VIRY.CZ

Dobrý den ,

někdo mému klukovi ukradl steam účet , než začnu měnit všechny hesla na email atd... ( dokonce mu z emailu odstranili i všechno co obsahovalo slovo steam) Tak potřebuji ať to má čisté , smažte vše , i kdyby to bylo jen podezřelé. Instaluje si tu různé hacky atd, tak je to jeho problém

posílám adwcleaner a FRST po něm.

# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build: 06-29-2021
# Database: 2021-10-26.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 10-31-2021
# Duration: 00:00:05
# OS: Windows 10 Home
# Cleaned: 26
# Failed: 0


***** [ Services ] *****

Deleted WCAssistantService

***** [ Folders ] *****

Deleted C:\Program Files (x86)\Lavasoft\Web Companion
Deleted C:\Program Files (x86)\MachinerData
Deleted C:\ProgramData\Application Data\Lavasoft\Web Companion
Deleted C:\ProgramData\Garbage Cleaner
Deleted C:\ProgramData\Lavasoft\Web Companion
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion
Deleted C:\Users\tomasek\AppData\Local\Lavasoft\WEBCOMPANION.EXE_URL_MRPQ523XMEO0CM2M0N5VJ25Z3NZKGEP4
Deleted C:\Users\tomasek\AppData\Roaming\Lavasoft\Web Companion
Deleted C:\Users\tomasek\AppData\Roaming\Smart Clock

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted C:\Windows\System32\Tasks\SMART CLOCK

***** [ Registry ] *****

Deleted HKCU\Software\GCleaner
Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{721DBB1E-BC53-4B93-BC26-71703BD120C4}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Smart Clock
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{db0d9acf-3c9c-4a7f-89ea-752e3fc8660e}|DisplayIcon
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{db0d9acf-3c9c-4a7f-89ea-752e3fc8660e}|DisplayName
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{db0d9acf-3c9c-4a7f-89ea-752e3fc8660e}|UninstallString
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted me.fo

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [6856 octets] - [01/03/2021 19:16:19]
AdwCleaner[S01].txt - [6917 octets] - [01/03/2021 20:12:38]
AdwCleaner[C01].txt - [6449 octets] - [01/03/2021 20:14:15]
AdwCleaner[S02].txt - [2957 octets] - [16/05/2021 15:54:45]
AdwCleaner[C02].txt - [2910 octets] - [16/05/2021 15:55:48]
AdwCleaner[S03].txt - [4169 octets] - [31/10/2021 12:51:41]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C03].txt ##########


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-10-2021
Ran by tomasek (administrator) on DESKTOP-3JV1PF5 (31-10-2021 13:00:58)
Running from C:\Users\tomasek\Desktop
Loaded Profiles: tomasek
: Microsoft Windows 10 Home Version 21H1 19043.1288 (X64) Language: Čeština (Česko)
Default browser: "C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --single-argument %1
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe <13>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1189.1\AvastBrowserCrashHandler.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1189.1\AvastBrowserCrashHandler64.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastNM.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <6>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <10>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wuapihost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Opera Software AS -> Opera Software) C:\Users\tomasek\AppData\Local\Programs\Opera\assistant\browser_assistant.exe <2>
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [134936 2021-10-27] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-23] (Adobe Inc. -> )
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\Run: [RK61] => C:\Program Files (x86)\RK\RK61\DeviceDriver.exe [1620480 2020-11-11] () [File not signed]
HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1806680 2021-10-07] (Overwolf Ltd -> Overwolf Ltd.)
HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35116160 2021-10-19] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\Run: [Voicemod] => C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe [6330568 2021-10-14] (Voicemod Sociedad Limitada -> Voicemod)
HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\Run: [Opera Browser Assistant] => C:\Users\tomasek\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [4105424 2021-10-14] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\Run: [Windscribe] => C:\Program Files (x86)\Windscribe\Windscribe.exe [5461888 2021-10-23] (Windscribe Limited -> Windscribe Limited)
HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\Run: [Discord] => C:\Users\tomasek\AppData\Local\Discord\Update.exe --processStart Discord.exe
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\95.0.4638.54\Installer\chrmstp.exe [2021-10-26] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\95.0.12674.55\Installer\chrmstp.exe [2021-10-27] (Avast Software s.r.o. -> AVAST Software)
Startup: C:\Users\tomasek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google\RebusDrop.lnk [2021-09-02]
ShortcutTarget: RebusDrop.lnk -> C:\Users\tomasek\RebusDrop\App\RebusDrop.exe (No File)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00DCEFEF-2636-4488-A8B3-16EE3AD65CF9} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2564864 2021-10-19] (Avast Software s.r.o. -> AVAST Software)
Task: {13B50121-E1FE-452F-8755-DF0C03C90E84} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [29200512 2021-10-19] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {1FA75FDC-E5D2-4440-9040-A97E14DDE2DD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-09-25] (Google LLC -> Google LLC)
Task: {219CB4A4-8C31-4E10-97F7-0B73A9BD4689} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2484568 2021-10-07] (Overwolf Ltd -> Overwolf LTD)
Task: {2D09A541-D6DA-4F28-AE58-21DFCE0D4BE2} - System32\Tasks\bookingDesktopAppUpdateTaskMachineCore => C:\Program Files (x86)\bookingDesktopApp\Update\bookingDesktopAppUpdate.exe [102400 2021-02-19] (bookingDesktopApp.) [File not signed]
Task: {3144313B-CD3A-443B-9944-89DCEF9BAD3F} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [193872 2021-10-27] (Avast Software s.r.o. -> AVAST Software)
Task: {3C327DF6-D29D-474A-A0DE-5FEDB6CF97FB} - System32\Tasks\services32 => C:\Users\tomasek\Services32.exe
Task: {3E6E236C-348F-499F-9A85-D858EF38D127} - System32\Tasks\Opera scheduled assistant Autoupdate 1628263185 => C:\Users\tomasek\AppData\Local\Programs\Opera\launcher.exe [46227664 2021-10-20] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\tomasek\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {495325BD-0611-494E-9CF3-51D52F2F63DC} - System32\Tasks\bookingDesktopAppUpdateTaskMachineUA => C:\Program Files (x86)\bookingDesktopApp\Update\bookingDesktopAppUpdate.exe [102400 2021-02-19] (bookingDesktopApp.) [File not signed]
Task: {4CBD922F-134E-4824-B412-07443DC9DAA0} - System32\Tasks\CCleanerSkipUAC - tomasek => C:\Program Files\CCleaner\CCleaner.exe [29200512 2021-10-19] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {569F5295-71BB-47D1-AB69-7313B2B593E5} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4974872 2021-10-27] (Avast Software s.r.o. -> AVAST Software)
Task: {6AC38052-6759-4FB6-8419-AA406408FA38} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1778456 2021-10-27] (Avast Software s.r.o. -> Avast Software)
Task: {6F8A71A0-7E02-4E72-B8BF-3A60BB0E6C74} - System32\Tasks\Videocard Service => C:\Users\tomasek\Documents\ClientHost.exe
Task: {7AFBBC1A-0209-45A7-8070-2A62AAC36390} - System32\Tasks\Services\Diagnostic => C:\Users\tomasek\AppData\Local\Disk\AutoIt3\AutoIt3_x64.exe -> "C:\Users\tomasek\AppData\Local\Disk\AutoIt3\Settings.au3"
Task: {A4AD5645-1782-4879-BD8C-57AE76E146AB} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-10-19] (Piriform Software Ltd -> Piriform)
Task: {A738DAE6-E4CD-4455-81CA-9CAE713313F3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-09-25] (Google LLC -> Google LLC)
Task: {ABC8A774-3286-4F6E-9DC5-D55753936F94} - System32\Tasks\WinManager => C:\Users\tomasek\AppData\Roaming\Windows\svchost.exe <==== ATTENTION
Task: {B928C857-D17A-430D-B8A8-A7883FC4E004} - System32\Tasks\Intel PTT EK Recertification => C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe [918288 2020-04-22] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {BF41AFA4-3048-478F-980A-1E13BCB07422} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2564864 2021-10-19] (Avast Software s.r.o. -> AVAST Software)
Task: {D473253E-AD71-43A3-979D-CD4EFA514B25} - System32\Tasks\Microsoft Windows Defender Update => C:\Program Files (x86)\BZDI\BZDI.exe
Task: {E409927A-C556-409B-919B-D6402429B072} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-3JV1PF5-tomasek => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
Task: {F2327FD2-7655-40A5-963B-ECE51465085D} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [193872 2021-10-27] (Avast Software s.r.o. -> AVAST Software)
Task: {FED5759A-2877-4CD0-B558-9642D907088F} - System32\Tasks\Opera scheduled Autoupdate 1609853199 => C:\Users\tomasek\AppData\Local\Programs\Opera\launcher.exe [46227664 2021-10-20] (Opera Software AS -> Opera Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{42d5e22c-9575-4454-8a68-21d1a84a4acf}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{ded706b5-01c2-4a75-9021-93f1d6b19da9}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\tomasek\AppData\Local\Microsoft\Edge\User Data\Default [2021-10-25]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\tomasek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-10-24]
Edge Extension: (KeyFind) - C:\Users\tomasek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nnoidofbgkmeabamdgclicncakljkoin [2021-03-25]
Edge Profile: C:\Users\tomasek\AppData\Local\Microsoft\Edge\User Data\Guest Profile [2021-10-24]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2021-01-07] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2021-01-07] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2021-01-01] (Adobe Systems Incorporated -> )
FF Plugin-x32: @bookingdesktopapp.com/bookingDesktopApp Update;version=3 -> C:\Program Files (x86)\bookingDesktopApp\Update\1.3.99.0\npbookingDesktopAppUpdate3.dll [2021-02-19] (bookingDesktopApp.) [File not signed]
FF Plugin-x32: @bookingdesktopapp.com/bookingDesktopApp Update;version=9 -> C:\Program Files (x86)\bookingDesktopApp\Update\1.3.99.0\npbookingDesktopAppUpdate3.dll [2021-02-19] (bookingDesktopApp.) [File not signed]
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1189.1\npAvastBrowserUpdate3.dll [2021-10-27] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1189.1\npAvastBrowserUpdate3.dll [2021-10-27] (Avast Software s.r.o. -> AVAST Software)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default [2021-10-31]
CHR DefaultSearchURL: Default -> hxxps//search.yahoo.com/search?fr=mcafee_uninternational&type=E210CZ91105G0&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Extension: (Точная погода на неделю) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkfanndldghlkndfhojpfhclgdnglfmf [2021-06-30]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-10-31]
CHR Extension: (Swift Select) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\molponhobmbbinjnghgafbfampcgamln [2021-03-23]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-11]
CHR Profile: C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-10-31]
CHR Profile: C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 1 [2021-10-31]
CHR DefaultSearchURL: Profile 1 -> hxxps//search.yahoo.com/search?fr=mcafee_uninternational&type=E210CZ91105G0&p={searchTerms}
CHR DefaultSearchKeyword: Profile 1 -> mcafee
CHR Extension: (Překladač Google) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2021-08-14]
CHR Extension: (Prezentace) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-04-14]
CHR Extension: (Dokumenty) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2021-04-14]
CHR Extension: (Disk Google) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-04-14]
CHR Extension: (YouTube) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-04-14]
CHR Extension: (NavFast) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cmbkjfjekgmlimjklnijcjijbfpblgde [2021-06-01]
CHR Extension: (Tabulky) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-04-14]
CHR Extension: (Dokumenty Google offline) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-19]
CHR Extension: (Search Manager) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gnplhahbcoldbildffdchneaepapccbn [2021-04-14]
CHR Extension: (Avast Online Security & Privacy) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2021-10-27]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-10-27]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-04-14]
CHR Extension: (Gmail) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-04-14]
CHR Profile: C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 2 [2021-10-16]
CHR DefaultSearchURL: Profile 2 -> hxxps//www.searchmr.com/?q={searchTerms}
CHR DefaultSuggestURL: Profile 2 -> hxxps//searchmr.com/?s={searchTerms}
CHR Extension: (Prezentace) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-04-14]
CHR Extension: (Dokumenty) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2021-04-14]
CHR Extension: (Disk Google) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-04-14]
CHR Extension: (YouTube) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-04-14]
CHR Extension: (Tabulky) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-04-14]
CHR Extension: (Dokumenty Google offline) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-06]
CHR Extension: (Search Manager) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gnplhahbcoldbildffdchneaepapccbn [2021-04-14]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-04-14]
CHR Extension: (Gmail) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-04-14]
CHR Profile: C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 3 [2021-10-30]
CHR DefaultSearchURL: Profile 3 -> hxxps//www.searchmr.com/?q={searchTerms}
CHR DefaultSuggestURL: Profile 3 -> hxxps//searchmr.com/?s={searchTerms}
CHR Extension: (Prezentace) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-06-24]
CHR Extension: (Tabulky) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-06-24]
CHR Extension: (Dokumenty Google offline) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-28]
CHR Extension: (Search Manager) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gnplhahbcoldbildffdchneaepapccbn [2021-06-24]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-10-28]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-06-24]
CHR Profile: C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 4 [2021-10-31]
CHR DefaultSearchURL: Profile 4 -> hxxps//www.searchmr.com/?q={searchTerms}
CHR DefaultSuggestURL: Profile 4 -> hxxps//searchmr.com/?s={searchTerms}
CHR Extension: (Prezentace) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-08-10]
CHR Extension: (Tabulky) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-08-10]
CHR Extension: (Dokumenty Google offline) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-23]
CHR Extension: (Search Manager) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\gnplhahbcoldbildffdchneaepapccbn [2021-08-10]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-10-23]
CHR Extension: (TubeBuddy) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\mhkhmbddkmdggbhaaaodilponhnccicb [2021-10-15]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-08-10]
CHR Profile: C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 5 [2021-10-31]
CHR DefaultSearchURL: Profile 5 -> hxxps//search.yahoo.com/search?fr=mcafee_uninternational&type=E210CZ91105G0&p={searchTerms}
CHR DefaultSearchKeyword: Profile 5 -> mcafee
CHR Extension: (Prezentace) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-10-19]
CHR Extension: (Dokumenty) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aohghmighlieiainnegkcijnfilokake [2021-10-19]
CHR Extension: (Disk Google) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-10-19]
CHR Extension: (YouTube) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-10-19]
CHR Extension: (Tabulky) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-10-19]
CHR Extension: (Dokumenty Google offline) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-19]
CHR Extension: (Search Manager) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\gnplhahbcoldbildffdchneaepapccbn [2021-10-19]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-10-24]
CHR Extension: (Grammarly for Chrome) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2021-10-28]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-10-19]
CHR Extension: (Gmail) - C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-10-19]
CHR Profile: C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\System Profile [2021-10-31]
CHR HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gkfanndldghlkndfhojpfhclgdnglfmf] - hxxps//chrome.google.com/webstore/detail/gkfanndldghlkndfhojpfhclgdnglfmf
CHR HKLM-x32\...\Chrome\Extension: [gnplhahbcoldbildffdchneaepapccbn]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

Opera:
=======
OPR Profile: C:\Users\tomasek\AppData\Roaming\Opera Software\Opera Stable [2021-10-31]
OPR DefaultSuggestURL: Opera Stable -> hxxps//www.google.com/complete/search?client=o ... utEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\tomasek\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-10-26]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\tomasek\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-08-06]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8376400 2021-10-27] (Avast Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [193872 2021-10-27] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [680728 2021-10-27] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [427800 2021-10-27] (Avast Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [193872 2021-10-27] (Avast Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\95.0.12674.55\elevation_service.exe [1812296 2021-10-19] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2021-10-27] (Avast Software s.r.o. -> AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8894752 2021-01-30] (BattlEye Innovations e.K. -> )
S2 bookingdesktopapp; C:\Program Files (x86)\bookingDesktopApp\Update\bookingDesktopAppUpdate.exe [102400 2021-02-19] (bookingDesktopApp.) [File not signed]
S3 bookingdesktopappm; C:\Program Files (x86)\bookingDesktopApp\Update\bookingDesktopAppUpdate.exe [102400 2021-02-19] (bookingDesktopApp.) [File not signed]
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2484568 2021-10-07] (Overwolf Ltd -> Overwolf LTD)
S3 Rockstar Service; D:\GTAV\Launcher\RockstarService.exe [2219416 2021-06-04] (Rockstar Games, Inc. -> Rockstar Games)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\NisSrv.exe [2855512 2021-10-19] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MsMpEng.exe [128392 2021-10-19] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [1300352 2021-10-23] (Windscribe Limited -> Windscribe Limited)
S2 DCIService; C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\DCIService.exe [X]
S2 igx64; "C:\Users\tomasek\AppData\Roaming\WinShare\runchos.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [35720 2021-10-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [222112 2021-10-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [372232 2021-10-27] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [250392 2021-10-27] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [99344 2021-10-27] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\Windows\System32\drivers\aswElam.sys [21936 2021-10-27] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [41352 2021-10-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [184648 2021-10-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [538992 2021-10-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [107864 2021-10-27] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [82928 2021-10-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [852240 2021-10-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [557664 2021-10-27] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [214368 2021-10-27] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [316632 2021-10-27] (Avast Software s.r.o. -> AVAST Software)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [284672 2021-04-16] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 CMUSBDAC; C:\Windows\system32\DRIVERS\CMUSBDAC.sys [3819744 2018-07-24] (WDKTestCert cm359,131641702659254692 -> C-MEDIA)
R3 DroidCam; C:\Windows\System32\drivers\droidcam.sys [32240 2020-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Dev47Apps)
R3 DroidCamVideo; C:\Windows\System32\DriverStore\FileRepository\droidcamvideo.inf_amd64_47e18363cbf3dfe0\droidcamvideo.sys [33784 2021-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
S3 logi_joy_bus_enum; C:\Windows\system32\drivers\logi_joy_bus_enum.sys [37200 2021-03-18] (Logitech Inc -> Logitech)
S3 logi_joy_vir_hid; C:\Windows\system32\drivers\logi_joy_vir_hid.sys [25928 2021-03-18] (Logitech Inc -> Logitech)
S3 logi_joy_xlcore; C:\Windows\system32\drivers\logi_joy_xlcore.sys [66896 2021-03-18] (Logitech Inc -> Logitech)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
S3 tapnordvpn; C:\Windows\System32\drivers\tapnordvpn.sys [44896 2020-06-09] (TEFINCOM S.A. -> The OpenVPN Project)
R3 tapwindscribe0901; C:\Windows\System32\drivers\tapwindscribe0901.sys [57768 2021-08-13] (Windscribe Limited -> The OpenVPN Project)
R3 VBAudioVMVAIOMME; C:\Windows\System32\drivers\vbaudio_vmvaio64_win10.sys [71712 2021-01-01] (Vincent Burel -> Windows (R) Win 7 DDK provider)
R3 VOICEMOD_Driver; C:\Windows\system32\drivers\vmdrv.sys [48136 2021-05-13] (Voicemod Sociedad Limitada -> Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [48520 2021-10-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [434424 2021-10-19] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [86264 2021-10-19] (Microsoft Windows -> Microsoft Corporation)
S3 WindscribeSplitTunnel; C:\Windows\system32\DRIVERS\WindscribeSplitTunnel.sys [35752 2021-10-23] (Windscribe Limited -> )
R3 windtun420; C:\Windows\System32\drivers\windtun420.sys [47544 2021-08-13] (Windscribe Limited -> WireGuard LLC)
U1 aswbdisk; no ImagePath
U3 avgbdisk; no ImagePath
U2 bddci; no ImagePath
S3 HWiNFO_152; \??\C:\Users\tomasek\AppData\Local\Temp\HWiNFO64A_152.SYS [X] <==== ATTENTION
S3 HWiNFO_155; \??\C:\Users\tomasek\AppData\Local\Temp\HWiNFO64A_155.SYS [X] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-10-31 12:59 - 2021-10-31 13:00 - 000051302 _____ C:\Users\tomasek\Desktop\Addition.txt
2021-10-31 12:58 - 2021-10-31 13:01 - 000031749 _____ C:\Users\tomasek\Desktop\FRST.txt
2021-10-31 12:53 - 2021-10-31 12:53 - 000003881 _____ C:\Users\tomasek\Desktop\AdwCleaner[C03].txt
2021-10-31 12:51 - 2021-10-31 12:51 - 008553680 _____ (Malwarebytes) C:\Users\tomasek\Desktop\adwcleaner_8.3.0.exe
2021-10-31 12:50 - 2021-10-31 12:50 - 002310656 _____ (Farbar) C:\Users\tomasek\Desktop\FRST64.exe
2021-10-30 14:41 - 2021-10-30 14:41 - 000000000 ____D C:\Users\tomasek\AppData\Local\UXP
2021-10-30 14:40 - 2021-10-30 14:40 - 000000998 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Animate 2021.lnk
2021-10-30 07:56 - 2021-10-30 08:16 - 2255205588 _____ C:\Users\tomasek\Downloads\_Getintopc.com_Adobe_Animate_v21.0.6.41649x64.rar
2021-10-30 07:54 - 2021-10-30 07:54 - 002524832 _____ (Adobe Inc.) C:\Users\tomasek\Downloads\Animate_Set-Up.exe
2021-10-29 18:45 - 2021-10-29 18:45 - 009502346 _____ C:\Users\tomasek\Downloads\Phantom fixed 1.8.zip
2021-10-29 18:27 - 2021-10-29 18:27 - 002705872 _____ ( ) C:\Users\tomasek\Downloads\Download of V3pe - Linkvertise Downloader_zlCT-k1.exe
2021-10-28 20:23 - 2021-10-28 20:23 - 000000223 _____ C:\Users\tomasek\Desktop\People Playground.url
2021-10-28 11:19 - 2021-10-28 11:19 - 038615557 _____ C:\Users\tomasek\Downloads\True Powers - Furnox VS Avellom.mp4
2021-10-28 10:53 - 2021-10-28 10:54 - 000194498 _____ C:\Users\tomasek\Downloads\All windows chords.mp4
2021-10-28 10:25 - 2021-10-28 10:25 - 013399395 _____ C:\Users\tomasek\Downloads\The Simpsons - Travel into the future couch gag.mp4
2021-10-28 09:43 - 2021-10-28 09:43 - 008920676 _____ C:\Users\tomasek\Downloads\Gravity Falls_ The Last Mablecorn - The TRUTH Between Bill and Ford.mp4
2021-10-28 09:34 - 2021-10-28 09:34 - 000064211 _____ C:\Users\tomasek\Downloads\Finger Snap Sound Effect.mp4
2021-10-28 09:26 - 2021-10-28 09:26 - 008435870 _____ C:\Users\tomasek\Downloads\Green Screen Teleport Effects _ Vanishing and Reappearing Effects 4.mp4
2021-10-28 09:08 - 2021-10-28 09:08 - 000225525 _____ C:\Users\tomasek\Downloads\Wind - Sound Effect.mp4
2021-10-27 20:11 - 2021-10-27 20:11 - 000121792 _____ C:\Users\tomasek\Downloads\2021-10-09 18-47-23.mp4.sfk
2021-10-27 11:22 - 2021-10-27 11:22 - 000012409 _____ C:\Users\tomasek\Downloads\Sigma5.zip
2021-10-27 09:46 - 2021-10-27 09:46 - 000003856 _____ C:\Windows\system32\Tasks\Avast Secure Browser Heartbeat Task (Hourly)
2021-10-27 09:46 - 2021-10-27 09:46 - 000003510 _____ C:\Windows\system32\Tasks\AvastUpdateTaskMachineUA
2021-10-27 09:46 - 2021-10-27 09:46 - 000003386 _____ C:\Windows\system32\Tasks\AvastUpdateTaskMachineCore
2021-10-27 09:46 - 2021-10-27 09:46 - 000003272 _____ C:\Windows\system32\Tasks\Avast Secure Browser Heartbeat Task (Logon)
2021-10-27 09:46 - 2021-10-27 09:46 - 000002574 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2021-10-27 09:46 - 2021-10-27 09:46 - 000002539 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2021-10-27 09:46 - 2021-10-27 09:46 - 000000000 ____D C:\Program Files (x86)\AVAST Software
2021-10-27 09:44 - 2021-10-27 09:44 - 000002124 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2021-10-27 09:44 - 2021-10-27 09:44 - 000002112 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2021-10-27 09:44 - 2021-10-27 09:44 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\Avast Software
2021-10-27 09:43 - 2021-10-31 12:28 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
2021-10-27 09:43 - 2021-10-27 09:43 - 000852240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2021-10-27 09:43 - 2021-10-27 09:43 - 000557664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2021-10-27 09:43 - 2021-10-27 09:43 - 000538992 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetHub.sys
2021-10-27 09:43 - 2021-10-27 09:43 - 000372232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2021-10-27 09:43 - 2021-10-27 09:43 - 000340248 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2021-10-27 09:43 - 2021-10-27 09:43 - 000316632 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2021-10-27 09:43 - 2021-10-27 09:43 - 000250392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2021-10-27 09:43 - 2021-10-27 09:43 - 000222112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2021-10-27 09:43 - 2021-10-27 09:43 - 000214368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2021-10-27 09:43 - 2021-10-27 09:43 - 000184648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2021-10-27 09:43 - 2021-10-27 09:43 - 000107864 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2021-10-27 09:43 - 2021-10-27 09:43 - 000099344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2021-10-27 09:43 - 2021-10-27 09:43 - 000082928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2021-10-27 09:43 - 2021-10-27 09:43 - 000041352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2021-10-27 09:43 - 2021-10-27 09:43 - 000035720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2021-10-27 09:43 - 2021-10-27 09:43 - 000021936 _____ (AVAST Software) C:\Windows\system32\Drivers\aswElam.sys
2021-10-27 09:43 - 2021-10-27 09:43 - 000003990 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2021-10-27 09:43 - 2021-10-27 09:43 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2021-10-27 09:42 - 2021-10-27 09:42 - 000234272 _____ (AVAST Software) C:\Users\tomasek\Downloads\avast_free_antivirus_setup_online (2).exe
2021-10-27 09:42 - 2021-10-27 09:42 - 000000000 ____D C:\Program Files\Avast Software
2021-10-27 09:17 - 2021-10-27 09:18 - 000000010 _____ C:\Users\tomasek\Downloads\ (2).txt
2021-10-24 20:39 - 2021-10-24 20:39 - 006882977 _____ () C:\Users\tomasek\Downloads\TechnicLauncher (1).exe
2021-10-24 15:51 - 2021-10-24 15:51 - 002878145 _____ C:\Users\tomasek\Downloads\[1.8.9] BetterKeystrokes V-1.1.0.jar
2021-10-24 15:40 - 2021-10-24 15:40 - 000000000 ____D C:\Users\tomasek\Downloads\Vape Lite
2021-10-24 15:33 - 2021-10-24 15:35 - 013860096 _____ C:\Users\tomasek\Downloads\Vape_Lite.rar
2021-10-24 13:47 - 2021-10-24 13:47 - 000644096 _____ C:\Users\tomasek\Downloads\icetea (2).exe
2021-10-24 13:33 - 2021-10-24 13:34 - 027484009 _____ C:\Users\tomasek\Downloads\§6Haunted §dPumpkin 16x (700 Sub).zip
2021-10-24 13:26 - 2021-10-28 12:52 - 000002269 _____ C:\Users\tomasek\Desktop\Discord.lnk
2021-10-24 13:26 - 2021-10-28 12:50 - 000000000 ____D C:\Users\tomasek\AppData\Local\Discord
2021-10-24 13:25 - 2021-10-24 13:26 - 070858912 _____ (Discord Inc.) C:\Users\tomasek\Downloads\DiscordSetup.exe
2021-10-24 13:25 - 2021-10-24 13:25 - 000234280 _____ (AVAST Software) C:\Users\tomasek\Downloads\avast_free_antivirus_setup_online (1).exe
2021-10-24 10:39 - 2021-10-24 10:39 - 002556620 _____ (ImpactDevelopment) C:\Users\tomasek\Downloads\ImpactInstaller-0.9.5.exe
2021-10-23 19:24 - 2021-10-23 19:24 - 001418358 _____ C:\Users\tomasek\Downloads\baritone-api-forge-1.2.15.jar
2021-10-23 16:01 - 2021-10-27 20:10 - 120626607 _____ C:\Users\tomasek\Downloads\Sight191.zip
2021-10-23 15:43 - 2021-10-25 15:33 - 000000801 _____ C:\Windows\system32\Drivers\etc\hosts.tmp
2021-10-23 12:27 - 2021-10-27 14:39 - 000000000 ____D C:\Program Files (x86)\Windscribe
2021-10-23 12:27 - 2021-10-23 12:27 - 020761984 _____ (Windscribe Limited) C:\Users\tomasek\Downloads\Windscribe (1).exe
2021-10-23 12:27 - 2021-10-23 12:27 - 000035752 _____ C:\Windows\system32\Drivers\WindscribeSplitTunnel.sys
2021-10-23 12:27 - 2021-10-23 12:27 - 000001144 _____ C:\Users\Public\Desktop\Windscribe.lnk
2021-10-23 12:27 - 2021-10-23 12:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windscribe
2021-10-23 11:41 - 2021-10-23 11:41 - 023575619 _____ C:\Users\tomasek\Downloads\Tenacity.zip
2021-10-23 10:42 - 2021-10-23 10:42 - 000090040 _____ C:\ProgramData\agent.uninstall.1634982167.bdinstall.v2.bin
2021-10-20 17:03 - 2021-10-20 17:03 - 000076753 _____ C:\Users\tomasek\Downloads\LunatriusCore-1.12.2-1.2.0.42-universal.jar
2021-10-20 16:51 - 2021-10-20 16:51 - 000336150 _____ C:\Users\tomasek\Downloads\Schematica-1.12.2-1.8.0.169-universal.jar
2021-10-20 16:17 - 2021-10-20 16:17 - 000477186 _____ C:\Users\tomasek\Downloads\baritone-api-forge-1.6.3.jar
2021-10-20 15:42 - 2021-10-20 15:42 - 000000027 _____ C:\Windows\system32\ctc.json
2021-10-20 15:36 - 2021-10-20 15:36 - 000170352 _____ C:\ProgramData\agent.update.1634740603.bdinstall.v2.bin
2021-10-19 17:29 - 2021-10-23 10:42 - 000000000 ____D C:\storage
2021-10-19 17:29 - 2021-10-19 17:29 - 000000000 _____ C:\Users\tomasek\Desktop\2CFDA16D75AC
2021-10-19 16:41 - 2021-10-19 16:41 - 007809752 ____H C:\Users\tomasek\AppData\Roaming\kNP9HSEdVX.exe
2021-10-19 16:01 - 2019-02-22 10:28 - 000001688 _____ C:\Users\tomasek\Downloads\readme.txt
2021-10-19 16:01 - 2019-02-22 10:26 - 000048844 _____ C:\Users\tomasek\Downloads\History.txt
2021-10-19 16:01 - 2019-02-21 18:00 - 000015360 _____ (Igor Pavlov) C:\Users\tomasek\Downloads\Uninstall.exe
2021-10-19 16:01 - 2019-02-21 17:00 - 001679360 _____ (Igor Pavlov) C:\Users\tomasek\Downloads\7z.dll
2021-10-19 16:01 - 2019-02-21 17:00 - 000867840 _____ (Igor Pavlov) C:\Users\tomasek\Downloads\7zFM.exe
2021-10-19 16:01 - 2019-02-21 17:00 - 000581632 _____ (Igor Pavlov) C:\Users\tomasek\Downloads\7zG.exe
2021-10-19 16:01 - 2019-02-21 17:00 - 000468992 _____ (Igor Pavlov) C:\Users\tomasek\Downloads\7z.exe
2021-10-19 16:01 - 2019-02-21 17:00 - 000205824 _____ (Igor Pavlov) C:\Users\tomasek\Downloads\7z.sfx
2021-10-19 16:01 - 2019-02-21 17:00 - 000186880 _____ (Igor Pavlov) C:\Users\tomasek\Downloads\7zCon.sfx
2021-10-19 16:01 - 2019-02-21 17:00 - 000078336 _____ (Igor Pavlov) C:\Users\tomasek\Downloads\7-zip.dll
2021-10-19 16:01 - 2019-02-21 17:00 - 000050688 _____ (Igor Pavlov) C:\Users\tomasek\Downloads\7-zip32.dll
2021-10-19 16:01 - 2019-02-20 12:00 - 000108074 _____ C:\Users\tomasek\Downloads\7-zip.chm
2021-10-19 16:01 - 2019-01-09 11:15 - 000003990 _____ C:\Users\tomasek\Downloads\License.txt
2021-10-19 16:01 - 2018-01-28 10:00 - 000000366 _____ C:\Users\tomasek\Downloads\descript.ion
2021-10-19 14:16 - 2021-10-19 14:16 - 000945944 _____ (www.sordum.org) C:\ProgramData\UpSys.exe
2021-10-19 14:16 - 2021-10-19 14:16 - 000000001 _____ C:\ProgramData\check.txt
2021-10-19 14:16 - 2021-10-19 14:16 - 000000000 ____D C:\ProgramData\MicrosoftNetwork
2021-10-19 12:31 - 2021-10-19 12:39 - 319041918 _____ C:\Users\tomasek\Downloads\videoplayback (4).mp4
2021-10-18 15:19 - 2021-10-18 15:19 - 000000000 ____D C:\Users\tomasek\AppData\Local\Vidmore
2021-10-18 15:18 - 2021-10-18 15:18 - 000000000 ____D C:\Program Files\Vidmore
2021-10-18 14:43 - 2021-10-18 14:43 - 000002000 _____ C:\Users\tomasek\Desktop\DaVinci Resolve.lnk
2021-10-18 14:43 - 2021-10-18 14:43 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blackmagic Design
2021-10-18 14:42 - 2021-10-18 14:42 - 000000000 ____D C:\Program Files (x86)\Blackmagic Design
2021-10-16 16:08 - 2021-10-16 16:08 - 000000000 ____D C:\Users\tomasek\Documents\Blackmagic Design
2021-10-16 16:08 - 2021-10-16 16:08 - 000000000 ____D C:\Users\Public\Documents\Blackmagic Design
2021-10-16 16:08 - 2021-10-16 16:08 - 000000000 ____D C:\ProgramData\Reprise
2021-10-16 16:05 - 2021-10-16 16:05 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\Blackmagic Design
2021-10-16 16:02 - 2021-10-18 14:43 - 000000000 ____D C:\Program Files\Blackmagic Design
2021-10-16 16:02 - 2021-10-16 16:02 - 000000000 ____D C:\ProgramData\Blackmagic Design
2021-10-16 16:01 - 2021-10-18 14:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blackmagic Design
2021-10-16 15:42 - 2021-10-16 15:59 - 2826580316 _____ C:\Users\tomasek\Downloads\_Getintopc.com_Blackmagic_Design_DaVinci_Resolve_Studio_17.3.1.0005x64.rar
2021-10-16 15:16 - 2021-10-16 15:18 - 255095714 _____ C:\Users\tomasek\Downloads\2021-10-09 18-47-23.mp4
2021-10-15 15:39 - 2021-10-15 15:40 - 010794193 _____ C:\Users\tomasek\Downloads\hello.mp4
2021-10-15 14:32 - 2021-10-15 14:56 - 000034176 _____ C:\Users\tomasek\Downloads\Untitled.mp4.sfk
2021-10-15 14:16 - 2021-10-15 14:16 - 000002464 _____ C:\Users\tomasek\Downloads\друг sound effect.mp4.sfk
2021-10-15 14:15 - 2021-10-15 14:15 - 000071270 _____ C:\Users\tomasek\Downloads\друг sound effect.mp4
2021-10-15 14:14 - 2021-10-15 14:14 - 000190395 _____ C:\Users\tomasek\Downloads\videoplayback (2).mp4
2021-10-15 14:14 - 2021-10-15 14:14 - 000018752 _____ C:\Users\tomasek\Downloads\videoplayback (2).mp4.sfk
2021-10-15 13:58 - 2021-10-15 13:58 - 000062956 _____ C:\Users\tomasek\Downloads\Mouse Click - Sound Effect (HD).mp4
2021-10-15 13:58 - 2021-10-15 13:58 - 000004160 _____ C:\Users\tomasek\Downloads\Mouse Click - Sound Effect (HD).mp4.sfk
2021-10-15 13:55 - 2021-10-15 13:55 - 000050348 _____ C:\Users\tomasek\Downloads\videoplayback.m4a
2021-10-15 13:50 - 2021-10-15 13:50 - 000011016 _____ C:\Users\tomasek\Downloads\-7D96D02E.avi.sfk
2021-10-15 13:50 - 2021-10-15 13:50 - 000007920 _____ C:\Users\tomasek\Downloads\-3A83DB9D.avi.sfk
2021-10-15 13:50 - 2021-10-15 13:50 - 000005464 _____ C:\Users\tomasek\Downloads\-B881BF7C.avi.sfk
2021-10-15 13:50 - 2021-10-15 13:50 - 000004768 _____ C:\Users\tomasek\Downloads\-08B167EB.avi.sfk
2021-10-15 13:50 - 2021-10-15 13:50 - 000003720 _____ C:\Users\tomasek\Downloads\-4C317899.avi.sfk
2021-10-15 13:50 - 2021-10-15 13:50 - 000003216 _____ C:\Users\tomasek\Downloads\-B8B56628.avi.sfk
2021-10-15 13:50 - 2021-10-15 13:50 - 000002216 _____ C:\Users\tomasek\Downloads\-02702EAD.avi.sfk
2021-10-14 17:58 - 2021-10-14 17:58 - 018616878 _____ C:\Users\tomasek\Downloads\-874946DB.avi
2021-10-14 17:55 - 2021-10-14 17:55 - 018737972 _____ C:\Users\tomasek\Downloads\-B8B56628.avi
2021-10-14 17:54 - 2021-10-14 17:54 - 015074274 _____ C:\Users\tomasek\Downloads\-02702EAD.avi
2021-10-14 17:53 - 2021-10-14 17:53 - 013634440 _____ C:\Users\tomasek\Downloads\-4C317899.avi
2021-10-14 17:53 - 2021-10-14 17:53 - 000073600 _____ C:\Users\tomasek\Downloads\VID_20211014_153152.mp4.sfk
2021-10-14 17:52 - 2021-10-14 17:52 - 027458420 _____ C:\Users\tomasek\Downloads\-08B167EB.avi
2021-10-14 17:51 - 2021-10-14 17:51 - 000017120 _____ C:\Users\tomasek\Downloads\VID_20211014_153128.mp4.sfk
2021-10-14 17:51 - 2021-10-14 17:51 - 000012992 _____ C:\Users\tomasek\Downloads\VID_20211014_153113.mp4.sfk
2021-10-14 17:49 - 2021-10-14 17:49 - 024713128 _____ C:\Users\tomasek\Downloads\-B881BF7C.avi
2021-10-14 17:48 - 2021-10-14 17:48 - 000010336 _____ C:\Users\tomasek\Downloads\VID_20211014_171443.mp4.sfk
2021-10-14 17:47 - 2021-10-14 17:47 - 036448850 _____ C:\Users\tomasek\Downloads\-3A83DB9D.avi
2021-10-14 17:46 - 2021-10-14 17:46 - 000020896 _____ C:\Users\tomasek\Downloads\VID_20211014_171410.mp4.sfk
2021-10-14 17:40 - 2021-10-14 17:40 - 046808198 _____ C:\Users\tomasek\Downloads\-7D96D02E.avi
2021-10-14 17:40 - 2021-10-14 17:40 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\avidemux
2021-10-14 17:38 - 2021-10-14 17:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
2021-10-14 17:38 - 2021-10-14 17:38 - 000000000 ____D C:\Program Files (x86)\Xvid
2021-10-14 17:38 - 2017-12-08 11:01 - 000713216 _____ C:\Windows\system32\xvidcore.dll
2021-10-14 17:38 - 2017-12-08 11:01 - 000251392 _____ C:\Windows\system32\xvidvfw.dll
2021-10-14 17:38 - 2017-12-08 11:01 - 000172032 _____ C:\Windows\system32\xvid.ax
2021-10-14 17:38 - 2017-12-08 11:00 - 000148480 _____ C:\Windows\SysWOW64\xvid.ax
2021-10-14 17:38 - 2017-12-08 10:59 - 000638976 _____ C:\Windows\SysWOW64\xvidcore.dll
2021-10-14 17:38 - 2017-12-08 10:59 - 000235520 _____ C:\Windows\SysWOW64\xvidvfw.dll
2021-10-14 17:36 - 2021-10-14 17:36 - 000065024 _____ C:\Users\tomasek\Downloads\VID_20211014_171313.mp4.sfk
2021-10-14 17:35 - 2021-10-14 17:35 - 000006400 _____ C:\Users\tomasek\Downloads\VID_20211014_171258.mp4.sfk
2021-10-14 17:34 - 2020-12-18 23:48 - 000000000 ____D C:\Users\tomasek\Documents\Vegas Script Menu
2021-10-14 17:33 - 2021-10-14 17:33 - 045443040 _____ C:\Users\tomasek\Downloads\VEGAS DATA Scripts.zip
2021-10-14 17:33 - 2021-10-14 17:33 - 000000000 ____D C:\Users\tomasek\Downloads\VEGAS DATA Scripts
2021-10-14 17:05 - 2021-10-14 17:05 - 000000000 ____D C:\MediaToolkit
2021-10-14 16:17 - 2021-10-14 16:45 - 035579607 _____ C:\Users\tomasek\Downloads\VID_20211014_171410.mp4
2021-10-14 16:17 - 2021-10-14 16:17 - 108102856 _____ C:\Users\tomasek\Downloads\VID_20211014_171313.mp4
2021-10-14 16:17 - 2021-10-14 16:17 - 011381372 _____ C:\Users\tomasek\Downloads\VID_20211014_171258.mp4
2021-10-14 16:17 - 2021-10-14 16:15 - 013430827 _____ C:\Users\tomasek\Downloads\VID_20211014_171502.mp4
2021-10-14 16:17 - 2021-10-14 16:14 - 017811561 _____ C:\Users\tomasek\Downloads\VID_20211014_171443.mp4
2021-10-14 16:11 - 2021-10-14 16:11 - 000000000 ___HD C:\Users\tomasek\AppData\Roaming\elnudcjigllpcatoi
2021-10-14 14:48 - 2021-10-14 14:31 - 022224134 _____ C:\Users\tomasek\Downloads\VID_20211014_153113.mp4
2021-10-14 14:47 - 2021-10-14 14:31 - 029278803 _____ C:\Users\tomasek\Downloads\VID_20211014_153128.mp4
2021-10-14 14:45 - 2021-10-14 14:45 - 000000000 ___HD C:\Users\tomasek\AppData\Roaming\jqihqxsnbgiicdwe
2021-10-14 14:45 - 2021-10-14 14:45 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\Aescripts
2021-10-14 14:45 - 2021-10-14 14:45 - 000000000 ____D C:\ProgramData\aescripts
2021-10-14 14:44 - 2019-01-27 20:29 - 000000000 ____D C:\Users\tomasek\Desktop\Datamosh_v1.1.5
2021-10-14 14:41 - 2021-10-14 14:41 - 067092536 _____ (aescripts + aeplugins) C:\Users\tomasek\Downloads\aescripts + aeplugins zxp installer (setup).exe
2021-10-14 14:41 - 2021-10-14 14:41 - 000000000 ____D C:\Users\tomasek\AppData\Local\aescripts.com
2021-10-14 14:41 - 2021-10-14 14:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZXP Installer
2021-10-14 14:41 - 2021-10-14 14:41 - 000000000 ____D C:\Program Files (x86)\aescripts + aeplugins
2021-10-14 14:35 - 2021-10-14 15:31 - 123331305 _____ C:\Users\tomasek\Downloads\VID_20211014_153152.mp4
2021-10-13 17:13 - 2021-10-13 17:13 - 001823296 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2021-10-13 17:13 - 2021-10-13 17:13 - 001393504 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2021-10-13 17:13 - 2021-10-13 17:13 - 000706536 _____ C:\Windows\system32\TextShaping.dll
2021-10-13 17:13 - 2021-10-13 17:13 - 000611960 _____ C:\Windows\SysWOW64\TextShaping.dll
2021-10-13 17:13 - 2021-10-13 17:13 - 000593920 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2021-10-13 17:13 - 2021-10-13 17:13 - 000570368 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2021-10-13 17:13 - 2021-10-13 17:13 - 000452096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2021-10-13 17:13 - 2021-10-13 17:13 - 000449024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2021-10-13 17:13 - 2021-10-13 17:13 - 000288768 _____ C:\Windows\system32\Windows.Management.InprocObjects.dll
2021-10-13 17:13 - 2021-10-13 17:13 - 000098304 _____ C:\Windows\system32\Drivers\cimfs.sys
2021-10-13 17:13 - 2021-10-13 17:13 - 000011495 _____ C:\Windows\system32\DrtmAuthTxt.wim
2021-10-13 17:13 - 2021-10-13 17:13 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2021-10-13 17:13 - 2021-10-13 17:13 - 000005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2021-10-13 16:56 - 2021-10-30 14:39 - 000000000 ____D C:\ProgramData\Voicemod
2021-10-13 16:56 - 2021-10-16 21:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Voicemod
2021-10-13 16:56 - 2021-10-16 21:51 - 000000000 ____D C:\Program Files\Voicemod Desktop
2021-10-13 16:56 - 2021-10-13 17:00 - 000000000 ____D C:\Users\tomasek\AppData\Local\Voicemod
2021-10-13 16:56 - 2021-10-13 16:56 - 000000904 _____ C:\Users\Public\Desktop\Voicemod.lnk
2021-10-13 13:52 - 2021-10-13 13:52 - 000000000 ___HD C:\$WinREAgent
2021-10-10 15:03 - 2021-10-10 15:13 - 3260030998 _____ C:\Users\tomasek\Downloads\VID_20211010_115352_2.avi
2021-10-10 15:02 - 2021-10-10 15:02 - 1443618444 _____ C:\Users\tomasek\Downloads\VID_20211010_115352.avi
2021-10-10 11:31 - 2021-10-10 10:55 - 033381442 _____ C:\Users\tomasek\Downloads\VID_20211010_115515.mp4
2021-10-10 10:24 - 2021-10-10 10:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare FilmoraPro
2021-10-10 10:22 - 2021-10-10 10:22 - 001153264 _____ C:\Users\tomasek\Downloads\filmorapro_setup_full5308.exe
2021-10-10 10:06 - 2021-10-10 10:20 - 000000000 ____D C:\ProgramData\Wondershare Filmora
2021-10-10 10:03 - 2021-10-10 10:03 - 001262368 _____ C:\Users\tomasek\Downloads\filmora-idco_setup_full1901 (1).exe
2021-10-08 21:51 - 2021-10-08 21:53 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\HOODLUM
2021-10-08 21:51 - 2021-10-08 21:52 - 000000000 ____D C:\Users\tomasek\AppData\Local\ForzaHorizon4
2021-10-08 21:44 - 2021-10-08 21:44 - 000001000 _____ C:\Users\tomasek\Desktop\Forza Horizon 4.lnk
2021-10-08 13:58 - 2021-10-08 13:58 - 000000320 _____ C:\Users\tomasek\AppData\Local\NjMwNzIwMjIwIDQ.corona
2021-10-06 17:27 - 2021-10-06 17:27 - 000001104 _____ C:\Users\tomasek\Desktop\WinDirStat.lnk
2021-10-06 17:27 - 2021-10-06 17:27 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
2021-10-06 17:27 - 2021-10-06 17:27 - 000000000 ____D C:\Program Files (x86)\WinDirStat
2021-10-06 17:26 - 2021-10-06 17:27 - 000645729 _____ (WDS Team) C:\Users\tomasek\Downloads\windirstat1_1_2_setup.exe
2021-10-04 14:49 - 2021-10-04 14:49 - 000001152 _____ C:\Users\tomasek\Desktop\blender.lnk
2021-10-04 14:49 - 2021-10-04 14:49 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\blender
2021-10-04 14:49 - 2021-10-04 14:49 - 000000000 ____D C:\Program Files\Blender Foundation
2021-10-04 14:44 - 2021-10-04 14:46 - 191631360 _____ C:\Users\tomasek\Downloads\blender-2.93.4-windows-x64.msi
2021-10-03 12:25 - 2021-10-03 12:25 - 000000000 ____D C:\Users\tomasek\AppData\LocalLow\Free Lives
2021-10-03 12:21 - 2021-10-03 12:25 - 153757017 _____ C:\Users\tomasek\Downloads\STICK IT TO THE STICKMAN (Windows) V0.80A_TheSocialNetwork5.1.zip
2021-10-03 10:10 - 2021-10-03 10:10 - 000000000 ____D C:\Users\tomasek\AppData\Local\xmrig
2021-10-02 21:16 - 2021-10-02 21:16 - 000000000 ____D C:\Users\tomasek\Downloads\Adobe After Effects Auto-Save
2021-10-02 21:15 - 2021-10-02 22:12 - 001096719 _____ C:\Users\tomasek\Downloads\audio.aep
2021-10-02 20:29 - 2021-10-02 20:29 - 000017611 _____ C:\Users\tomasek\Downloads\music-logo-png-2350.html
2021-10-02 20:29 - 2021-10-02 20:29 - 000017611 _____ C:\Users\tomasek\Downloads\music-logo-png-2350 (1).html
2021-10-01 20:57 - 2021-10-01 20:57 - 006911115 _____ ( ) C:\Users\tomasek\Downloads\FFmpeg_v2.2.2_for_Audacity_on_Windows_64bit.exe
2021-10-01 20:57 - 2021-10-01 20:57 - 000000000 ____D C:\Program Files\FFmpeg For Audacity
2021-10-01 20:50 - 2021-10-01 20:51 - 070419184 _____ (Voicemod S.L. ) C:\Users\tomasek\Downloads\VoicemodSetup_2.20.0.1.exe
2021-10-01 15:14 - 2021-10-01 15:14 - 020761984 _____ (Windscribe Limited) C:\Users\tomasek\Downloads\Windscribe.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-10-31 13:01 - 2021-03-01 22:41 - 000000000 ____D C:\FRST
2021-10-31 12:52 - 2021-09-02 13:41 - 000000000 ____D C:\Users\tomasek\AppData\Local\Lavasoft
2021-10-31 12:52 - 2021-09-02 13:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2021-10-31 12:52 - 2021-09-02 13:40 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\Lavasoft
2021-10-31 12:52 - 2021-09-02 13:40 - 000000000 ____D C:\ProgramData\Lavasoft
2021-10-31 12:52 - 2021-09-02 13:40 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2021-10-31 12:51 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-10-31 12:41 - 2021-08-22 17:18 - 000002258 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC - tomasek
2021-10-31 12:41 - 2021-08-21 17:17 - 000002988 _____ C:\Windows\system32\Tasks\CCleaner Update
2021-10-31 12:41 - 2021-08-21 17:17 - 000002238 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC
2021-10-31 12:41 - 2021-08-08 22:18 - 000003244 _____ C:\Windows\system32\Tasks\Overwolf Updater Task
2021-10-31 12:41 - 2021-08-06 16:19 - 000003784 _____ C:\Windows\system32\Tasks\Opera scheduled assistant Autoupdate 1628263185
2021-10-31 12:41 - 2021-07-08 22:19 - 000002512 _____ C:\Windows\system32\Tasks\Videocard Service
2021-10-31 12:41 - 2021-06-20 16:43 - 000002522 _____ C:\Windows\system32\Tasks\Microsoft Windows Defender Update
2021-10-31 12:41 - 2021-06-01 11:21 - 000002744 _____ C:\Windows\system32\Tasks\WinManager
2021-10-31 12:41 - 2021-04-17 12:32 - 000003402 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2021-10-31 12:41 - 2021-04-17 12:32 - 000003178 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2021-10-31 12:41 - 2021-02-19 21:08 - 000003476 _____ C:\Windows\system32\Tasks\bookingDesktopAppUpdateTaskMachineUA
2021-10-31 12:41 - 2021-02-19 21:08 - 000003252 _____ C:\Windows\system32\Tasks\bookingDesktopAppUpdateTaskMachineCore
2021-10-31 12:41 - 2021-01-21 09:44 - 000003358 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{0087AB00-A545-4531-AFE1-404CF38D4D3A}
2021-10-31 12:41 - 2021-01-05 14:26 - 000003616 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1609853199
2021-10-31 12:41 - 2021-01-01 21:59 - 000002778 _____ C:\Windows\system32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-3JV1PF5-tomasek
2021-10-31 12:41 - 2020-12-27 10:50 - 000003512 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-10-31 12:41 - 2020-12-27 10:50 - 000003288 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-10-31 12:41 - 2020-12-16 16:01 - 000003220 _____ C:\Windows\system32\Tasks\Intel PTT EK Recertification
2021-10-31 12:28 - 2021-03-16 10:37 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\discord
2021-10-31 12:19 - 2020-12-24 20:37 - 000000000 ____D C:\Program Files (x86)\Google
2021-10-31 12:13 - 2021-01-16 10:30 - 000000000 ____D C:\Program Files (x86)\Steam
2021-10-31 11:45 - 2020-12-16 15:57 - 000000000 ____D C:\Users\tomasek\AppData\Local\D3DSCache
2021-10-31 11:33 - 2020-12-24 20:26 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\.minecraft
2021-10-31 11:12 - 2021-08-08 22:18 - 000002325 _____ C:\Users\tomasek\Desktop\CurseForge.lnk
2021-10-31 11:09 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2021-10-31 10:59 - 2019-12-07 08:07 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-10-31 10:13 - 2020-12-27 10:51 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-10-31 10:13 - 2020-12-27 10:51 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-10-31 10:13 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-10-31 10:12 - 2021-08-21 17:17 - 000000000 ____D C:\Program Files\CCleaner
2021-10-30 14:44 - 2019-12-07 15:41 - 000682184 _____ C:\Windows\system32\perfh005.dat
2021-10-30 14:44 - 2019-12-07 15:41 - 000137000 _____ C:\Windows\system32\perfc005.dat
2021-10-30 14:44 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2021-10-30 14:44 - 2019-12-07 08:12 - 001605602 _____ C:\Windows\system32\PerfStringBackup.INI
2021-10-30 14:41 - 2020-12-26 22:40 - 000000000 ____D C:\Users\tomasek\Documents\Adobe
2021-10-30 14:40 - 2020-12-26 22:37 - 000000000 ____D C:\Program Files\Adobe
2021-10-30 14:40 - 2020-12-26 22:36 - 000000000 ____D C:\Users\tomasek\AppData\Local\Adobe
2021-10-30 14:40 - 2019-12-07 08:10 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\Adobe
2021-10-30 14:39 - 2021-03-16 18:33 - 000000000 ____D C:\ProgramData\Package Cache
2021-10-30 14:38 - 2021-07-23 17:33 - 000000000 ____D C:\Users\tomasek\AppData\Local\Overwolf
2021-10-30 14:38 - 2021-03-02 20:18 - 000000000 ____D C:\Users\tomasek\AppData\Local\CrashDumps
2021-10-30 14:38 - 2021-02-03 22:13 - 000000000 ____D C:\Intel
2021-10-30 14:38 - 2021-01-05 14:26 - 000000000 ____D C:\ProgramData\Avast Software
2021-10-30 14:38 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ServiceState
2021-10-30 14:38 - 2019-12-07 08:07 - 000008192 ___SH C:\DumpStack.log.tmp
2021-10-30 14:38 - 2019-12-07 08:07 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-10-30 14:37 - 2020-12-16 15:48 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2021-10-30 14:37 - 2019-12-07 10:03 - 000524288 _____ C:\Windows\system32\config\BBI
2021-10-29 09:21 - 2019-12-07 08:10 - 000000000 ____D C:\Users\tomasek\AppData\Local\Packages
2021-10-28 11:12 - 2020-12-24 20:47 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\audacity
2021-10-27 14:39 - 2021-08-24 14:52 - 000000000 ____D C:\Users\tomasek\Downloads\7-Zip
2021-10-27 12:07 - 2020-12-25 13:26 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\lunarclient
2021-10-27 09:46 - 2021-09-26 12:56 - 000000000 ____D C:\Users\tomasek\AppData\Local\AVAST Software
2021-10-27 09:43 - 2019-12-07 10:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2021-10-27 08:53 - 2021-03-08 17:41 - 000000000 ____D C:\Windows\Minidump
2021-10-26 13:00 - 2020-12-24 20:39 - 000002207 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-10-26 13:00 - 2020-12-24 20:39 - 000002166 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-10-25 20:44 - 2021-03-18 12:11 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\.tlauncher
2021-10-25 16:13 - 2021-05-31 17:23 - 000013115 _____ C:\Users\tomasek\AppData\Roaming\.cache~$
2021-10-25 15:27 - 2021-04-15 16:14 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\.technic
2021-10-24 21:10 - 2021-01-03 13:12 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\obs-studio
2021-10-24 13:26 - 2020-12-25 12:43 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2021-10-24 13:26 - 2020-12-25 12:43 - 000000000 ____D C:\Users\tomasek\AppData\Local\SquirrelTemp
2021-10-23 12:59 - 2021-07-23 13:02 - 000001250 _____ C:\Users\tomasek\Desktop\Roblox Studio.lnk
2021-10-23 12:59 - 2021-07-23 13:02 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2021-10-22 17:18 - 2019-12-07 08:10 - 000000000 ____D C:\Users\tomasek
2021-10-22 17:05 - 2021-01-05 14:26 - 000001415 _____ C:\Users\tomasek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prohlížeč Opera.lnk
2021-10-20 16:06 - 2021-09-02 13:40 - 000800672 _____ (Bitdefender) C:\Windows\system32\Drivers\bddci.sys
2021-10-20 15:42 - 2021-08-13 12:07 - 000000000 ___RD C:\Users\tomasek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google
2021-10-20 15:39 - 2021-08-13 12:07 - 000000000 ____D C:\ProgramData\Data
2021-10-19 17:39 - 2021-05-31 17:12 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\Process Hacker 2
2021-10-19 17:29 - 2019-12-07 10:03 - 000065536 _____ C:\Windows\system32\config\ELAM
2021-10-19 16:19 - 2021-08-13 12:07 - 000000000 ____D C:\ProgramData\Systemd
2021-10-19 14:57 - 2019-12-07 08:07 - 000000000 ____D C:\Windows\system32\Drivers\wd
2021-10-19 14:29 - 2021-08-15 17:56 - 000002424 _____ C:\Windows\system32\Tasks\services32
2021-10-19 14:16 - 2021-06-20 16:02 - 000000000 ____D C:\Users\tomasek\AppData\Local\Yandex
2021-10-18 15:14 - 2021-08-06 17:00 - 000001608 _____ C:\ProgramData\droidcam-client-options-v2
2021-10-18 15:14 - 2021-08-06 17:00 - 000000373 _____ C:\ProgramData\droidcam-settings
2021-10-16 22:51 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-10-15 21:29 - 2020-12-26 23:37 - 000000000 ____D C:\Users\tomasek\Documents\Adobe After Effects Auto-Save
2021-10-15 13:43 - 2021-08-08 22:18 - 000000000 ____D C:\Program Files (x86)\Overwolf
2021-10-15 13:41 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\UNP
2021-10-15 13:41 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2021-10-15 13:41 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemResources
2021-10-15 13:41 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2021-10-15 13:41 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\oobe
2021-10-15 13:41 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2021-10-15 13:41 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\DiagTrack
2021-10-15 13:41 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\bcastdvr
2021-10-15 13:41 - 2019-12-07 08:07 - 000574016 _____ C:\Windows\system32\FNTCACHE.DAT
2021-10-14 17:38 - 2021-03-03 12:29 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\Sony
2021-10-13 17:15 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp
2021-10-13 17:09 - 2020-12-26 22:30 - 000000000 ____D C:\Windows\system32\MRT
2021-10-13 17:08 - 2020-12-26 20:37 - 139806512 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-10-13 17:02 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\LiveKernelReports
2021-10-11 14:54 - 2021-09-30 17:21 - 000000000 ____D C:\Users\tomasek\AppData\Roaming\Badlion Client
2021-10-10 10:25 - 2021-05-13 17:44 - 000000000 ____D C:\Users\tomasek\AppData\Local\Wondershare
2021-10-10 10:25 - 2021-04-07 15:15 - 000000000 ____D C:\Users\tomasek\AppData\Local\cache
2021-10-10 10:25 - 2021-01-07 14:27 - 000000000 ____D C:\Users\Public\Documents\Wondershare
2021-10-10 10:24 - 2021-01-07 14:28 - 000000000 ____D C:\Program Files\Wondershare
2021-10-10 10:20 - 2021-08-21 18:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2021-10-10 09:28 - 2021-09-30 17:21 - 000000000 ____D C:\Program Files\Badlion Client
2021-10-09 11:01 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\NDF
2021-10-03 14:08 - 2021-01-24 10:56 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-10-01 20:59 - 2021-01-01 19:17 - 000000000 ____D C:\Users\tomasek\Documents\Audacity

==================== Files in the root of some directories ========

2021-06-20 16:51 - 2021-07-09 13:22 - 000000004 _____ () C:\ProgramData\lock.dat
2021-06-20 16:52 - 2021-07-09 13:22 - 000000004 _____ () C:\ProgramData\rc.dat
2021-06-20 16:51 - 2021-06-20 16:51 - 000000008 _____ () C:\ProgramData\ts.dat
2021-10-19 14:16 - 2021-10-19 14:16 - 000945944 _____ (www.sordum.org) C:\ProgramData\UpSys.exe
2021-05-31 17:23 - 2021-10-25 16:13 - 000013115 _____ () C:\Users\tomasek\AppData\Roaming\.cache~$
2021-02-22 19:07 - 2021-02-23 11:28 - 2257350816 _____ () C:\Users\tomasek\AppData\Roaming\2.txt
2021-02-22 19:07 - 2021-02-23 09:38 - 1570849912 _____ () C:\Users\tomasek\AppData\Roaming\3.txt
2021-02-22 19:07 - 2021-02-22 19:13 - 1437435000 _____ () C:\Users\tomasek\AppData\Roaming\4.txt
2021-02-22 19:07 - 2021-02-22 19:13 - 1437435000 _____ () C:\Users\tomasek\AppData\Roaming\5.txt
2021-02-22 19:07 - 2021-02-22 19:13 - 1437435000 _____ () C:\Users\tomasek\AppData\Roaming\6.txt
2021-02-22 19:07 - 2021-02-22 19:13 - 1437435000 _____ () C:\Users\tomasek\AppData\Roaming\7.txt
2021-02-22 19:07 - 2021-02-22 19:13 - 1437435000 _____ () C:\Users\tomasek\AppData\Roaming\8.txt
2021-02-22 19:07 - 2021-02-22 19:13 - 1437435000 _____ () C:\Users\tomasek\AppData\Roaming\9.txt
2021-03-12 21:14 - 2021-03-12 21:14 - 000000000 _____ () C:\Users\tomasek\AppData\Roaming\90e410a49ea95c18085aaf88ebbf8100.tmp
2021-07-08 23:20 - 2021-07-08 23:20 - 000000064 _____ () C:\Users\tomasek\AppData\Roaming\changzhi_leidian.data
2021-09-26 17:20 - 2021-09-26 17:20 - 000000002 _____ () C:\Users\tomasek\AppData\Roaming\ExplorerFavorites.txt
2021-02-20 08:41 - 2021-02-20 09:04 - 000000209 _____ () C:\Users\tomasek\AppData\Roaming\jjv5conf.json
2021-10-19 16:41 - 2021-10-19 16:41 - 007809752 ____H () C:\Users\tomasek\AppData\Roaming\kNP9HSEdVX.exe
2021-01-03 13:28 - 2021-01-03 13:28 - 000000015 _____ () C:\Users\tomasek\AppData\Roaming\obs-virtualcam.txt
2021-06-17 09:01 - 2021-06-17 09:26 - 000004699 _____ () C:\Users\tomasek\AppData\Roaming\VoiceMeeterDefault.xml
2021-08-25 17:48 - 2021-08-25 17:48 - 000000034 ___SH () C:\Users\tomasek\AppData\Local\BFEBFBFF000906EC92917F88
2020-12-16 15:57 - 2021-04-09 22:33 - 001065984 _____ () C:\Users\tomasek\AppData\Local\file__0.localstorage
2021-02-20 19:58 - 2021-09-02 13:40 - 000000049 _____ () C:\Users\tomasek\AppData\Local\link.txt
2021-10-08 13:58 - 2021-10-08 13:58 - 000000320 _____ () C:\Users\tomasek\AppData\Local\NjMwNzIwMjIwIDQ.corona
2021-02-18 12:50 - 2021-02-19 21:56 - 000016438 _____ () C:\Users\tomasek\AppData\Local\partner.bmp

==================== FLock ==============================

2021-10-19 14:16 C:\ProgramData\MicrosoftNetwork
2021-02-20 00:35 C:\Users\tomasek\AppData\Local\Disk

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================


Děkuji

Zdravím!
Přidejte ještě log Addition ( je na ploše v souboru addition.txt) a dočistíme ručně. Děkuji.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-10-2021
Ran by tomasek (31-10-2021 13:01:46)
Running from C:\Users\tomasek\Desktop
Microsoft Windows 10 Home Version 21H1 19043.1288 (X64) (2019-12-07 07:08:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2880034797-3857021402-3440946435-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2880034797-3857021402-3440946435-503 - Limited - Disabled)
Guest (S-1-5-21-2880034797-3857021402-3440946435-501 - Limited - Disabled)
tomasek (S-1-5-21-2880034797-3857021402-3440946435-1001 - Administrator - Enabled) => C:\Users\tomasek
WDAGUtilityAccount (S-1-5-21-2880034797-3857021402-3440946435-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe After Effects 2021 (HKLM-x32\...\AEFT_18_0_1) (Version: 18.0.1 - Adobe Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Animate 2021 (HKLM-x32\...\FLPR_21_0_6) (Version: 21.0.6 - Adobe Inc.)
Adobe Flash Player 10 Plugin (HKLM-x32\...\{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}) (Version: 10.1.52.14 - Adobe Systems, Inc.)
aescripts + aeplugins components (HKLM-x32\...\{58C0BFF8-3511-4EF6-A2B9-D7E85220F3C4}) (Version: 1.0.0.0 - aescripts + aeplugins)
AI Image Enlarger (HKLM-x32\...\{0CC29345-19D8-4BE5-B718-B152D0DA645A}) (Version: 2.2.2 - AI Image Enlarger)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
Audacity 3.0.4 (HKLM\...\Audacity_is1) (Version: 3.0.4 - Audacity Team)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 21.9.2493 - Avast Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 95.0.12674.55 - AVAST Software)
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1189.1 - AVAST Software) Hidden
Badlion Client (HKLM\...\1de14785-dd8c-5cd2-aae8-d4a376f81d78) (Version: 3.4.0 - Badlion)
Bandicam (HKLM-x32\...\Bandicam) (Version: 4.6.2.1699 - Bandicam.com)
Bandicam MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandicam.com)
Blackmagic RAW Common Components (HKLM\...\{47DFB167-EACF-4A3D-A16F-BDF9E0D68983}) (Version: 2.1 - Blackmagic Design)
blender (HKLM\...\{F1B2A72E-AF12-4F88-9E67-971A0105CF52}) (Version: 2.93.4 - Blender Foundation)
Booking (HKLM-x32\...\{13D4CD54-EA09-4FDB-B979-8B2BC0F020CA}_is1) (Version: 2.0.701 - Booking)
CCleaner (HKLM\...\CCleaner) (Version: 5.86 - Piriform)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{B865FDD4-E96E-4166-BB69-6E8C207E3E29}) (Version: 17.0.0.491 - Corel Corporation)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\{B865FDD4-E96E-4166-BB69-6E8C207E3E29}) (Version: 17.0.491 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (HKLM\...\{9464C064-AAC7-4416-BFE4-4C3C0232FC71}) (Version: 17.0.491 - Corel Corporation) Hidden
CurseForge (HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\Overwolf_cchhcaiapeikjbdbpfplgmpobbcdkdaphclbmkbj) (Version: 0.185.3.1 - Overwolf app)
DaVinci Resolve (HKLM\...\{43B8AB7A-F82B-4309-87D0-75011C864739}) (Version: 17.3.10005 - Blackmagic Design)
DaVinci Resolve Control Panels (HKLM\...\{FB1E6849-EE02-49DB-952C-6DD093D74DB0}) (Version: 2.0.0.0 - Blackmagic Design)
Discord (HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\Discord) (Version: 1.0.9002 - Discord Inc.)
DroidCam Client (HKLM-x32\...\DroidCam) (Version: 6.4.3 - DEV47APPS)
Epic Games Launcher (HKLM-x32\...\{FEF3A9BA-A962-4469-AD62-04839D4BB847}) (Version: 1.1.298.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Excel (HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel)
FFmpeg v2.2.2 for Audacity - 64bit (HKLM\...\FFmpeg for Audacity_is1) (Version: - )
FiveM (HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\CitizenFX_FiveM) (Version: - Cfx.re)
FL Studio 20 (HKLM-x32\...\FL Studio 20) (Version: - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line)
GenArts Sapphire Plug-ins 6.10 for OFX (HKLM\...\GenArts Sapphire Plug-ins for OFX_is1) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 95.0.4638.54 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden
GX Action Backup 4.6 (HKLM-x32\...\{A186BCE3-CA65-433C-9417-2A0375683719}_is1) (Version: 4.6 - GX Soft-Action, Inc.)
HandBrake 1.3.3 (HKLM-x32\...\HandBrake) (Version: 1.3.3 - )
HD Tune Pro 5.75 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software)
Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Java 8 Update 271 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)
Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation)
LiquidLauncher (HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\electron_liquidlauncher) (Version: 1.1.3 - CCBlueX)
Lunar Client (HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\1fcec38f-e773-5444-8669-32b8eb41524b) (Version: 2.8.7 - Moonsworth, LLC)
MAGIX Common Components 1 (HKLM-x32\...\{E49CC9E6-4D76-42B5-B844-21F691F185AF}) (Version: 1.8.2.0 - MAGIX Software GmbH)
MAGIX Content and Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Fonts Package 2 (HKLM-x32\...\{701F3A9E-B00C-4EB4-8CFA-8DACAFCEA958}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Soundpool Music Maker - Feel good (HKLM\...\{677F8E85-8686-476B-829A-D5ED9ECA16E6}) (Version: 1.0.1.0 - MAGIX Software GmbH) Hidden
Mega Hack version 5.4 (HKLM-x32\...\{9530A774-421F-4BC2-BB30-6DFE2AB278C4}_is1) (Version: 5.4 - Absolute)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 95.0.1020.40 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29913 (HKLM-x32\...\{855e31d2-9031-46e1-b06d-c9d7777deefb}) (Version: 14.28.29913.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29913 (HKLM-x32\...\{03d1453c-7d5c-479c-afea-8482f406e036}) (Version: 14.28.29913.0 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{27B34E47-68AE-4802-822A-9F0C187AF84A}) (Version: 1.0.0.0 - Mojang)
Music Maker (64-Bit) (HKLM\...\{500A036B-F08F-4E9E-ADC0-4EF3BA4D6C0D}) (Version: 29.0.4.25 - MAGIX Software GmbH) Hidden
Music Maker (64-Bit) (HKLM\...\MX.{500A036B-F08F-4E9E-ADC0-4EF3BA4D6C0D}) (Version: 29.0.4.25 - MAGIX Software GmbH)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 26.1.0 - OBS Project)
OpenIV (HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\OpenIV) (Version: 4.0.1.1452 - .black/OpenIV Team)
Opera Stable 80.0.4170.63 (HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\Opera 80.0.4170.63) (Version: 80.0.4170.63 - Opera Software)
Outlook (HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.181.0.11 - Overwolf Ltd.)
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (HKLM\...\{E237254B-36A1-3D27-815E-B37C13BE0796}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (HKLM-x32\...\{03077B58-6ACF-32CA-B42A-EAA458C295A1}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
ReelSmart Motion Blur v5 for After Effects and Premiere Pro (HKLM\...\ReelSmart Motion Blur v5 for After Effects and Premiere Pro 5.1.8) (Version: 5.1.8 - RE:Vision Effects)
RK61 (HKLM-x32\...\RK61) (Version: 1.0.1.2 - RK Inc.)
Roblox Player for tomasek (HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\roblox-player) (Version: - Roblox Corporation)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.8.5 - Rockstar Games)
Roshade - Zeal (HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\Roshade) (Version: 1.2.10 - Zeal)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TAL-Reverb-3 (AAX 64bit) (HKLM\...\{FFF2BBA7-47EB-41A3-B63B-8E41A3A379A2}) (Version: 1.3.7 - TAL Software GmbH)
Taskbar system version 1.0.0.2 (HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\{C40E1200-5BEC-410C-B3C5-F7B475729D42}_is1) (Version: 1.0.0.2 - Taskbar system)
Update Notifier (HKLM\...\{9387807D-92D3-4DF3-B500-C7C81A353809}) (Version: 3.0.0.50 - MAGIX Software GmbH) Hidden
Update Notifier (HKLM\...\MX.{9387807D-92D3-4DF3-B500-C7C81A353809}) (Version: 3.0.0.50 - MAGIX Software GmbH)
VEGAS Pro 18.0 (HKLM\...\{75111FE1-CE55-11EA-8B12-00155D43CFCE}) (Version: 18.0.284 - VEGAS)
Vita Concert Grand LE (HKLM\...\{2C61CE04-1EEF-4582-ABBA-B9CCFC3743EB}) (Version: 2.4.0.96 - MAGIX Software GmbH) Hidden
Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version: - VB-Audio Software)
Voicemod (HKLM\...\{8435A407-F778-4647-9CDB-46E5EC50BAD0}_is1) (Version: 2.21.0.43 - Voicemod S.L.)
WinDirStat 1.1.2 (HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\WinDirStat) (Version: - )
Windscribe (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 2.2 Build 10 - Windscribe Limited)
WinRAR 6.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH)
Wondershare FilmoraPro (HKLM\...\{92F289A8-A52F-4779-8382-4B91055D7D8D}) (Version: 2.3.10723.54848 - Wondershare)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
Word (HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\1b837d0bf93d01407352736c91b7bf50) (Version: 1.0 - Word)
xBot (HKLM-x32\...\xBot) (Version: 3.02 - AndxArtZ)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.5) (Version: 1.3.5 - Xvid Team)
ZXP Installer (HKLM-x32\...\{3e001721-545f-4a50-978e-551ac7f6dc24}) (Version: 1.6.5.0 - aescripts + aeplugins) Hidden
ZXP Installer (HKLM-x32\...\{9B15E5B8-E627-4704-9F38-68049CA86B34}) (Version: 1.6.5.0 - aescripts + aeplugins)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (HKLM\...\{25FB53C5-BE4C-3B6C-A0C9-D49A39227E1E}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (HKLM-x32\...\{68DC347D-C1C0-3DE2-A53E-CCC71DA53E57}) (Version: 11.0.51108 - Microsoft Corporation) Hidden

Packages:
=========
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-09-26] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.9220.0_x64__8wekyb3d8bbwe [2021-10-11] (Microsoft Studios) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-05-26] (NVIDIA Corp.)
Ovládací centrum grafiky Intel® -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6ctt [2021-07-23] (INTEL CORP) [Startup Task]
PowerPoint -> C:\Program Files\WindowsApps\powerpoint.office.com-8D456796_1.0.0.3_neutral__sxc7ffma4ybfy [2021-09-26] (powerpoint.office.com)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.170.610.0_x86__zpdnekdrzrea0 [2021-10-14] (Spotify AB) [Startup Task]
Word -> C:\Program Files\WindowsApps\word.office.com-CECA1A7F_1.0.0.2_neutral__jc2kecmnkxwqc [2021-09-26] (word.office.com)
XboxInsiderHub -> C:\Program Files\WindowsApps\Microsoft.XboxInsider_1.2109.1001.0_x64__8wekyb3d8bbwe [2021-09-25] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2880034797-3857021402-3440946435-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> "C:\Users\tomasek\AppData\Local\Microsoft\Teams\current\Teams.exe" --toast => No File
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-12-31] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-12-31] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-12-31] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-10-27] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-10-27] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Users\tomasek\Downloads\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-12-31] (Adobe Inc. -> )
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-10-27] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-10-27] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Users\tomasek\Downloads\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Users\tomasek\Downloads\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-12-31] (Adobe Inc. -> )
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-10-27] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\system32\bdmjpeg64.dll [75248 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\system32\bdmpegv64.dll [75272 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\system32\bdmpega64.acm [75784 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.voxacm160] => C:\Windows\system32\vct3216.acm [82944 2003-05-21] (Voxware, Inc.) [File not signed]
HKLM\...\Drivers32: [msacm.scg726] => C:\Windows\system32\scg726.acm [13239 2000-03-14] (SHARP Corporation) [File not signed]
HKLM\...\Drivers32: [msacm.alf2cd] => C:\Windows\system32\alf2cd.acm [38912 2003-05-21] (NCT Company) [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\AC3ACM.acm [81920 2004-02-04] (fccHandler) [File not signed]
HKLM\...\Drivers32: [msacm.lame] => C:\Windows\system32\lame.ax [245760 2005-08-01] () [File not signed]
HKLM\...\Drivers32: [vidc.dvsd] => C:\Windows\system32\mcdvd_32.dll [261632 2003-05-21] (MainConcept) [File not signed]
HKLM\...\Drivers32: [vidc.mpg4] => C:\Windows\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.mp42] => C:\Windows\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.mp43] => C:\Windows\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.XVID] => C:\Windows\system32\xvidvfw.dll [251392 2017-12-08] () [File not signed]
HKLM\...\Drivers32: [vidc.DIVX] => C:\Windows\system32\DivX.dll [638976 2003-05-22] (DivXNetworks, Inc.) [File not signed]
HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP62] => C:\Windows\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.LAGS] => C:\Windows\system32\lagarith.dll [216064 2011-12-07] () [File not signed]
HKLM\...\Drivers32: [msacm.l3acm] => C:\Windows\SysWOW64\l3codecp.acm [189440 2019-12-07] (Microsoft Windows -> Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\SysWOW64\bdmjpeg.dll [71152 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\SysWOW64\bdmpegv.dll [71176 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\SysWOW64\bdmpega.acm [71176 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [235520 2017-12-08] () [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\tomasek\Desktop\GlitchOut (h) - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\tomasek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=leffmjdabcgaflkikcefahmlgpodjkdm
ShortcutWithArgument: C:\Users\tomasek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bjhmmnoficofgoiacjaajpkfndojknpb
ShortcutWithArgument: C:\Users\tomasek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hikhggiobiflkdfdgdajcfklmcibbopi
ShortcutWithArgument: C:\Users\tomasek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\ff13ca23fee04978\Tomáš - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 5"
ShortcutWithArgument: C:\Users\tomasek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Tomáš (t.seliga@zsprazska.cz) - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\tomasek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\48499db33039e897\sprite - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 4"
ShortcutWithArgument: C:\Users\tomasek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\225bb61db2f318c1\glitch - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 3"

==================== Loaded Modules (Whitelisted) =============

2021-10-24 15:17 - 2019-02-21 17:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Users\tomasek\Downloads\7-Zip\7-zip.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\tomasek\Local Settings:15-08-2021 [2771]
AlternateDataStreams: C:\Users\tomasek\AppData\Local:15-08-2021 [2771]
AlternateDataStreams: C:\Users\tomasek\AppData\Local\Data aplikací:15-08-2021 [2771]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKU\S-1-5-21-2880034797-3857021402-3440946435-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&src ... ORM=IESR02
SearchScopes: HKU\S-1-5-21-2880034797-3857021402-3440946435-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp//www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2880034797-3857021402-3440946435-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&src ... ORM=IESR02
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_271\bin\ssv.dll [2021-01-07] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_271\bin\jp2ssv.dll [2021-01-07] (Oracle America, Inc. -> Oracle Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\...\localhost -> localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2021-10-23 12:29 - 2021-10-25 15:33 - 000001303 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 discord.com
127.0.0.1 discord.com
69.174.101.66 nl-021.whiskergalaxy.com #added by Windscribe, do not modify.
161.129.70.66 us-central-032.whiskergalaxy.com #added by Windscribe, do not modify.
68.235.35.171 us-east-069.whiskergalaxy.com #added by Windscribe, do not modify.
68.235.35.179 us-east-070.whiskergalaxy.com #added by Windscribe, do not modify.
68.235.39.123 us-east-085.whiskergalaxy.com #added by Windscribe, do not modify.
71.19.251.139 ca-west-007.whiskergalaxy.com #added by Windscribe, do not modify.

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%INTEL_DEV_REDIST%redist\intel64\compiler;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\dotnet\
HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\Control Panel\Desktop\\Wallpaper -> c:\users\tomasek\appdata\local\packages\microsoft.windows.photos_8wekyb3d8bbwe\localstate\photosappbackground\stažený soubor (14).jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{BE4CA127-1086-4C4E-9432-0B5496ECFD26}C:\users\tomasek\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Block) C:\users\tomasek\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe
FirewallRules: [UDP Query User{22FE42F7-5C8B-4BCC-A930-58628EB9ABBF}C:\users\tomasek\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Block) C:\users\tomasek\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe
FirewallRules: [TCP Query User{EA13B565-9372-491C-9165-AD4AE188BBEF}C:\program files\google\chrome\application\chrome.exe] => (Block) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{1FAF9A66-228E-430B-87D9-916A0E7B358D}C:\program files\google\chrome\application\chrome.exe] => (Block) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{7D356963-60AE-4683-A4E8-B7A0AF6FFB69}C:\users\tomasek\appdata\roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\bin\javaw.exe] => (Block) C:\users\tomasek\appdata\roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\bin\javaw.exe
FirewallRules: [UDP Query User{AFCAA086-2792-450F-BB3E-F55A06352F7F}C:\users\tomasek\appdata\roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\bin\javaw.exe] => (Block) C:\users\tomasek\appdata\roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\bin\javaw.exe
FirewallRules: [TCP Query User{D0679D70-AEC2-47D8-9F36-53A99F69F8F0}C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [UDP Query User{AEAD05CE-BA6C-4BAD-992B-B70C485AB3A6}C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [TCP Query User{D01B5FB6-E005-4AC1-B8A7-E49C902DF8D5}C:\users\tomasek\.lunarclient\jre\zulu16.30.15-ca-fx-jre16.0.1-win_x64\bin\javaw.exe] => (Allow) C:\users\tomasek\.lunarclient\jre\zulu16.30.15-ca-fx-jre16.0.1-win_x64\bin\javaw.exe
FirewallRules: [UDP Query User{794F89E5-B043-456C-9BA7-285C28552D2B}C:\users\tomasek\.lunarclient\jre\zulu16.30.15-ca-fx-jre16.0.1-win_x64\bin\javaw.exe] => (Allow) C:\users\tomasek\.lunarclient\jre\zulu16.30.15-ca-fx-jre16.0.1-win_x64\bin\javaw.exe
FirewallRules: [TCP Query User{A7EE2D82-18E6-4929-B82A-8E94ECD4C03F}C:\users\tomasek\appdata\local\temp\rar$exa1308.45415\people playground v1.21.1\win64\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa1308.45415\people playground v1.21.1\win64\people playground.exe => No File
FirewallRules: [UDP Query User{C3580A1E-8F8C-43C4-BC83-3AB6A537206C}C:\users\tomasek\appdata\local\temp\rar$exa1308.45415\people playground v1.21.1\win64\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa1308.45415\people playground v1.21.1\win64\people playground.exe => No File
FirewallRules: [{23D3DC9A-7C34-4E87-9247-AE32C875196B}] => (Allow) C:\Users\tomasek\AppData\Local\Programs\Opera\79.0.4143.72\opera.exe => No File
FirewallRules: [{EAD62CEA-D87D-460A-AB28-A91ADC326D8C}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{66512179-7650-4CEF-8E8C-DDA79B521A57}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.170.610.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5F0B4E6C-D503-47D3-8995-2060F110037A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.170.610.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0258DC66-F466-4FE9-809F-7BD0886877FC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.170.610.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B31BCED7-7425-48A7-A375-22A7F8ED489A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.170.610.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{06DA7421-39BA-4571-8357-36DDB9334966}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.170.610.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{391F5A6C-FC74-489C-9E39-18A88EFFCC3F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.170.610.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E44107E0-F6E9-484A-9790-766F457DD707}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.170.610.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3DD1F418-39DC-4915-9B60-0F894D36641D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.170.610.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{ADA00410-B9FB-4757-A456-4C81127D346B}] => (Allow) C:\Program Files (x86)\Overwolf\0.180.0.6\OverwolfBrowser.exe => No File
FirewallRules: [{E08DEDAA-81D3-4267-8555-8D5F609C7F51}] => (Allow) C:\Program Files (x86)\Overwolf\0.180.0.6\OverwolfBrowser.exe => No File
FirewallRules: [{FE67025D-09FE-47CF-8994-0AC22D985761}] => (Block) C:\Program Files (x86)\Overwolf\0.180.0.6\OverwolfBrowser.exe => No File
FirewallRules: [{F69428F5-6CB5-4324-98D8-D0285B3A017C}] => (Block) C:\Program Files (x86)\Overwolf\0.180.0.6\OverwolfBrowser.exe => No File
FirewallRules: [{C81BE73B-39F3-4F33-A89D-F2D88DC4A9CD}] => (Allow) C:\Program Files (x86)\Overwolf\0.181.0.11\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{3B7FB3B0-08D7-48DB-AC1A-F34CEA80C64F}] => (Allow) C:\Program Files (x86)\Overwolf\0.181.0.11\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{75BB5E01-BEB1-4BD9-836D-AEAA11767FDC}] => (Block) C:\Program Files (x86)\Overwolf\0.181.0.11\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{9F3116E8-608F-4573-97BE-4A5E7B4792D8}] => (Block) C:\Program Files (x86)\Overwolf\0.181.0.11\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{F5A8FD69-B23E-4CC3-A76A-D3C7F2F5E348}] => (Allow) C:\Users\tomasek\AppData\Local\Programs\Opera\80.0.4170.40\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{14F6A76C-C15A-4264-BA03-04CA4374A9FA}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe (Blackmagic Design Pty. Ltd.) [File not signed]
FirewallRules: [{915A8B46-C448-450E-8219-D2B626637EA2}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{6A130BA8-7AFE-4B14-BAAE-BDDF597473F7}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DaVinciPanelDaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{35EF865F-DAD6-407D-900D-0CCA4903BBB5}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{7A5E10B8-3983-4A77-97F6-0AB6F905EC1F}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{AAD39197-2BF5-4B90-8C4F-99ABDE39DB52}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{D2B5A6E0-62CE-41C8-85BF-E05DB169122A}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe => No File
FirewallRules: [{C244DADA-9541-4EBF-BB0E-C1E4D837D296}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\fuscript.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [{5E64B95F-0CAB-409E-BC73-A50FA239EEB2}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe (Blackmagic Design Pty Ltd -> )

==================== Restore Points =========================

30-10-2021 14:39:43 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (10/31/2021 12:14:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: mousocoreworker.exe, verze: 10.0.19041.1266, časové razítko: 0xb8f5de61
Název chybujícího modulu: ucrtbase.dll, verze: 10.0.19041.789, časové razítko: 0x2bd748bf
Kód výjimky: 0xc0000409
Posun chyby: 0x000000000007286e
ID chybujícího procesu: 0x34dc
Čas spuštění chybující aplikace: 0x01d7ce37da400080
Cesta k chybující aplikaci: C:\Windows\System32\mousocoreworker.exe
Cesta k chybujícímu modulu: C:\Windows\System32\ucrtbase.dll
ID zprávy: 11ff97f2-982e-4a8c-a6d8-9fff2b7e7f23
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (10/31/2021 10:12:33 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-3JV1PF5)
Description: Nelze otevřít objekt výkonu služby serveru. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (10/31/2021 10:12:31 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-3JV1PF5)
Description: Nelze otevřít objekt výkonu služby serveru. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (10/30/2021 04:45:15 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-3JV1PF5)
Description: Nelze otevřít objekt výkonu služby serveru. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (10/30/2021 02:38:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: WebCompanion.exe, verze: 8.4.0.271, časové razítko: 0x611217fa
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.19041.1288, časové razítko: 0x3e55bd0b
Kód výjimky: 0xe0434352
Posun chyby: 0x0012b5b2
ID chybujícího procesu: 0x25c4
Čas spuštění chybující aplikace: 0x01d7cd937b24b3ab
Cesta k chybující aplikaci: C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
Cesta k chybujícímu modulu: C:\Windows\System32\KERNELBASE.dll
ID zprávy: 25782315-5253-4253-b612-b53af0b96344
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (10/30/2021 02:38:55 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: WebCompanion.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: System.IO.FileNotFoundException
na WebCompanion.UI.App.PerformWebcompanionStartup()
na WebCompanion.UI.App.Main()

Error: (10/30/2021 02:37:36 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-3JV1PF5)
Description: Nelze otevřít objekt výkonu služby serveru. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (10/30/2021 02:06:23 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-3JV1PF5)
Description: Nelze otevřít objekt výkonu služby serveru. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.


System errors:
=============
Error: (10/31/2021 12:51:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba WindscribeService byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (10/31/2021 12:51:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AMD External Events Utility byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (10/31/2021 12:51:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Graphics Command Center Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (10/31/2021 12:51:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba DCIService byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (10/31/2021 12:51:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Dynamic Application Loader Host Interface Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (10/31/2021 11:09:55 AM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-3JV1PF5)
Description: Nelze spustit server DCOM: Microsoft.XboxGamingOverlay_5.721.10202.0_x64__8wekyb3d8bbwe!App.AppXrfdt3p0f38tc4nxz7ajrd5as6ctb0dck.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
2147942402
při provádění příkazu:
"C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.10202.0_x64__8wekyb3d8bbwe\GameBar.exe" -ServerName:App.AppXbdkk0yrkwpcgeaem8zk81k8py1eaahny.mca

Error: (10/31/2021 11:09:54 AM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-3JV1PF5)
Description: Nelze spustit server DCOM: Microsoft.XboxGamingOverlay_5.721.10202.0_x64__8wekyb3d8bbwe!App.AppXrfdt3p0f38tc4nxz7ajrd5as6ctb0dck.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
2147942402
při provádění příkazu:
"C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.10202.0_x64__8wekyb3d8bbwe\GameBar.exe" -ServerName:App.AppXbdkk0yrkwpcgeaem8zk81k8py1eaahny.mca

Error: (10/31/2021 11:09:52 AM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-3JV1PF5)
Description: Nelze spustit server DCOM: Microsoft.XboxGamingOverlay_5.721.10202.0_x64__8wekyb3d8bbwe!App.AppXrfdt3p0f38tc4nxz7ajrd5as6ctb0dck.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
2147942402
při provádění příkazu:
"C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.10202.0_x64__8wekyb3d8bbwe\GameBar.exe" -ServerName:App.AppXbdkk0yrkwpcgeaem8zk81k8py1eaahny.mca


Windows Defender:
================
Date: 2021-10-24 14:17:47
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {AD7560C0-E9FC-4C16-A664-96CF63D8F287}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-10-19 17:56:45
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: PWS:MSIL/Mercurial!atmn
Závažnost: Vážné
Kategorie: Program zcizující hesla
Cesta: file:_C:\$RECYCLE.BIN\S-1-5-21-2880034797-3857021402-3440946435-1001\$RWHV6DM.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-3JV1PF5\tomasek
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.351.679.0, AS: 1.351.679.0, NIS: 1.351.679.0
Verze modulu: AM: 1.1.18600.4, NIS: 1.1.18600.4

Date: 2021-10-19 17:07:22
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:MSIL/Disstl.AWQ!MTB
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\$RECYCLE.BIN\S-1-5-21-2880034797-3857021402-3440946435-1001\$R10T6RL.exe
Původ detekce: Místní počítač
Typ detekce: Heuristika
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-3JV1PF5\tomasek
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.351.679.0, AS: 1.351.679.0, NIS: 1.351.679.0
Verze modulu: AM: 1.1.18600.4, NIS: 1.1.18600.4

Date: 2021-08-24 14:38:48
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {E2FC9B84-9F24-42AA-AB89-6338B33CAFF2}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-08-14 11:04:51
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: PWS:MSIL/RedLine.GG!MTB
Závažnost: Vážné
Kategorie: Program zcizující hesla
Cesta: amsi:_C:\Users\tomasek\AppData\Local\Temp\build.exe
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: AMSI
Uživatel: DESKTOP-3JV1PF5\tomasek
Název procesu: C:\Users\tomasek\AppData\Local\Temp\build.exe
Verze bezpečnostních informací: AV: 1.345.469.0, AS: 1.345.469.0, NIS: 1.345.469.0
Verze modulu: AM: 1.1.18400.4, NIS: 1.1.18400.4

Date: 2021-10-06 16:06:09
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.349.1429.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18500.10
Kód chyby: 0x80240022
Popis chyby: V daném programu nelze zkontrolovat aktualizace definic.

Date: 2021-10-06 16:06:09
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.349.1429.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18500.10
Kód chyby: 0x80240022
Popis chyby: V daném programu nelze zkontrolovat aktualizace definic.

Date: 2021-08-15 18:20:33
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Microsoft Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x8007043c
Popis chyby: Tuto službu nelze spustit v nouzovém režimu.
Důvod: Antimalwarové bezpečnostní informace přestaly z neznámých důvodů fungovat. V některých případech se tento problém dá vyřešit restartováním služby.

Date: 2021-08-09 08:54:55
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.345.186.0
Zdroj aktualizace: Uživatel
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18400.4
Kód chyby: 0x80070070
Popis chyby: Na disku není dost místa.

Date: 2021-08-09 08:54:55
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.345.186.0
Zdroj aktualizace: Uživatel
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18400.4
Kód chyby: 0x80070070
Popis chyby: Na disku není dost místa.

CodeIntegrity:
===============
Date: 2021-10-31 12:42:31
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2021-10-31 10:13:02
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. 2403 08/07/2020
Motherboard: ASUSTeK COMPUTER INC. TUF Z370-PLUS GAMING
Processor: Intel(R) Core(TM) i7-9700K CPU @ 3.60GHz
Percentage of memory in use: 27%
Total physical RAM: 16320.64 MB
Available physical RAM: 11798.39 MB
Total Virtual: 21952.64 MB
Available Virtual: 15632.07 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:237.86 GB) (Free:2.26 GB) NTFS
Drive d: (Nový svazek) (Fixed) (Total:465.76 GB) (Free:41.65 GB) NTFS

\\?\Volume{4a8a475f-654d-4693-858e-6fe43acd1535}\ () (Fixed) (Total:0.49 GB) (Free:0.48 GB) NTFS
\\?\Volume{b9408d54-7697-4b86-8d69-36afb3c71913}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 238.5 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 8E96A9DE)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
CustomCLSID: HKU\S-1-5-21-2880034797-3857021402-3440946435-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> "C:\Users\tomasek\AppData\Local\Microsoft\Teams\current\Teams.exe" --toast => No File
AlternateDataStreams: C:\Users\tomasek\Local Settings:15-08-2021 [2771]
AlternateDataStreams: C:\Users\tomasek\AppData\Local:15-08-2021 [2771]
AlternateDataStreams: C:\Users\tomasek\AppData\Local\Data aplikací:15-08-2021 [2771]
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKU\S-1-5-21-2880034797-3857021402-3440946435-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&src ... ORM=IESR02
SearchScopes: HKU\S-1-5-21-2880034797-3857021402-3440946435-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp//www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2880034797-3857021402-3440946435-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&src ... ORM=IESR02
FirewallRules: [TCP Query User{A7EE2D82-18E6-4929-B82A-8E94ECD4C03F}C:\users\tomasek\appdata\local\temp\rar$exa1308.45415\people playground v1.21.1\win64\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa1308.45415\people playground v1.21.1\win64\people playground.exe => No File
FirewallRules: [UDP Query User{C3580A1E-8F8C-43C4-BC83-3AB6A537206C}C:\users\tomasek\appdata\local\temp\rar$exa1308.45415\people playground v1.21.1\win64\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa1308.45415\people playground v1.21.1\win64\people playground.exe => No File
FirewallRules: [{23D3DC9A-7C34-4E87-9247-AE32C875196B}] => (Allow) C:\Users\tomasek\AppData\Local\Programs\Opera\79.0.4143.72\opera.exe => No File
FirewallRules: [{ADA00410-B9FB-4757-A456-4C81127D346B}] => (Allow) C:\Program Files (x86)\Overwolf\0.180.0.6\OverwolfBrowser.exe => No File
FirewallRules: [{E08DEDAA-81D3-4267-8555-8D5F609C7F51}] => (Allow) C:\Program Files (x86)\Overwolf\0.180.0.6\OverwolfBrowser.exe => No File
FirewallRules: [{FE67025D-09FE-47CF-8994-0AC22D985761}] => (Block) C:\Program Files (x86)\Overwolf\0.180.0.6\OverwolfBrowser.exe => No File
FirewallRules: [{F69428F5-6CB5-4324-98D8-D0285B3A017C}] => (Block) C:\Program Files (x86)\Overwolf\0.180.0.6\OverwolfBrowser.exe => No File
FirewallRules: [{D2B5A6E0-62CE-41C8-85BF-E05DB169122A}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe => No File
C:\$RECYCLE.BIN\S-1-5-21-2880034797-3857021402-3440946435-1001\$RWHV6DM.exe
C:\$RECYCLE.BIN\S-1-5-21-2880034797-3857021402-3440946435-1001\$R10T6RL.exe
C:\Users\tomasek\AppData\Local\Temp
ShortcutTarget: RebusDrop.lnk -> C:\Users\tomasek\RebusDrop\App\RebusDrop.exe (No File)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {1FA75FDC-E5D2-4440-9040-A97E14DDE2DD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-09-25] (Google LLC -> Google LLC)
Task: {A738DAE6-E4CD-4455-81CA-9CAE713313F3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-09-25] (Google LLC -> Google LLC)
Task: {ABC8A774-3286-4F6E-9DC5-D55753936F94} - System32\Tasks\WinManager => C:\Users\tomasek\AppData\Roaming\Windows\svchost.exe <==== ATTENTION
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
U1 aswbdisk; no ImagePath
U3 avgbdisk; no ImagePath
U2 bddci; no ImagePath
S3 HWiNFO_152; \??\C:\Users\tomasek\AppData\Local\Temp\HWiNFO64A_152.SYS [X] <==== ATTENTION
S3 HWiNFO_155; \??\C:\Users\tomasek\AppData\Local\Temp\HWiNFO64A_155.SYS [X] <==== ATTENTION
C:\Users\tomasek\AppData\Roaming\kNP9HSEdVX.exe
C:\Users\tomasek\AppData\Roaming\elnudcjigllpcatoi
C:\Users\tomasek\AppData\Local\NjMwNzIwMjIwIDQ.corona
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\tomasek\AppData\Roaming\90e410a49ea95c18085aaf88ebbf8100.tmp
C:\Users\tomasek\AppData\Local\BFEBFBFF000906EC92917F88
C:\Users\tomasek\AppData\Local\NjMwNzIwMjIwIDQ.corona

EmptyTemp:
Hosts:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Dobrý večer zde,

Fix result of Farbar Recovery Scan Tool (x64) Version: 30-10-2021
Ran by tomasek (01-11-2021 21:07:30) Run:2
Running from C:\Users\tomasek\Desktop
Loaded Profiles: tomasek
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
CustomCLSID: HKU\S-1-5-21-2880034797-3857021402-3440946435-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> "C:\Users\tomasek\AppData\Local\Microsoft\Teams\current\Teams.exe" --toast => No File
AlternateDataStreams: C:\Users\tomasek\Local Settings:15-08-2021 [2771]
AlternateDataStreams: C:\Users\tomasek\AppData\Local:15-08-2021 [2771]
AlternateDataStreams: C:\Users\tomasek\AppData\Local\Data aplikací:15-08-2021 [2771]
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKU\S-1-5-21-2880034797-3857021402-3440946435-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&src ... ORM=IESR02
SearchScopes: HKU\S-1-5-21-2880034797-3857021402-3440946435-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp//www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2880034797-3857021402-3440946435-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&src ... ORM=IESR02
FirewallRules: [TCP Query User{A7EE2D82-18E6-4929-B82A-8E94ECD4C03F}C:\users\tomasek\appdata\local\temp\rar$exa1308.45415\people playground v1.21.1\win64\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa1308.45415\people playground v1.21.1\win64\people playground.exe => No File
FirewallRules: [UDP Query User{C3580A1E-8F8C-43C4-BC83-3AB6A537206C}C:\users\tomasek\appdata\local\temp\rar$exa1308.45415\people playground v1.21.1\win64\people playground.exe] => (Block) C:\users\tomasek\appdata\local\temp\rar$exa1308.45415\people playground v1.21.1\win64\people playground.exe => No File
FirewallRules: [{23D3DC9A-7C34-4E87-9247-AE32C875196B}] => (Allow) C:\Users\tomasek\AppData\Local\Programs\Opera\79.0.4143.72\opera.exe => No File
FirewallRules: [{ADA00410-B9FB-4757-A456-4C81127D346B}] => (Allow) C:\Program Files (x86)\Overwolf\0.180.0.6\OverwolfBrowser.exe => No File
FirewallRules: [{E08DEDAA-81D3-4267-8555-8D5F609C7F51}] => (Allow) C:\Program Files (x86)\Overwolf\0.180.0.6\OverwolfBrowser.exe => No File
FirewallRules: [{FE67025D-09FE-47CF-8994-0AC22D985761}] => (Block) C:\Program Files (x86)\Overwolf\0.180.0.6\OverwolfBrowser.exe => No File
FirewallRules: [{F69428F5-6CB5-4324-98D8-D0285B3A017C}] => (Block) C:\Program Files (x86)\Overwolf\0.180.0.6\OverwolfBrowser.exe => No File
FirewallRules: [{D2B5A6E0-62CE-41C8-85BF-E05DB169122A}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe => No File
C:\$RECYCLE.BIN\S-1-5-21-2880034797-3857021402-3440946435-1001\$RWHV6DM.exe
C:\$RECYCLE.BIN\S-1-5-21-2880034797-3857021402-3440946435-1001\$R10T6RL.exe
C:\Users\tomasek\AppData\Local\Temp
ShortcutTarget: RebusDrop.lnk -> C:\Users\tomasek\RebusDrop\App\RebusDrop.exe (No File)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {1FA75FDC-E5D2-4440-9040-A97E14DDE2DD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-09-25] (Google LLC -> Google LLC)
Task: {A738DAE6-E4CD-4455-81CA-9CAE713313F3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-09-25] (Google LLC -> Google LLC)
Task: {ABC8A774-3286-4F6E-9DC5-D55753936F94} - System32\Tasks\WinManager => C:\Users\tomasek\AppData\Roaming\Windows\svchost.exe <==== ATTENTION
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
U1 aswbdisk; no ImagePath
U3 avgbdisk; no ImagePath
U2 bddci; no ImagePath
S3 HWiNFO_152; \??\C:\Users\tomasek\AppData\Local\Temp\HWiNFO64A_152.SYS [X] <==== ATTENTION
S3 HWiNFO_155; \??\C:\Users\tomasek\AppData\Local\Temp\HWiNFO64A_155.SYS [X] <==== ATTENTION
C:\Users\tomasek\AppData\Roaming\kNP9HSEdVX.exe
C:\Users\tomasek\AppData\Roaming\elnudcjigllpcatoi
C:\Users\tomasek\AppData\Local\NjMwNzIwMjIwIDQ.corona
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\tomasek\AppData\Roaming\90e410a49ea95c18085aaf88ebbf8100.tmp
C:\Users\tomasek\AppData\Local\BFEBFBFF000906EC92917F88
C:\Users\tomasek\AppData\Local\NjMwNzIwMjIwIDQ.corona

EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
HKU\S-1-5-21-2880034797-3857021402-3440946435-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a} => removed successfully
C:\Users\tomasek\Local Settings => ":15-08-2021" ADS removed successfully
"C:\Users\tomasek\AppData\Local" => ":15-08-2021" ADS not found.
"C:\Users\tomasek\AppData\Local\Data aplikací" => ":15-08-2021" ADS not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
"HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} => removed successfully
HKU\S-1-5-21-2880034797-3857021402-3440946435-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{A7EE2D82-18E6-4929-B82A-8E94ECD4C03F}C:\users\tomasek\appdata\local\temp\rar$exa1308.45415\people playground v1.21.1\win64\people playground.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C3580A1E-8F8C-43C4-BC83-3AB6A537206C}C:\users\tomasek\appdata\local\temp\rar$exa1308.45415\people playground v1.21.1\win64\people playground.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{23D3DC9A-7C34-4E87-9247-AE32C875196B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ADA00410-B9FB-4757-A456-4C81127D346B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E08DEDAA-81D3-4267-8555-8D5F609C7F51}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FE67025D-09FE-47CF-8994-0AC22D985761}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F69428F5-6CB5-4324-98D8-D0285B3A017C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D2B5A6E0-62CE-41C8-85BF-E05DB169122A}" => removed successfully
"C:\$RECYCLE.BIN\S-1-5-21-2880034797-3857021402-3440946435-1001\$RWHV6DM.exe" => not found
"C:\$RECYCLE.BIN\S-1-5-21-2880034797-3857021402-3440946435-1001\$R10T6RL.exe" => not found

"C:\Users\tomasek\AppData\Local\Temp" folder move:

Could not move "C:\Users\tomasek\AppData\Local\Temp" => Scheduled to move on reboot.

"C:\Users\tomasek\RebusDrop\App\RebusDrop.exe" => not found
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1FA75FDC-E5D2-4440-9040-A97E14DDE2DD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1FA75FDC-E5D2-4440-9040-A97E14DDE2DD}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A738DAE6-E4CD-4455-81CA-9CAE713313F3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A738DAE6-E4CD-4455-81CA-9CAE713313F3}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ABC8A774-3286-4F6E-9DC5-D55753936F94}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ABC8A774-3286-4F6E-9DC5-D55753936F94}" => removed successfully
C:\Windows\System32\Tasks\WinManager => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WinManager" => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
HKLM\System\CurrentControlSet\Services\aswbdisk => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgbdisk => removed successfully
avgbdisk => service removed successfully
HKLM\System\CurrentControlSet\Services\bddci => removed successfully
bddci => service removed successfully
HKLM\System\CurrentControlSet\Services\HWiNFO_152 => removed successfully
HWiNFO_152 => service removed successfully
HKLM\System\CurrentControlSet\Services\HWiNFO_155 => removed successfully
HWiNFO_155 => service removed successfully
C:\Users\tomasek\AppData\Roaming\kNP9HSEdVX.exe => moved successfully
C:\Users\tomasek\AppData\Roaming\elnudcjigllpcatoi => moved successfully
C:\Users\tomasek\AppData\Local\NjMwNzIwMjIwIDQ.corona => moved successfully
"C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore" => not found
C:\Users\tomasek\AppData\Roaming\90e410a49ea95c18085aaf88ebbf8100.tmp => moved successfully
C:\Users\tomasek\AppData\Local\BFEBFBFF000906EC92917F88 => moved successfully
"C:\Users\tomasek\AppData\Local\NjMwNzIwMjIwIDQ.corona" => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 43290533 B
Java, Flash, Steam htmlcache => 252513306 B
Windows/system/drivers => 3279765 B
Edge => 0 B
Chrome => 1168375144 B
Firefox => 0 B
Opera => 18711678 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 7168 B
systemprofile32 => 7168 B
LocalService => 52554 B
NetworkService => 64376 B
tomasek => 217320537 B

RecycleBin => 0 B
EmptyTemp: => 1.6 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 01-11-2021 21:08:48)

C:\Users\tomasek\AppData\Local\Temp => moved successfully

Result of scheduled keys to remove after reboot:

HKLM\System\CurrentControlSet\Services\aswbdisk => could not remove, key could be protected

==== End of Fixlog 21:08:48 ====

a rád bych se zeptal můžu y vymazat tyto soubory? každý zabírá víc jak 1gb

2021-02-22 19:07 - 2021-02-23 11:28 - 2257350816 _____ () C:\Users\tomasek\AppData\Roaming\2.txt
2021-02-22 19:07 - 2021-02-23 09:38 - 1570849912 _____ () C:\Users\tomasek\AppData\Roaming\3.txt
2021-02-22 19:07 - 2021-02-22 19:13 - 1437435000 _____ () C:\Users\tomasek\AppData\Roaming\4.txt
2021-02-22 19:07 - 2021-02-22 19:13 - 1437435000 _____ () C:\Users\tomasek\AppData\Roaming\5.txt
2021-02-22 19:07 - 2021-02-22 19:13 - 1437435000 _____ () C:\Users\tomasek\AppData\Roaming\6.txt
2021-02-22 19:07 - 2021-02-22 19:13 - 1437435000 _____ () C:\Users\tomasek\AppData\Roaming\7.txt
2021-02-22 19:07 - 2021-02-22 19:13 - 1437435000 _____ () C:\Users\tomasek\AppData\Roaming\8.txt
2021-02-22 19:07 - 2021-02-22 19:13 - 1437435000 _____ () C:\Users\tomasek\AppData\Roaming\9.txt

Další otázka byl tam nějaký keyloger? žena tam zadala svou platební kartu

No, abych to vysvětlil víc . Chtěla koupit hru na tom steamu klukovi, zadala kartu, ale platba neproběhla. Já jsem provedl platbu přes svůj (čistý) počítač a nákup byl proveden.

Bylo smazáno. Ty *.txt soubory samozřejmě smazat můžete, ale nejsou nebezpečné (txt soubory nelze zavirovat). Doporučil bych ještě sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 , v PC bylo celkem dost podezřelých souborů a mohou být ještě nějaké skryty. Utilitu stáhněte, spusťt, nechte pracovat a po skončení akce smažte vše, co najde.

Dobrý den,

nějak se ten program změnil a ten návod je zastaralý asi , zaškrtl jsem radši ať skenuje vše , ale nenašel jsem jak ten log uložit tak posílám screen

Ano, návod je na starší verzi. Proto jsem psal, co máte dělat. Log se uložit nedá, smažte vše, co našel.

Podle screenu je vše smazáno , akorát jsem si nevěděl rady s tím not-a-virus:HEUR:RiskTool.Win32.BitMiner.gen tak jsem ho hodil jen do karantény, hned ho vymažu. Pokračujem? nebo je to vše vše. Poprosil bych o zoek, at se mu vše vymaže v prohlížečích, protože tu vyskakují divné vyhledávače. Možná už využívate jiný program. Kdysi jsem koukal na toto forum denně a pročítal vše

Děkuji

OK. Spusťte postupně tyto utility:

1. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe , https://www.edisk.cz/stahni/21334/zoek.rar_1.3MB.html/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: https://www.stahuj.cz/utility_a_ostatni ... oval-tool/
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

Ten HEUR:RiskTool.Win32.BitMiner.gen je malware, které se využívá k těžbě bitcoinů. Našla jej heuristická analýza, tzn. malware to být může, ale nemusí. AVP ho nemá v databázi.

Dobrý večer,

zde jsou


Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by tomasek on 02.11.2021 at 22:11:12,96.
Microsoft Windows 10 Home 10.0.19043 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\tomasek\Downloads\zoek\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2021-03-11-210901.log 142389 bytes
C:\zoek-results2021-11-02-175503.log 284624 bytes

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~3\Reprise deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

"C:\Users\tomasek\AppData\Local\AVAST Software\APM\kv_pam.db" not deleted
"C:\Users\tomasek\AppData\Local\AVAST Software\APM\kv_pamcore.db" not deleted
"C:\Users\tomasek\AppData\Local\AVAST Software\APM\kv_pampub.db" not deleted
"C:\Users\tomasek\AppData\Local\AVAST Software\APM\pam.db" not deleted
"C:\Users\tomasek\AppData\Local\AVAST Software\Avast\datascan.json" not deleted
"C:\Users\tomasek\AppData\Local\AVAST Software" not deleted
"C:\Users\tomasek\AppData\Local\AVAST Software\APM" not deleted
"C:\Users\tomasek\AppData\Local\AVAST Software\Avast" not deleted

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gnplhahbcoldbildffdchneaepapccbn - No path found[]
ihcjicgdanjaechkgeegckofjjedodee - No path found[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
gkfanndldghlkndfhojpfhclgdnglfmf - https://chrome.google.com/webstore/deta ... clgdnglfmf[]

Search Manager - tomasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnplhahbcoldbildffdchneaepapccbn
Malwarebytes Browser Guard - tomasek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee
NavFast - tomasek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cmbkjfjekgmlimjklnijcjijbfpblgde
Search Manager - tomasek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gnplhahbcoldbildffdchneaepapccbn
Malwarebytes Browser Guard - tomasek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ihcjicgdanjaechkgeegckofjjedodee
Search Manager - tomasek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gnplhahbcoldbildffdchneaepapccbn
Search Manager - tomasek\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gnplhahbcoldbildffdchneaepapccbn
Malwarebytes Browser Guard - tomasek\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ihcjicgdanjaechkgeegckofjjedodee
Search Manager - tomasek\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\gnplhahbcoldbildffdchneaepapccbn
Malwarebytes Browser Guard - tomasek\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ihcjicgdanjaechkgeegckofjjedodee
TubeBuddy - tomasek\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\mhkhmbddkmdggbhaaaodilponhnccicb
Search Manager - tomasek\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\gnplhahbcoldbildffdchneaepapccbn
Malwarebytes Browser Guard - tomasek\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ihcjicgdanjaechkgeegckofjjedodee
Grammarly for Chrome - tomasek\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen
Malwarebytes Browser Guard - tomasek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee
KeyFind - tomasek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nnoidofbgkmeabamdgclicncakljkoin

==== Chromium Startpages ======================

C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 5\Preferences
","description":"Rychlý e-mail s možností vyhledávání a menším množstvím spamu.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","manifest_version":2,"name":"Gmail","options_page":"https://mail.google.com/mail/#settings","permissions":["notifications"],"update_url":"https://clients2.google.com/service/upd ... BF774CB53E"}}


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences was reset successfully
C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences was reset successfully
C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 5\Preferences was reset successfully
C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 5\Secure Preferences was reset successfully
C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data was reset successfully
C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data-journal was reset successfully
C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 5\Web Data was reset successfully
C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 5\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\tomasek\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\tomasek\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\tomasek\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully
C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 2\Cache emptied successfully
C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 3\Cache emptied successfully
C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 4\Cache emptied successfully
C:\Users\tomasek\AppData\Local\Google\Chrome\User Data\Profile 5\Cache emptied successfully
C:\Users\tomasek\AppData\Local\Microsoft\Edge\User Data\Default\Cache emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Edge\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=21288 folders=6191 5716404929 bytes)

==== Empty Temp Folders ======================

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\tomasek\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\tomasek\AppData\Local\AVAST Software\APM\kv_pam.db" not found
"C:\Users\tomasek\AppData\Local\AVAST Software\APM\kv_pamcore.db" not found
"C:\Users\tomasek\AppData\Local\AVAST Software\APM\kv_pampub.db" not found
"C:\Users\tomasek\AppData\Local\AVAST Software\APM\pam.db" not found
"C:\Users\tomasek\AppData\Local\AVAST Software\Avast\datascan.json" not found
"C:\Users\tomasek\AppData\Local\AVAST Software\APM\kv_pam.db" not found
"C:\Users\tomasek\AppData\Local\AVAST Software\APM\kv_pamcore.db" not found
"C:\Users\tomasek\AppData\Local\AVAST Software\APM\kv_pampub.db" not found
"C:\Users\tomasek\AppData\Local\AVAST Software\APM\pam.db" not found
"C:\Users\tomasek\AppData\Local\AVAST Software\Avast\datascan.json" not found
"C:\Users\tomasek\AppData\Roaming\.technic" not found
"C:\Users\tomasek\AppData\Local\AVAST Software" not found
"C:\Users\tomasek\AppData\Local\AVAST Software" not found

==== EOF on 02.11.2021 at 22:38:31,46 ======================

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64
Ran by tomasek (Administrator) on 03.11.2021 at 18:12:35,77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 2

Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.11.2021 at 18:13:44,33
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Prohlíče byly vyčištěny.

Dobrý večer,

myslíte si tedy, že je vše ok?