485E-8E7D-85C5B0EB5A67}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.36.72\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
AlternateDataStreams: C:\ProgramData\TEMP:4FC01C57 [294]
AlternateDataStreams: C:\Users\winki\Desktop\Metro: 2033 Redux.url [269]
FirewallRules: [UDP Query User{712E6954-992E-4ADE-872E-401F36F95A9E}A:0\users\winki\appdata\local\google\chrome\application\chrome.exe] => (Allow) A:0\users\winki\appdata\local\google\chrome\application\chrome.exe => No File
FirewallRules: [TCP Query User{4E9BC4ED-1BED-4EFF-BDF9-3B0CB75BBC59}A:0\users\winki\appdata\local\google\chrome\application\chrome.exe] => (Allow) A:0\users\winki\appdata\local\google\chrome\application\chrome.exe => No File
FirewallRules: [{551C27F3-3016-49B0-ABE1-D54834201848}] => (Allow) C:\Program Files (x86)\AOMEI\AOMEI Backupper\6.5.0\ABService.exe => No File
FirewallRules: [{91AB568A-6D21-476A-80F0-C73A3989D3F7}] => (Allow) C:\Program Files (x86)\AOMEI\AOMEI Backupper\6.5.0\ABService.exe => No File
FirewallRules: [UDP Query User{35861AA1-490B-4515-B118-78A1F3AB0C1C}C:\users\winki\appdata\local\chia-blockchain\app-1.1.4\resources\app.asar.unpacked\daemon\start_farmer.exe] => (Allow) C:\users\winki\appdata\local\chia-blockchain\app-1.1.4\resources\app.asar.unpacked\daemon\start_farmer.exe => No File
FirewallRules: [TCP Query User{E226A334-7229-4576-8693-9CDA80D512A1}C:\users\winki\appdata\local\chia-blockchain\app-1.1.4\resources\app.asar.unpacked\daemon\start_farmer.exe] => (Allow) C:\users\winki\appdata\local\chia-blockchain\app-1.1.4\resources\app.asar.unpacked\daemon\start_farmer.exe => No File
FirewallRules: [UDP Query User{2EB280D9-7230-411C-B0A8-473AEE45209E}C:\users\winki\appdata\local\chia-blockchain\app-1.1.4\resources\app.asar.unpacked\daemon\start_full_node.exe] => (Allow) C:\users\winki\appdata\local\chia-blockchain\app-1.1.4\resources\app.asar.unpacked\daemon\start_full_node.exe => No File
FirewallRules: [TCP Query User{61A9A55B-1C87-40B7-AF4C-3CA21FA3E964}C:\users\winki\appdata\local\chia-blockchain\app-1.1.4\resources\app.asar.unpacked\daemon\start_full_node.exe] => (Allow) C:\users\winki\appdata\local\chia-blockchain\app-1.1.4\resources\app.asar.unpacked\daemon\start_full_node.exe => No File
FirewallRules: [{DF2E0085-55DC-43EB-A72A-04A6B40178DA}] => (Allow) E:\SteamLibrary\steamapps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe => No File
FirewallRules: [{974A3A82-8203-49D8-B4AE-50934E756C60}] => (Allow) E:\SteamLibrary\steamapps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe => No File
FirewallRules: [UDP Query User{A5F04EF0-884C-4754-9A17-C72F9C6BCCA9}D:\games\city car driving\bin\win32\starter.exe] => (Block) D:\games\city car driving\bin\win32\starter.exe => No File
FirewallRules: [TCP Query User{FA056E0D-F5EB-4C31-B5CC-B241F3912E94}D:\games\city car driving\bin\win32\starter.exe] => (Block) D:\games\city car driving\bin\win32\starter.exe => No File
FirewallRules: [UDP Query User{4E5FD0AA-C28F-4B5D-96FB-90D855D0EFF7}E:\hry\instal\instal\the sims 4 snowy escape\game\bin\ts4_x64.exe] => (Block) E:\hry\instal\instal\the sims 4 snowy escape\game\bin\ts4_x64.exe => No File
FirewallRules: [TCP Query User{026527F2-C00B-4784-8404-298E56142F81}E:\hry\instal\instal\the sims 4 snowy escape\game\bin\ts4_x64.exe] => (Block) E:\hry\instal\instal\the sims 4 snowy escape\game\bin\ts4_x64.exe => No File
FirewallRules: [UDP Query User{7391A361-D1D0-4479-BFCD-344566ACCE06}E:\hry\instal\the sims 4 snowy escape\game\bin\ts4_x64.exe] => (Block) E:\hry\instal\the sims 4 snowy escape\game\bin\ts4_x64.exe => No File
FirewallRules: [TCP Query User{E17268C9-0DAF-4DB1-B93D-43C22D2739EE}E:\hry\instal\the sims 4 snowy escape\game\bin\ts4_x64.exe] => (Block) E:\hry\instal\the sims 4 snowy escape\game\bin\ts4_x64.exe => No File
FirewallRules: [UDP Query User{EE171875-6B91-4028-B430-14B53C699ADD}E:\hry\instal\instal\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Block) E:\hry\instal\instal\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [TCP Query User{C55BAC28-86FD-4DC6-AFAA-6D35DF8186F9}E:\hry\instal\instal\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Block) E:\hry\instal\instal\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [UDP Query User{D9718FCE-94D5-4254-B194-7F90CE057566}I:\hry\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Block) I:\hry\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [TCP Query User{3D35A7A2-382D-4477-BDC8-227532AC2F6A}I:\hry\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Block) I:\hry\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [{2D891445-E443-46E9-96F9-8C0ABA05D396}] => (Allow) E:\SteamLibrary\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe => No File
FirewallRules: [{67A4408F-681D-4AB1-96D9-429DBBA515EC}] => (Allow) E:\SteamLibrary\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe => No File
FirewallRules: [{353FC105-B594-4FA7-A80A-7631AE5418AA}] => (Allow) E:\UPLAY Game\Assassin's Creed Valhalla\ACValhalla_Plus.exe => No File
FirewallRules: [TCP Query User{6C532995-BF06-4F25-837F-257347D0C454}E:\uplay game\anno 1800\bin\win64\anno1800_plus.exe] => (Allow) E:\uplay game\anno 1800\bin\win64\anno1800_plus.exe => No File
FirewallRules: [{DE09F60F-5EEF-4CE2-A89A-BBA62BFF1E5C}] => (Allow) E:\UPLAY Game\Anno 1800\Bin\Win64\Anno1800.exe => No File
FirewallRules: [{7D451BEF-9906-41D7-9E6D-2570E2E96285}] => (Allow) E:\SteamLibrary\steamapps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe => No File
FirewallRules: [{939EA703-6FBB-4334-BF1E-185A556DE519}] => (Allow) E:\SteamLibrary\steamapps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe => No File
FirewallRules: [{73C8EE0F-1A90-4848-9D31-E4ECE7990A9D}] => (Allow) E:\SteamLibrary\steamapps\common\rocketleague\Binaries\RocketLeague.exe => No File
FirewallRules: [{F72C7959-10DF-4337-BBDD-2194573B79B9}] => (Allow) E:\SteamLibrary\steamapps\common\rocketleague\Binaries\RocketLeague.exe => No File
FirewallRules: [{7FCA6964-66E2-46B8-B68B-3B0DA03C93EE}] => (Allow) E:\Hry\Trackmania\trackmania.exe => No File
FirewallRules: [{E4A72B79-FD00-47AF-BA82-7AE5BE5DE867}] => (Allow) E:\Hry\Trackmania\trackmania.exe => No File
FirewallRules: [UDP Query User{0A76A6D9-0CB6-4BAC-8674-F195C9A31E24}E:\hry\good.company.early.access\good company\goodcompany.exe] => (Block) E:\hry\good.company.early.access\good company\goodcompany.exe => No File
FirewallRules: [TCP Query User{34360024-7DB3-4A92-AF2A-B9E9D3C027A7}E:\hry\good.company.early.access\good company\goodcompany.exe] => (Block) E:\hry\good.company.early.access\good company\goodcompany.exe => No File
FirewallRules: [UDP Query User{A72D0A3F-576B-4D07-971E-DC7677454E8A}E:\battle net\call of duty modern warfare\modernwarfare.exe] => (Allow) E:\battle net\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [TCP Query User{FEB3AFA8-7D37-4365-BCA1-76D14B24FC6D}E:\battle net\call of duty modern warfare\modernwarfare.exe] => (Allow) E:\battle net\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [UDP Query User{0DB031E1-A8F1-4E03-A5B1-65400B89BBC0}G:\origin\download\fifa 20\fifa20.exe] => (Allow) G:\origin\download\fifa 20\fifa20.exe => No File
FirewallRules: [TCP Query User{273C28A2-D4DD-4C92-9D8B-F5AD9B6C511A}G:\origin\download\fifa 20\fifa20.exe] => (Allow) G:\origin\download\fifa 20\fifa20.exe => No File
FirewallRules: [UDP Query User{0FA6194E-FDAC-413A-86D9-E17EE36B0318}E:\hry\rebel inc escalation\rebel inc. escalation.exe] => (Allow) E:\hry\rebel inc escalation\rebel inc. escalation.exe => No File
FirewallRules: [TCP Query User{A970B428-E095-4A68-8911-F5C09CBA6433}E:\hry\rebel inc escalation\rebel inc. escalation.exe] => (Allow) E:\hry\rebel inc escalation\rebel inc. escalation.exe => No File
FirewallRules: [UDP Query User{649EBA64-1A17-48DB-805B-F82A1EBD1A3C}E:\battle net\hearthstone\hearthstone.exe] => (Allow) E:\battle net\hearthstone\hearthstone.exe => No File
FirewallRules: [TCP Query User{C5B4F4CE-312B-415A-941F-1AAD4527384B}E:\battle net\hearthstone\hearthstone.exe] => (Allow) E:\battle net\hearthstone\hearthstone.exe => No File
FirewallRules: [UDP Query User{FD7FE6C4-C79B-4903-9EFC-B9628B6AA1F2}E:\battle net\call of duty modern warfare beta\modernwarfare.exe] => (Allow) E:\battle net\call of duty modern warfare beta\modernwarfare.exe => No File
FirewallRules: [TCP Query User{EFD94769-A765-4D5F-87BB-32626B5DB5F3}E:\battle net\call of duty modern warfare beta\modernwarfare.exe] => (Allow) E:\battle net\call of duty modern warfare beta\modernwarfare.exe => No File
FirewallRules: [UDP Query User{859BD477-FDCF-4D97-A669-408AFFA82CF1}E:\origin\fifa 20 demo\fifa20_demo.exe] => (Allow) E:\origin\fifa 20 demo\fifa20_demo.exe => No File
FirewallRules: [TCP Query User{508A4D26-B581-44B2-AB0D-2C4983C538FF}E:\origin\fifa 20 demo\fifa20_demo.exe] => (Allow) E:\origin\fifa 20 demo\fifa20_demo.exe => No File
FirewallRules: [UDP Query User{F3D96B2D-7276-46B8-B8D0-2B546FFCD0E8}E:\origin\fifa 18 demo\fifa18_demo.exe] => (Block) E:\origin\fifa 18 demo\fifa18_demo.exe => No File
FirewallRules: [TCP Query User{1D9494D8-42B6-49DA-9FC0-35F2CD7EAE34}E:\origin\fifa 18 demo\fifa18_demo.exe] => (Block) E:\origin\fifa 18 demo\fifa18_demo.exe => No File
FirewallRules: [{44C6BDC9-F009-4B7C-8988-39DA80968A24}] => (Allow) G:\STEAM Library\SteamApps\common\Project CARS 2\pCARS2.exe => No File
FirewallRules: [{279792C2-FDCF-43A5-A52C-94420DF28B0E}] => (Allow) G:\STEAM Library\SteamApps\common\Project CARS 2\pCARS2.exe => No File
FirewallRules: [{70B595F0-5A7F-4EB2-97CF-051429540B3E}] => (Allow) G:\STEAM Library\SteamApps\common\Factorio\bin\x64\factorio.exe => No File
FirewallRules: [{696DDBBA-0E13-4E84-A7B1-14BE80F22C71}] => (Allow) G:\STEAM Library\SteamApps\common\Factorio\bin\x64\factorio.exe => No File
FirewallRules: [{3E0D6E26-D68E-4FEC-A40B-AE1D7DAB2E18}] => (Allow) G:\STEAM Library\SteamApps\common\Call of Duty Modern Warfare 3\iw5mp_server.exe => No File
FirewallRules: [{F3919D95-47EB-4926-9181-D6ED4F2511D1}] => (Allow) G:\STEAM Library\SteamApps\common\Call of Duty Modern Warfare 3\iw5mp_server.exe => No File
FirewallRules: [UDP Query User{8B58F83A-B5BA-46EB-9B82-BAF2D42DCDE8}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe => No File
FirewallRules: [TCP Query User{E0A647E0-7A9E-4B4C-BB3F-D4EDA7C4629E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe => No File
FirewallRules: [{EFE5EEA6-2333-4400-B2F6-01C23023BAB9}] => (Allow) G:\STEAM Library\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe => No File
FirewallRules: [{F91CC537-8729-404D-9538-8EB360472777}] => (Allow) G:\STEAM Library\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe => No File
FirewallRules: [{7BAC759C-0383-4869-8460-7E39C0867411}] => (Allow) G:\STEAM Library\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe => No File
FirewallRules: [{D6326257-FE76-4E23-86AE-6F6FC96F4FFA}] => (Allow) G:\STEAM Library\SteamApps\common\Farm Frenzy Collection\FarmFrenzyMegaPack.exe => No File
FirewallRules: [{B277E5A3-EA94-49D7-84A1-2971BF8E441D}] => (Allow) G:\STEAM Library\SteamApps\common\Farm Frenzy Collection\FarmFrenzyMegaPack.exe => No File
FirewallRules: [UDP Query User{3B042E80-EF41-4180-9231-0CD57C64EB22}G:\steam library\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe] => (Allow) G:\steam library\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe => No File
FirewallRules: [TCP Query User{96732A90-2CB3-4F66-AF08-67107EC465EA}G:\steam library\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe] => (Allow) G:\steam library\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe => No File
FirewallRules: [{5FB29185-3694-4A3D-A5EC-7A94E686DE36}] => (Allow) G:\STEAM Library\SteamApps\common\Counter-Strike Global Offensive\csgo.exe => No File
FirewallRules: [{33C65872-C67B-45A9-8C50-A78C24835A46}] => (Allow) G:\STEAM Library\SteamApps\common\Counter-Strike Global Offensive\csgo.exe => No File
FirewallRules: [{D73785E6-F57E-4BB3-8E14-28658E56A164}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{3950A9A0-3AEB-45E2-918A-CD5A2E1E7DB2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{2C2F5385-3762-4692-8FE3-39892BB0DB0A}] => (Allow) G:\ORIGIN\DOWNLOAD\Battlefield 1\bf1Trial.exe => No File
FirewallRules: [{D0548856-DD0B-4974-B77D-ABF9FC101DCF}] => (Allow) G:\ORIGIN\DOWNLOAD\Battlefield 1\bf1Trial.exe => No File
FirewallRules: [{A22787EB-FE2E-4490-8F2C-532C37D9C571}] => (Allow) G:\ORIGIN\DOWNLOAD\Battlefield 1\bf1.exe => No File
FirewallRules: [{4AE780DE-58DE-425E-8602-F394D398E881}] => (Allow) G:\ORIGIN\DOWNLOAD\Battlefield 1\bf1.exe => No File
FirewallRules: [TCP Query User{5733D149-3032-448F-A321-CE3F6F7A7071}G:\steam library\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) G:\steam library\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe => No File
FirewallRules: [UDP Query User{629C5957-8A9F-4ACE-867F-B6F52A6F304F}G:\steam library\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) G:\steam library\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe => No File
FirewallRules: [{0BA9BC29-DF64-42CB-BD0B-FB0B15853978}] => (Allow) G:\STEAM Library\SteamApps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe => No File
FirewallRules: [{08E7DBBC-9BC6-47B4-AA38-D339B27C4DA1}] => (Allow) G:\STEAM Library\SteamApps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe => No File
irewallRules: [TCP Query User{A20F4D63-C417-4B42-9350-4C4E1A5D1A33}D:\games\vampyr\avgame\binaries\win64\avgame-win64-shipping.exe] => (Block) D:\games\vampyr\avgame\binaries\win64\avgame-win64-shipping.exe => No File
FirewallRules: [UDP Query User{CE3D5D18-7BE1-47F1-935A-745F0A4D4546}D:\games\vampyr\avgame\binaries\win64\avgame-win64-shipping.exe] => (Block) D:\games\vampyr\avgame\binaries\win64\avgame-win64-shipping.exe => No File
FirewallRules: [{3F5D9630-D9B7-46F5-ABDC-D067A7F89DAF}] => (Allow) G:\STEAM Library\SteamApps\common\Football Tactics Demo\game.exe => No File
FirewallRules: [{4BDB7126-F233-4EF4-8598-3F65B0676AA6}] => (Allow) G:\STEAM Library\SteamApps\common\Football Tactics Demo\game.exe => No File
FirewallRules: [{16722EAD-07E5-4537-A614-69CC3AA25550}] => (Allow) G:\STEAM Library\SteamApps\common\FarCry5\bin\ArcadeEditor64.exe => No File
FirewallRules: [{DE9FB1E8-DCEC-45A4-9B41-9F50EC2F9B99}] => (Allow) G:\STEAM Library\SteamApps\common\FarCry5\bin\ArcadeEditor64.exe => No File
FirewallRules: [{E589E35C-F7BD-44D1-833C-4E3954174AEC}] => (Allow) G:\STEAM Library\SteamApps\common\Desperados Wanted Dead or Alive\desperados.exe => No File
FirewallRules: [{AE5340C3-D8B5-487D-8569-521B1C3B9923}] => (Allow) G:\STEAM Library\SteamApps\common\Desperados Wanted Dead or Alive\desperados.exe => No File
FirewallRules: [TCP Query User{0194A920-600A-4472-913E-A3ABD71CF2EC}G:\hry\foundation.early.access\foundation\foundation.exe] => (Allow) G:\hry\foundation.early.access\foundation\foundation.exe => No File
FirewallRules: [UDP Query User{D432268D-8DDE-40F8-99FB-DC26DA5C884E}G:\hry\foundation.early.access\foundation\foundation.exe] => (Allow) G:\hry\foundation.early.access\foundation\foundation.exe => No File
FirewallRules: [{8F851BC9-D613-44AE-869C-E9E4598AA0D8}] => (Allow) G:\STEAM Library\SteamApps\common\Production Line\ProductionLine.exe => No File
FirewallRules: [{87719851-FD60-4E1C-9A04-DCE31E864214}] => (Allow) G:\STEAM Library\SteamApps\common\Production Line\ProductionLine.exe => No File
FirewallRules: [{DB7DF9CB-7F3D-42DF-930C-70651C48FC6A}] => (Allow) G:\STEAM Library\SteamApps\common\Factorio\bin\x64\factorio.exe => No File
FirewallRules: [{E267FE67-09EF-4BC4-AB3B-A099D807C552}] => (Allow) G:\STEAM Library\SteamApps\common\Factorio\bin\x64\factorio.exe => No File
FirewallRules: [TCP Query User{AC134181-674B-442D-81D7-B3CB2AAF17F8}C:\users\winki\appdata\local\chia-blockchain\app-1.1.5\resources\app.asar.unpacked\daemon\start_farmer.exe] => (Allow) C:\users\winki\appdata\local\chia-blockchain\app-1.1.5\resources\app.asar.unpacked\daemon\start_farmer.exe => No File
FirewallRules: [UDP Query User{BC36A58E-76F7-405D-B77A-972F99353008}C:\users\winki\appdata\local\chia-blockchain\app-1.1.5\resources\app.asar.unpacked\daemon\start_farmer.exe] => (Allow) C:\users\winki\appdata\local\chia-blockchain\app-1.1.5\resources\app.asar.unpacked\daemon\start_farmer.exe => No File
FirewallRules: [TCP Query User{7567D16C-3206-4164-A56C-8BD4B68F62CA}C:\users\winki\appdata\local\chia-blockchain\app-1.1.5\resources\app.asar.unpacked\daemon\start_full_node.exe] => (Allow) C:\users\winki\appdata\local\chia-blockchain\app-1.1.5\resources\app.asar.unpacked\daemon\start_full_node.exe => No File
FirewallRules: [UDP Query User{B72672E9-CAD8-44E4-A015-17EDB189A6A6}C:\users\winki\appdata\local\chia-blockchain\app-1.1.5\resources\app.asar.unpacked\daemon\start_full_node.exe] => (Allow) C:\users\winki\appdata\local\chia-blockchain\app-1.1.5\resources\app.asar.unpacked\daemon\start_full_node.exe => No File
FirewallRules: [TCP Query User{481C4EF9-CB4C-4D59-A208-22D177D94059}K:7\flightsimulator.exe] => (Allow) K:7\flightsimulator.exe => No File
FirewallRules: [UDP Query User{1AE3EB92-EC85-4663-AB44-BCD7E3B33C60}K:7\flightsimulator.exe] => (Allow) K:7\flightsimulator.exe => No File
FirewallRules: [TCP Query User{B8C2CD7F-6B67-4986-8FBD-C29C69AE4EDF}H:\games\sniper ghost warrior contracts 2\win_x64\sgwcontracts2.exe] => (Block) H:\games\sniper ghost warrior contracts 2\win_x64\sgwcontracts2.exe => No File
FirewallRules: [UDP Query User{3D8159EC-4410-46E0-A1BA-7EB0D34E0C8F}H:\games\sniper ghost warrior contracts 2\win_x64\sgwcontracts2.exe] => (Block) H:\games\sniper ghost warrior contracts 2\win_x64\sgwcontracts2.exe => No File
FirewallRules: [TCP Query User{94BBD6BB-F129-4DDD-8F6D-FFBE380EADF5}H:\steamlibrary\steamapps\common\fifa 21\fifa21.exe] => (Allow) H:\steamlibrary\steamapps\common\fifa 21\fifa21.exe => No File
FirewallRules: [UDP Query User{3C876C09-1C34-4394-81CD-38263710CA4E}H:\steamlibrary\steamapps\common\fifa 21\fifa21.exe] => (Allow) H:\steamlibrary\steamapps\common\fifa 21\fifa21.exe => No File
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle America, Inc. -> Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\MountPoints2: {51189c54-fea3-11e6-84cd-d43d7ebdf362} - "L:\setup.exe"
HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\MountPoints2: {51189c68-fea3-11e6-84cd-d43d7ebdf362} - "M:\setup.exe"
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {688B931F-ABB5-4F77-92D3-18F4F7A3D913} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
C:\Windows\AutoKMS\AutoKMS.exe
Task: {B13AE8B6-9ACC-4FA3-A220-D79E3300EA89} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-116116240-444440880-2871013289-1001UA => C:\Users\winki\AppData\Local\Google\Update\GoogleUpdate.exe [153752 2017-02-26] (Google Inc -> Google Inc.)
Task: {BB0935CC-BD63-464F-886F-D1CC7280830E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-08-15] (Google Inc -> Google Inc.)
Task: {BBA3FD37-275D-4B33-A946-D68E471B46A1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-116116240-444440880-2871013289-1001Core => C:\Users\winki\AppData\Local\Google\Update\GoogleUpdate.exe [153752 2017-02-26] (Google Inc -> Google Inc.)
Task: {D59A6508-6049-4F6C-802D-3047A26F7FE1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-08-15] (Google Inc -> Google Inc.)
Task: {FD3D6E59-19D1-4E34-A813-430D0A075BBA} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-116116240-444440880-2871013289-1001UA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-116116240-444440880-2871013289-1001Core
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore

EmptyTemp:
Hosts:
End
Uložte do C:\Users\winki\Desktop\FRST-OlderVersion jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: Kontrola po spuštění fake aplikace (Phishing)

Napsal: 11 říj 2021 23:43
od windyOMG
Fix result of Farbar Recovery Scan Tool (x64) Version: 11-10-2021
Ran by winki (12-10-2021 00:10:48) Run:1
Running from C:\Users\winki\Desktop\FRST-OlderVersion
Loaded Profiles: defaultuser0 & winki
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{46406D82-6EC0-47CC-8A75-1F33C6DEDBBE}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.35.442\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{540C17A8-04F2-4B66-95D7-B2FEF9A19B54}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.35.422\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{6D264B70-DA18-401D-910C-B202D89670C6}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.36.32\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{84EB3779-151B-4C71-AEF0-A0FEE9481401}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.35.342\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{86508D42-E5D7-4D10-9C6F-D427AEEB85B5}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.34.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{8B480070-D37D-4090-A063-7A429F849652}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.36.93\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{BE5C2E39-090F-46A2-AFAA-47540743B4FE}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.36.102\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{CA8FA699-91CD-412F-9D13-9B1222F4370E}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.36.82\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{CA919489-0396-4164-A6E7-94CDED45A707}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.36.52\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{DEDF773D-E27B-485E-8E7D-85C5B0EB5A67}\InprocServer32 -> C:\Users\winki\AppData\Local\Google\Update\1.3.36.72\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
AlternateDataStreams: C:\ProgramData\TEMP:4FC01C57 [294]
AlternateDataStreams: C:\Users\winki\Desktop\Metro: 2033 Redux.url [269]
FirewallRules: [UDP Query User{712E6954-992E-4ADE-872E-401F36F95A9E}A:0\users\winki\appdata\local\google\chrome\application\chrome.exe] => (Allow) A:0\users\winki\appdata\local\google\chrome\application\chrome.exe => No File
FirewallRules: [TCP Query User{4E9BC4ED-1BED-4EFF-BDF9-3B0CB75BBC59}A:0\users\winki\appdata\local\google\chrome\application\chrome.exe] => (Allow) A:0\users\winki\appdata\local\google\chrome\application\chrome.exe => No File
FirewallRules: [{551C27F3-3016-49B0-ABE1-D54834201848}] => (Allow) C:\Program Files (x86)\AOMEI\AOMEI Backupper\6.5.0\ABService.exe => No File
FirewallRules: [{91AB568A-6D21-476A-80F0-C73A3989D3F7}] => (Allow) C:\Program Files (x86)\AOMEI\AOMEI Backupper\6.5.0\ABService.exe => No File
FirewallRules: [UDP Query User{35861AA1-490B-4515-B118-78A1F3AB0C1C}C:\users\winki\appdata\local\chia-blockchain\app-1.1.4\resources\app.asar.unpacked\daemon\start_farmer.exe] => (Allow) C:\users\winki\appdata\local\chia-blockchain\app-1.1.4\resources\app.asar.unpacked\daemon\start_farmer.exe => No File
FirewallRules: [TCP Query User{E226A334-7229-4576-8693-9CDA80D512A1}C:\users\winki\appdata\local\chia-blockchain\app-1.1.4\resources\app.asar.unpacked\daemon\start_farmer.exe] => (Allow) C:\users\winki\appdata\local\chia-blockchain\app-1.1.4\resources\app.asar.unpacked\daemon\start_farmer.exe => No File
FirewallRules: [UDP Query User{2EB280D9-7230-411C-B0A8-473AEE45209E}C:\users\winki\appdata\local\chia-blockchain\app-1.1.4\resources\app.asar.unpacked\daemon\start_full_node.exe] => (Allow) C:\users\winki\appdata\local\chia-blockchain\app-1.1.4\resources\app.asar.unpacked\daemon\start_full_node.exe => No File
FirewallRules: [TCP Query User{61A9A55B-1C87-40B7-AF4C-3CA21FA3E964}C:\users\winki\appdata\local\chia-blockchain\app-1.1.4\resources\app.asar.unpacked\daemon\start_full_node.exe] => (Allow) C:\users\winki\appdata\local\chia-blockchain\app-1.1.4\resources\app.asar.unpacked\daemon\start_full_node.exe => No File
FirewallRules: [{DF2E0085-55DC-43EB-A72A-04A6B40178DA}] => (Allow) E:\SteamLibrary\steamapps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe => No File
FirewallRules: [{974A3A82-8203-49D8-B4AE-50934E756C60}] => (Allow) E:\SteamLibrary\steamapps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe => No File
FirewallRules: [UDP Query User{A5F04EF0-884C-4754-9A17-C72F9C6BCCA9}D:\games\city car driving\bin\win32\starter.exe] => (Block) D:\games\city car driving\bin\win32\starter.exe => No File
FirewallRules: [TCP Query User{FA056E0D-F5EB-4C31-B5CC-B241F3912E94}D:\games\city car driving\bin\win32\starter.exe] => (Block) D:\games\city car driving\bin\win32\starter.exe => No File
FirewallRules: [UDP Query User{4E5FD0AA-C28F-4B5D-96FB-90D855D0EFF7}E:\hry\instal\instal\the sims 4 snowy escape\game\bin\ts4_x64.exe] => (Block) E:\hry\instal\instal\the sims 4 snowy escape\game\bin\ts4_x64.exe => No File
FirewallRules: [TCP Query User{026527F2-C00B-4784-8404-298E56142F81}E:\hry\instal\instal\the sims 4 snowy escape\game\bin\ts4_x64.exe] => (Block) E:\hry\instal\instal\the sims 4 snowy escape\game\bin\ts4_x64.exe => No File
FirewallRules: [UDP Query User{7391A361-D1D0-4479-BFCD-344566ACCE06}E:\hry\instal\the sims 4 snowy escape\game\bin\ts4_x64.exe] => (Block) E:\hry\instal\the sims 4 snowy escape\game\bin\ts4_x64.exe => No File
FirewallRules: [TCP Query User{E17268C9-0DAF-4DB1-B93D-43C22D2739EE}E:\hry\instal\the sims 4 snowy escape\game\bin\ts4_x64.exe] => (Block) E:\hry\instal\the sims 4 snowy escape\game\bin\ts4_x64.exe => No File
FirewallRules: [UDP Query User{EE171875-6B91-4028-B430-14B53C699ADD}E:\hry\instal\instal\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Block) E:\hry\instal\instal\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [TCP Query User{C55BAC28-86FD-4DC6-AFAA-6D35DF8186F9}E:\hry\instal\instal\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Block) E:\hry\instal\instal\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [UDP Query User{D9718FCE-94D5-4254-B194-7F90CE057566}I:\hry\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Block) I:\hry\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [TCP Query User{3D35A7A2-382D-4477-BDC8-227532AC2F6A}I:\hry\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Block) I:\hry\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [{2D891445-E443-46E9-96F9-8C0ABA05D396}] => (Allow) E:\SteamLibrary\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe => No File
FirewallRules: [{67A4408F-681D-4AB1-96D9-429DBBA515EC}] => (Allow) E:\SteamLibrary\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe => No File
FirewallRules: [{353FC105-B594-4FA7-A80A-7631AE5418AA}] => (Allow) E:\UPLAY Game\Assassin's Creed Valhalla\ACValhalla_Plus.exe => No File
FirewallRules: [TCP Query User{6C532995-BF06-4F25-837F-257347D0C454}E:\uplay game\anno 1800\bin\win64\anno1800_plus.exe] => (Allow) E:\uplay game\anno 1800\bin\win64\anno1800_plus.exe => No File
FirewallRules: [{DE09F60F-5EEF-4CE2-A89A-BBA62BFF1E5C}] => (Allow) E:\UPLAY Game\Anno 1800\Bin\Win64\Anno1800.exe => No File
FirewallRules: [{7D451BEF-9906-41D7-9E6D-2570E2E96285}] => (Allow) E:\SteamLibrary\steamapps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe => No File
FirewallRules: [{939EA703-6FBB-4334-BF1E-185A556DE519}] => (Allow) E:\SteamLibrary\steamapps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe => No File
FirewallRules: [{73C8EE0F-1A90-4848-9D31-E4ECE7990A9D}] => (Allow) E:\SteamLibrary\steamapps\common\rocketleague\Binaries\RocketLeague.exe => No File
FirewallRules: [{F72C7959-10DF-4337-BBDD-2194573B79B9}] => (Allow) E:\SteamLibrary\steamapps\common\rocketleague\Binaries\RocketLeague.exe => No File
FirewallRules: [{7FCA6964-66E2-46B8-B68B-3B0DA03C93EE}] => (Allow) E:\Hry\Trackmania\trackmania.exe => No File
FirewallRules: [{E4A72B79-FD00-47AF-BA82-7AE5BE5DE867}] => (Allow) E:\Hry\Trackmania\trackmania.exe => No File
FirewallRules: [UDP Query User{0A76A6D9-0CB6-4BAC-8674-F195C9A31E24}E:\hry\good.company.early.access\good company\goodcompany.exe] => (Block) E:\hry\good.company.early.access\good company\goodcompany.exe => No File
FirewallRules: [TCP Query User{34360024-7DB3-4A92-AF2A-B9E9D3C027A7}E:\hry\good.company.early.access\good company\goodcompany.exe] => (Block) E:\hry\good.company.early.access\good company\goodcompany.exe => No File
FirewallRules: [UDP Query User{A72D0A3F-576B-4D07-971E-DC7677454E8A}E:\battle net\call of duty modern warfare\modernwarfare.exe] => (Allow) E:\battle net\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [TCP Query User{FEB3AFA8-7D37-4365-BCA1-76D14B24FC6D}E:\battle net\call of duty modern warfare\modernwarfare.exe] => (Allow) E:\battle net\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [UDP Query User{0DB031E1-A8F1-4E03-A5B1-65400B89BBC0}G:\origin\download\fifa 20\fifa20.exe] => (Allow) G:\origin\download\fifa 20\fifa20.exe => No File
FirewallRules: [TCP Query User{273C28A2-D4DD-4C92-9D8B-F5AD9B6C511A}G:\origin\download\fifa 20\fifa20.exe] => (Allow) G:\origin\download\fifa 20\fifa20.exe => No File
FirewallRules: [UDP Query User{0FA6194E-FDAC-413A-86D9-E17EE36B0318}E:\hry\rebel inc escalation\rebel inc. escalation.exe] => (Allow) E:\hry\rebel inc escalation\rebel inc. escalation.exe => No File
FirewallRules: [TCP Query User{A970B428-E095-4A68-8911-F5C09CBA6433}E:\hry\rebel inc escalation\rebel inc. escalation.exe] => (Allow) E:\hry\rebel inc escalation\rebel inc. escalation.exe => No File
FirewallRules: [UDP Query User{649EBA64-1A17-48DB-805B-F82A1EBD1A3C}E:\battle net\hearthstone\hearthstone.exe] => (Allow) E:\battle net\hearthstone\hearthstone.exe => No File
FirewallRules: [TCP Query User{C5B4F4CE-312B-415A-941F-1AAD4527384B}E:\battle net\hearthstone\hearthstone.exe] => (Allow) E:\battle net\hearthstone\hearthstone.exe => No File
FirewallRules: [UDP Query User{FD7FE6C4-C79B-4903-9EFC-B9628B6AA1F2}E:\battle net\call of duty modern warfare beta\modernwarfare.exe] => (Allow) E:\battle net\call of duty modern warfare beta\modernwarfare.exe => No File
FirewallRules: [TCP Query User{EFD94769-A765-4D5F-87BB-32626B5DB5F3}E:\battle net\call of duty modern warfare beta\modernwarfare.exe] => (Allow) E:\battle net\call of duty modern warfare beta\modernwarfare.exe => No File
FirewallRules: [UDP Query User{859BD477-FDCF-4D97-A669-408AFFA82CF1}E:\origin\fifa 20 demo\fifa20_demo.exe] => (Allow) E:\origin\fifa 20 demo\fifa20_demo.exe => No File
FirewallRules: [TCP Query User{508A4D26-B581-44B2-AB0D-2C4983C538FF}E:\origin\fifa 20 demo\fifa20_demo.exe] => (Allow) E:\origin\fifa 20 demo\fifa20_demo.exe => No File
FirewallRules: [UDP Query User{F3D96B2D-7276-46B8-B8D0-2B546FFCD0E8}E:\origin\fifa 18 demo\fifa18_demo.exe] => (Block) E:\origin\fifa 18 demo\fifa18_demo.exe => No File
FirewallRules: [TCP Query User{1D9494D8-42B6-49DA-9FC0-35F2CD7EAE34}E:\origin\fifa 18 demo\fifa18_demo.exe] => (Block) E:\origin\fifa 18 demo\fifa18_demo.exe => No File
FirewallRules: [{44C6BDC9-F009-4B7C-8988-39DA80968A24}] => (Allow) G:\STEAM Library\SteamApps\common\Project CARS 2\pCARS2.exe => No File
FirewallRules: [{279792C2-FDCF-43A5-A52C-94420DF28B0E}] => (Allow) G:\STEAM Library\SteamApps\common\Project CARS 2\pCARS2.exe => No File
FirewallRules: [{70B595F0-5A7F-4EB2-97CF-051429540B3E}] => (Allow) G:\STEAM Library\SteamApps\common\Factorio\bin\x64\factorio.exe => No File
FirewallRules: [{696DDBBA-0E13-4E84-A7B1-14BE80F22C71}] => (Allow) G:\STEAM Library\SteamApps\common\Factorio\bin\x64\factorio.exe => No File
FirewallRules: [{3E0D6E26-D68E-4FEC-A40B-AE1D7DAB2E18}] => (Allow) G:\STEAM Library\SteamApps\common\Call of Duty Modern Warfare 3\iw5mp_server.exe => No File
FirewallRules: [{F3919D95-47EB-4926-9181-D6ED4F2511D1}] => (Allow) G:\STEAM Library\SteamApps\common\Call of Duty Modern Warfare 3\iw5mp_server.exe => No File
FirewallRules: [UDP Query User{8B58F83A-B5BA-46EB-9B82-BAF2D42DCDE8}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe => No File
FirewallRules: [TCP Query User{E0A647E0-7A9E-4B4C-BB3F-D4EDA7C4629E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe => No File
FirewallRules: [{EFE5EEA6-2333-4400-B2F6-01C23023BAB9}] => (Allow) G:\STEAM Library\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe => No File
FirewallRules: [{F91CC537-8729-404D-9538-8EB360472777}] => (Allow) G:\STEAM Library\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe => No File
FirewallRules: [{7BAC759C-0383-4869-8460-7E39C0867411}] => (Allow) G:\STEAM Library\SteamApps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe => No File
FirewallRules: [{D6326257-FE76-4E23-86AE-6F6FC96F4FFA}] => (Allow) G:\STEAM Library\SteamApps\common\Farm Frenzy Collection\FarmFrenzyMegaPack.exe => No File
FirewallRules: [{B277E5A3-EA94-49D7-84A1-2971BF8E441D}] => (Allow) G:\STEAM Library\SteamApps\common\Farm Frenzy Collection\FarmFrenzyMegaPack.exe => No File
FirewallRules: [UDP Query User{3B042E80-EF41-4180-9231-0CD57C64EB22}G:\steam library\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe] => (Allow) G:\steam library\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe => No File
FirewallRules: [TCP Query User{96732A90-2CB3-4F66-AF08-67107EC465EA}G:\steam library\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe] => (Allow) G:\steam library\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe => No File
FirewallRules: [{5FB29185-3694-4A3D-A5EC-7A94E686DE36}] => (Allow) G:\STEAM Library\SteamApps\common\Counter-Strike Global Offensive\csgo.exe => No File
FirewallRules: [{33C65872-C67B-45A9-8C50-A78C24835A46}] => (Allow) G:\STEAM Library\SteamApps\common\Counter-Strike Global Offensive\csgo.exe => No File
FirewallRules: [{D73785E6-F57E-4BB3-8E14-28658E56A164}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{3950A9A0-3AEB-45E2-918A-CD5A2E1E7DB2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{2C2F5385-3762-4692-8FE3-39892BB0DB0A}] => (Allow) G:\ORIGIN\DOWNLOAD\Battlefield 1\bf1Trial.exe => No File
FirewallRules: [{D0548856-DD0B-4974-B77D-ABF9FC101DCF}] => (Allow) G:\ORIGIN\DOWNLOAD\Battlefield 1\bf1Trial.exe => No File
FirewallRules: [{A22787EB-FE2E-4490-8F2C-532C37D9C571}] => (Allow) G:\ORIGIN\DOWNLOAD\Battlefield 1\bf1.exe => No File
FirewallRules: [{4AE780DE-58DE-425E-8602-F394D398E881}] => (Allow) G:\ORIGIN\DOWNLOAD\Battlefield 1\bf1.exe => No File
FirewallRules: [TCP Query User{5733D149-3032-448F-A321-CE3F6F7A7071}G:\steam library\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) G:\steam library\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe => No File
FirewallRules: [UDP Query User{629C5957-8A9F-4ACE-867F-B6F52A6F304F}G:\steam library\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) G:\steam library\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe => No File
FirewallRules: [{0BA9BC29-DF64-42CB-BD0B-FB0B15853978}] => (Allow) G:\STEAM Library\SteamApps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe => No File
FirewallRules: [{08E7DBBC-9BC6-47B4-AA38-D339B27C4DA1}] => (Allow) G:\STEAM Library\SteamApps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe => No File
irewallRules: [TCP Query User{A20F4D63-C417-4B42-9350-4C4E1A5D1A33}D:\games\vampyr\avgame\binaries\win64\avgame-win64-shipping.exe] => (Block) D:\games\vampyr\avgame\binaries\win64\avgame-win64-shipping.exe => No File
FirewallRules: [UDP Query User{CE3D5D18-7BE1-47F1-935A-745F0A4D4546}D:\games\vampyr\avgame\binaries\win64\avgame-win64-shipping.exe] => (Block) D:\games\vampyr\avgame\binaries\win64\avgame-win64-shipping.exe => No File
FirewallRules: [{3F5D9630-D9B7-46F5-ABDC-D067A7F89DAF}] => (Allow) G:\STEAM Library\SteamApps\common\Football Tactics Demo\game.exe => No File
FirewallRules: [{4BDB7126-F233-4EF4-8598-3F65B0676AA6}] => (Allow) G:\STEAM Library\SteamApps\common\Football Tactics Demo\game.exe => No File
FirewallRules: [{16722EAD-07E5-4537-A614-69CC3AA25550}] => (Allow) G:\STEAM Library\SteamApps\common\FarCry5\bin\ArcadeEditor64.exe => No File
FirewallRules: [{DE9FB1E8-DCEC-45A4-9B41-9F50EC2F9B99}] => (Allow) G:\STEAM Library\SteamApps\common\FarCry5\bin\ArcadeEditor64.exe => No File
FirewallRules: [{E589E35C-F7BD-44D1-833C-4E3954174AEC}] => (Allow) G:\STEAM Library\SteamApps\common\Desperados Wanted Dead or Alive\desperados.exe => No File
FirewallRules: [{AE5340C3-D8B5-487D-8569-521B1C3B9923}] => (Allow) G:\STEAM Library\SteamApps\common\Desperados Wanted Dead or Alive\desperados.exe => No File
FirewallRules: [TCP Query User{0194A920-600A-4472-913E-A3ABD71CF2EC}G:\hry\foundation.early.access\foundation\foundation.exe] => (Allow) G:\hry\foundation.early.access\foundation\foundation.exe => No File
FirewallRules: [UDP Query User{D432268D-8DDE-40F8-99FB-DC26DA5C884E}G:\hry\foundation.early.access\foundation\foundation.exe] => (Allow) G:\hry\foundation.early.access\foundation\foundation.exe => No File
FirewallRules: [{8F851BC9-D613-44AE-869C-E9E4598AA0D8}] => (Allow) G:\STEAM Library\SteamApps\common\Production Line\ProductionLine.exe => No File
FirewallRules: [{87719851-FD60-4E1C-9A04-DCE31E864214}] => (Allow) G:\STEAM Library\SteamApps\common\Production Line\ProductionLine.exe => No File
FirewallRules: [{DB7DF9CB-7F3D-42DF-930C-70651C48FC6A}] => (Allow) G:\STEAM Library\SteamApps\common\Factorio\bin\x64\factorio.exe => No File
FirewallRules: [{E267FE67-09EF-4BC4-AB3B-A099D807C552}] => (Allow) G:\STEAM Library\SteamApps\common\Factorio\bin\x64\factorio.exe => No File
FirewallRules: [TCP Query User{AC134181-674B-442D-81D7-B3CB2AAF17F8}C:\users\winki\appdata\local\chia-blockchain\app-1.1.5\resources\app.asar.unpacked\daemon\start_farmer.exe] => (Allow) C:\users\winki\appdata\local\chia-blockchain\app-1.1.5\resources\app.asar.unpacked\daemon\start_farmer.exe => No File
FirewallRules: [UDP Query User{BC36A58E-76F7-405D-B77A-972F99353008}C:\users\winki\appdata\local\chia-blockchain\app-1.1.5\resources\app.asar.unpacked\daemon\start_farmer.exe] => (Allow) C:\users\winki\appdata\local\chia-blockchain\app-1.1.5\resources\app.asar.unpacked\daemon\start_farmer.exe => No File
FirewallRules: [TCP Query User{7567D16C-3206-4164-A56C-8BD4B68F62CA}C:\users\winki\appdata\local\chia-blockchain\app-1.1.5\resources\app.asar.unpacked\daemon\start_full_node.exe] => (Allow) C:\users\winki\appdata\local\chia-blockchain\app-1.1.5\resources\app.asar.unpacked\daemon\start_full_node.exe => No File
FirewallRules: [UDP Query User{B72672E9-CAD8-44E4-A015-17EDB189A6A6}C:\users\winki\appdata\local\chia-blockchain\app-1.1.5\resources\app.asar.unpacked\daemon\start_full_node.exe] => (Allow) C:\users\winki\appdata\local\chia-blockchain\app-1.1.5\resources\app.asar.unpacked\daemon\start_full_node.exe => No File
FirewallRules: [TCP Query User{481C4EF9-CB4C-4D59-A208-22D177D94059}K:7\flightsimulator.exe] => (Allow) K:7\flightsimulator.exe => No File
FirewallRules: [UDP Query User{1AE3EB92-EC85-4663-AB44-BCD7E3B33C60}K:7\flightsimulator.exe] => (Allow) K:7\flightsimulator.exe => No File
FirewallRules: [TCP Query User{B8C2CD7F-6B67-4986-8FBD-C29C69AE4EDF}H:\games\sniper ghost warrior contracts 2\win_x64\sgwcontracts2.exe] => (Block) H:\games\sniper ghost warrior contracts 2\win_x64\sgwcontracts2.exe => No File
FirewallRules: [UDP Query User{3D8159EC-4410-46E0-A1BA-7EB0D34E0C8F}H:\games\sniper ghost warrior contracts 2\win_x64\sgwcontracts2.exe] => (Block) H:\games\sniper ghost warrior contracts 2\win_x64\sgwcontracts2.exe => No File
FirewallRules: [TCP Query User{94BBD6BB-F129-4DDD-8F6D-FFBE380EADF5}H:\steamlibrary\steamapps\common\fifa 21\fifa21.exe] => (Allow) H:\steamlibrary\steamapps\common\fifa 21\fifa21.exe => No File
FirewallRules: [UDP Query User{3C876C09-1C34-4394-81CD-38263710CA4E}H:\steamlibrary\steamapps\common\fifa 21\fifa21.exe] => (Allow) H:\steamlibrary\steamapps\common\fifa 21\fifa21.exe => No File
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle America, Inc. -> Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\MountPoints2: {51189c54-fea3-11e6-84cd-d43d7ebdf362} - "L:\setup.exe"
HKU\S-1-5-21-116116240-444440880-2871013289-1001\...\MountPoints2: {51189c68-fea3-11e6-84cd-d43d7ebdf362} - "M:\setup.exe"
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {688B931F-ABB5-4F77-92D3-18F4F7A3D913} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
C:\Windows\AutoKMS\AutoKMS.exe
Task: {B13AE8B6-9ACC-4FA3-A220-D79E3300EA89} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-116116240-444440880-2871013289-1001UA => C:\Users\winki\AppData\Local\Google\Update\GoogleUpdate.exe [153752 2017-02-26] (Google Inc -> Google Inc.)
Task: {BB0935CC-BD63-464F-886F-D1CC7280830E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-08-15] (Google Inc -> Google Inc.)
Task: {BBA3FD37-275D-4B33-A946-D68E471B46A1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-116116240-444440880-2871013289-1001Core => C:\Users\winki\AppData\Local\Google\Update\GoogleUpdate.exe [153752 2017-02-26] (Google Inc -> Google Inc.)
Task: {D59A6508-6049-4F6C-802D-3047A26F7FE1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-08-15] (Google Inc -> Google Inc.)
Task: {FD3D6E59-19D1-4E34-A813-430D0A075BBA} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-116116240-444440880-2871013289-1001UA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-116116240-444440880-2871013289-1001Core
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore

EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{46406D82-6EC0-47CC-8A75-1F33C6DEDBBE} => removed successfully
HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{540C17A8-04F2-4B66-95D7-B2FEF9A19B54} => removed successfully
HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9} => removed successfully
HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{6D264B70-DA18-401D-910C-B202D89670C6} => removed successfully
HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{84EB3779-151B-4C71-AEF0-A0FEE9481401} => removed successfully
HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{86508D42-E5D7-4D10-9C6F-D427AEEB85B5} => removed successfully
HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{8B480070-D37D-4090-A063-7A429F849652} => removed successfully
HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8} => removed successfully
HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD} => removed successfully
HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{BE5C2E39-090F-46A2-AFAA-47540743B4FE} => removed successfully
HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{CA8FA699-91CD-412F-9D13-9B1222F4370E} => removed successfully
HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{CA919489-0396-4164-A6E7-94CDED45A707} => removed successfully
HKU\S-1-5-21-116116240-444440880-2871013289-1001_Classes\CLSID\{DEDF773D-E27B-485E-8E7D-85C5B0EB5A67} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
C:\ProgramData\TEMP => ":4FC01C57" ADS removed successfully
C:\Users\winki\Desktop\Metro => ": 2033 Redux.url" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{712E6954-992E-4ADE-872E-401F36F95A9E}A:0\users\winki\appdata\local\google\chrome\application\chrome.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{4E9BC4ED-1BED-4EFF-BDF9-3B0CB75BBC59}A:0\users\winki\appdata\local\google\chrome\application\chrome.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{551C27F3-3016-49B0-ABE1-D54834201848}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{91AB568A-6D21-476A-80F0-C73A3989D3F7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{35861AA1-490B-4515-B118-78A1F3AB0C1C}C:\users\winki\appdata\local\chia-blockchain\app-1.1.4\resources\app.asar.unpacked\daemon\start_farmer.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E226A334-7229-4576-8693-9CDA80D512A1}C:\users\winki\appdata\local\chia-blockchain\app-1.1.4\resources\app.asar.unpacked\daemon\start_farmer.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{2EB280D9-7230-411C-B0A8-473AEE45209E}C:\users\winki\appdata\local\chia-blockchain\app-1.1.4\resources\app.asar.unpacked\daemon\start_full_node.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{61A9A55B-1C87-40B7-AF4C-3CA21FA3E964}C:\users\winki\appdata\local\chia-blockchain\app-1.1.4\resources\app.asar.unpacked\daemon\start_full_node.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DF2E0085-55DC-43EB-A72A-04A6B40178DA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{974A3A82-8203-49D8-B4AE-50934E756C60}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A5F04EF0-884C-4754-9A17-C72F9C6BCCA9}D:\games\city car driving\bin\win32\starter.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{FA056E0D-F5EB-4C31-B5CC-B241F3912E94}D:\games\city car driving\bin\win32\starter.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{4E5FD0AA-C28F-4B5D-96FB-90D855D0EFF7}E:\hry\instal\instal\the sims 4 snowy escape\game\bin\ts4_x64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{026527F2-C00B-4784-8404-298E56142F81}E:\hry\instal\instal\the sims 4 snowy escape\game\bin\ts4_x64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{7391A361-D1D0-4479-BFCD-344566ACCE06}E:\hry\instal\the sims 4 snowy escape\game\bin\ts4_x64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E17268C9-0DAF-4DB1-B93D-43C22D2739EE}E:\hry\instal\the sims 4 snowy escape\game\bin\ts4_x64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{EE171875-6B91-4028-B430-14B53C699ADD}E:\hry\instal\instal\cyberpunk 2077\bin\x64\cyberpunk2077.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C55BAC28-86FD-4DC6-AFAA-6D35DF8186F9}E:\hry\instal\instal\cyberpunk 2077\bin\x64\cyberpunk2077.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D9718FCE-94D5-4254-B194-7F90CE057566}I:\hry\cyberpunk 2077\bin\x64\cyberpunk2077.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{3D35A7A2-382D-4477-BDC8-227532AC2F6A}I:\hry\cyberpunk 2077\bin\x64\cyberpunk2077.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2D891445-E443-46E9-96F9-8C0ABA05D396}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{67A4408F-681D-4AB1-96D9-429DBBA515EC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{353FC105-B594-4FA7-A80A-7631AE5418AA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6C532995-BF06-4F25-837F-257347D0C454}E:\uplay game\anno 1800\bin\win64\anno1800_plus.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DE09F60F-5EEF-4CE2-A89A-BBA62BFF1E5C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7D451BEF-9906-41D7-9E6D-2570E2E96285}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{939EA703-6FBB-4334-BF1E-185A556DE519}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{73C8EE0F-1A90-4848-9D31-E4ECE7990A9D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F72C7959-10DF-4337-BBDD-2194573B79B9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7FCA6964-66E2-46B8-B68B-3B0DA03C93EE}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E4A72B79-FD00-47AF-BA82-7AE5BE5DE867}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{0A76A6D9-0CB6-4BAC-8674-F195C9A31E24}E:\hry\good.company.early.access\good company\goodcompany.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{34360024-7DB3-4A92-AF2A-B9E9D3C027A7}E:\hry\good.company.early.access\good company\goodcompany.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A72D0A3F-576B-4D07-971E-DC7677454E8A}E:\battle net\call of duty modern warfare\modernwarfare.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{FEB3AFA8-7D37-4365-BCA1-76D14B24FC6D}E:\battle net\call of duty modern warfare\modernwarfare.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{0DB031E1-A8F1-4E03-A5B1-65400B89BBC0}G:\origin\download\fifa 20\fifa20.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{273C28A2-D4DD-4C92-9D8B-F5AD9B6C511A}G:\origin\download\fifa 20\fifa20.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{0FA6194E-FDAC-413A-86D9-E17EE36B0318}E:\hry\rebel inc escalation\rebel inc. escalation.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{A970B428-E095-4A68-8911-F5C09CBA6433}E:\hry\rebel inc escalation\rebel inc. escalation.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{649EBA64-1A17-48DB-805B-F82A1EBD1A3C}E:\battle net\hearthstone\hearthstone.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C5B4F4CE-312B-415A-941F-1AAD4527384B}E:\battle net\hearthstone\hearthstone.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{FD7FE6C4-C79B-4903-9EFC-B9628B6AA1F2}E:\battle net\call of duty modern warfare beta\modernwarfare.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{EFD94769-A765-4D5F-87BB-32626B5DB5F3}E:\battle net\call of duty modern warfare beta\modernwarfare.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{859BD477-FDCF-4D97-A669-408AFFA82CF1}E:\origin\fifa 20 demo\fifa20_demo.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{508A4D26-B581-44B2-AB0D-2C4983C538FF}E:\origin\fifa 20 demo\fifa20_demo.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F3D96B2D-7276-46B8-B8D0-2B546FFCD0E8}E:\origin\fifa 18 demo\fifa18_demo.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{1D9494D8-42B6-49DA-9FC0-35F2CD7EAE34}E:\origin\fifa 18 demo\fifa18_demo.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{44C6BDC9-F009-4B7C-8988-39DA80968A24}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{279792C2-FDCF-43A5-A52C-94420DF28B0E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{70B595F0-5A7F-4EB2-97CF-051429540B3E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{696DDBBA-0E13-4E84-A7B1-14BE80F22C71}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3E0D6E26-D68E-4FEC-A40B-AE1D7DAB2E18}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F3919D95-47EB-4926-9181-D6ED4F2511D1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8B58F83A-B5BA-46EB-9B82-BAF2D42DCDE8}C:\program files (x86)\mozilla firefox\firefox.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E0A647E0-7A9E-4B4C-BB3F-D4EDA7C4629E}C:\program files (x86)\mozilla firefox\firefox.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EFE5EEA6-2333-4400-B2F6-01C23023BAB9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F91CC537-8729-404D-9538-8EB360472777}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7BAC759C-0383-4869-8460-7E39C0867411}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D6326257-FE76-4E23-86AE-6F6FC96F4FFA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B277E5A3-EA94-49D7-84A1-2971BF8E441D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{3B042E80-EF41-4180-9231-0CD57C64EB22}G:\steam library\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{96732A90-2CB3-4F66-AF08-67107EC465EA}G:\steam library\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5FB29185-3694-4A3D-A5EC-7A94E686DE36}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{33C65872-C67B-45A9-8C50-A78C24835A46}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D73785E6-F57E-4BB3-8E14-28658E56A164}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3950A9A0-3AEB-45E2-918A-CD5A2E1E7DB2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2C2F5385-3762-4692-8FE3-39892BB0DB0A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D0548856-DD0B-4974-B77D-ABF9FC101DCF}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A22787EB-FE2E-4490-8F2C-532C37D9C571}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4AE780DE-58DE-425E-8602-F394D398E881}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{5733D149-3032-448F-A321-CE3F6F7A7071}G:\steam library\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{629C5957-8A9F-4ACE-867F-B6F52A6F304F}G:\steam library\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0BA9BC29-DF64-42CB-BD0B-FB0B15853978}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{08E7DBBC-9BC6-47B4-AA38-D339B27C4DA1}" => removed successfully
irewallRules: [TCP Query User{A20F4D63-C417-4B42-9350-4C4E1A5D1A33}D:\games\vampyr\avgame\binaries\win64\avgame-win64-shipping.exe] => (Block) D:\games\vampyr\avgame\binaries\win64\avgame-win64-shipping.exe => No File => Error: No automatic fix found for this entry.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{CE3D5D18-7BE1-47F1-935A-745F0A4D4546}D:\games\vampyr\avgame\binaries\win64\avgame-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3F5D9630-D9B7-46F5-ABDC-D067A7F89DAF}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4BDB7126-F233-4EF4-8598-3F65B0676AA6}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{16722EAD-07E5-4537-A614-69CC3AA25550}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DE9FB1E8-DCEC-45A4-9B41-9F50EC2F9B99}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E589E35C-F7BD-44D1-833C-4E3954174AEC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AE5340C3-D8B5-487D-8569-521B1C3B9923}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{0194A920-600A-4472-913E-A3ABD71CF2EC}G:\hry\foundation.early.access\foundation\foundation.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D432268D-8DDE-40F8-99FB-DC26DA5C884E}G:\hry\foundation.early.access\foundation\foundation.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8F851BC9-D613-44AE-869C-E9E4598AA0D8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{87719851-FD60-4E1C-9A04-DCE31E864214}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DB7DF9CB-7F3D-42DF-930C-70651C48FC6A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E267FE67-09EF-4BC4-AB3B-A099D807C552}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{AC134181-674B-442D-81D7-B3CB2AAF17F8}C:\users\winki\appdata\local\chia-blockchain\app-1.1.5\resources\app.asar.unpacked\daemon\start_farmer.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{BC36A58E-76F7-405D-B77A-972F99353008}C:\users\winki\appdata\local\chia-blockchain\app-1.1.5\resources\app.asar.unpacked\daemon\start_farmer.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7567D16C-3206-4164-A56C-8BD4B68F62CA}C:\users\winki\appdata\local\chia-blockchain\app-1.1.5\resources\app.asar.unpacked\daemon\start_full_node.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B72672E9-CAD8-44E4-A015-17EDB189A6A6}C:\users\winki\appdata\local\chia-blockchain\app-1.1.5\resources\app.asar.unpacked\daemon\start_full_node.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{481C4EF9-CB4C-4D59-A208-22D177D94059}K:7\flightsimulator.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{1AE3EB92-EC85-4663-AB44-BCD7E3B33C60}K:7\flightsimulator.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B8C2CD7F-6B67-4986-8FBD-C29C69AE4EDF}H:\games\sniper ghost warrior contracts 2\win_x64\sgwcontracts2.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{3D8159EC-4410-46E0-A1BA-7EB0D34E0C8F}H:\games\sniper ghost warrior contracts 2\win_x64\sgwcontracts2.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{94BBD6BB-F129-4DDD-8F6D-FFBE380EADF5}H:\steamlibrary\steamapps\common\fifa 21\fifa21.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{3C876C09-1C34-4394-81CD-38263710CA4E}H:\steamlibrary\steamapps\common\fifa 21\fifa21.exe" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
HKU\S-1-5-21-116116240-444440880-2871013289-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51189c54-fea3-11e6-84cd-d43d7ebdf362} => removed successfully
HKU\S-1-5-21-116116240-444440880-2871013289-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51189c68-fea3-11e6-84cd-d43d7ebdf362} => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{688B931F-ABB5-4F77-92D3-18F4F7A3D913}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{688B931F-ABB5-4F77-92D3-18F4F7A3D913}" => removed successfully
C:\WINDOWS\System32\Tasks\AutoKMS => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => removed successfully
"C:\Windows\AutoKMS\AutoKMS.exe" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B13AE8B6-9ACC-4FA3-A220-D79E3300EA89}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B13AE8B6-9ACC-4FA3-A220-D79E3300EA89}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-116116240-444440880-2871013289-1001UA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-116116240-444440880-2871013289-1001UA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BB0935CC-BD63-464F-886F-D1CC7280830E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB0935CC-BD63-464F-886F-D1CC7280830E}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BBA3FD37-275D-4B33-A946-D68E471B46A1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BBA3FD37-275D-4B33-A946-D68E471B46A1}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-116116240-444440880-2871013289-1001Core => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-116116240-444440880-2871013289-1001Core" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D59A6508-6049-4F6C-802D-3047A26F7FE1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D59A6508-6049-4F6C-802D-3047A26F7FE1}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FD3D6E59-19D1-4E34-A813-430D0A075BBA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD3D6E59-19D1-4E34-A813-430D0A075BBA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-116116240-444440880-2871013289-1001UA" => not found
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-116116240-444440880-2871013289-1001Core" => not found
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore" => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 2097152 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 1942043916 B
Java, Flash, Steam htmlcache => 569984473 B
Windows/system/drivers => 62803488 B
Edge => 21504 B
Chrome => 1401880637 B
Firefox => 1247363318 B
Opera => 16873410 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 422218 B
systemprofile32 => 575892 B
LocalService => 592098 B
NetworkService => 612790 B
defaultuser0 => 612790 B
winki => 24180298525 B

RecycleBin => 59601 B
EmptyTemp: => 27.4 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 00:34:27 ====

Re: Kontrola po spuštění fake aplikace (Phishing)

Napsal: 12 říj 2021 09:37
od Rudy
Bylo smazáno, log je již OK.

Re: Kontrola po spuštění fake aplikace (Phishing)

Napsal: 14 říj 2021 12:39
od windyOMG
díky

Re: Kontrola po spuštění fake aplikace (Phishing)

Napsal: 14 říj 2021 13:19
od Rudy
Rádo se stalo! :)
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz