VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Malware

https://forum.viry.cz:443/viewtopic.php?t=158312

Stránka 1 z 2

Malware

Napsal: 21 říj 2021 13:56
od mikkie
Dobrý den,

dnes mi od FORPSI volali, že jejich tým zaznamenal "zvláštní" aktivitu a zřejmě je moje PC napadeno Malwarem (nebo něčím). Dokázal by mi někdo poradit, jak mám postupovat? Mám PC hloubkově vyčistit (používám jen Avast, windows 10 ochranu, a nic víc)

Dokázal by mi někdo poradit?

Re: Malware

Napsal: 21 říj 2021 14:56
od Rudy
Zdravím!
Poradit vám zkusíme, pouze nevím, proč dáváte žádost o záseh do sekce Antiviry. Patří do Řešní pronlémů, logy, kam jej přesouvám. Dejte lody FRST+Addition: http://forum.viry.cz/viewtopic.php?f=24&t=132509 .

Re: Malware

Napsal: 21 říj 2021 16:07
od mikkie
Moc se omlouvám, uklikl jsem se v kategorii

Re: Malware

Napsal: 21 říj 2021 16:51
od Rudy
OK, nic se neděje. Teď bych prosil ty logy FRST+Addition: http://forum.viry.cz/viewtopic.php?f=24&t=132509 .

Re: Malware

Napsal: 21 říj 2021 17:13
od mikkie
LOG FRST:


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <6>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(Discord Inc. -> Discord Inc.) C:\Users\micha\AppData\Local\Discord\app-1.0.9003\Discord.exe <6>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <11>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2109.6305.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe
(Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_19c79fb6254e3b11\Display.NvContainer\NVDisplay.Container.exe <2>
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIR4E.EXE
(Solid State System) [File not signed] C:\Program Files (x86)\XGAMER Audio 7.1\XGAMER Audio 7.1.exe
(SSS) [File not signed] C:\Windows\System32\AudioDeviceService.exe
(Urban Cyber Security Inc. -> ) C:\Program Files\UrbanVPN\bin\urbanvpn-gui.exe
(Urban Cyber Security Inc. -> ) C:\Program Files\UrbanVPN\bin\urbanvpnserv.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [134936 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [EPPCCMON] => C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE [442936 2020-10-22] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
HKLM\...\Run: [UrbanVPN] => C:\Program Files\UrbanVPN\bin\urbanvpn-gui.exe [24253504 2020-11-17] (Urban Cyber Security Inc. -> )
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1151872 2016-11-18] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [XGAMER Audio 7.1] => C:\Program Files (x86)\XGAMER Audio 7.1\XGAMER Audio 7.1.exe [10700800 2020-09-09] (Solid State System) [File not signed]
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4267928 2021-10-13] (Valve -> Valve Corporation)
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIR4E.EXE [417776 2014-11-14] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Run: [Spotify] => C:\Users\micha\AppData\Roaming\Spotify\Spotify.exe [23233936 2020-12-02] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [365760 2020-04-04] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-10-22] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Run: [Discord] => C:\Users\micha\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Run: [EPSDNMON] => ""
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\MountPoints2: {dc6f74ba-7658-11ea-a65b-a8a159192c9e} - "M:\setup.exe"
HKLM\...\Print\Monitors\EPSON L3050 Series 64MonitorBE: C:\Windows\system32\E_YLMBR4E.DLL [183296 2016-12-21] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\94.0.4606.81\Installer\chrmstp.exe [2021-10-13] (Google LLC -> Google LLC)
Startup: C:\Users\micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Outlook.lnk [2021-08-29]
ShortcutTarget: Outlook.lnk -> C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2020-04-06]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D8600B4-B888-4EBB-9AA4-62659EE61B98} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0F36DB52-85FF-40C8-AE92-0412A89A73BF} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {0FE0F530-4631-4907-9AA2-E94B1A5F538E} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {12BEBAAF-BEA6-46CD-AAE6-2B354DE2189C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-04] (Google LLC -> Google LLC)
Task: {1E11BE83-AA28-40C1-979D-208B1CB47254} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8314256 2021-10-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {33E22DCD-C643-463C-AFCB-E61FFC67AAD6} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {441C4612-8476-4748-B13C-09E64291FEC5} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {5A9E82D6-74F5-4102-B85D-FB9C9E910BA7} - System32\Tasks\SoundBass => C:\Users\micha\AppData\Roaming\Unpacker\Unpacker.exe <==== ATTENTION
Task: {6888416B-05BE-46F6-95FD-C51853B01862} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3339120 2021-06-15] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6DFEB52F-DD90-4AC1-B9B7-959FC5CACDFA} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [745664 2016-01-12] (@ByELDI -> @ByELDI) [File not signed]
Task: {799B4EE9-7E83-4265-A3B0-8C341617DAFD} - System32\Tasks\EPSON L3050 Series Update {58DE4AA5-C529-465E-87CE-0EF6614EE3D4} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSR4E.EXE [690536 2013-11-22] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Task: {7FD45365-D338-421B-AAB3-98EF7BED0695} - System32\Tasks\AMDAutoUpdate => C:\Program Files\AMD\AutoUpdate\AMDAutoUpdate.exe [677624 2019-11-21] (Advanced Micro Devices INC. -> )
Task: {84F4C895-3641-45B9-836E-CCC3894CD778} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138576 2021-10-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {9059918A-ABFD-4092-8D52-11725F647CF2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {968F3A69-5851-4A57-BB26-701B907B60CF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8314256 2021-10-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {A016E7E2-12AA-48DF-83C1-575481F94071} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B524A3A1-254A-417B-81E9-1F314D81EFF8} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B85E8914-C83D-42FC-B319-DE3600CCBEF8} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [645488 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {BC0C8980-80CF-4C6D-8506-EBE238627E95} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1790184 2021-05-03] (Avast Software s.r.o. -> Avast Software)
Task: {DC5B7110-B8FB-4B08-B134-E15657C512EB} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138576 2021-10-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {DD39BA4B-3BA1-469E-8DB0-38035A77324D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22652808 2021-10-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {DE43B3FA-1AE2-4270-B1B8-BE33A026C1A2} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4929304 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
Task: {E45D4087-6765-4617-B9A9-CBDF7B00211B} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E59CA9B8-C816-4521-AD84-B6882148F34F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-04] (Google LLC -> Google LLC)
Task: {EFF6B36E-B960-471E-A267-7EC4534980D4} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22652808 2021-10-20] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\EPSON L3050 Series Update {58DE4AA5-C529-465E-87CE-0EF6614EE3D4}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSR4E.EXE:/EXE:{58DE4AA5-C529-465E-87CE-0EF6614EE3D4} /F:UpdateWORKGROUP\DESKTOP-AUSGJMO$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-4261871939-3680644312-2290833728-1001] => 182.71.146.148:8080
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{a50b097d-b2f0-400f-88af-6fcafcb09065}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\micha\AppData\Local\Microsoft\Edge\User Data\Default [2021-10-12]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-10-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-10-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-10-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.10 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default [2021-10-21]
CHR Notifications: Default -> hxxps//app.smartsupp.com; hxxps//email.forpsi.com; hxxps//www.facebook.com
CHR HomePage: Default -> hxxp//www.google.com/
CHR Extension: (Překladač Google) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2021-08-16]
CHR Extension: (Prezentace) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-04-04]
CHR Extension: (Dokumenty) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-04-04]
CHR Extension: (Disk Google) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-25]
CHR Extension: (YouTube) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-04-04]
CHR Extension: (Tabulky) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-04-04]
CHR Extension: (Dokumenty Google offline) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-13]
CHR Extension: (FormApps Extension) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilfoopambfaclfjmpiaijnccgcmbeigi [2020-04-04]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-31]
CHR Extension: (Gmail) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Profile: C:\Users\micha\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-10-21]
CHR Profile: C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1 [2021-10-19]
CHR Notifications: Profile 1 -> hxxps//www.facebook.com
CHR HomePage: Profile 1 -> hxxp//www.google.cz/
CHR StartupUrls: Profile 1 -> ""
CHR Extension: (Překladač Google) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2021-08-16]
CHR Extension: (Prezentace) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-04-06]
CHR Extension: (Entanglement Web App) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aciahcmjmecflokailenpkdchphgkefd [2020-04-06]
CHR Extension: (Dokumenty) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2020-04-06]
CHR Extension: (Disk Google) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-22]
CHR Extension: (YouTube) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-04-06]
CHR Extension: (Tabulky) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-04-06]
CHR Extension: (Dokumenty Google offline) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-14]
CHR Extension: (Google Kalendář) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2021-01-09]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-31]
CHR Extension: (Gmail) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-24]
CHR Extension: (Eiffel Tower) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ppbaibkigenhdcommebegmmmpoolmpip [2020-04-06]
CHR Profile: C:\Users\micha\AppData\Local\Google\Chrome\User Data\System Profile [2021-10-21]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8323664 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R2 AudioDeviceService; C:\Windows\system32\AudioDeviceService.exe [2730496 2020-09-09] (SSS) [File not signed]
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [630040 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [377624 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2021-06-03] (Avast Software s.r.o. -> AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12034464 2021-10-20] (Microsoft Corporation -> Microsoft Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4507328 2020-04-04] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [145224 2017-03-10] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [2020144 2021-09-16] (Rockstar Games, Inc. -> Rockstar Games)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5414976 2021-10-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [182128 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 UrbanVPNServiceInteractive; C:\Program Files\UrbanVPN\bin\urbanvpnserv.exe [221072 2020-11-17] (Urban Cyber Security Inc. -> )
S3 UrbanVPNUpdater; C:\Program Files\UrbanVPN\UrbanVPNUpdater.exe [1010752 2020-11-25] (Urban Cyber Security Inc. -> Urban Security)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_19c79fb6254e3b11\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_19c79fb6254e3b11\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AsrDrv103; C:\Windows\SysWOW64\Drivers\AsrDrv103.sys [34568 2020-04-10] (ASROCK Incorporation -> ASRock Incorporation) [File not signed]
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [35720 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [221600 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [369176 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [250408 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [99368 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [21936 2021-10-04] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [41368 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [184640 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [538480 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [107864 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [82912 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [851712 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [557152 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [215392 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [328568 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159864 2021-06-29] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2020-04-04] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [59360 2020-04-04] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 Hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [45680 2019-04-02] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
R2 mi2c; C:\Windows\system32\drivers\mi2c.sys [20784 2020-04-09] (AOC International (Europe) GmbH -> Nicomsoft Ltd.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [43376 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [39920 2019-10-23] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S3 UAExt; C:\WINDOWS\System32\DRIVERS\UAExt.sys [135264 2020-09-09] (Solid State System Co., Ltd -> Solid State System.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-10-21 18:12 - 2021-10-21 18:12 - 000028425 _____ C:\Users\micha\Desktop\FRST.txt
2021-10-21 18:11 - 2021-10-21 18:12 - 000000000 ____D C:\FRST
2021-10-21 18:11 - 2021-10-21 18:11 - 002310656 _____ (Farbar) C:\Users\micha\Desktop\FRST64.exe
2021-10-19 12:57 - 2021-10-19 14:43 - 000010485 _____ C:\Users\micha\Desktop\CN kovar Lanzhot Uhet.xlsx
2021-10-15 13:25 - 2021-10-15 13:25 - 000611960 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-10-15 13:25 - 2021-10-15 13:25 - 000570368 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-10-15 13:25 - 2021-10-15 13:25 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-10-15 13:25 - 2021-10-15 13:25 - 000449024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-10-15 13:25 - 2021-10-15 13:25 - 000203264 _____ C:\WINDOWS\system32\uwfcfgmgmt.dll
2021-10-15 13:25 - 2021-10-15 13:25 - 000158208 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-10-15 13:25 - 2021-10-15 13:25 - 000040960 _____ C:\WINDOWS\system32\uwfservicingapi.dll
2021-10-15 13:25 - 2021-10-15 13:25 - 000011495 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-10-15 13:25 - 2021-10-15 13:25 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdxm.ocx
2021-10-15 13:25 - 2021-10-15 13:25 - 000005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx
2021-10-15 13:24 - 2021-10-15 13:24 - 001823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-10-15 13:24 - 2021-10-15 13:24 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-10-15 13:24 - 2021-10-15 13:24 - 000706536 _____ C:\WINDOWS\system32\TextShaping.dll
2021-10-15 13:24 - 2021-10-15 13:24 - 000593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-10-15 13:24 - 2021-10-15 13:24 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2021-10-15 13:24 - 2021-10-15 13:24 - 000098304 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-10-15 13:20 - 2021-10-15 13:20 - 000000000 ___HD C:\$WinREAgent
2021-10-14 15:09 - 2021-10-14 15:09 - 000000000 ____D C:\Users\micha\AppData\Local\Astro
2021-10-14 15:08 - 2021-10-14 15:08 - 000001151 _____ C:\Users\micha\Desktop\Astro.lnk
2021-10-13 21:26 - 2021-10-13 21:26 - 000001112 _____ C:\Users\micha\Desktop\Mining.lnk
2021-10-13 21:25 - 2021-10-13 21:25 - 000000000 ____D C:\Users\micha\AppData\Local\Mining
2021-10-13 18:43 - 2021-10-13 18:51 - 000000000 ____D C:\Users\micha\Desktop\kopie WWW idiot
2021-10-07 16:40 - 2021-10-14 15:09 - 000000000 ____D C:\Users\micha\AppData\Local\UnrealEngine
2021-10-07 16:40 - 2021-10-07 16:40 - 000000820 _____ C:\Users\micha\Desktop\Gas Station Simulator.lnk
2021-10-07 16:40 - 2021-10-07 16:40 - 000000000 ____D C:\Users\micha\AppData\Local\GSS2
2021-10-07 16:40 - 2021-10-07 16:40 - 000000000 ____D C:\Users\micha\AppData\Local\CrashReportClient
2021-10-07 16:40 - 2021-10-07 16:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gas Station Simulator
2021-10-05 21:15 - 2021-10-05 21:15 - 000094350 _____ C:\Users\micha\Desktop\priloha_951576887_0_VypisROS.pdf
2021-10-05 18:53 - 2021-10-12 13:29 - 000000000 ____D C:\Users\micha\AppData\Roaming\playway-launcher
2021-10-05 18:53 - 2021-10-05 18:53 - 000000000 ____D C:\Users\micha\AppData\LocalLow\FreemindSA
2021-10-05 16:07 - 2021-10-05 19:27 - 000000223 _____ C:\Users\micha\Desktop\House Builder Demo.url
2021-10-04 17:00 - 2021-10-04 17:00 - 000340248 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2021-10-04 17:00 - 2021-10-04 17:00 - 000215392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2021-09-26 10:13 - 2021-09-26 10:13 - 000000785 _____ C:\Users\micha\Desktop\Superliminal.lnk
2021-09-26 10:13 - 2021-09-26 10:13 - 000000000 ____D C:\Users\micha\AppData\LocalLow\PillowCastle
2021-09-26 10:13 - 2021-09-26 10:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Superliminal
2021-09-26 09:37 - 2021-09-26 10:12 - 000000000 ____D C:\Hry
2021-09-21 18:07 - 2021-09-16 05:28 - 001858672 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2021-09-21 18:07 - 2021-09-16 05:28 - 001858672 _____ C:\WINDOWS\system32\vulkaninfo.exe
2021-09-21 18:07 - 2021-09-16 05:28 - 001474688 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2021-09-21 18:07 - 2021-09-16 05:28 - 001438832 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-09-21 18:07 - 2021-09-16 05:28 - 001438832 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2021-09-21 18:07 - 2021-09-16 05:28 - 001212544 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2021-09-21 18:07 - 2021-09-16 05:28 - 001097832 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2021-09-21 18:07 - 2021-09-16 05:28 - 001097832 _____ C:\WINDOWS\system32\vulkan-1.dll
2021-09-21 18:07 - 2021-09-16 05:28 - 000951920 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2021-09-21 18:07 - 2021-09-16 05:28 - 000951920 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2021-09-21 18:07 - 2021-09-16 05:25 - 001520760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2021-09-21 18:07 - 2021-09-16 05:25 - 001171064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2021-09-21 18:07 - 2021-09-16 05:25 - 000716920 _____ C:\WINDOWS\system32\nvofapi64.dll
2021-09-21 18:07 - 2021-09-16 05:25 - 000676472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2021-09-21 18:07 - 2021-09-16 05:25 - 000645240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2021-09-21 18:07 - 2021-09-16 05:25 - 000577144 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2021-09-21 18:07 - 2021-09-16 05:25 - 000564344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2021-09-21 18:07 - 2021-09-16 05:24 - 008854144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2021-09-21 18:07 - 2021-09-16 05:24 - 002112120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2021-09-21 18:07 - 2021-09-16 05:24 - 001595512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2021-09-21 18:07 - 2021-09-16 05:24 - 000919160 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2021-09-21 18:07 - 2021-09-16 05:24 - 000706168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2021-09-21 18:07 - 2021-09-16 05:24 - 000447096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2021-09-21 18:07 - 2021-09-16 05:23 - 007920760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2021-09-21 18:07 - 2021-09-16 05:23 - 005681280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2021-09-21 18:07 - 2021-09-16 05:23 - 004987512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2021-09-21 18:07 - 2021-09-16 05:23 - 002925688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2021-09-21 18:07 - 2021-09-16 05:23 - 000849016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2021-09-21 18:07 - 2021-09-16 05:21 - 006216336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2021-09-21 18:07 - 2021-09-14 05:39 - 000083133 _____ C:\WINDOWS\system32\nvinfo.pb

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-10-21 18:09 - 2020-12-15 22:23 - 000000000 ____D C:\Users\micha\AppData\Roaming\discord
2021-10-21 18:09 - 2020-04-04 10:18 - 000000000 ____D C:\Program Files (x86)\Steam
2021-10-21 18:08 - 2020-12-15 22:23 - 000000000 ____D C:\Users\micha\AppData\Local\Discord
2021-10-21 18:08 - 2020-04-04 10:08 - 000000000 ___RD C:\Users\micha\OneDrive
2021-10-21 18:05 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-10-21 18:02 - 2021-02-01 19:31 - 001693140 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-10-21 18:02 - 2019-12-07 16:43 - 000716770 _____ C:\WINDOWS\system32\perfh005.dat
2021-10-21 18:02 - 2019-12-07 16:43 - 000144948 _____ C:\WINDOWS\system32\perfc005.dat
2021-10-21 18:02 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-10-21 17:58 - 2021-02-01 19:30 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-10-21 17:58 - 2020-04-04 11:02 - 000000000 ____D C:\ProgramData\NVIDIA
2021-10-21 17:57 - 2020-04-04 10:19 - 000000000 ____D C:\Program Files (x86)\Google
2021-10-21 17:55 - 2021-02-01 19:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-10-21 17:55 - 2021-02-01 19:25 - 000008192 ___SH C:\DumpStack.log.tmp
2021-10-21 17:55 - 2021-02-01 19:25 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-10-21 17:35 - 2020-04-04 10:59 - 000000951 _____ C:\WINDOWS\Tasks\EPSON L3050 Series Update {58DE4AA5-C529-465E-87CE-0EF6614EE3D4}.job
2021-10-21 15:04 - 2020-04-04 11:17 - 000000000 ____D C:\Users\micha\AppData\Local\ClassicShell
2021-10-21 14:51 - 2021-08-16 10:00 - 000001069 _____ C:\Users\micha\Desktop\PRACE dokumenty.txt
2021-10-21 14:10 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-10-21 14:10 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-10-21 13:14 - 2021-09-20 20:41 - 000002548 _____ C:\WINDOWS\system32\Tasks\AutoPico Daily Restart
2021-10-21 13:14 - 2021-02-11 13:37 - 000003318 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6f8bfdbe63d84
2021-10-21 13:14 - 2021-02-01 19:30 - 000003512 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-10-21 13:14 - 2021-02-01 19:30 - 000003500 _____ C:\WINDOWS\system32\Tasks\EPSON L3050 Series Update {58DE4AA5-C529-465E-87CE-0EF6614EE3D4}
2021-10-21 13:14 - 2021-02-01 19:30 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-10-21 13:14 - 2021-02-01 19:30 - 000003402 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-10-21 13:14 - 2021-02-01 19:30 - 000003398 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-10-21 13:14 - 2021-02-01 19:30 - 000003288 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-10-21 13:14 - 2021-02-01 19:30 - 000003196 _____ C:\WINDOWS\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-10-21 13:14 - 2021-02-01 19:30 - 000003178 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-10-21 13:14 - 2021-02-01 19:30 - 000003152 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-10-21 13:14 - 2021-02-01 19:30 - 000002984 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-10-21 13:14 - 2021-02-01 19:30 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-10-21 13:14 - 2021-02-01 19:30 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-10-21 13:14 - 2021-02-01 19:30 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-10-21 13:14 - 2021-02-01 19:30 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-10-21 13:14 - 2021-02-01 19:30 - 000002914 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-10-21 13:14 - 2021-02-01 19:30 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4261871939-3680644312-2290833728-1001
2021-10-21 13:14 - 2021-02-01 19:30 - 000002744 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-10-21 13:14 - 2021-02-01 19:30 - 000002582 _____ C:\WINDOWS\system32\Tasks\AMDAutoUpdate
2021-10-21 13:14 - 2021-02-01 19:30 - 000002580 _____ C:\WINDOWS\system32\Tasks\SoundBass
2021-10-21 13:14 - 2021-02-01 19:30 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2021-10-21 13:12 - 2021-08-25 19:46 - 000000000 ____D C:\Users\micha\Desktop\Nabídky
2021-10-21 11:51 - 2021-02-01 19:26 - 000002381 _____ C:\Users\micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-10-21 11:51 - 2020-04-06 16:34 - 000000000 ____D C:\Program Files\Microsoft Office
2021-10-18 18:37 - 2021-08-06 17:29 - 000000000 ____D C:\Users\micha\AppData\Roaming\.minecraft
2021-10-17 10:00 - 2021-08-16 16:32 - 000000000 ____D C:\Moje kominictvi
2021-10-17 09:59 - 2021-08-16 09:38 - 000000000 ____D C:\Kominictvi Mančík
2021-10-17 09:28 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-10-16 12:17 - 2021-02-01 19:25 - 000442456 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-10-16 12:17 - 2020-04-04 11:59 - 000000000 ____D C:\ProgramData\Avast Software
2021-10-16 09:53 - 2019-12-07 16:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-10-16 09:53 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-10-16 09:53 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-10-16 09:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-10-16 09:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-10-16 09:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-10-16 09:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-10-16 09:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-10-16 09:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-10-16 09:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-10-16 09:53 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-10-16 09:40 - 2020-04-04 10:59 - 000000000 ____D C:\Users\micha\Desktop\Skenování
2021-10-16 09:15 - 2020-06-06 22:23 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-10-15 13:20 - 2020-04-04 23:43 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-10-15 13:18 - 2020-04-04 23:43 - 139806512 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-10-14 15:08 - 2021-09-16 19:33 - 000000000 ____D C:\Games
2021-10-14 15:08 - 2020-04-19 09:50 - 000000000 ____D C:\Users\micha\AppData\Roaming\qBittorrent
2021-10-13 10:55 - 2020-04-04 10:19 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-10-13 10:55 - 2020-04-04 10:19 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-10-06 21:23 - 2021-04-25 13:27 - 000000000 ____D C:\ProgramData\UrbanVPN
2021-10-05 21:42 - 2020-04-04 10:07 - 000000000 ____D C:\Users\micha\AppData\Local\Packages
2021-10-04 17:57 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-10-04 17:28 - 2021-09-02 19:12 - 000000000 ____D C:\Raft.v13.01
2021-10-04 17:00 - 2021-05-30 20:51 - 000021936 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2021-10-04 17:00 - 2020-10-27 13:12 - 000184640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2021-10-04 17:00 - 2020-04-04 12:00 - 000851712 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2021-10-04 17:00 - 2020-04-04 12:00 - 000557152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2021-10-04 17:00 - 2020-04-04 12:00 - 000538480 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2021-10-04 17:00 - 2020-04-04 12:00 - 000369176 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2021-10-04 17:00 - 2020-04-04 12:00 - 000328568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2021-10-04 17:00 - 2020-04-04 12:00 - 000250408 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2021-10-04 17:00 - 2020-04-04 12:00 - 000221600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2021-10-04 17:00 - 2020-04-04 12:00 - 000107864 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2021-10-04 17:00 - 2020-04-04 12:00 - 000099368 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2021-10-04 17:00 - 2020-04-04 12:00 - 000082912 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2021-10-04 17:00 - 2020-04-04 12:00 - 000041368 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2021-10-04 17:00 - 2020-04-04 12:00 - 000035720 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2021-10-04 17:00 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-09-30 16:10 - 2021-08-06 17:29 - 000000000 ____D C:\Program Files (x86)\Minecraft Launcher
2021-09-29 16:16 - 2021-02-01 19:26 - 000000000 ____D C:\Users\micha
2021-09-25 10:20 - 2020-08-16 21:05 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-09-23 17:28 - 2020-11-17 19:13 - 000000000 ____D C:\Users\micha\AppData\Roaming\MyPhoneExplorer
2021-09-23 16:34 - 2020-04-04 10:59 - 000000000 ____D C:\Users\micha\Desktop\ZPRAVY SMAZAT
2021-09-23 12:26 - 2020-04-04 11:18 - 000000000 ____D C:\Users\micha\AppData\Local\ElevatedDiagnostics
2021-09-23 12:26 - 2020-04-04 11:02 - 000000000 ____D C:\Users\micha\AppData\Local\D3DSCache
2021-09-23 08:59 - 2020-12-15 22:23 - 000002231 _____ C:\Users\micha\Desktop\Discord.lnk
2021-09-21 18:12 - 2020-04-04 11:03 - 000000000 ____D C:\Users\micha\AppData\Local\NVIDIA
2021-09-21 10:23 - 2021-09-20 20:41 - 000000000 ____D C:\Program Files\KMSpico

==================== Files in the root of some directories ========

2020-07-29 20:21 - 2020-07-29 20:21 - 000056320 _____ (SSS) C:\ProgramData\FinalDeleteFile.exe
2020-09-27 21:17 - 2020-09-27 21:17 - 000016438 _____ () C:\Users\micha\AppData\Local\partner.bmp
2021-01-10 20:43 - 2021-02-08 19:36 - 000007602 _____ () C:\Users\micha\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Re: Malware

Napsal: 21 říj 2021 17:14
od mikkie
log Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-10-2021
Ran by micha (21-10-2021 18:12:51)
Running from C:\Users\micha\Desktop
Microsoft Windows 10 Pro Version 20H2 19042.1288 (X64) (2021-02-01 17:30:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-4261871939-3680644312-2290833728-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4261871939-3680644312-2290833728-503 - Limited - Disabled)
Guest (S-1-5-21-4261871939-3680644312-2290833728-501 - Limited - Disabled)
micha (S-1-5-21-4261871939-3680644312-2290833728-1001 - Administrator - Enabled) => C:\Users\micha
micha_p24az47 (S-1-5-21-4261871939-3680644312-2290833728-1002 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-4261871939-3680644312-2290833728-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Photoshop 2020 (HKLM-x32\...\PHSP_21_0_1) (Version: 21.0.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.23) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
aladin (HKLM-x32\...\{480E3FFC-3701-4B1B-850F-2204F43BC688}) (Version: - )
AMD Ryzen Master (HKLM\...\AMD Ryzen Master) (Version: 2.1.1.1472 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 19.10.16 - Advanced Micro Devices, Inc.)
A-Tuning v3.0.215 (HKLM-x32\...\A-Tuning_is1) (Version: 3.0.215 - ASRock Inc.)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 21.8.2487 - Avast Software)
Balanced (HKLM-x32\...\{0EA45DD4-A825-420C-AFED-C659EFE3B84F}) (Version: 4.00.0000 - Advanced Micro Devices, Inc.) Hidden
Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft)
Core Temp 1.15.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.15.1 - ALCPU)
CPUID CPU-Z 1.92 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.92 - CPUID, Inc.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.12.0.1184 - Disc Soft Ltd)
DCS World OpenBeta (HKLM\...\DCS World OpenBeta_is1) (Version: 2.5 - Eagle Dynamics)
Discord (HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
Epson Easy Photo Print 2 (HKLM-x32\...\{7E0261C4-8495-4365-BE48-647701D8B9BD}) (Version: 2.8.3.0 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{AB8BE3EA-01D3-44B7-8E77-A9601CBDEBDE}) (Version: 3.10.0085 - Seiko Epson Corporation)
EPSON L3050 Series Printer Uninstall (HKLM\...\EPSON L3050 Series) (Version: - Seiko Epson Corporation)
Epson Printer Connection Checker (HKLM-x32\...\{189DE071-E0BC-4BA5-8E34-83D5ED12600B}) (Version: 3.2.0.0 - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version: - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.04 - SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32\...\{28C66F35-69BF-4376-BC80-4D5F4808FF3C}) (Version: 4.6.1 - Seiko Epson Corporation)
FileZilla Client 3.47.2.1 (HKLM-x32\...\FileZilla Client) (Version: 3.47.2.1 - Tim Kosse)
Gas Station Simulator (HKLM-x32\...\Gas Station Simulator_is1) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 94.0.4606.81 - Google LLC)
i-Menu version 4.3.6 (HKLM-x32\...\{0121C0BD-363C-4B1D-8B64-FE7681A37D0A}_is1) (Version: 4.3.6 - AOC)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 94.0.992.50 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - cs-cz (HKLM\...\ProplusRetail - cs-cz) (Version: 16.0.14527.20178 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProplusRetail - en-us) (Version: 16.0.14527.20178 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\OneDriveSetup.exe) (Version: 21.210.1010.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.22.27821 (HKLM-x32\...\{6361b579-2795-4886-b2a8-53d5239b6452}) (Version: 14.22.27821.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{733C3ACB-432D-4880-B0E1-660000D7974D}) (Version: 1.0.0.0 - Mojang)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.15 - F.J. Wechselberger)
NVIDIA FrameView SDK 1.1.4923.29968894 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29968894 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.23.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.23.0.74 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.38.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.60 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 472.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 472.12 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NVIDIA USBC Driver 1.46.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.46.831.832 - NVIDIA Corporation)
OEM Application Profile (HKLM-x32\...\{84AD2AF7-10C8-0395-66F9-FFAEB4C5DBF1}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20178 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20178 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
ProFact 5 (HKLM-x32\...\ProFact_is1) (Version: - eXmind)
Project CARS 2 (HKLM-x32\...\Project CARS 2_is1) (Version: - )
Příručky společnosti EPSON (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.56.1.0 - Seiko Epson Corporation)
PSPad editor (HKLM\...\PSPad editor 64bit_is1) (Version: 5.0.6.589 - Jan Fiala)
PSPad editor (HKLM-x32\...\PSPad editor_is1) (Version: 5.0.4.543 - Jan Fiala)
qBittorrent 4.2.5 (HKLM-x32\...\qBittorrent) (Version: 4.2.5 - The qBittorrent project)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.47.484 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.9.0 - Rockstar Games)
Screen+ version Screen+ 1.4.2 (HKLM\...\Screen+_is1) (Version: Screen+ 1.4.2 - AOC)
Spotify (HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Spotify) (Version: 1.1.47.684.g136419d9 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Superliminal (HKLM-x32\...\Superliminal_is1) (Version: - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.5.6 - TeamSpeak Systems GmbH)
Total Commander 64+32-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.22 - Ghisler Software GmbH)
UrbanVPN (HKLM\...\{6109A611-488D-407B-AA65-0FF765E6CA9C}) (Version: 2.2.4 - Urban Security) Hidden
UrbanVPN (HKLM\...\UrbanVPN 2.2.4) (Version: 2.2.4 - Urban Security)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.10 - VideoLAN)
WinRAR 5.80 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.80.0 - win.rar GmbH)
XGAMER Audio 7.1 (HKLM-x32\...\SSS16xxAudioExt) (Version: 3.21.2018.104 - SADES)

Packages:
=========
Best of Wallpapers 2019 Exclusive -> C:\Program Files\WindowsApps\Microsoft.BestofWallpapers2019Exclusive_2.0.0.0_neutral__8wekyb3d8bbwe [2020-04-06] (Microsoft Corporation)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-09-19] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-02-01] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-02-01] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.9220.0_x64__8wekyb3d8bbwe [2021-10-12] (Microsoft Studios) [MS Ad]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_21.10913.5785.0_x64__8wekyb3d8bbwe [2021-09-22] (Microsoft Corporation)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-09-21] (NVIDIA Corp.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4261871939-3680644312-2290833728-1001_Classes\CLSID\{ED90173A-3B4C-4E7E-B9CF-79714425D4B5}\InprocServer32 -> C:\Program Files\PSPad editor\pspshellx64.dll () [File not signed]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-10-04] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-10-04] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-10-04] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1-x32: [MyPhoneExplorer] -> {A372C6DF-7A85-41B1-B3B0-D1E24073DCBF} => C:\Program Files (x86)\MyPhoneExplorer\DLL\ShellMgr.dll [2010-03-30] (F.J. Wechselberger) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2020-04-04] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-10-04] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2020-04-04] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_19c79fb6254e3b11\nvshext.dll [2021-09-16] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-10-04] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\system32\StartMenuHelper64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-4261871939-3680644312-2290833728-1001: [EditWithPSPad] -> {ED90173A-3B4C-4E7E-B9CF-79714425D4B5} => C:\Program Files\PSPad editor\pspshellx64.dll [2014-11-02] () [File not signed]

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\micha\Desktop\Michal - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\micha\Desktop\Terezka - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) =============

2021-04-18 17:23 - 2014-11-02 19:45 - 000029184 _____ () [File not signed] C:\Program Files\PSPad editor\pspshellx64.dll
2018-07-15 14:15 - 2018-07-15 14:15 - 003664696 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenuDLL.dll
2018-07-15 14:15 - 2018-07-15 14:15 - 000291128 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\WINDOWS\system32\StartMenuHelper64.dll
2020-04-26 11:02 - 2020-04-26 11:02 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll
2020-04-26 11:02 - 2020-04-26 11:02 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\Office16\c2r64.dll
2017-02-13 14:54 - 2017-02-13 14:54 - 000132096 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\epnsm.dll
2009-10-21 17:39 - 2009-10-21 17:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\LcMgr.dll
2020-09-09 13:36 - 2017-11-03 11:44 - 000232960 ____N (Solid State System) [File not signed] C:\Program Files (x86)\XGAMER Audio 7.1\DLL3S_UsbAudio16xx_x32.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-10-06] (Microsoft Corporation -> Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-10-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-06] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 06:49 - 2019-03-19 06:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\micha\Desktop\Foceni - Vanoce 2019\DSC_9982.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "Trust GXT 354 Headset"
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\StartupApproved\Run: => "Walliant"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{29458DEB-89BE-4F55-B362-0A79FF315AC2}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [TCP Query User{D73F25B8-73D8-4612-9013-00AFC67C6490}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [{C3D81636-F54F-4623-B32D-33BF2977B115}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mafia Definitive Edition\launcher.exe => No File
FirewallRules: [{6FB0E61A-EB60-4A63-B7A0-609B45C8AE88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mafia Definitive Edition\launcher.exe => No File
FirewallRules: [{C535DEAE-95B1-4EC1-9AE3-90F16FB847B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crash Drive 2\Crash Drive 2.exe () [File not signed]
FirewallRules: [{D00CE7CD-302D-4FC5-9DBD-BF6946EB2BC7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crash Drive 2\Crash Drive 2.exe () [File not signed]
FirewallRules: [{B53ED26A-6585-40CB-83AB-D1034BE5A986}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{EB245AB9-82A0-4DED-8851-4DBFE046EDA1}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [UDP Query User{F873DD99-DACE-47FB-ACB7-FAF5D2D438EF}C:\program files\eagle dynamics\dcs world openbeta\bin\dcs_updater.exe] => (Allow) C:\program files\eagle dynamics\dcs world openbeta\bin\dcs_updater.exe (Eagle Dynamics SA -> Eagle Dynamics SA)
FirewallRules: [TCP Query User{A54F25F0-65EF-41E6-9DB2-01F8F95FD1E9}C:\program files\eagle dynamics\dcs world openbeta\bin\dcs_updater.exe] => (Allow) C:\program files\eagle dynamics\dcs world openbeta\bin\dcs_updater.exe (Eagle Dynamics SA -> Eagle Dynamics SA)
FirewallRules: [UDP Query User{446488F3-6A65-4A40-84ED-6D7DD85BC5F2}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [TCP Query User{0A1E29E9-17F5-49FA-831C-74E987176127}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [{54446129-352F-4716-A57E-817CFBE15A09}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{45E25852-2436-49B6-8730-460ABC3C1F32}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{864198A2-5A02-402B-BFBE-2A6092CE7CBA}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{89CCDD86-5ABB-49F9-ADA2-3AA16A9C0DFA}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{D790B858-A34F-48F3-BAB6-30E18C8B86A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe (Valve -> Valve)
FirewallRules: [{E45CB1FF-8765-4764-B6E5-03B0CFB43CD0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe (Valve -> Valve)
FirewallRules: [UDP Query User{11C83DD6-66C1-4B2A-95B9-F5595BAAE73F}C:\users\micha\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\micha\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{36435545-4B21-4506-82B2-85572F619B25}C:\users\micha\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\micha\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{DBF5FAC2-3ED8-4AB7-A39F-2F9A785F9F5A}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [TCP Query User{975D2953-97C3-42CD-98A5-83734BE1D7B2}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{E1397ADB-175E-4CD9-B12F-39A92FBF12B3}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{3114659E-1964-4B01-88CD-D008340CB6FA}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{0356A693-A394-4772-B76B-BF4C327CF3EE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{8E292D98-5399-4BC6-8E9D-0B1CB269BB82}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{0586D70B-5F9B-4AE4-905B-6D8A0EB68614}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{6C369FD2-5CA0-46A5-AE4C-89BC129BAD00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{247BFA83-BBA5-4DFD-BC69-53C774B934EC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{5614D24F-F9EB-45A0-946F-3235201B76E9}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{04EE9578-4475-4C45-8938-31CFCAC72E37}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{1422F21A-0FE6-4E04-8608-E0AB2E1E74A0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{59EC471F-33CD-4B0E-8E0A-29665C636ADF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{B908D25C-2BCF-4188-BD0F-E397AC0F6BEF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [TCP Query User{1BDB91F3-593C-4C89-AE35-78A4D1C48856}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [UDP Query User{545FC895-48CF-4B35-9274-161BF62971B5}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [{0A77FFB5-C2E5-4D61-B0A6-F50C26917801}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3DDF4574-0231-4AB2-8264-9943794F7292}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DB818E50-B3CC-495D-8B88-B0DEBB6617EB}] => (Allow) C:\Program Files\UrbanVPN\bin\urbanvpn.exe (Urban Cyber Security Inc. -> Urban Cyber Security Inc.)
FirewallRules: [{6B348ED9-2076-478A-9359-7E403AFAF5E3}] => (Allow) C:\WINDOWS\SysWOW64\TCPSVCS.EXE (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{CF27492D-C72C-4CBA-B0FC-8509033C16A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mafia Definitive Edition\2KLauncher\LauncherPatcher.exe => No File
FirewallRules: [{95319F9B-01FA-43AE-9635-99937B8EEA2D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mafia Definitive Edition\2KLauncher\LauncherPatcher.exe => No File
FirewallRules: [{D95E5CD8-28BC-4058-8287-219908D11827}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{625E2928-9C58-49DF-B17F-B50F389E6882}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7E55FA02-62B7-487C-A936-926AA212BA3C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{5B049C5A-4686-4D48-971A-1FA1CE78FDB8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{EDB90044-B689-459D-A928-70A8E53D2179}C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe
FirewallRules: [UDP Query User{10816914-AC23-4957-AFA6-FF812C9B1605}C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe
FirewallRules: [TCP Query User{D941A9B7-F0DD-4690-9B9E-BA858CBD8690}C:\program files\eagle dynamics\dcs world openbeta\bin\dcs.exe] => (Allow) C:\program files\eagle dynamics\dcs world openbeta\bin\dcs.exe (Eagle Dynamics SA -> Eagle Dynamics)
FirewallRules: [UDP Query User{E3FF217D-D5A2-4FBB-9AA2-46E08FD69504}C:\program files\eagle dynamics\dcs world openbeta\bin\dcs.exe] => (Allow) C:\program files\eagle dynamics\dcs world openbeta\bin\dcs.exe (Eagle Dynamics SA -> Eagle Dynamics)
FirewallRules: [{9E5EEF55-8997-4079-8F9B-08FEAB040366}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{96C5992A-9238-42AB-A486-3B4269D5D5BA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FAE3C048-FAF0-427D-8EA0-3F4D9F3BE496}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{23DEC2C8-A016-4EB9-945C-0199CEA8AD4B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{224E2B44-96C5-4A1D-880C-0055A15F8E72}C:\users\micha\desktop\raft.v13.01\raft.v13.01\raft.exe] => (Block) C:\users\micha\desktop\raft.v13.01\raft.v13.01\raft.exe => No File
FirewallRules: [UDP Query User{1C5922B1-3F5E-40A6-8E0B-EC6A82507420}C:\users\micha\desktop\raft.v13.01\raft.v13.01\raft.exe] => (Block) C:\users\micha\desktop\raft.v13.01\raft.v13.01\raft.exe => No File
FirewallRules: [TCP Query User{7FEFB827-33DC-4636-8F8B-05FEA667BFC4}I:\raft.v13.01\raft.exe] => (Block) I:\raft.v13.01\raft.exe => No File
FirewallRules: [UDP Query User{C6180615-AEE4-48BA-B536-3C2847000265}I:\raft.v13.01\raft.exe] => (Block) I:\raft.v13.01\raft.exe => No File
FirewallRules: [{F4AE76EB-006D-40BC-BA62-6C277AA1CC70}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{F019F4A2-AA14-4DE6-A911-5194DC187A46}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{174932D6-6697-4504-9CC9-BF7F25EA6F64}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{D56936D4-1FD9-4590-BA26-F2F4416C32A5}C:\games\wobbly life v0.2.0\wobbly life.exe] => (Allow) C:\games\wobbly life v0.2.0\wobbly life.exe () [File not signed]
FirewallRules: [UDP Query User{DE0DF6E2-40AE-4912-B825-B7621C54FEA0}C:\games\wobbly life v0.2.0\wobbly life.exe] => (Allow) C:\games\wobbly life v0.2.0\wobbly life.exe () [File not signed]
FirewallRules: [TCP Query User{37E4D05E-2ADF-410A-B96A-4FE1603EB75E}L:\downloads\wobbly.life.build 5917938\wobbly.life.build 5917938\wobbly life.exe] => (Allow) L:\downloads\wobbly.life.build 5917938\wobbly.life.build 5917938\wobbly life.exe () [File not signed]
FirewallRules: [UDP Query User{41A171F7-2F8E-4D4F-95D8-B31FB070B856}L:\downloads\wobbly.life.build 5917938\wobbly.life.build 5917938\wobbly life.exe] => (Allow) L:\downloads\wobbly.life.build 5917938\wobbly.life.build 5917938\wobbly life.exe () [File not signed]
FirewallRules: [TCP Query User{16CB7910-8372-4FA5-B5A7-0EBBE0A43FC3}C:\wobbly.life.v0.6.6\wobbly life.exe] => (Allow) C:\wobbly.life.v0.6.6\wobbly life.exe () [File not signed]
FirewallRules: [UDP Query User{521A084B-40C8-4B58-8C12-53F500198CC1}C:\wobbly.life.v0.6.6\wobbly life.exe] => (Allow) C:\wobbly.life.v0.6.6\wobbly life.exe () [File not signed]
FirewallRules: [TCP Query User{B9BF3CDA-B02D-439F-B07D-5D3F05AA1C7B}C:\hry\superliminal\superliminal.exe] => (Allow) C:\hry\superliminal\superliminal.exe () [File not signed]
FirewallRules: [UDP Query User{86270292-CED8-4063-A839-B359E378F341}C:\hry\superliminal\superliminal.exe] => (Allow) C:\hry\superliminal\superliminal.exe () [File not signed]
FirewallRules: [{0FB5E399-96E2-41DD-A301-26C16DCFDA7F}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{0CF97578-F0B7-4384-ABE4-6E22252BF073}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{D7AEC660-94B5-447F-9266-E27103DF26D2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\House Builder Demo\launcher\playway-launcher.exe (Pway Sp. z o.o. (Piotr "Xeno" Adamczyk)) [File not signed]
FirewallRules: [{D8108455-A271-4AC5-B9E4-14D8F60BE516}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\House Builder Demo\launcher\playway-launcher.exe (Pway Sp. z o.o. (Piotr "Xeno" Adamczyk)) [File not signed]
FirewallRules: [{F7DF4CF4-449F-4AEA-A941-F6AA2ABD2A0E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Medal of Honor\Binaries\moh.exe => No File
FirewallRules: [{26C84179-5608-4C5B-9D54-1C880D10398D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Medal of Honor\Binaries\moh.exe => No File
FirewallRules: [{52C486E9-ADF6-4E8F-9EE3-EB2BC7D878F5}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6526B3D6-F464-4BCD-950E-C57C1644F7A5}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E4E8A345-380A-429B-AC24-C432D39527F3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{C93EDD0D-A67F-41F0-895E-2D38640EBE4C}C:\games\astroneer.v1.18.68.0\astro\binaries\win64\astro-win64-shipping.exe] => (Block) C:\games\astroneer.v1.18.68.0\astro\binaries\win64\astro-win64-shipping.exe (System Era Softworks) [File not signed]
FirewallRules: [UDP Query User{A95835B6-3EC1-4296-8418-29BB5940536B}C:\games\astroneer.v1.18.68.0\astro\binaries\win64\astro-win64-shipping.exe] => (Block) C:\games\astroneer.v1.18.68.0\astro\binaries\win64\astro-win64-shipping.exe (System Era Softworks) [File not signed]

==================== Restore Points =========================

15-10-2021 13:20:16 Instalační služba modulů systému Windows

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (10/21/2021 02:28:19 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na (L:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (10/21/2021 02:27:15 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na (K:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (10/21/2021 02:27:07 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na (J:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (10/21/2021 02:26:57 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na (H:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (10/21/2021 02:26:54 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na (G:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (10/21/2021 02:26:47 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Rezervováno systémem (F:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (10/21/2021 02:26:46 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Rezervováno systémem (E:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (10/21/2021 11:52:15 AM) (Source: Outlook) (EventID: 35) (User: )
Description: Nelze určit, zda se zásobník nachází v oboru procházení (chyba=0x8007045b).


System errors:
=============
Error: (10/21/2021 05:55:25 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (17:35:28, ‎21.‎10.‎2021) bylo neočekávané.

Error: (10/18/2021 07:03:21 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-AUSGJMO)
Description: Služba DCOM zjistila chybu 1053 při pokusu o spuštění služby BcastDVRUserService_33da8cc s argumenty Není k dispozici za účelem spuštění serveru:
Windows.Media.Capture.Internal.AppCaptureShell

Error: (10/18/2021 07:03:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Uživatelská služba pro GameDVR a vysílání her_33da8cc neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (10/18/2021 07:03:21 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Uživatelská služba pro GameDVR a vysílání her_33da8cc bylo dosaženo časového limitu (60000 ms).

Error: (10/18/2021 07:03:21 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-AUSGJMO)
Description: Server Microsoft.WindowsFeedbackHub_1.2108.2563.0_x64__8wekyb3d8bbwe!App.AppX8a6w88secebzyje9nrqc47xt488tkbmc.mca se v daném časovém limitu neregistroval u služby DCOM.

Error: (10/18/2021 07:03:21 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-AUSGJMO)
Description: Server microsoft.windowscommunicationsapps_16005.14326.20436.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca se v daném časovém limitu neregistroval u služby DCOM.

Error: (10/17/2021 05:34:40 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-AUSGJMO)
Description: Služba DCOM zjistila chybu 1053 při pokusu o spuštění služby BcastDVRUserService_1f86988 s argumenty Není k dispozici za účelem spuštění serveru:
Windows.Media.Capture.Internal.AppCaptureShell

Error: (10/17/2021 05:34:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Uživatelská služba pro GameDVR a vysílání her_1f86988 neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.


CodeIntegrity:
===============
Date: 2021-10-21 17:57:26
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2021-10-21 17:56:28
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. P3.90 12/09/2019
Motherboard: ASRock B450M Pro4
Processor: AMD Ryzen 5 3600 6-Core Processor
Percentage of memory in use: 29%
Total physical RAM: 16313.72 MB
Available physical RAM: 11425.83 MB
Total Virtual: 18745.72 MB
Available Virtual: 11730.6 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:475.87 GB) (Free:41.63 GB) NTFS
Drive d: (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: () (Fixed) (Total:224.84 GB) (Free:54.58 GB) NTFS
Drive h: () (Fixed) (Total:224.84 GB) (Free:14.61 GB) NTFS
Drive i: () (Fixed) (Total:222.95 GB) (Free:28.79 GB) NTFS
Drive j: () (Fixed) (Total:146.38 GB) (Free:20.54 GB) NTFS
Drive k: () (Fixed) (Total:247.82 GB) (Free:115.57 GB) NTFS
Drive l: () (Fixed) (Total:683.59 GB) (Free:506.87 GB) NTFS

\\?\Volume{c4029046-716d-441f-a03d-cce2ceeeb070}\ (Obnovení) (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS
\\?\Volume{c6b8d1f4-ded1-4088-bf7e-f6bafaa17d56}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS
\\?\Volume{7e630a01-0000-0000-0000-10c337000000}\ () (Fixed) (Total:0.52 GB) (Free:0.08 GB) NTFS
\\?\Volume{6ff619c6-97c5-4a7f-bd2f-8251e43ed227}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: 7E630A01)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=222.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=533 MB) - (Type=27)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 596.2 GB) (Disk ID: E274E274)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=449.7 GB) - (Type=0F Extended)

==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 0775D37C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=247.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=683.6 GB) - (Type=07 NTFS)

==========================================================
Disk: 3 (Protective MBR) (Size: 476.9 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

Re: Malware

Napsal: 21 říj 2021 17:56
od Rudy
Teď spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

Re: Malware

Napsal: 21 říj 2021 17:59
od mikkie
# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build: 06-29-2021
# Database: 2021-10-08.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 10-21-2021
# Duration: 00:00:01
# OS: Windows 10 Pro
# Cleaned: 8
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Users\micha\AppData\Local\Walliant
Deleted C:\Users\micha\AppData\Roaming\RelevantKnowledge

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Walliant
Deleted HKCU\Software\csastats
Deleted HKLM\Software\qdu-pr

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted Spirální stabilizace páteře - Na Úbočí 10, Praha 8, Czech Republic, 00420-284 810 231, spirstab@spirstab.com
Deleted home.sweetim.com
Deleted home.sweetim.com

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1926 octets] - [21/10/2021 18:58:01]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Re: Malware

Napsal: 21 říj 2021 18:49
od mikkie
Když dám zkontrolovat ještě jednou, objeví se tam

PUP.optional.22chromeEXT

který ale nejde dát do karantény, objevuje se stále dokola

Re: Malware

Napsal: 21 říj 2021 19:03
od Rudy
Nemusí být tak zle, je to jen potenciálně nežádoucí prvel. Dejte nové logy FRST+Addition.

Re: Malware

Napsal: 21 říj 2021 19:07
od mikkie
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-10-2021
Ran by micha (administrator) on DESKTOP-AUSGJMO (21-10-2021 20:05:39)
Running from C:\Users\micha\Desktop
Loaded Profiles: micha
Platform: Microsoft Windows 10 Pro Version 20H2 19042.1288 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <4>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <9>
(Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_19c79fb6254e3b11\Display.NvContainer\NVDisplay.Container.exe <2>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [134936 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [EPPCCMON] => C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE [442936 2020-10-22] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
HKLM\...\Run: [UrbanVPN] => C:\Program Files\UrbanVPN\bin\urbanvpn-gui.exe [24253504 2020-11-17] (Urban Cyber Security Inc. -> )
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1151872 2016-11-18] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [XGAMER Audio 7.1] => C:\Program Files (x86)\XGAMER Audio 7.1\XGAMER Audio 7.1.exe [10700800 2020-09-09] (Solid State System) [File not signed]
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4267928 2021-10-13] (Valve -> Valve Corporation)
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIR4E.EXE [417776 2014-11-14] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Run: [Spotify] => C:\Users\micha\AppData\Roaming\Spotify\Spotify.exe [23233936 2020-12-02] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [365760 2020-04-04] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-10-22] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Run: [Discord] => C:\Users\micha\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Run: [EPSDNMON] => ""
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\MountPoints2: {dc6f74ba-7658-11ea-a65b-a8a159192c9e} - "M:\setup.exe"
HKLM\...\Print\Monitors\EPSON L3050 Series 64MonitorBE: C:\Windows\system32\E_YLMBR4E.DLL [183296 2016-12-21] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\94.0.4606.81\Installer\chrmstp.exe [2021-10-13] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D8600B4-B888-4EBB-9AA4-62659EE61B98} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0F36DB52-85FF-40C8-AE92-0412A89A73BF} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {0FE0F530-4631-4907-9AA2-E94B1A5F538E} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {12BEBAAF-BEA6-46CD-AAE6-2B354DE2189C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-04] (Google LLC -> Google LLC)
Task: {1E11BE83-AA28-40C1-979D-208B1CB47254} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8314256 2021-10-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {33E22DCD-C643-463C-AFCB-E61FFC67AAD6} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {441C4612-8476-4748-B13C-09E64291FEC5} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {5A9E82D6-74F5-4102-B85D-FB9C9E910BA7} - System32\Tasks\SoundBass => C:\Users\micha\AppData\Roaming\Unpacker\Unpacker.exe <==== ATTENTION
Task: {6888416B-05BE-46F6-95FD-C51853B01862} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3339120 2021-06-15] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {799B4EE9-7E83-4265-A3B0-8C341617DAFD} - System32\Tasks\EPSON L3050 Series Update {58DE4AA5-C529-465E-87CE-0EF6614EE3D4} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSR4E.EXE [690536 2013-11-22] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Task: {7FD45365-D338-421B-AAB3-98EF7BED0695} - System32\Tasks\AMDAutoUpdate => C:\Program Files\AMD\AutoUpdate\AMDAutoUpdate.exe [677624 2019-11-21] (Advanced Micro Devices INC. -> )
Task: {84F4C895-3641-45B9-836E-CCC3894CD778} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138576 2021-10-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {9059918A-ABFD-4092-8D52-11725F647CF2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {968F3A69-5851-4A57-BB26-701B907B60CF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8314256 2021-10-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {A016E7E2-12AA-48DF-83C1-575481F94071} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B524A3A1-254A-417B-81E9-1F314D81EFF8} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B85E8914-C83D-42FC-B319-DE3600CCBEF8} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [645488 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {BC0C8980-80CF-4C6D-8506-EBE238627E95} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1790184 2021-05-03] (Avast Software s.r.o. -> Avast Software)
Task: {DC5B7110-B8FB-4B08-B134-E15657C512EB} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138576 2021-10-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {DD39BA4B-3BA1-469E-8DB0-38035A77324D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22652808 2021-10-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {DE43B3FA-1AE2-4270-B1B8-BE33A026C1A2} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4929304 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
Task: {E45D4087-6765-4617-B9A9-CBDF7B00211B} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E59CA9B8-C816-4521-AD84-B6882148F34F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-04] (Google LLC -> Google LLC)
Task: {EFF6B36E-B960-471E-A267-7EC4534980D4} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22652808 2021-10-20] (Microsoft Corporation -> Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-4261871939-3680644312-2290833728-1001] => 182.71.146.148:8080
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{a50b097d-b2f0-400f-88af-6fcafcb09065}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\micha\AppData\Local\Microsoft\Edge\User Data\Default [2021-10-12]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-10-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-10-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-10-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.10 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default [2021-10-21]
CHR Notifications: Default -> hxxps//www.facebook.com
CHR HomePage: Default -> hxxp//www.google.com/
CHR Extension: (Překladač Google) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2021-08-16]
CHR Extension: (Prezentace) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-04-04]
CHR Extension: (Dokumenty) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-04-04]
CHR Extension: (Disk Google) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-25]
CHR Extension: (YouTube) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-04-04]
CHR Extension: (Tabulky) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-04-04]
CHR Extension: (Dokumenty Google offline) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-13]
CHR Extension: (FormApps Extension) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilfoopambfaclfjmpiaijnccgcmbeigi [2020-04-04]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-31]
CHR Extension: (Gmail) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Profile: C:\Users\micha\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-10-21]
CHR Profile: C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1 [2021-10-19]
CHR Notifications: Profile 1 -> hxxps//www.facebook.com
CHR HomePage: Profile 1 -> hxxp//www.google.cz/
CHR StartupUrls: Profile 1 -> ""
CHR Extension: (Překladač Google) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2021-08-16]
CHR Extension: (Prezentace) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-04-06]
CHR Extension: (Entanglement Web App) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aciahcmjmecflokailenpkdchphgkefd [2020-04-06]
CHR Extension: (Dokumenty) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2020-04-06]
CHR Extension: (Disk Google) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-22]
CHR Extension: (YouTube) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-04-06]
CHR Extension: (Tabulky) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-04-06]
CHR Extension: (Dokumenty Google offline) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-14]
CHR Extension: (Google Kalendář) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2021-01-09]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-31]
CHR Extension: (Gmail) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-24]
CHR Extension: (Eiffel Tower) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ppbaibkigenhdcommebegmmmpoolmpip [2020-04-06]
CHR Profile: C:\Users\micha\AppData\Local\Google\Chrome\User Data\System Profile [2021-10-21]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8323664 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
S2 AudioDeviceService; C:\Windows\system32\AudioDeviceService.exe [2730496 2020-09-09] (SSS) [File not signed]
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [630040 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [377624 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2021-06-03] (Avast Software s.r.o. -> AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12034464 2021-10-20] (Microsoft Corporation -> Microsoft Corporation)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4507328 2020-04-04] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [145224 2017-03-10] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [2020144 2021-09-16] (Rockstar Games, Inc. -> Rockstar Games)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5414976 2021-10-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [182128 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S2 UrbanVPNServiceInteractive; C:\Program Files\UrbanVPN\bin\urbanvpnserv.exe [221072 2020-11-17] (Urban Cyber Security Inc. -> )
S3 UrbanVPNUpdater; C:\Program Files\UrbanVPN\UrbanVPNUpdater.exe [1010752 2020-11-25] (Urban Cyber Security Inc. -> Urban Security)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_19c79fb6254e3b11\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_19c79fb6254e3b11\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AsrDrv103; C:\Windows\SysWOW64\Drivers\AsrDrv103.sys [34568 2020-04-10] (ASROCK Incorporation -> ASRock Incorporation) [File not signed]
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [35720 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [221600 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [369176 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [250408 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [99368 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [21936 2021-10-04] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [41368 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [184640 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [538480 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [107864 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [82912 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [851712 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [557152 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [215392 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [328568 2021-10-04] (Avast Software s.r.o. -> AVAST Software)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159864 2021-06-29] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2020-04-04] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [59360 2020-04-04] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 Hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [45680 2019-04-02] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
R2 mi2c; C:\Windows\system32\drivers\mi2c.sys [20784 2020-04-09] (AOC International (Europe) GmbH -> Nicomsoft Ltd.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [43376 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [39920 2019-10-23] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S3 UAExt; C:\WINDOWS\System32\DRIVERS\UAExt.sys [135264 2020-09-09] (Solid State System Co., Ltd -> Solid State System.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-10-21 18:57 - 2021-10-21 18:58 - 000000000 ____D C:\AdwCleaner
2021-10-21 18:57 - 2021-10-21 18:57 - 008553680 _____ (Malwarebytes) C:\Users\micha\Desktop\adwcleaner_8.3.0.exe
2021-10-21 18:12 - 2021-10-21 20:05 - 000025015 _____ C:\Users\micha\Desktop\FRST.txt
2021-10-21 18:12 - 2021-10-21 20:05 - 000019262 _____ C:\Users\micha\Desktop\FRSTold.txt
2021-10-21 18:12 - 2021-10-21 18:13 - 000048080 _____ C:\Users\micha\Desktop\Additionold.txt
2021-10-21 18:11 - 2021-10-21 20:05 - 000000000 ____D C:\FRST
2021-10-21 18:11 - 2021-10-21 18:11 - 002310656 _____ (Farbar) C:\Users\micha\Desktop\FRST64.exe
2021-10-19 12:57 - 2021-10-19 14:43 - 000010485 _____ C:\Users\micha\Desktop\CN kovar Lanzhot Uhet.xlsx
2021-10-15 13:25 - 2021-10-15 13:25 - 000611960 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-10-15 13:25 - 2021-10-15 13:25 - 000570368 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-10-15 13:25 - 2021-10-15 13:25 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-10-15 13:25 - 2021-10-15 13:25 - 000449024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-10-15 13:25 - 2021-10-15 13:25 - 000203264 _____ C:\WINDOWS\system32\uwfcfgmgmt.dll
2021-10-15 13:25 - 2021-10-15 13:25 - 000158208 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-10-15 13:25 - 2021-10-15 13:25 - 000040960 _____ C:\WINDOWS\system32\uwfservicingapi.dll
2021-10-15 13:25 - 2021-10-15 13:25 - 000011495 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-10-15 13:25 - 2021-10-15 13:25 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdxm.ocx
2021-10-15 13:25 - 2021-10-15 13:25 - 000005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx
2021-10-15 13:24 - 2021-10-15 13:24 - 001823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-10-15 13:24 - 2021-10-15 13:24 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-10-15 13:24 - 2021-10-15 13:24 - 000706536 _____ C:\WINDOWS\system32\TextShaping.dll
2021-10-15 13:24 - 2021-10-15 13:24 - 000593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-10-15 13:24 - 2021-10-15 13:24 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2021-10-15 13:24 - 2021-10-15 13:24 - 000098304 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-10-15 13:20 - 2021-10-15 13:20 - 000000000 ___HD C:\$WinREAgent
2021-10-14 15:09 - 2021-10-14 15:09 - 000000000 ____D C:\Users\micha\AppData\Local\Astro
2021-10-14 15:08 - 2021-10-14 15:08 - 000001151 _____ C:\Users\micha\Desktop\Astro.lnk
2021-10-13 21:26 - 2021-10-13 21:26 - 000001112 _____ C:\Users\micha\Desktop\Mining.lnk
2021-10-13 21:25 - 2021-10-13 21:25 - 000000000 ____D C:\Users\micha\AppData\Local\Mining
2021-10-13 18:43 - 2021-10-13 18:51 - 000000000 ____D C:\Users\micha\Desktop\kopie WWW idiot
2021-10-07 16:40 - 2021-10-14 15:09 - 000000000 ____D C:\Users\micha\AppData\Local\UnrealEngine
2021-10-07 16:40 - 2021-10-07 16:40 - 000000820 _____ C:\Users\micha\Desktop\Gas Station Simulator.lnk
2021-10-07 16:40 - 2021-10-07 16:40 - 000000000 ____D C:\Users\micha\AppData\Local\GSS2
2021-10-07 16:40 - 2021-10-07 16:40 - 000000000 ____D C:\Users\micha\AppData\Local\CrashReportClient
2021-10-07 16:40 - 2021-10-07 16:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gas Station Simulator
2021-10-05 21:15 - 2021-10-05 21:15 - 000094350 _____ C:\Users\micha\Desktop\priloha_951576887_0_VypisROS.pdf
2021-10-05 18:53 - 2021-10-12 13:29 - 000000000 ____D C:\Users\micha\AppData\Roaming\playway-launcher
2021-10-05 18:53 - 2021-10-05 18:53 - 000000000 ____D C:\Users\micha\AppData\LocalLow\FreemindSA
2021-10-05 16:07 - 2021-10-05 19:27 - 000000223 _____ C:\Users\micha\Desktop\House Builder Demo.url
2021-10-04 17:00 - 2021-10-04 17:00 - 000340248 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2021-10-04 17:00 - 2021-10-04 17:00 - 000215392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2021-09-26 10:13 - 2021-09-26 10:13 - 000000785 _____ C:\Users\micha\Desktop\Superliminal.lnk
2021-09-26 10:13 - 2021-09-26 10:13 - 000000000 ____D C:\Users\micha\AppData\LocalLow\PillowCastle
2021-09-26 10:13 - 2021-09-26 10:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Superliminal
2021-09-26 09:37 - 2021-09-26 10:12 - 000000000 ____D C:\Hry
2021-09-21 18:07 - 2021-09-16 05:28 - 001858672 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2021-09-21 18:07 - 2021-09-16 05:28 - 001858672 _____ C:\WINDOWS\system32\vulkaninfo.exe
2021-09-21 18:07 - 2021-09-16 05:28 - 001474688 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2021-09-21 18:07 - 2021-09-16 05:28 - 001438832 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-09-21 18:07 - 2021-09-16 05:28 - 001438832 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2021-09-21 18:07 - 2021-09-16 05:28 - 001212544 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2021-09-21 18:07 - 2021-09-16 05:28 - 001097832 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2021-09-21 18:07 - 2021-09-16 05:28 - 001097832 _____ C:\WINDOWS\system32\vulkan-1.dll
2021-09-21 18:07 - 2021-09-16 05:28 - 000951920 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2021-09-21 18:07 - 2021-09-16 05:28 - 000951920 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2021-09-21 18:07 - 2021-09-16 05:25 - 001520760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2021-09-21 18:07 - 2021-09-16 05:25 - 001171064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2021-09-21 18:07 - 2021-09-16 05:25 - 000716920 _____ C:\WINDOWS\system32\nvofapi64.dll
2021-09-21 18:07 - 2021-09-16 05:25 - 000676472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2021-09-21 18:07 - 2021-09-16 05:25 - 000645240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2021-09-21 18:07 - 2021-09-16 05:25 - 000577144 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2021-09-21 18:07 - 2021-09-16 05:25 - 000564344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2021-09-21 18:07 - 2021-09-16 05:24 - 008854144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2021-09-21 18:07 - 2021-09-16 05:24 - 002112120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2021-09-21 18:07 - 2021-09-16 05:24 - 001595512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2021-09-21 18:07 - 2021-09-16 05:24 - 000919160 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2021-09-21 18:07 - 2021-09-16 05:24 - 000706168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2021-09-21 18:07 - 2021-09-16 05:24 - 000447096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2021-09-21 18:07 - 2021-09-16 05:23 - 007920760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2021-09-21 18:07 - 2021-09-16 05:23 - 005681280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2021-09-21 18:07 - 2021-09-16 05:23 - 004987512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2021-09-21 18:07 - 2021-09-16 05:23 - 002925688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2021-09-21 18:07 - 2021-09-16 05:23 - 000849016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2021-09-21 18:07 - 2021-09-16 05:21 - 006216336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2021-09-21 18:07 - 2021-09-14 05:39 - 000083133 _____ C:\WINDOWS\system32\nvinfo.pb

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-10-21 20:05 - 2020-04-04 11:02 - 000000000 ____D C:\ProgramData\NVIDIA
2021-10-21 20:04 - 2021-02-11 13:37 - 000003318 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6f8bfdbe63d84
2021-10-21 20:04 - 2021-02-01 19:30 - 000003512 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-10-21 20:04 - 2021-02-01 19:30 - 000003500 _____ C:\WINDOWS\system32\Tasks\EPSON L3050 Series Update {58DE4AA5-C529-465E-87CE-0EF6614EE3D4}
2021-10-21 20:04 - 2021-02-01 19:30 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-10-21 20:04 - 2021-02-01 19:30 - 000003402 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-10-21 20:04 - 2021-02-01 19:30 - 000003398 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-10-21 20:04 - 2021-02-01 19:30 - 000003288 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-10-21 20:04 - 2021-02-01 19:30 - 000003196 _____ C:\WINDOWS\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-10-21 20:04 - 2021-02-01 19:30 - 000003178 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-10-21 20:04 - 2021-02-01 19:30 - 000003152 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-10-21 20:04 - 2021-02-01 19:30 - 000002984 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-10-21 20:04 - 2021-02-01 19:30 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-10-21 20:04 - 2021-02-01 19:30 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-10-21 20:04 - 2021-02-01 19:30 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-10-21 20:04 - 2021-02-01 19:30 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-10-21 20:04 - 2021-02-01 19:30 - 000002914 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-10-21 20:04 - 2021-02-01 19:30 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4261871939-3680644312-2290833728-1001
2021-10-21 20:04 - 2021-02-01 19:30 - 000002744 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-10-21 20:04 - 2021-02-01 19:30 - 000002582 _____ C:\WINDOWS\system32\Tasks\AMDAutoUpdate
2021-10-21 20:04 - 2021-02-01 19:30 - 000002580 _____ C:\WINDOWS\system32\Tasks\SoundBass
2021-10-21 20:04 - 2021-02-01 19:30 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2021-10-21 20:04 - 2020-04-04 10:59 - 000000951 _____ C:\WINDOWS\Tasks\EPSON L3050 Series Update {58DE4AA5-C529-465E-87CE-0EF6614EE3D4}.job
2021-10-21 20:03 - 2021-09-20 20:41 - 000000000 ____D C:\Program Files\KMSpico
2021-10-21 20:03 - 2020-04-04 10:18 - 000000000 ____D C:\Program Files (x86)\Steam
2021-10-21 20:02 - 2020-04-04 11:17 - 000000000 ____D C:\Users\micha\AppData\Local\ClassicShell
2021-10-21 20:02 - 2020-04-04 11:03 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2021-10-21 19:56 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-10-21 19:43 - 2021-02-01 19:31 - 001693140 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-10-21 19:43 - 2019-12-07 16:43 - 000716770 _____ C:\WINDOWS\system32\perfh005.dat
2021-10-21 19:43 - 2019-12-07 16:43 - 000144948 _____ C:\WINDOWS\system32\perfc005.dat
2021-10-21 19:43 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-10-21 19:38 - 2020-12-15 22:23 - 000000000 ____D C:\Users\micha\AppData\Roaming\discord
2021-10-21 19:38 - 2020-04-04 10:19 - 000000000 ____D C:\Program Files (x86)\Google
2021-10-21 19:37 - 2020-12-15 22:23 - 000000000 ____D C:\Users\micha\AppData\Local\Discord
2021-10-21 19:37 - 2020-04-04 10:08 - 000000000 ___RD C:\Users\micha\OneDrive
2021-10-21 19:36 - 2021-02-01 19:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-10-21 19:36 - 2021-02-01 19:25 - 000008192 ___SH C:\DumpStack.log.tmp
2021-10-21 19:36 - 2020-04-04 11:59 - 000000000 ____D C:\ProgramData\Avast Software
2021-10-21 19:36 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-10-21 18:57 - 2021-04-25 13:27 - 000000000 ____D C:\ProgramData\UrbanVPN
2021-10-21 18:56 - 2021-02-01 19:25 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-10-21 17:58 - 2021-02-01 19:30 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-10-21 14:51 - 2021-08-16 10:00 - 000001069 _____ C:\Users\micha\Desktop\PRACE dokumenty.txt
2021-10-21 14:10 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-10-21 14:10 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-10-21 13:12 - 2021-08-25 19:46 - 000000000 ____D C:\Users\micha\Desktop\Nabídky
2021-10-21 11:51 - 2021-02-01 19:26 - 000002381 _____ C:\Users\micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-10-21 11:51 - 2020-04-06 16:34 - 000000000 ____D C:\Program Files\Microsoft Office
2021-10-18 18:37 - 2021-08-06 17:29 - 000000000 ____D C:\Users\micha\AppData\Roaming\.minecraft
2021-10-17 10:00 - 2021-08-16 16:32 - 000000000 ____D C:\Moje kominictvi
2021-10-17 09:59 - 2021-08-16 09:38 - 000000000 ____D C:\Kominictvi Mančík
2021-10-17 09:28 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-10-16 12:17 - 2021-02-01 19:25 - 000442456 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-10-16 09:53 - 2019-12-07 16:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-10-16 09:53 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-10-16 09:53 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-10-16 09:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-10-16 09:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-10-16 09:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-10-16 09:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-10-16 09:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-10-16 09:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-10-16 09:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-10-16 09:40 - 2020-04-04 10:59 - 000000000 ____D C:\Users\micha\Desktop\Skenování
2021-10-16 09:15 - 2020-06-06 22:23 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-10-15 13:20 - 2020-04-04 23:43 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-10-15 13:18 - 2020-04-04 23:43 - 139806512 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-10-14 15:08 - 2021-09-16 19:33 - 000000000 ____D C:\Games
2021-10-14 15:08 - 2020-04-19 09:50 - 000000000 ____D C:\Users\micha\AppData\Roaming\qBittorrent
2021-10-13 10:55 - 2020-04-04 10:19 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-10-13 10:55 - 2020-04-04 10:19 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-10-05 21:42 - 2020-04-04 10:07 - 000000000 ____D C:\Users\micha\AppData\Local\Packages
2021-10-04 17:57 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-10-04 17:28 - 2021-09-02 19:12 - 000000000 ____D C:\Raft.v13.01
2021-10-04 17:00 - 2021-05-30 20:51 - 000021936 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2021-10-04 17:00 - 2020-10-27 13:12 - 000184640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2021-10-04 17:00 - 2020-04-04 12:00 - 000851712 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2021-10-04 17:00 - 2020-04-04 12:00 - 000557152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2021-10-04 17:00 - 2020-04-04 12:00 - 000538480 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2021-10-04 17:00 - 2020-04-04 12:00 - 000369176 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2021-10-04 17:00 - 2020-04-04 12:00 - 000328568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2021-10-04 17:00 - 2020-04-04 12:00 - 000250408 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2021-10-04 17:00 - 2020-04-04 12:00 - 000221600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2021-10-04 17:00 - 2020-04-04 12:00 - 000107864 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2021-10-04 17:00 - 2020-04-04 12:00 - 000099368 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2021-10-04 17:00 - 2020-04-04 12:00 - 000082912 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2021-10-04 17:00 - 2020-04-04 12:00 - 000041368 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2021-10-04 17:00 - 2020-04-04 12:00 - 000035720 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2021-10-04 17:00 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-09-30 16:10 - 2021-08-06 17:29 - 000000000 ____D C:\Program Files (x86)\Minecraft Launcher
2021-09-29 16:16 - 2021-02-01 19:26 - 000000000 ____D C:\Users\micha
2021-09-25 10:20 - 2020-08-16 21:05 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-09-23 17:28 - 2020-11-17 19:13 - 000000000 ____D C:\Users\micha\AppData\Roaming\MyPhoneExplorer
2021-09-23 16:34 - 2020-04-04 10:59 - 000000000 ____D C:\Users\micha\Desktop\ZPRAVY SMAZAT
2021-09-23 12:26 - 2020-04-04 11:18 - 000000000 ____D C:\Users\micha\AppData\Local\ElevatedDiagnostics
2021-09-23 12:26 - 2020-04-04 11:02 - 000000000 ____D C:\Users\micha\AppData\Local\D3DSCache
2021-09-23 08:59 - 2020-12-15 22:23 - 000002231 _____ C:\Users\micha\Desktop\Discord.lnk
2021-09-21 18:12 - 2020-04-04 11:03 - 000000000 ____D C:\Users\micha\AppData\Local\NVIDIA

==================== Files in the root of some directories ========

2020-07-29 20:21 - 2020-07-29 20:21 - 000056320 _____ (SSS) C:\ProgramData\FinalDeleteFile.exe
2020-09-27 21:17 - 2020-09-27 21:17 - 000016438 _____ () C:\Users\micha\AppData\Local\partner.bmp
2021-01-10 20:43 - 2021-02-08 19:36 - 000007602 _____ () C:\Users\micha\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Re: Malware

Napsal: 21 říj 2021 19:07
od mikkie
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-10-2021
Ran by micha (21-10-2021 20:06:10)
Running from C:\Users\micha\Desktop
Microsoft Windows 10 Pro Version 20H2 19042.1288 (X64) (2021-02-01 17:30:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-4261871939-3680644312-2290833728-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4261871939-3680644312-2290833728-503 - Limited - Disabled)
Guest (S-1-5-21-4261871939-3680644312-2290833728-501 - Limited - Disabled)
micha (S-1-5-21-4261871939-3680644312-2290833728-1001 - Administrator - Enabled) => C:\Users\micha
micha_p24az47 (S-1-5-21-4261871939-3680644312-2290833728-1002 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-4261871939-3680644312-2290833728-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Photoshop 2020 (HKLM-x32\...\PHSP_21_0_1) (Version: 21.0.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.23) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
AMD Ryzen Master (HKLM\...\AMD Ryzen Master) (Version: 2.1.1.1472 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 19.10.16 - Advanced Micro Devices, Inc.)
A-Tuning v3.0.215 (HKLM-x32\...\A-Tuning_is1) (Version: 3.0.215 - ASRock Inc.)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 21.8.2487 - Avast Software)
Balanced (HKLM-x32\...\{0EA45DD4-A825-420C-AFED-C659EFE3B84F}) (Version: 4.00.0000 - Advanced Micro Devices, Inc.) Hidden
Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft)
Core Temp 1.15.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.15.1 - ALCPU)
CPUID CPU-Z 1.92 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.92 - CPUID, Inc.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.12.0.1184 - Disc Soft Ltd)
DCS World OpenBeta (HKLM\...\DCS World OpenBeta_is1) (Version: 2.5 - Eagle Dynamics)
Discord (HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
Epson Easy Photo Print 2 (HKLM-x32\...\{7E0261C4-8495-4365-BE48-647701D8B9BD}) (Version: 2.8.3.0 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{AB8BE3EA-01D3-44B7-8E77-A9601CBDEBDE}) (Version: 3.10.0085 - Seiko Epson Corporation)
EPSON L3050 Series Printer Uninstall (HKLM\...\EPSON L3050 Series) (Version: - Seiko Epson Corporation)
Epson Printer Connection Checker (HKLM-x32\...\{189DE071-E0BC-4BA5-8E34-83D5ED12600B}) (Version: 3.2.0.0 - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version: - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.04 - SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32\...\{28C66F35-69BF-4376-BC80-4D5F4808FF3C}) (Version: 4.6.1 - Seiko Epson Corporation)
FileZilla Client 3.47.2.1 (HKLM-x32\...\FileZilla Client) (Version: 3.47.2.1 - Tim Kosse)
Gas Station Simulator (HKLM-x32\...\Gas Station Simulator_is1) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 94.0.4606.81 - Google LLC)
i-Menu version 4.3.6 (HKLM-x32\...\{0121C0BD-363C-4B1D-8B64-FE7681A37D0A}_is1) (Version: 4.3.6 - AOC)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 94.0.992.50 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - cs-cz (HKLM\...\ProplusRetail - cs-cz) (Version: 16.0.14527.20178 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProplusRetail - en-us) (Version: 16.0.14527.20178 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\OneDriveSetup.exe) (Version: 21.210.1010.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.22.27821 (HKLM-x32\...\{6361b579-2795-4886-b2a8-53d5239b6452}) (Version: 14.22.27821.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{733C3ACB-432D-4880-B0E1-660000D7974D}) (Version: 1.0.0.0 - Mojang)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.15 - F.J. Wechselberger)
NVIDIA FrameView SDK 1.1.4923.29968894 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29968894 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.23.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.23.0.74 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.38.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.60 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 472.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 472.12 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NVIDIA USBC Driver 1.46.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.46.831.832 - NVIDIA Corporation)
OEM Application Profile (HKLM-x32\...\{84AD2AF7-10C8-0395-66F9-FFAEB4C5DBF1}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20178 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20178 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
ProFact 5 (HKLM-x32\...\ProFact_is1) (Version: - eXmind)
Project CARS 2 (HKLM-x32\...\Project CARS 2_is1) (Version: - )
Příručky společnosti EPSON (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.56.1.0 - Seiko Epson Corporation)
PSPad editor (HKLM\...\PSPad editor 64bit_is1) (Version: 5.0.6.589 - Jan Fiala)
PSPad editor (HKLM-x32\...\PSPad editor_is1) (Version: 5.0.4.543 - Jan Fiala)
qBittorrent 4.2.5 (HKLM-x32\...\qBittorrent) (Version: 4.2.5 - The qBittorrent project)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.47.484 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.9.0 - Rockstar Games)
Screen+ version Screen+ 1.4.2 (HKLM\...\Screen+_is1) (Version: Screen+ 1.4.2 - AOC)
Spotify (HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Spotify) (Version: 1.1.47.684.g136419d9 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Superliminal (HKLM-x32\...\Superliminal_is1) (Version: - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.5.6 - TeamSpeak Systems GmbH)
Total Commander 64+32-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.22 - Ghisler Software GmbH)
UrbanVPN (HKLM\...\{6109A611-488D-407B-AA65-0FF765E6CA9C}) (Version: 2.2.4 - Urban Security) Hidden
UrbanVPN (HKLM\...\UrbanVPN 2.2.4) (Version: 2.2.4 - Urban Security)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.10 - VideoLAN)
WinRAR 5.80 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.80.0 - win.rar GmbH)
XGAMER Audio 7.1 (HKLM-x32\...\SSS16xxAudioExt) (Version: 3.21.2018.104 - SADES)

Packages:
=========
Best of Wallpapers 2019 Exclusive -> C:\Program Files\WindowsApps\Microsoft.BestofWallpapers2019Exclusive_2.0.0.0_neutral__8wekyb3d8bbwe [2020-04-06] (Microsoft Corporation)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-09-19] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-02-01] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-02-01] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.9220.0_x64__8wekyb3d8bbwe [2021-10-12] (Microsoft Studios) [MS Ad]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_21.10913.5785.0_x64__8wekyb3d8bbwe [2021-09-22] (Microsoft Corporation)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-09-21] (NVIDIA Corp.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4261871939-3680644312-2290833728-1001_Classes\CLSID\{ED90173A-3B4C-4E7E-B9CF-79714425D4B5}\InprocServer32 -> C:\Program Files\PSPad editor\pspshellx64.dll () [File not signed]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-10-04] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-10-04] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-10-04] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1-x32: [MyPhoneExplorer] -> {A372C6DF-7A85-41B1-B3B0-D1E24073DCBF} => C:\Program Files (x86)\MyPhoneExplorer\DLL\ShellMgr.dll [2010-03-30] (F.J. Wechselberger) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2020-04-04] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-10-04] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2020-04-04] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_19c79fb6254e3b11\nvshext.dll [2021-09-16] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-10-04] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\system32\StartMenuHelper64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-4261871939-3680644312-2290833728-1001: [EditWithPSPad] -> {ED90173A-3B4C-4E7E-B9CF-79714425D4B5} => C:\Program Files\PSPad editor\pspshellx64.dll [2014-11-02] () [File not signed]

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\micha\Desktop\Michal - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\micha\Desktop\Terezka - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) =============

2021-04-18 17:23 - 2014-11-02 19:45 - 000029184 _____ () [File not signed] C:\Program Files\PSPad editor\pspshellx64.dll
2018-07-15 14:15 - 2018-07-15 14:15 - 003664696 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenuDLL.dll
2018-07-15 14:15 - 2018-07-15 14:15 - 000291128 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\WINDOWS\system32\StartMenuHelper64.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-10-06] (Microsoft Corporation -> Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-10-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-06] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 06:49 - 2019-03-19 06:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\micha\Desktop\Foceni - Vanoce 2019\DSC_9982.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "Trust GXT 354 Headset"
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\StartupApproved\Run: => "Spotify"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{29458DEB-89BE-4F55-B362-0A79FF315AC2}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [TCP Query User{D73F25B8-73D8-4612-9013-00AFC67C6490}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [{C3D81636-F54F-4623-B32D-33BF2977B115}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mafia Definitive Edition\launcher.exe => No File
FirewallRules: [{6FB0E61A-EB60-4A63-B7A0-609B45C8AE88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mafia Definitive Edition\launcher.exe => No File
FirewallRules: [{C535DEAE-95B1-4EC1-9AE3-90F16FB847B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crash Drive 2\Crash Drive 2.exe () [File not signed]
FirewallRules: [{D00CE7CD-302D-4FC5-9DBD-BF6946EB2BC7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crash Drive 2\Crash Drive 2.exe () [File not signed]
FirewallRules: [{B53ED26A-6585-40CB-83AB-D1034BE5A986}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{EB245AB9-82A0-4DED-8851-4DBFE046EDA1}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [UDP Query User{F873DD99-DACE-47FB-ACB7-FAF5D2D438EF}C:\program files\eagle dynamics\dcs world openbeta\bin\dcs_updater.exe] => (Allow) C:\program files\eagle dynamics\dcs world openbeta\bin\dcs_updater.exe (Eagle Dynamics SA -> Eagle Dynamics SA)
FirewallRules: [TCP Query User{A54F25F0-65EF-41E6-9DB2-01F8F95FD1E9}C:\program files\eagle dynamics\dcs world openbeta\bin\dcs_updater.exe] => (Allow) C:\program files\eagle dynamics\dcs world openbeta\bin\dcs_updater.exe (Eagle Dynamics SA -> Eagle Dynamics SA)
FirewallRules: [UDP Query User{446488F3-6A65-4A40-84ED-6D7DD85BC5F2}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [TCP Query User{0A1E29E9-17F5-49FA-831C-74E987176127}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [{54446129-352F-4716-A57E-817CFBE15A09}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{45E25852-2436-49B6-8730-460ABC3C1F32}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{864198A2-5A02-402B-BFBE-2A6092CE7CBA}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{89CCDD86-5ABB-49F9-ADA2-3AA16A9C0DFA}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{D790B858-A34F-48F3-BAB6-30E18C8B86A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe (Valve -> Valve)
FirewallRules: [{E45CB1FF-8765-4764-B6E5-03B0CFB43CD0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe (Valve -> Valve)
FirewallRules: [UDP Query User{11C83DD6-66C1-4B2A-95B9-F5595BAAE73F}C:\users\micha\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\micha\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{36435545-4B21-4506-82B2-85572F619B25}C:\users\micha\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\micha\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{DBF5FAC2-3ED8-4AB7-A39F-2F9A785F9F5A}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [TCP Query User{975D2953-97C3-42CD-98A5-83734BE1D7B2}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{E1397ADB-175E-4CD9-B12F-39A92FBF12B3}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{3114659E-1964-4B01-88CD-D008340CB6FA}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{0356A693-A394-4772-B76B-BF4C327CF3EE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{8E292D98-5399-4BC6-8E9D-0B1CB269BB82}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{0586D70B-5F9B-4AE4-905B-6D8A0EB68614}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{6C369FD2-5CA0-46A5-AE4C-89BC129BAD00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{247BFA83-BBA5-4DFD-BC69-53C774B934EC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{5614D24F-F9EB-45A0-946F-3235201B76E9}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{04EE9578-4475-4C45-8938-31CFCAC72E37}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{1422F21A-0FE6-4E04-8608-E0AB2E1E74A0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{59EC471F-33CD-4B0E-8E0A-29665C636ADF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{B908D25C-2BCF-4188-BD0F-E397AC0F6BEF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [TCP Query User{1BDB91F3-593C-4C89-AE35-78A4D1C48856}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [UDP Query User{545FC895-48CF-4B35-9274-161BF62971B5}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [{0A77FFB5-C2E5-4D61-B0A6-F50C26917801}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3DDF4574-0231-4AB2-8264-9943794F7292}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DB818E50-B3CC-495D-8B88-B0DEBB6617EB}] => (Allow) C:\Program Files\UrbanVPN\bin\urbanvpn.exe (Urban Cyber Security Inc. -> Urban Cyber Security Inc.)
FirewallRules: [{6B348ED9-2076-478A-9359-7E403AFAF5E3}] => (Allow) C:\WINDOWS\SysWOW64\TCPSVCS.EXE (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{CF27492D-C72C-4CBA-B0FC-8509033C16A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mafia Definitive Edition\2KLauncher\LauncherPatcher.exe => No File
FirewallRules: [{95319F9B-01FA-43AE-9635-99937B8EEA2D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mafia Definitive Edition\2KLauncher\LauncherPatcher.exe => No File
FirewallRules: [{D95E5CD8-28BC-4058-8287-219908D11827}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{625E2928-9C58-49DF-B17F-B50F389E6882}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7E55FA02-62B7-487C-A936-926AA212BA3C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{5B049C5A-4686-4D48-971A-1FA1CE78FDB8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{EDB90044-B689-459D-A928-70A8E53D2179}C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe
FirewallRules: [UDP Query User{10816914-AC23-4957-AFA6-FF812C9B1605}C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe
FirewallRules: [TCP Query User{D941A9B7-F0DD-4690-9B9E-BA858CBD8690}C:\program files\eagle dynamics\dcs world openbeta\bin\dcs.exe] => (Allow) C:\program files\eagle dynamics\dcs world openbeta\bin\dcs.exe (Eagle Dynamics SA -> Eagle Dynamics)
FirewallRules: [UDP Query User{E3FF217D-D5A2-4FBB-9AA2-46E08FD69504}C:\program files\eagle dynamics\dcs world openbeta\bin\dcs.exe] => (Allow) C:\program files\eagle dynamics\dcs world openbeta\bin\dcs.exe (Eagle Dynamics SA -> Eagle Dynamics)
FirewallRules: [{9E5EEF55-8997-4079-8F9B-08FEAB040366}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{96C5992A-9238-42AB-A486-3B4269D5D5BA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FAE3C048-FAF0-427D-8EA0-3F4D9F3BE496}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{23DEC2C8-A016-4EB9-945C-0199CEA8AD4B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{224E2B44-96C5-4A1D-880C-0055A15F8E72}C:\users\micha\desktop\raft.v13.01\raft.v13.01\raft.exe] => (Block) C:\users\micha\desktop\raft.v13.01\raft.v13.01\raft.exe => No File
FirewallRules: [UDP Query User{1C5922B1-3F5E-40A6-8E0B-EC6A82507420}C:\users\micha\desktop\raft.v13.01\raft.v13.01\raft.exe] => (Block) C:\users\micha\desktop\raft.v13.01\raft.v13.01\raft.exe => No File
FirewallRules: [TCP Query User{7FEFB827-33DC-4636-8F8B-05FEA667BFC4}I:\raft.v13.01\raft.exe] => (Block) I:\raft.v13.01\raft.exe => No File
FirewallRules: [UDP Query User{C6180615-AEE4-48BA-B536-3C2847000265}I:\raft.v13.01\raft.exe] => (Block) I:\raft.v13.01\raft.exe => No File
FirewallRules: [{F4AE76EB-006D-40BC-BA62-6C277AA1CC70}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{F019F4A2-AA14-4DE6-A911-5194DC187A46}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{174932D6-6697-4504-9CC9-BF7F25EA6F64}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{D56936D4-1FD9-4590-BA26-F2F4416C32A5}C:\games\wobbly life v0.2.0\wobbly life.exe] => (Allow) C:\games\wobbly life v0.2.0\wobbly life.exe () [File not signed]
FirewallRules: [UDP Query User{DE0DF6E2-40AE-4912-B825-B7621C54FEA0}C:\games\wobbly life v0.2.0\wobbly life.exe] => (Allow) C:\games\wobbly life v0.2.0\wobbly life.exe () [File not signed]
FirewallRules: [TCP Query User{37E4D05E-2ADF-410A-B96A-4FE1603EB75E}L:\downloads\wobbly.life.build 5917938\wobbly.life.build 5917938\wobbly life.exe] => (Allow) L:\downloads\wobbly.life.build 5917938\wobbly.life.build 5917938\wobbly life.exe () [File not signed]
FirewallRules: [UDP Query User{41A171F7-2F8E-4D4F-95D8-B31FB070B856}L:\downloads\wobbly.life.build 5917938\wobbly.life.build 5917938\wobbly life.exe] => (Allow) L:\downloads\wobbly.life.build 5917938\wobbly.life.build 5917938\wobbly life.exe () [File not signed]
FirewallRules: [TCP Query User{16CB7910-8372-4FA5-B5A7-0EBBE0A43FC3}C:\wobbly.life.v0.6.6\wobbly life.exe] => (Allow) C:\wobbly.life.v0.6.6\wobbly life.exe () [File not signed]
FirewallRules: [UDP Query User{521A084B-40C8-4B58-8C12-53F500198CC1}C:\wobbly.life.v0.6.6\wobbly life.exe] => (Allow) C:\wobbly.life.v0.6.6\wobbly life.exe () [File not signed]
FirewallRules: [TCP Query User{B9BF3CDA-B02D-439F-B07D-5D3F05AA1C7B}C:\hry\superliminal\superliminal.exe] => (Allow) C:\hry\superliminal\superliminal.exe () [File not signed]
FirewallRules: [UDP Query User{86270292-CED8-4063-A839-B359E378F341}C:\hry\superliminal\superliminal.exe] => (Allow) C:\hry\superliminal\superliminal.exe () [File not signed]
FirewallRules: [{0FB5E399-96E2-41DD-A301-26C16DCFDA7F}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{0CF97578-F0B7-4384-ABE4-6E22252BF073}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{D7AEC660-94B5-447F-9266-E27103DF26D2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\House Builder Demo\launcher\playway-launcher.exe (Pway Sp. z o.o. (Piotr "Xeno" Adamczyk)) [File not signed]
FirewallRules: [{D8108455-A271-4AC5-B9E4-14D8F60BE516}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\House Builder Demo\launcher\playway-launcher.exe (Pway Sp. z o.o. (Piotr "Xeno" Adamczyk)) [File not signed]
FirewallRules: [{F7DF4CF4-449F-4AEA-A941-F6AA2ABD2A0E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Medal of Honor\Binaries\moh.exe => No File
FirewallRules: [{26C84179-5608-4C5B-9D54-1C880D10398D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Medal of Honor\Binaries\moh.exe => No File
FirewallRules: [{52C486E9-ADF6-4E8F-9EE3-EB2BC7D878F5}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6526B3D6-F464-4BCD-950E-C57C1644F7A5}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E4E8A345-380A-429B-AC24-C432D39527F3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{C93EDD0D-A67F-41F0-895E-2D38640EBE4C}C:\games\astroneer.v1.18.68.0\astro\binaries\win64\astro-win64-shipping.exe] => (Block) C:\games\astroneer.v1.18.68.0\astro\binaries\win64\astro-win64-shipping.exe (System Era Softworks) [File not signed]
FirewallRules: [UDP Query User{A95835B6-3EC1-4296-8418-29BB5940536B}C:\games\astroneer.v1.18.68.0\astro\binaries\win64\astro-win64-shipping.exe] => (Block) C:\games\astroneer.v1.18.68.0\astro\binaries\win64\astro-win64-shipping.exe (System Era Softworks) [File not signed]

==================== Restore Points =========================

15-10-2021 13:20:16 Instalační služba modulů systému Windows

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (10/21/2021 02:28:19 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na (L:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (10/21/2021 02:27:15 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na (K:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (10/21/2021 02:27:07 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na (J:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (10/21/2021 02:26:57 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na (H:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (10/21/2021 02:26:54 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na (G:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (10/21/2021 02:26:47 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Rezervováno systémem (F:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (10/21/2021 02:26:46 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Rezervováno systémem (E:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (10/21/2021 11:52:15 AM) (Source: Outlook) (EventID: 35) (User: )
Description: Nelze určit, zda se zásobník nachází v oboru procházení (chyba=0x8007045b).


System errors:
=============
Error: (10/21/2021 08:04:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA LocalSystem Container byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 6000 milisekund: Restartovat službu.

Error: (10/21/2021 08:04:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Disc Soft Lite Bus Service byla neočekávaně ukončena. Tento stav nastal již 2krát.

Error: (10/21/2021 08:04:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba UrbanVPNServiceInteractive byla nečekaně ukončena. Stalo se to 2 krát. Následující opravná akce bude spuštěna za 300000 milisekund: Restartovat službu.

Error: (10/21/2021 08:04:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Microsoft Office Click-to-Run Service byla nečekaně ukončena. Stalo se to 2 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.

Error: (10/21/2021 08:04:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA Display Container LS byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 6000 milisekund: Restartovat službu.

Error: (10/21/2021 07:38:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Disc Soft Lite Bus Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (10/21/2021 07:38:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Steam Client Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (10/21/2021 07:38:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA LocalSystem Container byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 6000 milisekund: Restartovat službu.


CodeIntegrity:
===============
Date: 2021-10-21 19:38:48
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2021-10-21 19:37:49
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. P3.90 12/09/2019
Motherboard: ASRock B450M Pro4
Processor: AMD Ryzen 5 3600 6-Core Processor
Percentage of memory in use: 24%
Total physical RAM: 16313.72 MB
Available physical RAM: 12334.58 MB
Total Virtual: 18745.72 MB
Available Virtual: 13171.22 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:475.87 GB) (Free:42.74 GB) NTFS
Drive d: (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: () (Fixed) (Total:224.84 GB) (Free:54.58 GB) NTFS
Drive h: () (Fixed) (Total:224.84 GB) (Free:14.61 GB) NTFS
Drive i: () (Fixed) (Total:222.95 GB) (Free:28.79 GB) NTFS
Drive j: () (Fixed) (Total:146.38 GB) (Free:20.54 GB) NTFS
Drive k: () (Fixed) (Total:247.82 GB) (Free:115.57 GB) NTFS
Drive l: () (Fixed) (Total:683.59 GB) (Free:506.87 GB) NTFS

\\?\Volume{c4029046-716d-441f-a03d-cce2ceeeb070}\ (Obnovení) (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS
\\?\Volume{c6b8d1f4-ded1-4088-bf7e-f6bafaa17d56}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS
\\?\Volume{7e630a01-0000-0000-0000-10c337000000}\ () (Fixed) (Total:0.52 GB) (Free:0.08 GB) NTFS
\\?\Volume{6ff619c6-97c5-4a7f-bd2f-8251e43ed227}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: 7E630A01)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=222.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=533 MB) - (Type=27)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 596.2 GB) (Disk ID: E274E274)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=449.7 GB) - (Type=0F Extended)

==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 0775D37C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=247.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=683.6 GB) - (Type=07 NTFS)

==========================================================
Disk: 3 (Protective MBR) (Size: 476.9 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

Re: Malware

Napsal: 21 říj 2021 20:10
od Rudy
Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
FirewallRules: [{C3D81636-F54F-4623-B32D-33BF2977B115}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mafia Definitive Edition\launcher.exe => No File
FirewallRules: [{6FB0E61A-EB60-4A63-B7A0-609B45C8AE88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mafia Definitive Edition\launcher.exe => No File
FirewallRules: [{247BFA83-BBA5-4DFD-BC69-53C774B934EC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{5614D24F-F9EB-45A0-946F-3235201B76E9}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [TCP Query User{1BDB91F3-593C-4C89-AE35-78A4D1C48856}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [UDP Query User{545FC895-48CF-4B35-9274-161BF62971B5}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [{CF27492D-C72C-4CBA-B0FC-8509033C16A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mafia Definitive Edition\2KLauncher\LauncherPatcher.exe => No File
FirewallRules: [{95319F9B-01FA-43AE-9635-99937B8EEA2D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mafia Definitive Edition\2KLauncher\LauncherPatcher.exe => No File
FirewallRules: [TCP Query User{224E2B44-96C5-4A1D-880C-0055A15F8E72}C:\users\micha\desktop\raft.v13.01\raft.v13.01\raft.exe] => (Block) C:\users\micha\desktop\raft.v13.01\raft.v13.01\raft.exe => No File
FirewallRules: [UDP Query User{1C5922B1-3F5E-40A6-8E0B-EC6A82507420}C:\users\micha\desktop\raft.v13.01\raft.v13.01\raft.exe] => (Block) C:\users\micha\desktop\raft.v13.01\raft.v13.01\raft.exe => No File
FirewallRules: [TCP Query User{7FEFB827-33DC-4636-8F8B-05FEA667BFC4}I:\raft.v13.01\raft.exe] => (Block) I:\raft.v13.01\raft.exe => No File
FirewallRules: [UDP Query User{C6180615-AEE4-48BA-B536-3C2847000265}I:\raft.v13.01\raft.exe] => (Block) I:\raft.v13.01\raft.exe => No File
FirewallRules: [{F7DF4CF4-449F-4AEA-A941-F6AA2ABD2A0E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Medal of Honor\Binaries\moh.exe => No File
FirewallRules: [{26C84179-5608-4C5B-9D54-1C880D10398D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Medal of Honor\Binaries\moh.exe => No File
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Run: [EPSDNMON] => ""
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\MountPoints2: {dc6f74ba-7658-11ea-a65b-a8a159192c9e} - "M:\setup.exe"
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {5A9E82D6-74F5-4102-B85D-FB9C9E910BA7} - System32\Tasks\SoundBass => C:\Users\micha\AppData\Roaming\Unpacker\Unpacker.exe <==== ATTENTION
Task: {12BEBAAF-BEA6-46CD-AAE6-2B354DE2189C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-04] (Google LLC -> Google LLC)
Task: {E59CA9B8-C816-4521-AD84-B6882148F34F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-04] (Google LLC -> Google LLC)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
CHR StartupUrls: Profile 1 -> ""
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: Malware

Napsal: 22 říj 2021 06:09
od mikkie
Fix result of Farbar Recovery Scan Tool (x64) Version: 20-10-2021
Ran by micha (22-10-2021 07:04:07) Run:1
Running from C:\Users\micha\Desktop
Loaded Profiles: micha
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
FirewallRules: [{C3D81636-F54F-4623-B32D-33BF2977B115}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mafia Definitive Edition\launcher.exe => No File
FirewallRules: [{6FB0E61A-EB60-4A63-B7A0-609B45C8AE88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mafia Definitive Edition\launcher.exe => No File
FirewallRules: [{247BFA83-BBA5-4DFD-BC69-53C774B934EC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{5614D24F-F9EB-45A0-946F-3235201B76E9}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [TCP Query User{1BDB91F3-593C-4C89-AE35-78A4D1C48856}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [UDP Query User{545FC895-48CF-4B35-9274-161BF62971B5}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe => No File
FirewallRules: [{CF27492D-C72C-4CBA-B0FC-8509033C16A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mafia Definitive Edition\2KLauncher\LauncherPatcher.exe => No File
FirewallRules: [{95319F9B-01FA-43AE-9635-99937B8EEA2D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mafia Definitive Edition\2KLauncher\LauncherPatcher.exe => No File
FirewallRules: [TCP Query User{224E2B44-96C5-4A1D-880C-0055A15F8E72}C:\users\micha\desktop\raft.v13.01\raft.v13.01\raft.exe] => (Block) C:\users\micha\desktop\raft.v13.01\raft.v13.01\raft.exe => No File
FirewallRules: [UDP Query User{1C5922B1-3F5E-40A6-8E0B-EC6A82507420}C:\users\micha\desktop\raft.v13.01\raft.v13.01\raft.exe] => (Block) C:\users\micha\desktop\raft.v13.01\raft.v13.01\raft.exe => No File
FirewallRules: [TCP Query User{7FEFB827-33DC-4636-8F8B-05FEA667BFC4}I:\raft.v13.01\raft.exe] => (Block) I:\raft.v13.01\raft.exe => No File
FirewallRules: [UDP Query User{C6180615-AEE4-48BA-B536-3C2847000265}I:\raft.v13.01\raft.exe] => (Block) I:\raft.v13.01\raft.exe => No File
FirewallRules: [{F7DF4CF4-449F-4AEA-A941-F6AA2ABD2A0E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Medal of Honor\Binaries\moh.exe => No File
FirewallRules: [{26C84179-5608-4C5B-9D54-1C880D10398D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Medal of Honor\Binaries\moh.exe => No File
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Run: [EPSDNMON] => ""
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\MountPoints2: {dc6f74ba-7658-11ea-a65b-a8a159192c9e} - "M:\setup.exe"
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {5A9E82D6-74F5-4102-B85D-FB9C9E910BA7} - System32\Tasks\SoundBass => C:\Users\micha\AppData\Roaming\Unpacker\Unpacker.exe <==== ATTENTION
Task: {12BEBAAF-BEA6-46CD-AAE6-2B354DE2189C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-04] (Google LLC -> Google LLC)
Task: {E59CA9B8-C816-4521-AD84-B6882148F34F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-04] (Google LLC -> Google LLC)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
CHR StartupUrls: Profile 1 -> ""
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C3D81636-F54F-4623-B32D-33BF2977B115}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6FB0E61A-EB60-4A63-B7A0-609B45C8AE88}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{247BFA83-BBA5-4DFD-BC69-53C774B934EC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5614D24F-F9EB-45A0-946F-3235201B76E9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{1BDB91F3-593C-4C89-AE35-78A4D1C48856}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{545FC895-48CF-4B35-9274-161BF62971B5}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CF27492D-C72C-4CBA-B0FC-8509033C16A9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{95319F9B-01FA-43AE-9635-99937B8EEA2D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{224E2B44-96C5-4A1D-880C-0055A15F8E72}C:\users\micha\desktop\raft.v13.01\raft.v13.01\raft.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{1C5922B1-3F5E-40A6-8E0B-EC6A82507420}C:\users\micha\desktop\raft.v13.01\raft.v13.01\raft.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7FEFB827-33DC-4636-8F8B-05FEA667BFC4}I:\raft.v13.01\raft.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C6180615-AEE4-48BA-B536-3C2847000265}I:\raft.v13.01\raft.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F7DF4CF4-449F-4AEA-A941-F6AA2ABD2A0E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{26C84179-5608-4C5B-9D54-1C880D10398D}" => removed successfully
"HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\Software\Microsoft\Windows\CurrentVersion\Run\\EPSDNMON" => removed successfully
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc6f74ba-7658-11ea-a65b-a8a159192c9e} => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5A9E82D6-74F5-4102-B85D-FB9C9E910BA7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A9E82D6-74F5-4102-B85D-FB9C9E910BA7}" => removed successfully
C:\WINDOWS\System32\Tasks\SoundBass => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SoundBass" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{12BEBAAF-BEA6-46CD-AAE6-2B354DE2189C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12BEBAAF-BEA6-46CD-AAE6-2B354DE2189C}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E59CA9B8-C816-4521-AD84-B6882148F34F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E59CA9B8-C816-4521-AD84-B6882148F34F}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
"Chrome StartupUrls" => removed successfully
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 315525995 B
Java, Flash, Steam htmlcache => 422183967 B
Windows/system/drivers => 21945632 B
Edge => 1018662 B
Chrome => 1084634111 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 167100 B
NetworkService => 167100 B
micha => 376468479 B

RecycleBin => 90661548 B
EmptyTemp: => 2.2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 07:07:37 ====

Re: Malware

Napsal: 22 říj 2021 09:20
od Rudy
Smazáno. Nastala nějaká změna?
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz