Ukradený účet na Steam
Napsal: 07 lis 2021 15:39
Dobrý den,
dnes ráno 7. 11. 21 jsem zjistil v mailu, že mi někdo ukradl účet na Steam (z Ruska z Moskvy) a že se mu podařilo změnit emailovou adresu na svojí ruskou, na což využil potvrzovací kody, které přišli na můj email. Nevím, zda se tedy nedostal i do emailové schránky. Změnil jsem si heslo - v mailu jsem nezaznamenal žádnou škodu a od Steamu získal účet zpět. Ale zřejmě mám zavirovaný počítač. Při vypnutí a zapnutí počítače se mi po naběhnutí systému automaticky otevře firefox a tam je otevřená nějaká stránka s adfly giftkeys ke steamu. Nejde mi to zrušit. Posílám FRST log i addition.txt.
Můžete mi poradit, jak se toho zbavit?
Děkuji.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-11-2021
Ran by Marek (administrator) on MAREKT-NB-10 (LENOVO 80FL) (07-11-2021 13:18:16)
Running from C:\Users\Marek\Downloads
Loaded Profiles: Marek
: Microsoft Windows 10 Home Version 20H2 19042.1320 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Windows\SysWOW64\UMonit64.exe
(ADLICE (ASCOET JULIEN) -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
(ADLICE (ASCOET JULIEN) -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\eguiProxy.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Fortemedia Inc. -> ) C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(Hitachi-LG Data Storage Korea, Inc. -> Hitachi-LG Data Storage, Inc.) C:\Program Files (x86)\ODD Auto Firmware Update\ODDFWUpdate.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation - Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation - Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Lenovo (Beijing) Limited -> ) C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
(Lenovo (Beijing) Limited -> ) C:\Program Files (x86)\Lenovo\CCSDK\WinGather.exe
(Lenovo (Beijing) Limited -> ) C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
(Lenovo (Beijing) Limited -> ) C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
(Lenovo (Beijing) Limited -> Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo (Beijing) Limited -> Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Lenovo (Beijing) Limited -> Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Lenovo (Beijing) Limited -> Lenovo) C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
(Lenovo (Beijing) Limited -> Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
(Lenovo -> ) C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\Lenovo.Vantage.AddinHost.Amd64.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\Lenovo.Vantage.AddinHost.exe <4>
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\Lenovo.Vantage.AddinHost.x86.exe <2>
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\LenovoVantageService.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe <2>
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe <2>
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft) [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe
(Microsoft) [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <9>
(Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 7\PdfPro7Hook.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PointGrab Ltd -> PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe
(PointGrab Ltd -> PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
(PointGrab Ltd -> PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\WebcamSplitterServer.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <3>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp -> Realtek semiconductor) C:\Windows\RTFTrack.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14049536 2015-09-05] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1403136 2015-09-05] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1403136 2015-09-05] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1403136 2015-09-05] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3742112 2015-09-05] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [9308416 2015-09-05] (Realtek Semiconductor Corp -> Realtek semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-05-23] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\nvspcap64.dll [1571696 2015-05-23] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed]
HKLM\...\Run: [AutoStartTransition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe [294672 2015-05-27] (Lenovo (Beijing) Limited -> )
HKLM\...\Run: [PhoneCompanion] => C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [802800 2015-05-27] (Lenovo (Beijing) Limited -> Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16094704 2015-05-27] (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [10841584 2015-05-27] (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation - Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\ecmdS.exe [167496 2021-11-04] (ESET, spol. s r.o. -> ESET)
HKLM-x32\...\Run: [M17A] => C:\WINDOWS\twain_32\Brimm17a\Common\TwDsUiLaunch.exe [77312 2017-10-19] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [146584 2017-11-07] (Brother Industries, Ltd. -> Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2976256 2018-01-19] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrotherSoftwareUpdateNotification] => C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe [3581952 2017-04-05] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2075480 2013-06-24] (Flexera Software LLC -> Flexera Software LLC.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [35648 2015-01-19] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [17600 2015-01-19] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFProHook] => C:\Program Files (x86)\Nuance\PDF Professional 7\pdfpro7hook.exe [641864 2013-03-20] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKU\S-1-5-21-2684046251-4145855513-4240160385-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Marek\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-2684046251-4145855513-4240160385-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Marek\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-2684046251-4145855513-4240160385-1001\...\RunOnce: [Uninstall 21.205.1003.0003] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Marek\AppData\Local\Microsoft\OneDrive\21.205.1003.0003" (No File)
HKLM\...\Windows x64\Print Processors\Canon MP495 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDA9.DLL [28672 2010-08-25] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\95.0.4638.69\Installer\chrmstp.exe [2021-11-03] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\update.bat [2018-07-16] () [File not signed] <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0601A6ED-EDDA-4CF9-8124-274D798BC8EF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {0FFEA2BE-E887-48F2-8EBE-DDD27CFE50E4} - System32\Tasks\{E2CFC71A-2B11-4079-B5A4-24358042554A} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\League of Legends\lol.launcher.exe" -d "C:\Program Files (x86)\League of Legends"
Task: {1475CCE5-BD80-4DFF-8EAC-75FF4914DABA} - System32\Tasks\Mozilla\Firefox Background Update E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {1B994581-33B4-43DA-AFE4-83B942E014C0} - System32\Tasks\{F7528021-3A2F-49B0-AE35-D11AA0BB7D22} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files\SAW The Videogame\SAW\Binaries\SawGame.exe" -d "C:\Program Files\SAW The Videogame\SAW\Binaries"
Task: {1CD06D4D-948D-487F-9FE8-622105B12A67} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\3b94edcc-f997-4e6f-8cef-67534a5aee38 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81896 2021-08-12] (Lenovo -> Lenovo Group Ltd.)
Task: {20329F30-37DF-492A-9D4B-F98DB4624D7F} - System32\Tasks\{C41D60FD-0900-4123-B319-03A19365AD49} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\League of Legends\lol.launcher.exe" -d "C:\Program Files (x86)\League of Legends"
Task: {278B4BB7-1124-4B56-9559-8CB3A9EDA845} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.6.15.0\ScheduleEventAction.exe
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {380EA202-3F23-449A-8AD3-6D959A836A1E} - System32\Tasks\{49285EA4-A02A-4098-92FF-9B423F6C1703} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\League of Legends\lol.launcher.exe" -d "C:\Program Files (x86)\League of Legends"
Task: {434FA76C-13D0-4FF6-B92C-095F498A5C69} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [62440 2021-08-12] (Lenovo -> Lenovo Group Ltd.)
Task: {4C231F88-F5F7-4F20-BBB5-098444C02DA0} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe
Task: {4F69ACBE-545F-4018-836C-F0695C5B9356} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe [1504312 2020-12-09] (Adobe Inc. -> Adobe)
Task: {518BC710-8AE3-48DC-9426-C369D961A582} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1626328 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {58FAE937-321E-42B3-85DE-74F4244DC95E} - System32\Tasks\{56C02415-9661-4FE2-B491-C54C347FE84D} => C:\WINDOWS\system32\pcalua.exe -a E:\World_of_Warcraft_Cataclysm_4.3.4_for_Posterus.CZ\Wow.exe -d E:\World_of_Warcraft_Cataclysm_4.3.4_for_Posterus.CZ
Task: {5FBC6450-95DC-46EE-AF0A-1A7820B80FB8} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\ScheduleEventAction.exe [26656 2021-09-16] (Lenovo -> Lenovo Group Ltd.)
Task: {608652EA-A968-43AC-B81A-BC4370C17D26} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {610ED7A1-7FFF-4453-AE20-9B8F81424CDD} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {683A578F-FA3F-47B3-9838-0C81F76FFC48} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\d0978f01-db1c-496d-859a-555708e4b7dc => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81896 2021-08-12] (Lenovo -> Lenovo Group Ltd.)
Task: {69A9457A-50F6-41A0-A80C-5CA4097F020F} - System32\Tasks\{B11BA862-BEF3-40A1-A583-6FAD83A64FAF} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\League of Legends\lol.launcher.exe" -d "C:\Program Files (x86)\League of Legends"
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {6E50637D-B755-4021-BA9C-809D8AEBEE30} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\7cbb489a-3101-4b43-9389-9c077df0ef89 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81896 2021-08-12] (Lenovo -> Lenovo Group Ltd.)
Task: {702A151C-37F4-4E45-AA71-3E6B7A561F9A} - System32\Tasks\{16EF1DEC-3104-4E16-A536-D75E518F77FE} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\League of Legends\lol.launcher.exe" -d "C:\Program Files (x86)\League of Legends\"
Task: {72F98CFF-2723-4CF4-A70D-9BA311BA8F90} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\ScheduleEventAction.exe [26656 2021-09-16] (Lenovo -> Lenovo Group Ltd.)
Task: {78E580C2-A3C0-4843-BF83-7EC55DDD252A} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {858B6555-5F7D-4BBF-A0C1-3B2DCAA74780} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {87FCC10D-E0AF-4F51-BF91-8C985E3FBCF7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {8C726285-38F4-4211-A544-F69A285F439F} - System32\Tasks\{BE9F87BC-A384-4067-917D-744017675B95} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Marek\Desktop\Mafia\Setup.exe -d C:\Users\Marek\Desktop\Mafia
Task: {8DD3CB3F-8470-435B-A1CD-A9D6CD2BD438} - System32\Tasks\Microsoft\Windows\rempl\shell => C:\Program Files\rempl\sedlauncher.exe
Task: {940F552B-0672-4F2D-ABB0-5E052843833D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {95072E47-7324-48DD-B24A-5B5BF9E3EB7B} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\faf2a571-567b-4d3c-8559-7efc2c3cb213 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81896 2021-08-12] (Lenovo -> Lenovo Group Ltd.)
Task: {956C7486-E291-4950-8C13-C67BC24A337F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-29] (Google LLC -> Google LLC)
Task: {98CFDD2F-3524-4645-BB22-522ECCCDF219} - System32\Tasks\{59E9C808-8E28-466D-82BD-539E729093D2} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\League of Legends\lol.launcher.exe" -d "C:\Program Files (x86)\League of Legends"
Task: {9B1B8552-363A-473B-9C52-71BB995C365A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {AB64391F-1112-46BF-A7EC-27F7366CFFA6} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [145480 2021-09-09] (Lenovo -> Lenovo Group Ltd.)
Task: {B56CBD0E-A9A8-41F1-AD88-76549B380591} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [233760 2013-03-07] (Intel® Services Manager -> Intel Corporation)
Task: {B64E5ABF-3618-4E9A-9C9A-3C25860DA7BA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-29] (Google LLC -> Google LLC)
Task: {B8305AA3-A623-42A8-ABC1-A2085DF5E8BD} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {BA5577D1-5B05-4BF3-AF75-66DA2822CB5A} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [682936 2021-11-04] (Mozilla Corporation -> Mozilla Foundation)
Task: {C20349F8-45CE-4B2A-91F6-1C029A40BF1A} - System32\Tasks\{542BEC95-696A-4A26-AA7E-DEC096F87E06} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Marek\Downloads\World_of_Warcraft_Cataclysm_4.3.4_for_Posterus.CZ\World_of_Warcraft_Cataclysm_4.3.4_for_Posterus.CZ\Wow.exe -d C:\Users\Marek\Downloads\World_of_Warcraft_Cataclysm_4.3.4_for_Posterus.CZ\World_of_Warcraft_Cataclysm_4.3.4_for_Posterus.CZ
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {D185A0FE-55E9-416F-8FDF-445C97FC894F} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [17152 2014-11-21] (LENOVO -> Lenovo)
Task: {D5F4FADA-1C98-452D-9BD9-F2C25BBA8A72} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-09] (Adobe Inc. -> Adobe)
Task: {DB0ED372-61EC-4F30-B38A-A02E13F3B8F7} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\db6d80d9-2d72-48a7-adf9-78f2422c072e => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81896 2021-08-12] (Lenovo -> Lenovo Group Ltd.)
Task: {DBF4112F-5DD1-4BEB-8C4F-2ABC443342A6} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {E2312B4D-D16D-436C-8BB8-8C20E8D8DFE0} - System32\Tasks\ODDAutoFirmwareUpdate => C:\Program Files (x86)\ODD Auto Firmware Update\ODDFWUpdate.exe [1260880 2020-02-13] (Hitachi-LG Data Storage Korea, Inc. -> Hitachi-LG Data Storage, Inc.)
Task: {E2FFA19B-DC52-45A8-A663-C36EEF6ED245} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [233760 2013-03-07] (Intel® Services Manager -> Intel Corporation)
Task: {E580501F-9E33-496F-98DE-AFF36FADFD8D} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [17184 2014-09-10] (LENOVO -> Lenovo)
Task: {EACF5EFE-D09D-4ACE-BD5A-4B2A1B2B0CF4} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService
Task: {EBEA95A7-FA39-41EB-B8FC-66E8AFDC00D0} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {EC5EF385-E991-46C6-BCFD-726844572BC0} - System32\Tasks\UMonitor Task => C:\windows\SysWOW64\UMonit64.exe [53248 2014-02-26] () [File not signed]
Task: {EF90EAFA-90E1-488F-B5F0-D4D072CBD59D} - System32\Tasks\{A544E525-BFF8-4517-954A-B8828A3ABF58} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\League of Legends\lol.launcher.exe" -d "C:\Program Files (x86)\League of Legends"
Task: {F54C5141-D182-4B82-B3B7-D4CA59C28B6F} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\ScheduleEventAction.exe [26656 2021-09-16] (Lenovo -> Lenovo Group Ltd.)
Task: {F9138DB2-E377-43AE-8F5D-861035E8F6F8} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 172.19.29.1 0.0.0.0
Tcpip\..\Interfaces\{06b16624-4a5d-4d15-be3c-2dc78a736983}: [DhcpNameServer] 172.19.29.1 0.0.0.0
Tcpip\..\Interfaces\{a5d792e1-4cd8-4d71-a9bf-6d3310a01121}: [NameServer] 217.77.165.81,217.77.165.211
Edge:
=======
DownloadDir: C:\Users\Marek\Downloads
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Marek\AppData\Local\Microsoft\Edge\User Data\Default [2021-10-16]
FireFox:
========
FF DefaultProfile: ud2ucm8s.default-1520284576366
FF ProfilePath: C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\ud2ucm8s.default-1520284576366 [2021-11-07]
FF Homepage: Mozilla\Firefox\Profiles\ud2ucm8s.default-1520284576366 -> www.seznam.cz/
FF Extension: (No Name) - C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\ud2ucm8s.default-1520284576366\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2021-09-01]
FF Extension: (Greasemonkey) - C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\ud2ucm8s.default-1520284576366\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2021-01-28]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_465.dll [2020-12-09] (Adobe Inc. -> )
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_465.dll [2020-12-09] (Adobe Inc. -> )
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Professional 7\bin\nppdf.dll [2011-07-15] (Zeon Corporation -> Zeon Corporation)
FF Plugin HKU\S-1-5-21-2684046251-4145855513-4240160385-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\eset_security_config_overlay.js [2021-11-07]
Chrome:
=======
CHR Profile: C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default [2021-11-05]
CHR Extension: (Beyond 20) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnblbpbepfbfmoobegdogkglpbhcjofh [2021-10-22]
CHR Extension: (Skype) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2021-01-29]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-09] (Adobe Inc. -> Adobe)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [314368 2018-01-18] (Brother Industries, Ltd.) [File not signed]
R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [592880 2014-07-10] (Lenovo (Beijing) Limited -> )
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [3139904 2021-11-04] (ESET, spol. s r.o. -> ESET)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81896 2021-08-12] (Lenovo -> Lenovo Group Ltd.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [561408 2014-09-23] (LENOVO -> Lenovo)
R2 LenovoPAWDService; C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe [133440 2015-05-27] (Lenovo -> )
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\LenovoVantageService.exe [31248 2021-09-16] (Lenovo -> Lenovo Group Ltd.)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2015-05-27] (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [77336 2015-01-19] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [167176 2014-05-28] (PointGrab Ltd -> PointGrab LTD)
R2 PG_Service_Launcher; C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe [515336 2014-05-28] (PointGrab Ltd -> PointGrab LTD)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [321520 2015-05-27] (Lenovo (Beijing) Limited -> Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [338416 2015-05-27] (Lenovo (Beijing) Limited -> Lenovo)
R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [14204760 2021-11-03] (ADLICE (ASCOET JULIEN) -> )
S3 TESHelper; c:\Program Files\Common Files\Lenovo\Magic Transfer\x64\MagicTransferTESHelper.exe [104696 2015-05-27] (Lenovo -> Lenovo)
R2 USBAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe [12288 2019-08-09] (Microsoft) [File not signed]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WorkflowAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe [20480 2019-08-09] (Microsoft) [File not signed]
R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [33040 2015-05-27] (Lenovo (Beijing) Limited -> Lenovo)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [284672 2021-04-14] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [183408 2021-11-04] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [124496 2021-11-04] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15824 2021-03-15] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [201984 2021-11-04] (ESET, spol. s r.o. -> ESET)
S4 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [43720 2020-11-15] (ESET, spol. s r.o. -> ESET)
S4 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [70048 2020-11-15] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [107456 2021-11-04] (ESET, spol. s r.o. -> ESET)
S3 GeneStor; C:\WINDOWS\System32\drivers\GeneStor.sys [111336 2014-04-17] (GENESYS LOGIC, INC. -> GenesysLogic)
R3 KMDFVirtualKbd; C:\WINDOWS\System32\drivers\KMDFVirtualKbd.sys [22264 2014-08-04] (Lenovo (Beijing) Limited -> )
R3 KMDFVirtualMouse; C:\WINDOWS\System32\drivers\KMDFVirtualMouse.sys [21240 2014-08-04] (Lenovo (Beijing) Limited -> )
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [80160 2015-02-13] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, Inc.)
U3 RkFlt; C:\Windows\System32\drivers\rkflt.sys [42056 2021-11-07] (Adlice -> )
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [38032 2021-11-07] (Adlice -> )
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2020-12-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [429296 2020-12-06] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-06] (Microsoft Windows -> Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] (CyberLink -> "CyberLink)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Three months (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-11-07 13:18 - 2021-11-07 13:37 - 000036827 _____ C:\Users\Marek\Downloads\FRST.txt
2021-11-07 13:15 - 2021-11-07 13:29 - 000000000 ____D C:\FRST
2021-11-07 13:11 - 2021-11-07 13:11 - 002312192 _____ (Farbar) C:\Users\Marek\Downloads\FRST64.exe
2021-11-07 12:18 - 2021-11-07 12:18 - 000042056 _____ C:\WINDOWS\system32\Drivers\rkflt.sys
2021-11-07 12:17 - 2021-11-07 12:17 - 000038032 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2021-11-07 12:17 - 2021-11-07 12:17 - 000000910 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2021-11-07 12:16 - 2021-11-07 12:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2021-11-07 12:16 - 2021-11-07 12:17 - 000000000 ____D C:\Program Files\RogueKiller
2021-11-07 12:05 - 2021-11-07 12:17 - 000000000 ____D C:\ProgramData\RogueKiller
2021-11-07 11:54 - 2021-11-07 11:54 - 041659160 _____ (Adlice Software ) C:\Users\Marek\Downloads\RogueKiller_setup.exe
2021-11-06 10:44 - 2021-11-06 10:44 - 000174446 _____ C:\Users\Marek\Downloads\Dluhopisy_Emisni-podminky_2021-09-15_proti-inflacni-dluhopis.pdf
2021-11-04 15:20 - 2021-11-05 13:46 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2021-10-30 18:00 - 2021-10-30 18:00 - 000011361 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-10-30 17:10 - 2021-10-30 17:10 - 000000000 ___HD C:\$WinREAgent
2021-10-30 17:01 - 2021-10-30 17:01 - 000001993 _____ C:\Users\Marek\Desktop\PC Health Check.lnk
2021-10-30 17:00 - 2021-10-30 17:01 - 000000000 ___RD C:\Users\Marek\AppData\Local\PCHealthCheck
2021-10-30 17:00 - 2021-10-30 17:00 - 000001403 _____ C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2021-10-30 16:58 - 2021-10-30 16:58 - 014221312 _____ C:\Users\Marek\Downloads\WindowsPCHealthCheckSetup.msi
2021-10-24 18:04 - 2021-10-24 18:04 - 000010764 _____ C:\Users\Marek\Documents\Jany peníze u mě.xlsx
2021-10-16 15:36 - 2021-10-16 15:36 - 000002304 _____ C:\Users\Marek\Desktop\Magnus.txt
2021-10-13 06:07 - 2021-10-13 06:07 - 000611960 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-10-13 06:06 - 2021-10-13 06:06 - 000098304 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-10-13 06:05 - 2021-10-13 06:05 - 000706536 _____ C:\WINDOWS\system32\TextShaping.dll
2021-10-13 06:05 - 2021-10-13 06:05 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2021-10-09 06:53 - 2021-11-04 18:06 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-10-02 15:09 - 2021-10-02 15:09 - 000113271 _____ C:\Users\Marek\Downloads\1102110422331.pdf
2021-09-15 14:28 - 2021-09-15 14:28 - 000672768 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-09-15 14:27 - 2021-09-15 14:27 - 002111488 _____ (Digimarc) C:\WINDOWS\SysWOW64\DMRCDecoder.dll
2021-09-15 14:27 - 2021-09-15 14:27 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-09-15 14:27 - 2021-09-15 14:27 - 001164288 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-09-15 14:27 - 2021-09-15 14:27 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-09-15 14:26 - 2021-09-15 14:26 - 002295296 _____ (Digimarc) C:\WINDOWS\system32\DMRCDecoder.dll
2021-09-15 14:26 - 2021-09-15 14:26 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-09-15 14:26 - 2021-09-15 14:26 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-09-15 14:25 - 2021-09-15 14:25 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-09-13 18:49 - 2021-09-13 18:49 - 000146062 _____ C:\Users\Marek\Desktop\OckovaciCertifikat.pdf
2021-09-12 11:57 - 2021-09-12 14:01 - 000009689 _____ C:\Users\Marek\Desktop\xerxes.odt
2021-09-12 11:57 - 2021-09-12 12:52 - 000012501 _____ C:\Users\Marek\Desktop\DnD-Oathbreaker-Lund-II.odt
==================== Three months (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-11-07 14:13 - 2015-11-17 20:30 - 000000000 ____D C:\Users\Marek\AppData\Roaming\vlc
2021-11-07 14:08 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-11-07 13:48 - 2016-11-26 11:55 - 000000000 ____D C:\Users\Marek\AppData\LocalLow\Mozilla
2021-11-07 13:46 - 2019-02-05 16:56 - 000000000 ____D C:\ProgramData\Mozilla
2021-11-07 13:22 - 2015-12-13 22:53 - 000000000 ____D C:\Program Files (x86)\Google
2021-11-07 12:09 - 2020-12-01 18:24 - 000000000 ____D C:\Users\Marek\AppData\Roaming\Rockstar Games
2021-11-07 11:37 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-11-07 11:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-11-07 11:27 - 2020-06-11 01:36 - 000002447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-11-07 10:26 - 2020-12-05 12:35 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-11-07 08:09 - 2020-07-04 21:17 - 000000000 ____D C:\Users\Marek\AppData\Roaming\Kodi
2021-11-07 07:59 - 2020-02-25 22:01 - 000000000 ____D C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2021-11-07 05:53 - 2020-12-05 13:19 - 000003374 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2684046251-4145855513-4240160385-1001
2021-11-07 05:53 - 2020-12-05 12:47 - 000002435 _____ C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-11-05 23:43 - 2017-12-19 08:07 - 000000000 ____D C:\Users\Marek\AppData\Local\Packages
2021-11-05 13:53 - 2020-12-05 13:02 - 001693350 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-11-05 13:53 - 2019-12-07 15:41 - 000718024 _____ C:\WINDOWS\system32\perfh005.dat
2021-11-05 13:53 - 2019-12-07 15:41 - 000145166 _____ C:\WINDOWS\system32\perfc005.dat
2021-11-05 13:53 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-11-05 13:50 - 2017-05-29 02:32 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2021-11-05 13:50 - 2015-09-05 05:28 - 000000000 __SHD C:\Users\Marek\IntelGraphicsProfiles
2021-11-05 13:46 - 2020-12-05 13:19 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-11-05 13:46 - 2020-12-05 12:35 - 000008192 ___SH C:\DumpStack.log.tmp
2021-11-05 13:46 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-11-05 13:46 - 2016-08-04 06:19 - 000000000 ____D C:\ProgramData\NVIDIA
2021-11-05 13:46 - 2015-12-13 22:57 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-11-05 13:45 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-11-04 23:45 - 2020-11-15 08:48 - 000124496 _____ (ESET) C:\WINDOWS\system32\Drivers\edevmon.sys
2021-11-04 23:45 - 2018-05-06 21:42 - 000201984 _____ (ESET) C:\WINDOWS\system32\Drivers\ehdrv.sys
2021-11-04 23:45 - 2018-05-06 21:42 - 000183408 _____ (ESET) C:\WINDOWS\system32\Drivers\eamonm.sys
2021-11-04 23:45 - 2018-05-06 21:42 - 000107456 _____ (ESET) C:\WINDOWS\system32\Drivers\epfwwfp.sys
2021-11-04 18:06 - 2015-12-13 22:57 - 000001243 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-11-03 07:07 - 2021-01-29 16:36 - 000002258 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-11-03 07:07 - 2021-01-29 16:36 - 000002217 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-11-02 09:23 - 2015-05-27 04:50 - 000000000 ____D C:\ProgramData\Energy Manager
2021-11-02 04:23 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-11-01 02:02 - 2020-12-05 12:35 - 000553392 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-11-01 01:58 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-11-01 01:58 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-11-01 01:58 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-11-01 01:58 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-11-01 01:58 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-11-01 01:58 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-11-01 01:58 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-11-01 01:58 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-11-01 01:58 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-11-01 01:58 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2021-10-30 18:11 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-10-19 16:31 - 2016-06-15 18:41 - 000016917 _____ C:\Users\Marek\Documents\Mzdy.xlsx
2021-10-14 12:02 - 2020-12-14 14:49 - 000006617 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2021-10-13 06:49 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-10-13 06:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-10-13 06:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-10-13 06:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-10-13 06:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-10-13 05:17 - 2016-04-03 20:37 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2021-10-13 05:12 - 2015-09-10 22:12 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-10-13 05:05 - 2015-09-10 22:12 - 139806512 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-10-13 04:40 - 2016-02-21 21:13 - 000002147 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-10-10 00:11 - 2021-01-12 04:13 - 000003490 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6cafe2af1b984
2021-10-10 00:11 - 2020-12-05 13:19 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
==================== Files in the root of some directories ========
2015-09-05 08:22 - 2015-09-05 08:22 - 000000000 _____ () C:\Program Files (x86)\Lenovo PhotoMasterImport
2017-04-30 16:39 - 2014-03-04 07:37 - 000000226 _____ () C:\Program Files (x86)\update-southpark.bat
2017-04-30 16:39 - 2013-10-12 19:47 - 000000732 _____ () C:\Program Files (x86)\visit-www.nosteam.ro.html
2017-04-28 21:54 - 2017-04-29 07:21 - 000000600 _____ () C:\Users\Marek\AppData\Roaming\winscp.rnd
==================== SigCheckExt =========================
2016-07-16 12:42 - 2016-07-16 12:42 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AllJoynDiscoveryPlugin.dll
2013-08-22 12:45 - 2013-08-22 12:45 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-fibers-l2-1-1.dll
2013-08-22 12:42 - 2013-08-22 12:42 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-psm-appnotify-l1-1-0.dll
2013-08-22 12:43 - 2013-08-22 12:43 - 000004608 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-devices-config-l1-1-1.dll
2013-08-22 12:42 - 2013-08-22 12:42 - 000003584 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-mm-misc-l1-1-1.dll
2013-08-22 12:42 - 2013-08-22 12:42 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-rtcore-ntuser-winevent-l1-1-0.dll
2013-08-22 12:42 - 2013-08-22 12:42 - 000004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-security-cryptoapi-l1-1-0.dll
2020-02-02 13:58 - 2016-11-01 11:27 - 000090112 _____ (Brother Industries, Ltd.) C:\WINDOWS\system32\BrNetSti.dll
2020-02-02 13:58 - 2013-07-03 11:46 - 000065024 _____ (Brother Industries,Ltd) C:\WINDOWS\system32\Brnsplg.dll
2020-02-02 13:58 - 2005-04-22 13:36 - 000143360 _____ C:\WINDOWS\system32\BrSNMP64.dll
2020-02-02 13:58 - 2013-03-08 15:45 - 000059904 _____ (Brother Industries,Ltd.) C:\WINDOWS\system32\BrWiaNCp.dll
2016-07-15 18:40 - 2016-07-01 04:57 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpreference.exe
2015-10-30 08:19 - 2015-10-30 08:19 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafCdp.dll
2017-04-12 15:49 - 2017-03-28 06:37 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DdcWnsListener.dll
2014-11-21 06:16 - 2014-11-21 06:16 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\dfp.exe
2014-11-21 06:16 - 2014-11-21 06:16 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DfpCommon.dll
2013-08-22 12:42 - 2013-08-22 12:42 - 000003584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ext-ms-win-msa-ui-l1-1-0.dll
2013-08-22 12:42 - 2013-08-22 12:42 - 000004608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ext-ms-win-ntuser-misc-l1-2-0.dll
2013-08-22 12:42 - 2013-08-22 12:42 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ext-ms-win-rtcore-ntuser-dpi-l1-1-0.dll
2015-05-27 04:17 - 2012-11-29 04:26 - 005623808 _____ (Genesys) C:\WINDOWS\system32\GeneIcon.dll
2015-09-05 05:16 - 2015-09-05 05:16 - 000206848 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCoIn_v4256.dll
2017-05-10 19:04 - 2017-03-04 07:26 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-07-16 12:43 - 2016-07-16 23:29 - 003584000 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkAnalysisLegacyCom.dll
2014-11-21 11:47 - 2014-11-21 11:47 - 000321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\lockscreencn.dll
2020-02-02 13:58 - 2015-06-16 21:39 - 000252928 _____ (brother) C:\WINDOWS\system32\NSSRH64.dll
2015-09-05 07:24 - 2015-08-25 19:38 - 000176904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-09-05 07:21 - 2015-05-23 08:47 - 001756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-05-27 04:15 - 2015-05-23 08:47 - 001571696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-10-30 08:18 - 2015-10-30 08:18 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flashlight.dll
2016-07-16 12:42 - 2016-07-16 12:42 - 000076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDiscoveryPlugin.dll
2016-07-16 12:42 - 2016-07-16 12:42 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiOnboardingPlugin.dll
2015-09-05 03:22 - 2015-03-14 02:51 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-05-27 04:47 - 2013-08-22 12:08 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\devcon.exe
2020-10-19 19:26 - 1997-11-19 13:49 - 000303616 _____ (InstallShield Software Corporation) C:\WINDOWS\IsUninst.exe
1998-03-12 23:02 - 1998-03-13 00:02 - 000034304 _____ (Inno Setup) C:\WINDOWS\UNISTB32.EXE
2013-08-22 05:17 - 2013-08-22 05:17 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-fibers-l2-1-1.dll
2013-08-22 05:14 - 2013-08-22 05:14 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-psm-appnotify-l1-1-0.dll
2013-08-22 05:14 - 2013-08-22 05:14 - 000004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-devices-config-l1-1-1.dll
2013-08-22 05:14 - 2013-08-22 05:14 - 000003584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-mm-misc-l1-1-1.dll
2013-08-22 05:14 - 2013-08-22 05:14 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-rtcore-ntuser-winevent-l1-1-0.dll
2013-08-22 05:14 - 2013-08-22 05:14 - 000004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-security-cryptoapi-l1-1-0.dll
2016-07-16 12:43 - 2016-07-16 12:43 - 000300032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\configmanager2.dll
2016-07-16 12:43 - 2016-07-16 12:43 - 000172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\coredpus.dll
2015-05-27 04:10 - 2013-08-21 08:16 - 000053248 _____ (Windows XP Bundled build C-Centric Single User) C:\WINDOWS\SysWOW64\CSVer.dll
2015-10-30 08:19 - 2015-10-30 08:19 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafCdp.dll
2013-08-22 05:14 - 2013-08-22 05:14 - 000003584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ext-ms-win-msa-ui-l1-1-0.dll
2013-08-22 05:14 - 2013-08-22 05:13 - 000004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ext-ms-win-ntuser-misc-l1-2-0.dll
2013-08-22 05:14 - 2013-08-22 05:13 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ext-ms-win-rtcore-ntuser-dpi-l1-1-0.dll
2017-03-14 19:42 - 2017-03-04 07:18 - 000198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-07-16 12:44 - 2016-07-16 23:29 - 002549760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkAnalysisLegacyCom.dll
2017-06-27 07:11 - 1997-07-06 19:22 - 000756736 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\ir41_32.dll
2013-05-12 01:17 - 2013-05-12 01:17 - 000001536 _____ C:\WINDOWS\SysWOW64\IusEventLog.dll
2003-03-18 20:14 - 2003-03-18 20:14 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp71.dll
2003-02-21 04:42 - 2003-02-21 04:42 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll
2015-05-27 04:17 - 2013-09-27 00:46 - 000172097 _____ C:\WINDOWS\SysWOW64\NoMSGuninstall.exe
2015-09-05 07:24 - 2015-08-25 19:38 - 000155976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-09-05 07:21 - 2015-05-23 08:47 - 001316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-05-27 04:15 - 2015-05-23 08:47 - 001320304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-05-27 04:17 - 2014-02-26 04:13 - 000053248 _____ () C:\WINDOWS\SysWOW64\UMonit64.exe
2021-11-07 13:11 - 2021-11-07 13:11 - 002312192 _____ (Farbar) C:\Users\Marek\Downloads\FRST64.exe
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== BCD ================================
Firmware Boot Manager
---------------------
identifier {fwbootmgr}
displayorder {bootmgr}
{b180f849-536a-11e5-aa5a-beb9fe7363be}
{b180f84e-536a-11e5-aa5a-beb9fe7363be}
{b180f84a-536a-11e5-aa5a-beb9fe7363be}
{b180f84b-536a-11e5-aa5a-beb9fe7363be}
{b180f84c-536a-11e5-aa5a-beb9fe7363be}
{b180f84f-536a-11e5-aa5a-beb9fe7363be}
{b180f850-536a-11e5-aa5a-beb9fe7363be}
timeout 10
Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume2
path \EFI\Microsoft\Boot\bootmgfw.efi
description Windows Boot Manager
locale cs-CZ
inherit {globalsettings}
default {current}
resumeobject {dbe6eab7-36ed-11eb-b574-bca2d926fc1d}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30
Firmware Application (101fffff)
-------------------------------
identifier {b180f846-536a-11e5-aa5a-beb9fe7363be}
description Setup
badmemoryaccess Yes
Firmware Application (101fffff)
-------------------------------
identifier {b180f847-536a-11e5-aa5a-beb9fe7363be}
description Boot Menu
badmemoryaccess Yes
Firmware Application (101fffff)
-------------------------------
identifier {b180f848-536a-11e5-aa5a-beb9fe7363be}
description Diagnostic Splash
badmemoryaccess Yes
Firmware Application (101fffff)
-------------------------------
identifier {b180f849-536a-11e5-aa5a-beb9fe7363be}
description USB FDD:
badmemoryaccess Yes
Firmware Application (101fffff)
-------------------------------
identifier {b180f84a-536a-11e5-aa5a-beb9fe7363be}
description ATAPI CD:
badmemoryaccess Yes
Firmware Application (101fffff)
-------------------------------
identifier {b180f84b-536a-11e5-aa5a-beb9fe7363be}
description USB HDD:
badmemoryaccess Yes
Firmware Application (101fffff)
-------------------------------
identifier {b180f84c-536a-11e5-aa5a-beb9fe7363be}
description USB CD:
badmemoryaccess Yes
Firmware Application (101fffff)
-------------------------------
identifier {b180f84d-536a-11e5-aa5a-beb9fe7363be}
device partition=\Device\HarddiskVolume3
path \EFI\Microsoft\Boot\lrsBootMgr.efi
description Lenovo Recovery System
badmemoryaccess Yes
Firmware Application (101fffff)
-------------------------------
identifier {b180f84e-536a-11e5-aa5a-beb9fe7363be}
description ATA HDD: WDC WD10S21X-24R1BT0-SSHD-8GB
badmemoryaccess Yes
Firmware Application (101fffff)
-------------------------------
identifier {b180f84f-536a-11e5-aa5a-beb9fe7363be}
description PCI LAN: EFI Network (IPv4)
badmemoryaccess Yes
Firmware Application (101fffff)
-------------------------------
identifier {b180f850-536a-11e5-aa5a-beb9fe7363be}
description PCI LAN: EFI Network (IPv6)
badmemoryaccess Yes
Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \WINDOWS\system32\winload.efi
description Windows 10
locale cs-CZ
inherit {bootloadersettings}
recoverysequence {dbe6eab9-36ed-11eb-b574-bca2d926fc1d}
displaymessageoverride Recovery
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot \WINDOWS
resumeobject {dbe6eab7-36ed-11eb-b574-bca2d926fc1d}
nx OptIn
bootmenupolicy Standard
Windows Boot Loader
-------------------
identifier {dbe6eab9-36ed-11eb-b574-bca2d926fc1d}
device ramdisk=[\Device\HarddiskVolume7]\Recovery\WindowsRE\Winre.wim,{dbe6eaba-36ed-11eb-b574-bca2d926fc1d}
path \windows\system32\winload.efi
description Windows Recovery Environment
locale cs-CZ
inherit {bootloadersettings}
displaymessage Recovery
osdevice ramdisk=[\Device\HarddiskVolume7]\Recovery\WindowsRE\Winre.wim,{dbe6eaba-36ed-11eb-b574-bca2d926fc1d}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes
Resume from Hibernate
---------------------
identifier {dbe6eab7-36ed-11eb-b574-bca2d926fc1d}
device partition=C:
path \WINDOWS\system32\winresume.efi
description Windows Resume Application
locale cs-CZ
inherit {resumeloadersettings}
recoverysequence {dbe6eab9-36ed-11eb-b574-bca2d926fc1d}
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No
Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume2
path \EFI\Microsoft\Boot\memtest.efi
description Diagnostika pamŘti syst‚mu Windows
locale cs-CZ
inherit {globalsettings}
badmemoryaccess Yes
EMS Settings
------------
identifier {emssettings}
bootems No
Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200
badmemoryaccess Yes
RAM Defects
-----------
identifier {badmemory}
Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}
Device options
--------------
identifier {dbe6eaba-36ed-11eb-b574-bca2d926fc1d}
description Windows Recovery
ramdisksdidevice partition=\Device\HarddiskVolume7
ramdisksdipath \Recovery\WindowsRE\boot.sdi
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-11-2021
Ran by Marek (07-11-2021 14:20:23)
Running from C:\Users\Marek\Downloads
Microsoft Windows 10 Home Version 20H2 19042.1320 (X64) (2020-12-05 12:20:48)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-2684046251-4145855513-4240160385-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2684046251-4145855513-4240160385-503 - Limited - Disabled)
Guest (S-1-5-21-2684046251-4145855513-4240160385-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2684046251-4145855513-4240160385-1003 - Limited - Enabled)
Marek (S-1-5-21-2684046251-4145855513-4240160385-1001 - Administrator - Enabled) => C:\Users\Marek
WDAGUtilityAccount (S-1-5-21-2684046251-4145855513-4240160385-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: ESET Security (Enabled - Up to date) {89B55CC4-3881-78B2-11E2-479AE0371896}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Security (Enabled - Up to date) {885D845F-AF19-0124-FECE-FFF49D00F440}
AS: ESET Security (Disabled - Up to date) {333C65BB-8923-0EAA-C47E-C486E687BEFD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Firewall (Enabled) {B066057A-E576-007C-D591-56C163D3B33B}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{36381D51-CC5E-4698-A0CC-E939C75EC9D8}) (Version: 1.5 - Eyeo GmbH)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 21.007.20099 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.465 - Adobe)
Age Of Empires 2 (HKLM-x32\...\Age Of Empires 2_is1) (Version: - Martin)
Age of Empires complete version 1.0c (HKLM-x32\...\{F7F0D70E-9027-4DF5-B67F-4B48CE29565A}_is1) (Version: 1.0c - vol1)
Aplikace Intel® PROSet/Wireless (HKLM-x32\...\{a914536c-bd41-479c-96aa-dee4a9639c22}) (Version: 21.10.1 - Intel Corporation)
Battle for Wesnoth 1.14.15 (HKLM-x32\...\Battle for Wesnoth 1.14.15) (Version: 1.14.15 - )
Battle for Wesnoth 1.14.9 (HKLM-x32\...\Battle for Wesnoth 1.14.9) (Version: 1.14.9 - )
BrLauncher (HKLM-x32\...\{42D26B47-887C-45FC-BCAE-0BE485C5C0BB}) (Version: 2.0.11.0 - Brother Industries Ltd.) Hidden
BrLogRx (HKLM-x32\...\{190861E7-09C5-42D8-BB4B-0AFB234BCFC1}) (Version: 1.0.3.1 - Brother Industries Ltd.) Hidden
Brother iPrint&Scan (HKLM-x32\...\{569f9640-fd0a-4a52-97f2-11277f65a3f0}) (Version: 4.4.0.33 - Brother Industries, Ltd.)
Brother iPrint&Scan (HKLM-x32\...\{FE65E525-8FCA-43BE-8D7F-0C4665FAE1A5}) (Version: 4.4.0.33 - Brother Industries, Ltd.) Hidden
Brother Printer Driver (HKLM-x32\...\{272543B6-B337-4C8F-B9F1-19E884C2C7AC}) (Version: 1.4.0.0 - Brother Industries Ltd.) Hidden
Brother Scanner Driver (HKLM-x32\...\{1162495D-7CE7-4EF9-A0F8-151196F3A660}) (Version: 1.0.17.1 - Brother Industries Ltd.) Hidden
BrSupportTools (HKLM-x32\...\{32F47565-84B1-42CC-B09A-4CDDD9A32F94}) (Version: 1.0.20.0 - Brother Industries Ltd.) Hidden
Caesar 3 (HKLM-x32\...\GOGPACKCAESAR3_is1) (Version: 2.0.0.9 - GOG.com)
CCSDK (HKLM-x32\...\{AE75190B-11B4-4F90-8254-DAB275CF2557}_is1) (Version: 1.0.3.4 - Lenovo)
ControlCenter4 (HKLM-x32\...\{9091B952-8719-49C3-9CC7-6E20EC61081F}) (Version: 4.6.6.1 - Brother Industries, Ltd.) Hidden
ControlCenter4 CSDK (HKLM-x32\...\{FD8A9511-BFC9-43B5-BB75-9CEC0EA03CF0}) (Version: 4.6.1.1 - Brother Industries, Ltd.) Hidden
Corel Graphics - Windows Shell Extension (HKLM\...\_{5D262585-5C19-4279-B1BC-C0D242E6AA3E}) (Version: 20.1.0.708 - Corel Corporation)
Corel Graphics - Windows Shell Extension (HKLM\...\{5D262585-5C19-4279-B1BC-C0D242E6AA3E}) (Version: 20.1.708 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit Keys (HKLM\...\{9D4064B2-A6B6-42E6-8695-7C9B3D69954E}) (Version: 20.1.708 - Corel Corporation) Hidden
Čeština do hry South Park: Klacek Pravdy verze 1.1 (HKLM-x32\...\{C1EA3034-6A86-4C18-A91F-SPSOTCZ110FE}_is1) (Version: 1.1 - Ubisoft)
Dependency Package Update (HKLM\...\{0788641D-D31A-478D-BB34-C41564AE9F93}) (Version: 1.6.26.00 - Lenovo Inc.) Hidden
Dependency Package Update (HKLM\...\{5252431C-288E-409D-ADCF-24407E0E6F70}) (Version: 1.6.32.00 - Lenovo Inc.) Hidden
Dependency Package Update (HKLM\...\{FFED38DF-94DC-4FF9-96C1-A6990EDA6B03}) (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (HKLM-x32\...\{1D2682EA-75DD-44B6-BF2D-CD3C49EAD012}) (Version: 1.6.38.01 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{3117B53D-A409-4D99-A0DE-11A1A40696FA}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{4430150F-61B3-4142-BE04-EAC68C8DDA18}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{4AF6C9BC-D8DB-4286-94D9-474CE54ADAA2}) (Version: 1.6.38.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{503B47A9-E34A-4841-ADD7-417191D5DB5E}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{546FF45D-2467-4950-AAFB-0A06ACBB6B2C}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{5B2190E9-199D-450A-94B3-4D6826C770C2}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{5BEFE1E1-F597-4B79-913B-15FFDB25B744}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{63DE35C9-B080-4D03-B110-99E14FD35BCE}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{65316098-0220-4D5C-B37A-6136083A0897}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{E966DBE4-5075-465E-BA81-BC9A3A3204B3}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Discord (HKU\S-1-5-21-2684046251-4145855513-4240160385-1001\...\Discord) (Version: 0.0.307 - Discord Inc.)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.3.1 - Dolby Laboratories Inc)
Energy Manager (HKLM-x32\...\{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.5.0.21 - Lenovo) Hidden
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.5.0.21 - Lenovo)
ESET Security (HKLM\...\{37E67F0A-50BB-430A-A2A5-F5E2F6EE96DB}) (Version: 15.0.18.0 - ESET, spol. s r.o.)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.2.0 - Genesys Logic)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 95.0.4638.69 - Google LLC)
GTA 3 CZ (HKLM-x32\...\GTA 3 CZ 1.2.0) (Version: 1.2.0 - Rockstar Games)
Heroes of Might and Magic III Complete (HKLM-x32\...\InstallShield_{EDFB64A7-5BFD-4137-943D-5663149A15F5}) (Version: 1.00.0000 - CD Projekt)
HowToGuide (HKLM-x32\...\{36580EEB-4EDF-4880-BBD4-097E2C645ECD}) (Version: 1.0.1.0 - Brother Industries Ltd.) Hidden
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Kodi (HKU\S-1-5-21-2684046251-4145855513-4240160385-1001\...\Kodi) (Version: - XBMC Foundation)
Kontrola stavu osobního počítače s Windows (HKLM\...\{D18FE9D2-2F54-4C68-A2DE-A59D4A80A9BC}) (Version: 3.1.2109.29003 - Microsoft Corporation)
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
Lenovo App Services (HKLM\...\Lenovo App Services) (Version: 0.200.8.268 - Lenovo)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10269 - Realtek Semiconductor Corp.)
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11103 - Realtek Semiconductor Corp.)
Lenovo FusionEngine (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.)
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo) Hidden
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\InstallShield_{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo)
Lenovo Motion Control (HKLM-x32\...\{DB34780A-6749-4AA3-A1E5-A56747EF4B04}) (Version: 2.5.1.0528 - PointGrab) Hidden
Lenovo Motion Control (HKLM-x32\...\InstallShield_{DB34780A-6749-4AA3-A1E5-A56747EF4B04}) (Version: 2.5.1.0528 - PointGrab)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.5708 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.5708 - CyberLink Corp.)
Lenovo PhoneCompanion (HKLM-x32\...\{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 2.0.0.19 - Lenovo) Hidden
Lenovo PhoneCompanion (HKLM-x32\...\InstallShield_{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 2.0.0.19 - Lenovo)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.68.3 - ELAN Microelectronic Corp.)
Lenovo Transition (HKLM\...\Lenovo Transition) (Version: 2.1.14.1221 - Lenovo)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.9.23.0 - Lenovo Group Ltd.)
Magic Transfer (HKLM-x32\...\{AD2B2BD1-A1D7-4798-8FDD-B2A58FD94E68}) (Version: 1.1.1.11 - Lenovo) Hidden
Magic Transfer (HKLM-x32\...\InstallShield_{AD2B2BD1-A1D7-4798-8FDD-B2A58FD94E68}) (Version: 1.1.1.11 - Lenovo)
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft Age of Empires (HKLM-x32\...\Age of Empires) (Version: - )
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 95.0.1020.44 - Microsoft Corporation)
Microsoft Office Language Pack 2013 - Czech/čeština (HKLM\...\Office15.OMUI.cs-cz) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2684046251-4145855513-4240160385-1001\...\OneDriveSetup.exe) (Version: 21.205.1003.0005 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2017 (HKLM-x32\...\{5a7dc0ad-cdb2-43b5-8b82-f81065fe6092}) (Version: 15.0.26717 - Microsoft Corporation)
Mozilla Firefox (x64 cs) (HKLM\...\Mozilla Firefox 94.0.1 (x64 cs)) (Version: 94.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 94.0.1.7977 - Mozilla)
Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (HKLM\...\{90150000-001F-0405-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (HKLM\...\{90150000-001F-041B-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
NetworkRepairTool (HKLM-x32\...\{86E68F57-FAFE-4052-BDD4-3B90C38236AE}) (Version: 1.2.16.0 - Brother Industries, Ltd.) Hidden
Nuance PaperPort 14 (HKLM-x32\...\{24510774-4424-46C2-8FB7-5DE0C945ED2B}) (Version: 14.5.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer SE (HKLM-x32\...\{D8151965-282B-4EB6-A3F1-68AB555D8423}) (Version: 7.20.3230 - Nuance Communications, Inc.)
NVIDIA GeForce Experience 2.4.5.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.28 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
ODD Auto Firmware Update (HKLM-x32\...\{3DD8DB1B-20D0-447C-940A-1306B3931FED}) (Version: 1.0.1807.2501 - Hitachi-LG Data Storage, Inc.)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0002 - Nuance Communications, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7560 - Realtek Semiconductor Corp.)
RogueKiller version 15.1.2.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.1.2.0 - Adlice Software)
ScannerUtilityInstaller (HKLM-x32\...\{5B645FE2-19E9-4B15-B5B2-3D8766F6FA27}) (Version: 1.0.0.0 - Brother) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0100-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{010BF41A-4D78-40C3-90BA-117DF64A0AE2}) (Version: - Microsoft)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.1.8.0 - Lenovo Group Limited)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype verze 8.66 (HKLM-x32\...\Skype_is1) (Version: 8.66 - Skype Technologies S.A.)
SoftwareUpdateNotification (HKLM-x32\...\{34F12379-C924-41E6-921D-51C71217F58C}) (Version: 1.0.9.0 - Brother Industries, Ltd.) Hidden
StatusMonitor (HKLM-x32\...\{40578A7A-6E36-457F-A4F0-45BC37EB61FD}) (Version: 1.20.1.0 - Brother Insutries Ltd.) Hidden
UESDK (HKLM-x32\...\{EB3F6640-58AE-4886-B8BA-466B6939A933}_is1) (Version: 1.0.3.6 - Lenovo)
Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM\...\{90150000-012B-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version: - Microsoft)
UsbRepairTool (HKLM-x32\...\{F8762A81-32B5-4144-9F3C-9274F515A651}) (Version: 1.4.0.0 - Brother Industries, Ltd.) Hidden
User Manuals (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo) Hidden
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
Ve stínu havrana (HKLM-x32\...\Ve stínu havrana_is1) (Version: - CINEMAX, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Windows Driver Package - Lenovo (ACPIVPC) System (09/24/2013 19.29.2.34) (HKLM\...\EE9B1F2037C580F36D92FA431CC02BFF04C31F15) (Version: 09/24/2013 19.29.2.34 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Packages:
=========
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_3.1.0.0_neutral__6e5tt8cgb93ep [2021-02-18] (Canon Inc.)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-03-08] (Microsoft Corporation)
Lenovo Recommends -> C:\Program Files\WindowsApps\E0469640.LenovoRecommends_1.5.14.117_x64__5grkq8ppsgwt4 [2015-09-05] (LENOVO INC)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2110.15.0_x64__k1h2ywk1493x8 [2021-10-25] (LENOVO INC.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-20] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-20] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.10270.0_x64__8wekyb3d8bbwe [2021-10-30] (Microsoft Studios) [MS Ad]
Phone Companion -> C:\Program Files\WindowsApps\E0469640.DeviceCollaboration_2.0.0.9_x64__5grkq8ppsgwt4 [2015-09-05] (LENOVO INC)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2684046251-4145855513-4240160385-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2021-11-04] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => C:\Program Files (x86)\Lenovo\SHAREit\ShellEx\ShellExt64.dll [2014-08-13] (Lenovo) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR 5.21\rarext.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR 5.21\rarext32.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2021-11-04] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers4: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => C:\Program Files (x86)\Lenovo\SHAREit\ShellEx\ShellExt64.dll [2014-08-13] (Lenovo) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-06-12] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-12-29] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2021-11-04] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR 5.21\rarext.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR 5.21\rarext32.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [VIDC.IV41] => C:\Windows\SysWOW64\ir41_32.dll [756736 1997-07-06] (Intel Corporation) [File not signed]
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2020-02-02 13:58 - 2005-04-22 13:36 - 000143360 _____ () [File not signed] C:\WINDOWS\system32\BrSNMP64.dll
2012-12-05 12:29 - 2012-12-05 12:29 - 004883456 _____ (BCGSoft Ltd) [File not signed] C:\Program Files (x86)\Nuance\PaperPort\BCGCBPRO1100u100.dll
2020-02-02 13:58 - 2016-11-01 11:27 - 000090112 _____ (Brother Industries, Ltd.) [File not signed] C:\WINDOWS\system32\BrNetSti.dll
2015-06-23 15:00 - 2015-06-23 15:00 - 000285696 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\PsiData.dll
2015-06-23 15:00 - 2015-06-23 15:00 - 000562688 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll
2015-05-27 04:40 - 2014-08-13 00:32 - 000468480 _____ (Lenovo) [File not signed] C:\Program Files (x86)\Lenovo\SHAREit\ShellEx\ShellExt64.dll
2015-05-27 04:15 - 2015-05-23 08:47 - 001903232 _____ (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\NvStreamSrv\rxinput.dll
2020-05-30 15:04 - 2020-05-30 15:04 - 001638912 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\Vantage\Addins\GenericTelemetryAddin\1.0.0.34\x64\SQLite.Interop.dll
2021-06-04 12:17 - 2020-11-03 04:08 - 000954864 _____ (SQLite Development Team) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\LenovoWiFiSecurityPlugin\x86\x86\e_sqlite3.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-2684046251-4145855513-4240160385-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
HKU\S-1-5-21-2684046251-4145855513-4240160385-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-2684046251-4145855513-4240160385-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
SearchScopes: HKU\S-1-5-21-2684046251-4145855513-4240160385-1001 -> DefaultScope {B9F25DF4-4227-461D-898E-BA786BFDAFD4} URL =
SearchScopes: HKU\S-1-5-21-2684046251-4145855513-4240160385-1001 -> {B9F25DF4-4227-461D-898E-BA786BFDAFD4} URL =
SearchScopes: HKU\S-1-5-21-2684046251-4145855513-4240160385-1001 -> {C08C6E27-2BFC-4965-9044-394C9FE663F1} URL = hxxps://www.google.com/search?q={searchTerms}&s ... utEncoding?}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2020-04-14] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH -> Eyeo GmbH)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2020-04-14] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll [2011-06-30] (Zeon Corporation -> Zeon Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH -> Eyeo GmbH)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-2684046251-4145855513-4240160385-1001\...\sharepoint.com -> hxxps://czuvpraze.sharepoint.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2016-01-12 22:27 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
2016-07-03 10:25 - 2020-01-29 20:37 - 000000503 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Lenovo\FusionEngine;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Lenovo\Motion Control\;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2684046251-4145855513-4240160385-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 172.19.29.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run: => "PhoneCompanion"
HKLM\...\StartupApproved\Run32: => "ISUSPM"
HKLM\...\StartupApproved\Run32: => "ControlCenter4"
HKLM\...\StartupApproved\Run32: => "IndexSearch"
HKLM\...\StartupApproved\Run32: => "PaperPort PTD"
HKLM\...\StartupApproved\Run32: => "BrotherSoftwareUpdateNotification"
HKLM\...\StartupApproved\Run32: => "BrStsMon00"
HKU\S-1-5-21-2684046251-4145855513-4240160385-1001\...\StartupApproved\Run: => "OneDrive"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{4447DF68-CCE0-4BDE-8340-DF9BBF84FD3D}C:\users\marek\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe] => (Block) C:\users\marek\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
FirewallRules: [TCP Query User{D864A3CB-2098-4B1A-9B1D-A8D4CF6C6594}C:\users\marek\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe] => (Block) C:\users\marek\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
FirewallRules: [UDP Query User{1A3D9B70-46A6-447B-A8AE-8A25C650DE2A}C:\program files (x86)\total war - rome 2 - emperor edition\rome2.exe] => (Allow) C:\program files (x86)\total war - rome 2 - emperor edition\rome2.exe => No File
FirewallRules: [TCP Query User{1A272CB2-CF7B-4AFD-98FD-3527FC826C18}C:\program files (x86)\total war - rome 2 - emperor edition\rome2.exe] => (Allow) C:\program files (x86)\total war - rome 2 - emperor edition\rome2.exe => No File
FirewallRules: [UDP Query User{229F963E-3E10-4A8F-9244-193C56715903}C:\users\marek\desktop\diablo\diablo.exe] => (Block) C:\users\marek\desktop\diablo\diablo.exe => No File
FirewallRules: [TCP Query User{92DBA40D-E46F-4159-9F54-8A3A533311B0}C:\users\marek\desktop\diablo\diablo.exe] => (Block) C:\users\marek\desktop\diablo\diablo.exe => No File
FirewallRules: [UDP Query User{CFC80D13-ED51-42FC-A056-81716D79E85A}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe => No File
FirewallRules: [TCP Query User{34E747F9-1337-48B5-8D45-437398576CD1}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe => No File
FirewallRules: [UDP Query User{3402CC95-1C9E-49C7-8E74-8C237A9CA182}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe => No File
FirewallRules: [TCP Query User{B19EB3B7-C988-44F4-8BE4-128787D961E8}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe => No File
FirewallRules: [UDP Query User{A89AED65-1568-4810-88B7-6165A3627737}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.171\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.171\deploy\leagueclient.exe => No File
FirewallRules: [TCP Query User{ED552A77-A21D-4C89-8EC8-A194E9934321}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.171\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.171\deploy\leagueclient.exe => No File
FirewallRules: [UDP Query User{7E0577EC-1D4B-4EE1-B471-A0803E3396A6}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe] => (Block) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe => No File
FirewallRules: [TCP Query User{47033250-E247-46F8-AB45-CC8135556416}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe] => (Block) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe => No File
FirewallRules: [UDP Query User{E5D9D14B-931A-4F58-BDCB-FA977AE7A840}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.169\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.169\deploy\leagueclient.exe => No File
FirewallRules: [TCP Query User{806C9A9F-4AFD-4DC1-8993-5EE283C04E6A}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.169\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.169\deploy\leagueclient.exe => No File
FirewallRules: [UDP Query User{A5169E2D-3A10-43AF-80DF-433C35D70D27}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.168\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.168\deploy\leagueclient.exe => No File
FirewallRules: [TCP Query User{A934827A-A0D6-4584-9B92-CBE4BF50591B}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.168\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.168\deploy\leagueclient.exe => No File
FirewallRules: [UDP Query User{79ECE1F6-411B-4589-9A51-1FF1D71AEEE0}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.167\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.167\deploy\leagueclient.exe => No File
FirewallRules: [TCP Query User{14031D83-F43B-4263-B30A-73C66B43B63B}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.167\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.167\deploy\leagueclient.exe => No File
FirewallRules: [UDP Query User{12EB767A-4793-4669-AAF4-3EFB2B80296A}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.166\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.166\deploy\leagueclient.exe => No File
FirewallRules: [TCP Query User{F3B0B5B0-8BDE-491B-A7C1-C37C8B46A48B}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.166\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.166\deploy\leagueclient.exe => No File
FirewallRules: [UDP Query User{A57DD699-DC7A-4F11-A266-9E9CD77CE594}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.165\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.165\deploy\leagueclient.exe => No File
FirewallRules: [TCP Query User{9E1DA30C-AFEA-4780-BE6F-82D817E65BA8}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.165\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.165\deploy\leagueclient.exe => No File
FirewallRules: [UDP Query User{F6FEE0D6-29B3-4996-9A6F-D694A77FD43C}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.164\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.164\deploy\leagueclient.exe => No File
FirewallRules: [TCP Query User{031C98FD-A5A5-475D-8CBC-486A12013D9B}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.164\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.164\deploy\leagueclient.exe => No File
FirewallRules: [UDP Query User{E2B29210-185E-4798-9F5F-CAD10480FBCF}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe => No File
FirewallRules: [TCP Query User{93EB00F6-9BC1-4924-8C0D-BE111372361F}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe => No File
FirewallRules: [UDP Query User{A992342C-414A-4767-83FA-15FD8D83A93F}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.162\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.162\deploy\leagueclient.exe => No File
FirewallRules: [TCP Query User{00276E73-2362-4098-BA49-429EB71B35BF}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.162\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.162\deploy\leagueclient.exe => No File
FirewallRules: [UDP Query User{4F0523BB-767E-482D-AFC1-201C26214712}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.161\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.161\deploy\leagueclient.exe => No File
FirewallRules: [TCP Query User{728440E3-DC4C-472E-9190-987BC5F7FD80}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.161\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.161\deploy\leagueclient.exe => No File
FirewallRules: [UDP Query User{9A1ABED3-C5A8-4191-B136-D5344896A29F}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.160\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.160\deploy\leagueclient.exe => No File
FirewallRules: [TCP Query User{F745DF28-C523-413E-A8AE-6373858CCEF6}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.160\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.160\deploy\leagueclient.exe => No File
FirewallRules: [UDP Query User{E505D533-283E-4522-96E8-6E88685423CC}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.159\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.159\deploy\leagueclient.exe => No File
FirewallRules: [TCP Query User{ACCFF8A8-73B3-41A0-B7E2-7D492865A4EC}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.159\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.159\deploy\leagueclient.exe => No File
FirewallRules: [UDP Query User{43A3F859-C118-4AF7-B771-0E23A0C24173}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe => No File
FirewallRules: [TCP Query User{CBB4995C-D4DB-4E7F-B8AA-22E594D6A93B}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe => No File
FirewallRules: [UDP Query User{D1FAEDEE-A62C-48AF-9C6B-B1829F1A574E}C:\users\marek\desktop\hry\borderlands\binaries\borderlands.exe] => (Allow) C:\users\marek\desktop\hry\borderlands\binaries\borderlands.exe (Take-Two Interactive Software, Inc.) [File not signed]
FirewallRules: [TCP Query User{411A8172-71E9-4A61-877C-E0ED13D84112}C:\users\marek\desktop\hry\borderlands\binaries\borderlands.exe] => (Allow) C:\users\marek\desktop\hry\borderlands\binaries\borderlands.exe (Take-Two Interactive Software, Inc.) [File not signed]
FirewallRules: [UDP Query User{BF004235-F6A9-41F9-A15B-6E8E65B5029C}C:\users\marek\desktop\hry\borderlands\binaries\borderlands.exe] => (Allow) C:\users\marek\desktop\hry\borderlands\binaries\borderlands.exe (Take-Two Interactive Software, Inc.) [File not signed]
FirewallRules: [TCP Query User{B6C84E86-DA08-4881-9945-1F30135CAFD0}C:\users\marek\desktop\hry\borderlands\binaries\borderlands.exe] => (Allow) C:\users\marek\desktop\hry\borderlands\binaries\borderlands.exe (Take-Two Interactive Software, Inc.) [File not signed]
FirewallRules: [UDP Query User{6360524C-4307-415A-AF8E-D9E9C4B85F4C}C:\users\marek\desktop\hry\warcraft 3\war3.exe] => (Block) C:\users\marek\desktop\hry\warcraft 3\war3.exe (Blizzard Entertainment) [File not signed]
FirewallRules: [TCP Query User{A320301C-30B1-4B09-B9A3-D26C719A8AF3}C:\users\marek\desktop\hry\warcraft 3\war3.exe] => (Block) C:\users\marek\desktop\hry\warcraft 3\war3.exe (Blizzard Entertainment) [File not signed]
FirewallRules: [UDP Query User{A90F764A-1CF2-4B8F-97F4-42593DC5A871}C:\program files (x86)\age of empires\age of empires + rise of rome expansion\empiresx.exe] => (Block) C:\program files (x86)\age of empires\age of empires + rise of rome expansion\empiresx.exe (Microsoft Corporation) [File not signed]
FirewallRules: [TCP Query User{75D49363-9EDC-4B0C-BD0D-7A5625AE7747}C:\program files (x86)\age of empires\age of empires + rise of rome expansion\empiresx.exe] => (Block) C:\program files (x86)\age of empires\age of empires + rise of rome expansion\empiresx.exe (Microsoft Corporation) [File not signed]
FirewallRules: [UDP Query User{68334CD7-20E9-491C-92A3-F324F8F76AFC}C:\users\marek\desktop\age of empires + rise of rome expansion\empires.exe] => (Block) C:\users\marek\desktop\age of empires + rise of rome expansion\empires.exe => No File
FirewallRules: [TCP Query User{F8D841B9-1E4B-45E3-89FD-703818011127}C:\users\marek\desktop\age of empires + rise of rome expansion\empires.exe] => (Block) C:\users\marek\desktop\age of empires + rise of rome expansion\empires.exe => No File
FirewallRules: [{507DE25D-94F9-474F-AE08-CDC6896BEE75}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A5D08D2C-1AAF-4BC8-B5ED-8564A40BA6A6}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C3DF8874-B7F4-45B0-8364-D54F7BF9F574}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EA86995B-F12A-4481-93FE-388C077286FA}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{83E588AC-1A0D-4A59-B250-072E5B285794}C:\users\marek\desktop\warcraft 3\war3.exe] => (Allow) C:\users\marek\desktop\warcraft 3\war3.exe => No File
FirewallRules: [TCP Query User{1EA0A7D7-5EF0-497B-8018-0788AE87155D}C:\users\marek\desktop\warcraft 3\war3.exe] => (Allow) C:\users\marek\desktop\warcraft 3\war3.exe => No File
FirewallRules: [UDP Query User{A3129948-CA15-4FAF-B5FE-89FF8A785E4E}C:\users\marek\desktop\warcraft 3\war3.exe] => (Block) C:\users\marek\desktop\warcraft 3\war3.exe => No File
FirewallRules: [TCP Query User{B3D22B17-35B4-4726-9B69-15F03A0F2F5A}C:\users\marek\desktop\warcraft 3\war3.exe] => (Block) C:\users\marek\desktop\warcraft 3\war3.exe => No File
FirewallRules: [{1847D6ED-B0B4-41CE-89F4-B628B155BB27}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{16C81C94-BC48-48B8-814A-FE04FABDD765}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B56D0460-31B9-418C-854B-9D8E6F825616}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9E63AB6E-38FA-46B3-8B24-91ED9F81F90F}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{284CFEB7-8B13-45A1-AD6F-6E6A990BDA62}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E6B926BE-A7CB-48FD-A231-9469107F23B8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3D41A4B0-8848-4EA7-A697-A6E649EA37EA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3151A61E-7496-4245-9CDC-9185F125CE61}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{08E7120D-0907-477B-9609-623CBDE555EC}] => (Allow) C:\Program Files\Lenovo PhotoMasterImport\PhotoMasterImport.exe (Lenovo (Beijing) Limited -> Lenovo)
FirewallRules: [{6EEFE0DE-9A57-4BE2-9771-BAEB6FFFC32D}] => (Allow) LPort=55100
FirewallRules: [{76185744-3FE2-4D71-9ED8-C2A17ECD46AB}] => (Allow) C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe (Lenovo -> )
FirewallRules: [{EAD4BF15-9E94-49E5-B3FE-B31B56C25DB3}] => (Allow) C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe (Lenovo -> )
FirewallRules: [{1597762B-05F0-4587-A0BB-7D2A1A1B6D43}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe (LENOVO -> Lenovo)
FirewallRules: [{67163B54-CB5C-4043-98E9-77829A882A67}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe (LENOVO -> Lenovo)
FirewallRules: [{516B56DC-AFF0-4AC3-B06F-935630602FC5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{D020D3A9-E243-49F5-9743-35EBD911DD4F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{FB26CB9C-DFAD-4685-B84C-BC18DA2866B6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe => No File
FirewallRules: [{1B35E1BE-2BA4-4D75-8EDC-51E183FA016D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe => No File
FirewallRules: [{C5C598A6-4A69-4838-A59E-73868EC7EFF4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F37F955D-E119-4AAD-9A47-E6AC3F104A0F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{6EB8B282-167C-46F5-BF97-4339B27F2B4D}C:\program files (x86)\borderlands game of the year edition\binaries\borderlands.exe] => (Block) C:\program files (x86)\borderlands game of the year edition\binaries\borderlands.exe => No File
FirewallRules: [UDP Query User{BFB5D697-626A-44E5-8EF7-D09ECCF07710}C:\program files (x86)\borderlands game of the year edition\binaries\borderlands.exe] => (Block) C:\program files (x86)\borderlands game of the year edition\binaries\borderlands.exe => No File
FirewallRules: [TCP Query User{0E610789-C149-4855-B6CD-39A2BE0EB36F}C:\users\marek\desktop\borderlands\binaries\borderlands.exe] => (Block) C:\users\marek\desktop\borderlands\binaries\borderlands.exe => No File
FirewallRules: [UDP Query User{E8A4A5D0-2B0F-400D-9FE3-CF3D8635D4A6}C:\users\marek\desktop\borderlands\binaries\borderlands.exe] => (Block) C:\users\marek\desktop\borderlands\binaries\borderlands.exe => No File
FirewallRules: [TCP Query User{A9AB2BCA-CDE0-4907-B09F-BAEDE9467AD1}C:\users\marek\desktop\borderlands\binaries\borderlands.exe] => (Block) C:\users\marek\desktop\borderlands\binaries\borderlands.exe => No File
FirewallRules: [UDP Query User{60395623-C28F-4101-AE49-89E260F6C5BC}C:\users\marek\desktop\borderlands\binaries\borderlands.exe] => (Block) C:\users\marek\desktop\borderlands\binaries\borderlands.exe => No File
FirewallRules: [{4777E459-FEDE-43B2-B1A2-607E619D6C31}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{29C00148-A2F5-4623-9DB4-831FEA4CCD3F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{ACF21724-6CB8-408F-A8AF-4995D159D18E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{E1ABA894-8DA1-42C4-941C-64B92DE3CBCE}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{B28519FE-2829-4ABB-96C8-D619D7033EE1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Icewind Dale Enhanced Edition\icewind.exe => No File
FirewallRules: [{AE02DD2B-8791-4B8A-B3C4-FD4734AAB378}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Icewind Dale Enhanced Edition\icewind.exe => No File
FirewallRules: [TCP Query User{71457C53-730F-4C1D-BAD1-51034F373A52}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{6C4965BA-E6E4-4D79-AB43-25D3A4FD55FB}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{6EBCC2BA-F0BA-4A31-91FF-D822398ED0CB}C:\program files (x86)\age of empires complete\empiresx.exe] => (Block) C:\program files (x86)\age of empires complete\empiresx.exe (Microsoft Corporation) [File not signed]
FirewallRules: [UDP Query User{1FB48175-808C-42B5-9DA6-82AF0DF72461}C:\program files (x86)\age of empires complete\empiresx.exe] => (Block) C:\program files (x86)\age of empires complete\empiresx.exe (Microsoft Corporation) [File not signed]
FirewallRules: [TCP Query User{23B176AD-B481-4CAF-BD8E-FA7105338D66}C:\program files (x86)\kingdom come deliverance\bin\win64\kingdomcome.exe] => (Allow) C:\program files (x86)\kingdom come deliverance\bin\win64\kingdomcome.exe => No File
FirewallRules: [UDP Query User{C2AAF259-27FD-4039-A84E-E5870E5D5AB8}C:\program files (x86)\kingdom come deliverance\bin\win64\kingdomcome.exe] => (Allow) C:\program files (x86)\kingdom come deliverance\bin\win64\kingdomcome.exe => No File
FirewallRules: [TCP Query User{D3E5885F-6168-488D-8113-FFBC75D92561}C:\program files (x86)\kingdom come deliverance\bin\win64\kingdomcome.exe] => (Allow) C:\program files (x86)\kingdom come deliverance\bin\win64\kingdomcome.exe => No File
FirewallRules: [UDP Query User{7EE43458-EA33-4163-9828-22AE230C10EC}C:\program files (x86)\kingdom come deliverance\bin\win64\kingdomcome.exe] => (Allow) C:\program files (x86)\kingdom come deliverance\bin\win64\kingdomcome.exe => No File
FirewallRules: [TCP Query User{55D7947D-531D-4A0C-8071-9BAAA49A8033}C:\program files (x86)\microsoft\skype for desktop\skype.exe] => (Allow) C:\program files (x86)\microsoft\skype for desktop\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{EEE49C5A-0CC3-4DA1-8D44-69126DC374D3}C:\program files (x86)\microsoft\skype for desktop\skype.exe] => (Allow) C:\program files (x86)\microsoft\skype for desktop\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{F27E1D22-7D4A-4F70-A845-B7D6042967D6}C:\program files (x86)\battle for wesnoth 1.14.9\wesnothd.exe] => (Allow) C:\program files (x86)\battle for wesnoth 1.14.9\wesnothd.exe (The Battle for Wesnoth Project) [File not signed]
FirewallRules: [UDP Query User{92EDCB67-42A2-4759-A49D-8B8D168CBF54}C:\program files (x86)\battle for wesnoth 1.14.9\wesnothd.exe] => (Allow) C:\program files (x86)\battle for wesnoth 1.14.9\wesnothd.exe (The Battle for Wesnoth Project) [File not signed]
FirewallRules: [{96C3AA44-995E-43B1-98C5-FDFEA1FC2D73}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cryptic Studios\Neverwinter.exe => No File
FirewallRules: [{D5D5C2D6-D2CE-4869-8FEE-C27D534DB161}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cryptic Studios\Neverwinter.exe => No File
FirewallRules: [TCP Query User{8FB7B2DD-02DA-4315-8E0E-8DE42F1C978B}C:\program files (x86)\steam\steamapps\common\cryptic studios\neverwinter\live\x64\gameclient.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cryptic studios\neverwinter\live\x64\gameclient.exe => No File
FirewallRules: [UDP Query User{12714F8C-2983-479D-8219-1C86A998EADC}C:\program files (x86)\steam\steamapps\common\cryptic studios\neverwinter\live\x64\gameclient.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cryptic studios\neverwinter\live\x64\gameclient.exe => No File
FirewallRules: [{3E108696-64CF-45DB-A879-98148AA2567D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD18\PowerDVD.exe => No File
FirewallRules: [{99B51080-5225-47DF-8773-90771F3D3DF1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD18\Kernel\DMS\CLMSServerPDVD18.exe => No File
FirewallRules: [{809B4D6B-4F4D-4648-9782-9911E33D0153}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD18\PowerDVD18Agent.exe => No File
FirewallRules: [{FB6EAD2A-4D29-465A-9939-19CF2D077D4C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD18\Movie\PowerDVDMovie.exe => No File
FirewallRules: [{26E40E94-A96A-4EE2-8514-AA8B0F605DD4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD18\CastingStation.exe => No File
FirewallRules: [{BFA311A5-366A-4847-AC44-16E7638036C8}] => (Allow) LPort=54925
FirewallRules: [{2A7FAF82-B3DB-4280-9EA7-55BE645BC198}] => (Allow) F:\Install\wlan_wiz\.\wlan_assistant\waw.exe => No File
FirewallRules: [{9A4A33D5-D2AA-4DDA-8012-C8A7D6B453BE}] => (Allow) LPort=54950
FirewallRules: [{EC380AF6-1A01-41F1-B35A-12C13515493D}] => (Allow) LPort=54955
FirewallRules: [{AF07BD28-352A-4068-BDCC-DEF3674DDD88}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{655041B2-7FA1-45A2-9D86-3C4E6188B6D0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [TCP Query User{FDE97D37-3E3F-422C-A06B-0B388B3D21C9}C:\program files (x86)\age of empires\empires.exe] => (Block) C:\program files (x86)\age of empires\empires.exe (Microsoft Corporation) [File not signed]
FirewallRules: [UDP Query User{568A2FB2-BF78-432A-8155-402C33629B43}C:\program files (x86)\age of empires\empires.exe] => (Block) C:\program files (x86)\age of empires\empires.exe (Microsoft Corporation) [File not signed]
FirewallRules: [TCP Query User{31444480-A3B5-4BA1-94A5-E27E18D71CFC}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe => No File
FirewallRules: [UDP Query User{420E8ACA-A854-461F-855B-251691A9863F}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe => No File
FirewallRules: [TCP Query User{EB87F90B-8F1F-4702-AB2B-3960F4E67064}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{359DDCFC-52D3-470E-905B-C21668363BDB}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{6331E2DD-3B4F-44E6-9F14-612354334F78}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{025B7531-E610-48CB-B5BC-28F09F928925}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{11293C5D-184B-459F-A1E9-314C735B4C85}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{422E03E9-B1B3-4C90-905C-F7FCA2433A9D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{045498CD-6DEF-4C07-95A0-7B14FA208381}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9EFF06FC-083A-405A-9547-2858D4654B7F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D2A751D2-DBB2-4C44-B10B-AEB07DA1624D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
==================== Restore Points =========================
21-10-2021 14:54:47 Naplánovaný kontrolní bod
30-10-2021 14:55:02 Naplánovaný kontrolní bod
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (11/07/2021 07:25:09 AM) (Source: Microsoft Security Client) (EventID: 3002) (User: )
Description: Event-ID 3002
Error: (11/07/2021 07:25:09 AM) (Source: Microsoft Security Client) (EventID: 2002) (User: )
Description: Event-ID 2002
Error: (11/07/2021 07:25:09 AM) (Source: Microsoft Security Client) (EventID: 2003) (User: )
Description: Event-ID 2003
Error: (11/07/2021 06:12:12 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (11/06/2021 07:18:29 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (11/05/2021 01:56:01 PM) (Source: SecurityCenter) (EventID: 18) (User: )
Description: Službě Centrum zabezpečení Windows se nepodařilo načíst instance objektu FirewallProduct z úložiště dat.
Error: (11/05/2021 01:54:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: PG_Service_Launcher.exe, verze: 2.5.1.5858, časové razítko: 0x5385af26
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0145b320
ID chybujícího procesu: 0x1154
Čas spuštění chybující aplikace: 0x01d7d24330fc12f5
Cesta k chybující aplikaci: C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: b08d6e74-b7fd-49e0-90df-9ce39c477268
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (11/05/2021 01:47:19 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Start Broadcast Receiver Server...
System errors:
=============
Error: (11/07/2021 01:12:58 PM) (Source: DCOM) (EventID: 10010) (User: MAREKT-NB-10)
Description: Server {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C} se v daném časovém limitu neregistroval u služby DCOM.
Error: (11/07/2021 12:11:18 PM) (Source: DCOM) (EventID: 10010) (User: MAREKT-NB-10)
Description: Server {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C} se v daném časovém limitu neregistroval u služby DCOM.
Error: (11/07/2021 12:10:48 PM) (Source: DCOM) (EventID: 10010) (User: MAREKT-NB-10)
Description: Server {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C} se v daném časovém limitu neregistroval u služby DCOM.
Error: (11/07/2021 12:10:18 PM) (Source: DCOM) (EventID: 10010) (User: MAREKT-NB-10)
Description: Server {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C} se v daném časovém limitu neregistroval u služby DCOM.
Error: (11/07/2021 12:09:48 PM) (Source: DCOM) (EventID: 10010) (User: MAREKT-NB-10)
Description: Server {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C} se v daném časovém limitu neregistroval u služby DCOM.
Error: (11/07/2021 12:09:17 PM) (Source: DCOM) (EventID: 10010) (User: MAREKT-NB-10)
Description: Server {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C} se v daném časovém limitu neregistroval u služby DCOM.
Error: (11/07/2021 12:08:47 PM) (Source: DCOM) (EventID: 10010) (User: MAREKT-NB-10)
Description: Server {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C} se v daném časovém limitu neregistroval u služby DCOM.
Error: (11/06/2021 02:54:55 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {F3B4E234-7A68-4E43-B813-E4BA55A065F6} se v daném časovém limitu neregistroval u služby DCOM.
Windows Defender:
================
Date: 2020-12-16 02:35:19
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {93801337-D2A0-4B36-B276-0A44A18FEA58}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2020-12-15 02:35:19
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {EC298179-0916-4E65-96A2-4527C166B14C}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2020-12-14 22:00:50
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/Gamehack.F!MSR
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_F:\CRACK\steam_api.dll
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: MarekT-NB-10\Marek
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.329.391.0, AS: 1.329.391.0, NIS: 1.329.391.0
Verze modulu: AM: 1.1.17700.4, NIS: 1.1.17700.4
Date: 2020-12-14 21:59:29
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/Gamehack.F!MSR
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_F:\CRACK\steam_api.dll
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: MarekT-NB-10\Marek
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.329.391.0, AS: 1.329.391.0, NIS: 1.329.391.0
Verze modulu: AM: 1.1.17700.4, NIS: 1.1.17700.4
Date: 2020-12-14 21:59:22
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/Gamehack.F!MSR
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_F:\CRACK\steam_api.dll
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: MarekT-NB-10\Marek
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.329.391.0, AS: 1.329.391.0, NIS: 1.329.391.0
Verze modulu: AM: 1.1.17700.4, NIS: 1.1.17700.4
CodeIntegrity:
===============
Date: 2021-11-07 11:18:13
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\ESET\ESET NOD32 Antivirus\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
dnes ráno 7. 11. 21 jsem zjistil v mailu, že mi někdo ukradl účet na Steam (z Ruska z Moskvy) a že se mu podařilo změnit emailovou adresu na svojí ruskou, na což využil potvrzovací kody, které přišli na můj email. Nevím, zda se tedy nedostal i do emailové schránky. Změnil jsem si heslo - v mailu jsem nezaznamenal žádnou škodu a od Steamu získal účet zpět. Ale zřejmě mám zavirovaný počítač. Při vypnutí a zapnutí počítače se mi po naběhnutí systému automaticky otevře firefox a tam je otevřená nějaká stránka s adfly giftkeys ke steamu. Nejde mi to zrušit. Posílám FRST log i addition.txt.
Můžete mi poradit, jak se toho zbavit?
Děkuji.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-11-2021
Ran by Marek (administrator) on MAREKT-NB-10 (LENOVO 80FL) (07-11-2021 13:18:16)
Running from C:\Users\Marek\Downloads
Loaded Profiles: Marek
: Microsoft Windows 10 Home Version 20H2 19042.1320 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Windows\SysWOW64\UMonit64.exe
(ADLICE (ASCOET JULIEN) -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
(ADLICE (ASCOET JULIEN) -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\eguiProxy.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Fortemedia Inc. -> ) C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(Hitachi-LG Data Storage Korea, Inc. -> Hitachi-LG Data Storage, Inc.) C:\Program Files (x86)\ODD Auto Firmware Update\ODDFWUpdate.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation - Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation - Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Lenovo (Beijing) Limited -> ) C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
(Lenovo (Beijing) Limited -> ) C:\Program Files (x86)\Lenovo\CCSDK\WinGather.exe
(Lenovo (Beijing) Limited -> ) C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
(Lenovo (Beijing) Limited -> ) C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
(Lenovo (Beijing) Limited -> Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo (Beijing) Limited -> Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Lenovo (Beijing) Limited -> Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Lenovo (Beijing) Limited -> Lenovo) C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
(Lenovo (Beijing) Limited -> Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
(Lenovo -> ) C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\Lenovo.Vantage.AddinHost.Amd64.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\Lenovo.Vantage.AddinHost.exe <4>
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\Lenovo.Vantage.AddinHost.x86.exe <2>
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\LenovoVantageService.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe <2>
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe <2>
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft) [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe
(Microsoft) [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <9>
(Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 7\PdfPro7Hook.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PointGrab Ltd -> PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe
(PointGrab Ltd -> PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
(PointGrab Ltd -> PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\WebcamSplitterServer.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <3>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp -> Realtek semiconductor) C:\Windows\RTFTrack.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14049536 2015-09-05] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1403136 2015-09-05] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1403136 2015-09-05] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1403136 2015-09-05] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3742112 2015-09-05] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [9308416 2015-09-05] (Realtek Semiconductor Corp -> Realtek semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-05-23] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\nvspcap64.dll [1571696 2015-05-23] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed]
HKLM\...\Run: [AutoStartTransition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe [294672 2015-05-27] (Lenovo (Beijing) Limited -> )
HKLM\...\Run: [PhoneCompanion] => C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [802800 2015-05-27] (Lenovo (Beijing) Limited -> Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16094704 2015-05-27] (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [10841584 2015-05-27] (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation - Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\ecmdS.exe [167496 2021-11-04] (ESET, spol. s r.o. -> ESET)
HKLM-x32\...\Run: [M17A] => C:\WINDOWS\twain_32\Brimm17a\Common\TwDsUiLaunch.exe [77312 2017-10-19] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [146584 2017-11-07] (Brother Industries, Ltd. -> Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2976256 2018-01-19] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrotherSoftwareUpdateNotification] => C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe [3581952 2017-04-05] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2075480 2013-06-24] (Flexera Software LLC -> Flexera Software LLC.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [35648 2015-01-19] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [17600 2015-01-19] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFProHook] => C:\Program Files (x86)\Nuance\PDF Professional 7\pdfpro7hook.exe [641864 2013-03-20] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKU\S-1-5-21-2684046251-4145855513-4240160385-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Marek\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-2684046251-4145855513-4240160385-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Marek\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-2684046251-4145855513-4240160385-1001\...\RunOnce: [Uninstall 21.205.1003.0003] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Marek\AppData\Local\Microsoft\OneDrive\21.205.1003.0003" (No File)
HKLM\...\Windows x64\Print Processors\Canon MP495 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDA9.DLL [28672 2010-08-25] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\95.0.4638.69\Installer\chrmstp.exe [2021-11-03] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\update.bat [2018-07-16] () [File not signed] <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0601A6ED-EDDA-4CF9-8124-274D798BC8EF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {0FFEA2BE-E887-48F2-8EBE-DDD27CFE50E4} - System32\Tasks\{E2CFC71A-2B11-4079-B5A4-24358042554A} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\League of Legends\lol.launcher.exe" -d "C:\Program Files (x86)\League of Legends"
Task: {1475CCE5-BD80-4DFF-8EAC-75FF4914DABA} - System32\Tasks\Mozilla\Firefox Background Update E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {1B994581-33B4-43DA-AFE4-83B942E014C0} - System32\Tasks\{F7528021-3A2F-49B0-AE35-D11AA0BB7D22} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files\SAW The Videogame\SAW\Binaries\SawGame.exe" -d "C:\Program Files\SAW The Videogame\SAW\Binaries"
Task: {1CD06D4D-948D-487F-9FE8-622105B12A67} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\3b94edcc-f997-4e6f-8cef-67534a5aee38 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81896 2021-08-12] (Lenovo -> Lenovo Group Ltd.)
Task: {20329F30-37DF-492A-9D4B-F98DB4624D7F} - System32\Tasks\{C41D60FD-0900-4123-B319-03A19365AD49} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\League of Legends\lol.launcher.exe" -d "C:\Program Files (x86)\League of Legends"
Task: {278B4BB7-1124-4B56-9559-8CB3A9EDA845} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.6.15.0\ScheduleEventAction.exe
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {380EA202-3F23-449A-8AD3-6D959A836A1E} - System32\Tasks\{49285EA4-A02A-4098-92FF-9B423F6C1703} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\League of Legends\lol.launcher.exe" -d "C:\Program Files (x86)\League of Legends"
Task: {434FA76C-13D0-4FF6-B92C-095F498A5C69} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [62440 2021-08-12] (Lenovo -> Lenovo Group Ltd.)
Task: {4C231F88-F5F7-4F20-BBB5-098444C02DA0} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe
Task: {4F69ACBE-545F-4018-836C-F0695C5B9356} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe [1504312 2020-12-09] (Adobe Inc. -> Adobe)
Task: {518BC710-8AE3-48DC-9426-C369D961A582} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1626328 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {58FAE937-321E-42B3-85DE-74F4244DC95E} - System32\Tasks\{56C02415-9661-4FE2-B491-C54C347FE84D} => C:\WINDOWS\system32\pcalua.exe -a E:\World_of_Warcraft_Cataclysm_4.3.4_for_Posterus.CZ\Wow.exe -d E:\World_of_Warcraft_Cataclysm_4.3.4_for_Posterus.CZ
Task: {5FBC6450-95DC-46EE-AF0A-1A7820B80FB8} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\ScheduleEventAction.exe [26656 2021-09-16] (Lenovo -> Lenovo Group Ltd.)
Task: {608652EA-A968-43AC-B81A-BC4370C17D26} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {610ED7A1-7FFF-4453-AE20-9B8F81424CDD} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {683A578F-FA3F-47B3-9838-0C81F76FFC48} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\d0978f01-db1c-496d-859a-555708e4b7dc => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81896 2021-08-12] (Lenovo -> Lenovo Group Ltd.)
Task: {69A9457A-50F6-41A0-A80C-5CA4097F020F} - System32\Tasks\{B11BA862-BEF3-40A1-A583-6FAD83A64FAF} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\League of Legends\lol.launcher.exe" -d "C:\Program Files (x86)\League of Legends"
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {6E50637D-B755-4021-BA9C-809D8AEBEE30} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\7cbb489a-3101-4b43-9389-9c077df0ef89 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81896 2021-08-12] (Lenovo -> Lenovo Group Ltd.)
Task: {702A151C-37F4-4E45-AA71-3E6B7A561F9A} - System32\Tasks\{16EF1DEC-3104-4E16-A536-D75E518F77FE} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\League of Legends\lol.launcher.exe" -d "C:\Program Files (x86)\League of Legends\"
Task: {72F98CFF-2723-4CF4-A70D-9BA311BA8F90} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\ScheduleEventAction.exe [26656 2021-09-16] (Lenovo -> Lenovo Group Ltd.)
Task: {78E580C2-A3C0-4843-BF83-7EC55DDD252A} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {858B6555-5F7D-4BBF-A0C1-3B2DCAA74780} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {87FCC10D-E0AF-4F51-BF91-8C985E3FBCF7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {8C726285-38F4-4211-A544-F69A285F439F} - System32\Tasks\{BE9F87BC-A384-4067-917D-744017675B95} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Marek\Desktop\Mafia\Setup.exe -d C:\Users\Marek\Desktop\Mafia
Task: {8DD3CB3F-8470-435B-A1CD-A9D6CD2BD438} - System32\Tasks\Microsoft\Windows\rempl\shell => C:\Program Files\rempl\sedlauncher.exe
Task: {940F552B-0672-4F2D-ABB0-5E052843833D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {95072E47-7324-48DD-B24A-5B5BF9E3EB7B} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\faf2a571-567b-4d3c-8559-7efc2c3cb213 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81896 2021-08-12] (Lenovo -> Lenovo Group Ltd.)
Task: {956C7486-E291-4950-8C13-C67BC24A337F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-29] (Google LLC -> Google LLC)
Task: {98CFDD2F-3524-4645-BB22-522ECCCDF219} - System32\Tasks\{59E9C808-8E28-466D-82BD-539E729093D2} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\League of Legends\lol.launcher.exe" -d "C:\Program Files (x86)\League of Legends"
Task: {9B1B8552-363A-473B-9C52-71BB995C365A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {AB64391F-1112-46BF-A7EC-27F7366CFFA6} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [145480 2021-09-09] (Lenovo -> Lenovo Group Ltd.)
Task: {B56CBD0E-A9A8-41F1-AD88-76549B380591} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [233760 2013-03-07] (Intel® Services Manager -> Intel Corporation)
Task: {B64E5ABF-3618-4E9A-9C9A-3C25860DA7BA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-29] (Google LLC -> Google LLC)
Task: {B8305AA3-A623-42A8-ABC1-A2085DF5E8BD} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {BA5577D1-5B05-4BF3-AF75-66DA2822CB5A} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [682936 2021-11-04] (Mozilla Corporation -> Mozilla Foundation)
Task: {C20349F8-45CE-4B2A-91F6-1C029A40BF1A} - System32\Tasks\{542BEC95-696A-4A26-AA7E-DEC096F87E06} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Marek\Downloads\World_of_Warcraft_Cataclysm_4.3.4_for_Posterus.CZ\World_of_Warcraft_Cataclysm_4.3.4_for_Posterus.CZ\Wow.exe -d C:\Users\Marek\Downloads\World_of_Warcraft_Cataclysm_4.3.4_for_Posterus.CZ\World_of_Warcraft_Cataclysm_4.3.4_for_Posterus.CZ
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {D185A0FE-55E9-416F-8FDF-445C97FC894F} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [17152 2014-11-21] (LENOVO -> Lenovo)
Task: {D5F4FADA-1C98-452D-9BD9-F2C25BBA8A72} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-09] (Adobe Inc. -> Adobe)
Task: {DB0ED372-61EC-4F30-B38A-A02E13F3B8F7} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\db6d80d9-2d72-48a7-adf9-78f2422c072e => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81896 2021-08-12] (Lenovo -> Lenovo Group Ltd.)
Task: {DBF4112F-5DD1-4BEB-8C4F-2ABC443342A6} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {E2312B4D-D16D-436C-8BB8-8C20E8D8DFE0} - System32\Tasks\ODDAutoFirmwareUpdate => C:\Program Files (x86)\ODD Auto Firmware Update\ODDFWUpdate.exe [1260880 2020-02-13] (Hitachi-LG Data Storage Korea, Inc. -> Hitachi-LG Data Storage, Inc.)
Task: {E2FFA19B-DC52-45A8-A663-C36EEF6ED245} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [233760 2013-03-07] (Intel® Services Manager -> Intel Corporation)
Task: {E580501F-9E33-496F-98DE-AFF36FADFD8D} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [17184 2014-09-10] (LENOVO -> Lenovo)
Task: {EACF5EFE-D09D-4ACE-BD5A-4B2A1B2B0CF4} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService
Task: {EBEA95A7-FA39-41EB-B8FC-66E8AFDC00D0} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {EC5EF385-E991-46C6-BCFD-726844572BC0} - System32\Tasks\UMonitor Task => C:\windows\SysWOW64\UMonit64.exe [53248 2014-02-26] () [File not signed]
Task: {EF90EAFA-90E1-488F-B5F0-D4D072CBD59D} - System32\Tasks\{A544E525-BFF8-4517-954A-B8828A3ABF58} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\League of Legends\lol.launcher.exe" -d "C:\Program Files (x86)\League of Legends"
Task: {F54C5141-D182-4B82-B3B7-D4CA59C28B6F} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\ScheduleEventAction.exe [26656 2021-09-16] (Lenovo -> Lenovo Group Ltd.)
Task: {F9138DB2-E377-43AE-8F5D-861035E8F6F8} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 172.19.29.1 0.0.0.0
Tcpip\..\Interfaces\{06b16624-4a5d-4d15-be3c-2dc78a736983}: [DhcpNameServer] 172.19.29.1 0.0.0.0
Tcpip\..\Interfaces\{a5d792e1-4cd8-4d71-a9bf-6d3310a01121}: [NameServer] 217.77.165.81,217.77.165.211
Edge:
=======
DownloadDir: C:\Users\Marek\Downloads
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Marek\AppData\Local\Microsoft\Edge\User Data\Default [2021-10-16]
FireFox:
========
FF DefaultProfile: ud2ucm8s.default-1520284576366
FF ProfilePath: C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\ud2ucm8s.default-1520284576366 [2021-11-07]
FF Homepage: Mozilla\Firefox\Profiles\ud2ucm8s.default-1520284576366 -> www.seznam.cz/
FF Extension: (No Name) - C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\ud2ucm8s.default-1520284576366\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2021-09-01]
FF Extension: (Greasemonkey) - C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\ud2ucm8s.default-1520284576366\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2021-01-28]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_465.dll [2020-12-09] (Adobe Inc. -> )
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_465.dll [2020-12-09] (Adobe Inc. -> )
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Professional 7\bin\nppdf.dll [2011-07-15] (Zeon Corporation -> Zeon Corporation)
FF Plugin HKU\S-1-5-21-2684046251-4145855513-4240160385-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\eset_security_config_overlay.js [2021-11-07]
Chrome:
=======
CHR Profile: C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default [2021-11-05]
CHR Extension: (Beyond 20) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnblbpbepfbfmoobegdogkglpbhcjofh [2021-10-22]
CHR Extension: (Skype) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2021-01-29]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-09] (Adobe Inc. -> Adobe)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [314368 2018-01-18] (Brother Industries, Ltd.) [File not signed]
R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [592880 2014-07-10] (Lenovo (Beijing) Limited -> )
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [3139904 2021-11-04] (ESET, spol. s r.o. -> ESET)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81896 2021-08-12] (Lenovo -> Lenovo Group Ltd.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [561408 2014-09-23] (LENOVO -> Lenovo)
R2 LenovoPAWDService; C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe [133440 2015-05-27] (Lenovo -> )
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\LenovoVantageService.exe [31248 2021-09-16] (Lenovo -> Lenovo Group Ltd.)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2015-05-27] (Lenovo (Beijing) Limited -> Lenovo(beijing) Limited)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [77336 2015-01-19] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [167176 2014-05-28] (PointGrab Ltd -> PointGrab LTD)
R2 PG_Service_Launcher; C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe [515336 2014-05-28] (PointGrab Ltd -> PointGrab LTD)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [321520 2015-05-27] (Lenovo (Beijing) Limited -> Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [338416 2015-05-27] (Lenovo (Beijing) Limited -> Lenovo)
R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [14204760 2021-11-03] (ADLICE (ASCOET JULIEN) -> )
S3 TESHelper; c:\Program Files\Common Files\Lenovo\Magic Transfer\x64\MagicTransferTESHelper.exe [104696 2015-05-27] (Lenovo -> Lenovo)
R2 USBAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe [12288 2019-08-09] (Microsoft) [File not signed]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WorkflowAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe [20480 2019-08-09] (Microsoft) [File not signed]
R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [33040 2015-05-27] (Lenovo (Beijing) Limited -> Lenovo)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [284672 2021-04-14] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [183408 2021-11-04] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [124496 2021-11-04] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15824 2021-03-15] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [201984 2021-11-04] (ESET, spol. s r.o. -> ESET)
S4 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [43720 2020-11-15] (ESET, spol. s r.o. -> ESET)
S4 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [70048 2020-11-15] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [107456 2021-11-04] (ESET, spol. s r.o. -> ESET)
S3 GeneStor; C:\WINDOWS\System32\drivers\GeneStor.sys [111336 2014-04-17] (GENESYS LOGIC, INC. -> GenesysLogic)
R3 KMDFVirtualKbd; C:\WINDOWS\System32\drivers\KMDFVirtualKbd.sys [22264 2014-08-04] (Lenovo (Beijing) Limited -> )
R3 KMDFVirtualMouse; C:\WINDOWS\System32\drivers\KMDFVirtualMouse.sys [21240 2014-08-04] (Lenovo (Beijing) Limited -> )
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [80160 2015-02-13] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, Inc.)
U3 RkFlt; C:\Windows\System32\drivers\rkflt.sys [42056 2021-11-07] (Adlice -> )
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [38032 2021-11-07] (Adlice -> )
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2020-12-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [429296 2020-12-06] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-06] (Microsoft Windows -> Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] (CyberLink -> "CyberLink)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Three months (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-11-07 13:18 - 2021-11-07 13:37 - 000036827 _____ C:\Users\Marek\Downloads\FRST.txt
2021-11-07 13:15 - 2021-11-07 13:29 - 000000000 ____D C:\FRST
2021-11-07 13:11 - 2021-11-07 13:11 - 002312192 _____ (Farbar) C:\Users\Marek\Downloads\FRST64.exe
2021-11-07 12:18 - 2021-11-07 12:18 - 000042056 _____ C:\WINDOWS\system32\Drivers\rkflt.sys
2021-11-07 12:17 - 2021-11-07 12:17 - 000038032 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2021-11-07 12:17 - 2021-11-07 12:17 - 000000910 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2021-11-07 12:16 - 2021-11-07 12:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2021-11-07 12:16 - 2021-11-07 12:17 - 000000000 ____D C:\Program Files\RogueKiller
2021-11-07 12:05 - 2021-11-07 12:17 - 000000000 ____D C:\ProgramData\RogueKiller
2021-11-07 11:54 - 2021-11-07 11:54 - 041659160 _____ (Adlice Software ) C:\Users\Marek\Downloads\RogueKiller_setup.exe
2021-11-06 10:44 - 2021-11-06 10:44 - 000174446 _____ C:\Users\Marek\Downloads\Dluhopisy_Emisni-podminky_2021-09-15_proti-inflacni-dluhopis.pdf
2021-11-04 15:20 - 2021-11-05 13:46 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2021-10-30 18:00 - 2021-10-30 18:00 - 000011361 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-10-30 17:10 - 2021-10-30 17:10 - 000000000 ___HD C:\$WinREAgent
2021-10-30 17:01 - 2021-10-30 17:01 - 000001993 _____ C:\Users\Marek\Desktop\PC Health Check.lnk
2021-10-30 17:00 - 2021-10-30 17:01 - 000000000 ___RD C:\Users\Marek\AppData\Local\PCHealthCheck
2021-10-30 17:00 - 2021-10-30 17:00 - 000001403 _____ C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2021-10-30 16:58 - 2021-10-30 16:58 - 014221312 _____ C:\Users\Marek\Downloads\WindowsPCHealthCheckSetup.msi
2021-10-24 18:04 - 2021-10-24 18:04 - 000010764 _____ C:\Users\Marek\Documents\Jany peníze u mě.xlsx
2021-10-16 15:36 - 2021-10-16 15:36 - 000002304 _____ C:\Users\Marek\Desktop\Magnus.txt
2021-10-13 06:07 - 2021-10-13 06:07 - 000611960 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-10-13 06:06 - 2021-10-13 06:06 - 000098304 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-10-13 06:05 - 2021-10-13 06:05 - 000706536 _____ C:\WINDOWS\system32\TextShaping.dll
2021-10-13 06:05 - 2021-10-13 06:05 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2021-10-09 06:53 - 2021-11-04 18:06 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-10-02 15:09 - 2021-10-02 15:09 - 000113271 _____ C:\Users\Marek\Downloads\1102110422331.pdf
2021-09-15 14:28 - 2021-09-15 14:28 - 000672768 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-09-15 14:27 - 2021-09-15 14:27 - 002111488 _____ (Digimarc) C:\WINDOWS\SysWOW64\DMRCDecoder.dll
2021-09-15 14:27 - 2021-09-15 14:27 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-09-15 14:27 - 2021-09-15 14:27 - 001164288 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-09-15 14:27 - 2021-09-15 14:27 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-09-15 14:26 - 2021-09-15 14:26 - 002295296 _____ (Digimarc) C:\WINDOWS\system32\DMRCDecoder.dll
2021-09-15 14:26 - 2021-09-15 14:26 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-09-15 14:26 - 2021-09-15 14:26 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-09-15 14:25 - 2021-09-15 14:25 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-09-13 18:49 - 2021-09-13 18:49 - 000146062 _____ C:\Users\Marek\Desktop\OckovaciCertifikat.pdf
2021-09-12 11:57 - 2021-09-12 14:01 - 000009689 _____ C:\Users\Marek\Desktop\xerxes.odt
2021-09-12 11:57 - 2021-09-12 12:52 - 000012501 _____ C:\Users\Marek\Desktop\DnD-Oathbreaker-Lund-II.odt
==================== Three months (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-11-07 14:13 - 2015-11-17 20:30 - 000000000 ____D C:\Users\Marek\AppData\Roaming\vlc
2021-11-07 14:08 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-11-07 13:48 - 2016-11-26 11:55 - 000000000 ____D C:\Users\Marek\AppData\LocalLow\Mozilla
2021-11-07 13:46 - 2019-02-05 16:56 - 000000000 ____D C:\ProgramData\Mozilla
2021-11-07 13:22 - 2015-12-13 22:53 - 000000000 ____D C:\Program Files (x86)\Google
2021-11-07 12:09 - 2020-12-01 18:24 - 000000000 ____D C:\Users\Marek\AppData\Roaming\Rockstar Games
2021-11-07 11:37 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-11-07 11:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-11-07 11:27 - 2020-06-11 01:36 - 000002447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-11-07 10:26 - 2020-12-05 12:35 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-11-07 08:09 - 2020-07-04 21:17 - 000000000 ____D C:\Users\Marek\AppData\Roaming\Kodi
2021-11-07 07:59 - 2020-02-25 22:01 - 000000000 ____D C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2021-11-07 05:53 - 2020-12-05 13:19 - 000003374 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2684046251-4145855513-4240160385-1001
2021-11-07 05:53 - 2020-12-05 12:47 - 000002435 _____ C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-11-05 23:43 - 2017-12-19 08:07 - 000000000 ____D C:\Users\Marek\AppData\Local\Packages
2021-11-05 13:53 - 2020-12-05 13:02 - 001693350 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-11-05 13:53 - 2019-12-07 15:41 - 000718024 _____ C:\WINDOWS\system32\perfh005.dat
2021-11-05 13:53 - 2019-12-07 15:41 - 000145166 _____ C:\WINDOWS\system32\perfc005.dat
2021-11-05 13:53 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-11-05 13:50 - 2017-05-29 02:32 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2021-11-05 13:50 - 2015-09-05 05:28 - 000000000 __SHD C:\Users\Marek\IntelGraphicsProfiles
2021-11-05 13:46 - 2020-12-05 13:19 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-11-05 13:46 - 2020-12-05 12:35 - 000008192 ___SH C:\DumpStack.log.tmp
2021-11-05 13:46 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-11-05 13:46 - 2016-08-04 06:19 - 000000000 ____D C:\ProgramData\NVIDIA
2021-11-05 13:46 - 2015-12-13 22:57 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-11-05 13:45 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-11-04 23:45 - 2020-11-15 08:48 - 000124496 _____ (ESET) C:\WINDOWS\system32\Drivers\edevmon.sys
2021-11-04 23:45 - 2018-05-06 21:42 - 000201984 _____ (ESET) C:\WINDOWS\system32\Drivers\ehdrv.sys
2021-11-04 23:45 - 2018-05-06 21:42 - 000183408 _____ (ESET) C:\WINDOWS\system32\Drivers\eamonm.sys
2021-11-04 23:45 - 2018-05-06 21:42 - 000107456 _____ (ESET) C:\WINDOWS\system32\Drivers\epfwwfp.sys
2021-11-04 18:06 - 2015-12-13 22:57 - 000001243 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-11-03 07:07 - 2021-01-29 16:36 - 000002258 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-11-03 07:07 - 2021-01-29 16:36 - 000002217 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-11-02 09:23 - 2015-05-27 04:50 - 000000000 ____D C:\ProgramData\Energy Manager
2021-11-02 04:23 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-11-01 02:02 - 2020-12-05 12:35 - 000553392 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-11-01 01:58 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-11-01 01:58 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-11-01 01:58 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-11-01 01:58 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-11-01 01:58 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-11-01 01:58 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-11-01 01:58 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-11-01 01:58 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-11-01 01:58 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-11-01 01:58 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2021-10-30 18:11 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-10-19 16:31 - 2016-06-15 18:41 - 000016917 _____ C:\Users\Marek\Documents\Mzdy.xlsx
2021-10-14 12:02 - 2020-12-14 14:49 - 000006617 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2021-10-13 06:49 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-10-13 06:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-10-13 06:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-10-13 06:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-10-13 06:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-10-13 05:17 - 2016-04-03 20:37 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2021-10-13 05:12 - 2015-09-10 22:12 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-10-13 05:05 - 2015-09-10 22:12 - 139806512 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-10-13 04:40 - 2016-02-21 21:13 - 000002147 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-10-10 00:11 - 2021-01-12 04:13 - 000003490 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6cafe2af1b984
2021-10-10 00:11 - 2020-12-05 13:19 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
==================== Files in the root of some directories ========
2015-09-05 08:22 - 2015-09-05 08:22 - 000000000 _____ () C:\Program Files (x86)\Lenovo PhotoMasterImport
2017-04-30 16:39 - 2014-03-04 07:37 - 000000226 _____ () C:\Program Files (x86)\update-southpark.bat
2017-04-30 16:39 - 2013-10-12 19:47 - 000000732 _____ () C:\Program Files (x86)\visit-www.nosteam.ro.html
2017-04-28 21:54 - 2017-04-29 07:21 - 000000600 _____ () C:\Users\Marek\AppData\Roaming\winscp.rnd
==================== SigCheckExt =========================
2016-07-16 12:42 - 2016-07-16 12:42 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AllJoynDiscoveryPlugin.dll
2013-08-22 12:45 - 2013-08-22 12:45 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-fibers-l2-1-1.dll
2013-08-22 12:42 - 2013-08-22 12:42 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-psm-appnotify-l1-1-0.dll
2013-08-22 12:43 - 2013-08-22 12:43 - 000004608 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-devices-config-l1-1-1.dll
2013-08-22 12:42 - 2013-08-22 12:42 - 000003584 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-mm-misc-l1-1-1.dll
2013-08-22 12:42 - 2013-08-22 12:42 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-rtcore-ntuser-winevent-l1-1-0.dll
2013-08-22 12:42 - 2013-08-22 12:42 - 000004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-security-cryptoapi-l1-1-0.dll
2020-02-02 13:58 - 2016-11-01 11:27 - 000090112 _____ (Brother Industries, Ltd.) C:\WINDOWS\system32\BrNetSti.dll
2020-02-02 13:58 - 2013-07-03 11:46 - 000065024 _____ (Brother Industries,Ltd) C:\WINDOWS\system32\Brnsplg.dll
2020-02-02 13:58 - 2005-04-22 13:36 - 000143360 _____ C:\WINDOWS\system32\BrSNMP64.dll
2020-02-02 13:58 - 2013-03-08 15:45 - 000059904 _____ (Brother Industries,Ltd.) C:\WINDOWS\system32\BrWiaNCp.dll
2016-07-15 18:40 - 2016-07-01 04:57 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpreference.exe
2015-10-30 08:19 - 2015-10-30 08:19 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafCdp.dll
2017-04-12 15:49 - 2017-03-28 06:37 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DdcWnsListener.dll
2014-11-21 06:16 - 2014-11-21 06:16 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\dfp.exe
2014-11-21 06:16 - 2014-11-21 06:16 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DfpCommon.dll
2013-08-22 12:42 - 2013-08-22 12:42 - 000003584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ext-ms-win-msa-ui-l1-1-0.dll
2013-08-22 12:42 - 2013-08-22 12:42 - 000004608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ext-ms-win-ntuser-misc-l1-2-0.dll
2013-08-22 12:42 - 2013-08-22 12:42 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ext-ms-win-rtcore-ntuser-dpi-l1-1-0.dll
2015-05-27 04:17 - 2012-11-29 04:26 - 005623808 _____ (Genesys) C:\WINDOWS\system32\GeneIcon.dll
2015-09-05 05:16 - 2015-09-05 05:16 - 000206848 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCoIn_v4256.dll
2017-05-10 19:04 - 2017-03-04 07:26 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-07-16 12:43 - 2016-07-16 23:29 - 003584000 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkAnalysisLegacyCom.dll
2014-11-21 11:47 - 2014-11-21 11:47 - 000321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\lockscreencn.dll
2020-02-02 13:58 - 2015-06-16 21:39 - 000252928 _____ (brother) C:\WINDOWS\system32\NSSRH64.dll
2015-09-05 07:24 - 2015-08-25 19:38 - 000176904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-09-05 07:21 - 2015-05-23 08:47 - 001756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-05-27 04:15 - 2015-05-23 08:47 - 001571696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-10-30 08:18 - 2015-10-30 08:18 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flashlight.dll
2016-07-16 12:42 - 2016-07-16 12:42 - 000076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDiscoveryPlugin.dll
2016-07-16 12:42 - 2016-07-16 12:42 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiOnboardingPlugin.dll
2015-09-05 03:22 - 2015-03-14 02:51 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-05-27 04:47 - 2013-08-22 12:08 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\devcon.exe
2020-10-19 19:26 - 1997-11-19 13:49 - 000303616 _____ (InstallShield Software Corporation) C:\WINDOWS\IsUninst.exe
1998-03-12 23:02 - 1998-03-13 00:02 - 000034304 _____ (Inno Setup) C:\WINDOWS\UNISTB32.EXE
2013-08-22 05:17 - 2013-08-22 05:17 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-fibers-l2-1-1.dll
2013-08-22 05:14 - 2013-08-22 05:14 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-psm-appnotify-l1-1-0.dll
2013-08-22 05:14 - 2013-08-22 05:14 - 000004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-devices-config-l1-1-1.dll
2013-08-22 05:14 - 2013-08-22 05:14 - 000003584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-mm-misc-l1-1-1.dll
2013-08-22 05:14 - 2013-08-22 05:14 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-rtcore-ntuser-winevent-l1-1-0.dll
2013-08-22 05:14 - 2013-08-22 05:14 - 000004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-security-cryptoapi-l1-1-0.dll
2016-07-16 12:43 - 2016-07-16 12:43 - 000300032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\configmanager2.dll
2016-07-16 12:43 - 2016-07-16 12:43 - 000172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\coredpus.dll
2015-05-27 04:10 - 2013-08-21 08:16 - 000053248 _____ (Windows XP Bundled build C-Centric Single User) C:\WINDOWS\SysWOW64\CSVer.dll
2015-10-30 08:19 - 2015-10-30 08:19 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafCdp.dll
2013-08-22 05:14 - 2013-08-22 05:14 - 000003584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ext-ms-win-msa-ui-l1-1-0.dll
2013-08-22 05:14 - 2013-08-22 05:13 - 000004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ext-ms-win-ntuser-misc-l1-2-0.dll
2013-08-22 05:14 - 2013-08-22 05:13 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ext-ms-win-rtcore-ntuser-dpi-l1-1-0.dll
2017-03-14 19:42 - 2017-03-04 07:18 - 000198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-07-16 12:44 - 2016-07-16 23:29 - 002549760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkAnalysisLegacyCom.dll
2017-06-27 07:11 - 1997-07-06 19:22 - 000756736 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\ir41_32.dll
2013-05-12 01:17 - 2013-05-12 01:17 - 000001536 _____ C:\WINDOWS\SysWOW64\IusEventLog.dll
2003-03-18 20:14 - 2003-03-18 20:14 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp71.dll
2003-02-21 04:42 - 2003-02-21 04:42 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll
2015-05-27 04:17 - 2013-09-27 00:46 - 000172097 _____ C:\WINDOWS\SysWOW64\NoMSGuninstall.exe
2015-09-05 07:24 - 2015-08-25 19:38 - 000155976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-09-05 07:21 - 2015-05-23 08:47 - 001316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-05-27 04:15 - 2015-05-23 08:47 - 001320304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-05-27 04:17 - 2014-02-26 04:13 - 000053248 _____ () C:\WINDOWS\SysWOW64\UMonit64.exe
2021-11-07 13:11 - 2021-11-07 13:11 - 002312192 _____ (Farbar) C:\Users\Marek\Downloads\FRST64.exe
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== BCD ================================
Firmware Boot Manager
---------------------
identifier {fwbootmgr}
displayorder {bootmgr}
{b180f849-536a-11e5-aa5a-beb9fe7363be}
{b180f84e-536a-11e5-aa5a-beb9fe7363be}
{b180f84a-536a-11e5-aa5a-beb9fe7363be}
{b180f84b-536a-11e5-aa5a-beb9fe7363be}
{b180f84c-536a-11e5-aa5a-beb9fe7363be}
{b180f84f-536a-11e5-aa5a-beb9fe7363be}
{b180f850-536a-11e5-aa5a-beb9fe7363be}
timeout 10
Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume2
path \EFI\Microsoft\Boot\bootmgfw.efi
description Windows Boot Manager
locale cs-CZ
inherit {globalsettings}
default {current}
resumeobject {dbe6eab7-36ed-11eb-b574-bca2d926fc1d}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30
Firmware Application (101fffff)
-------------------------------
identifier {b180f846-536a-11e5-aa5a-beb9fe7363be}
description Setup
badmemoryaccess Yes
Firmware Application (101fffff)
-------------------------------
identifier {b180f847-536a-11e5-aa5a-beb9fe7363be}
description Boot Menu
badmemoryaccess Yes
Firmware Application (101fffff)
-------------------------------
identifier {b180f848-536a-11e5-aa5a-beb9fe7363be}
description Diagnostic Splash
badmemoryaccess Yes
Firmware Application (101fffff)
-------------------------------
identifier {b180f849-536a-11e5-aa5a-beb9fe7363be}
description USB FDD:
badmemoryaccess Yes
Firmware Application (101fffff)
-------------------------------
identifier {b180f84a-536a-11e5-aa5a-beb9fe7363be}
description ATAPI CD:
badmemoryaccess Yes
Firmware Application (101fffff)
-------------------------------
identifier {b180f84b-536a-11e5-aa5a-beb9fe7363be}
description USB HDD:
badmemoryaccess Yes
Firmware Application (101fffff)
-------------------------------
identifier {b180f84c-536a-11e5-aa5a-beb9fe7363be}
description USB CD:
badmemoryaccess Yes
Firmware Application (101fffff)
-------------------------------
identifier {b180f84d-536a-11e5-aa5a-beb9fe7363be}
device partition=\Device\HarddiskVolume3
path \EFI\Microsoft\Boot\lrsBootMgr.efi
description Lenovo Recovery System
badmemoryaccess Yes
Firmware Application (101fffff)
-------------------------------
identifier {b180f84e-536a-11e5-aa5a-beb9fe7363be}
description ATA HDD: WDC WD10S21X-24R1BT0-SSHD-8GB
badmemoryaccess Yes
Firmware Application (101fffff)
-------------------------------
identifier {b180f84f-536a-11e5-aa5a-beb9fe7363be}
description PCI LAN: EFI Network (IPv4)
badmemoryaccess Yes
Firmware Application (101fffff)
-------------------------------
identifier {b180f850-536a-11e5-aa5a-beb9fe7363be}
description PCI LAN: EFI Network (IPv6)
badmemoryaccess Yes
Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \WINDOWS\system32\winload.efi
description Windows 10
locale cs-CZ
inherit {bootloadersettings}
recoverysequence {dbe6eab9-36ed-11eb-b574-bca2d926fc1d}
displaymessageoverride Recovery
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot \WINDOWS
resumeobject {dbe6eab7-36ed-11eb-b574-bca2d926fc1d}
nx OptIn
bootmenupolicy Standard
Windows Boot Loader
-------------------
identifier {dbe6eab9-36ed-11eb-b574-bca2d926fc1d}
device ramdisk=[\Device\HarddiskVolume7]\Recovery\WindowsRE\Winre.wim,{dbe6eaba-36ed-11eb-b574-bca2d926fc1d}
path \windows\system32\winload.efi
description Windows Recovery Environment
locale cs-CZ
inherit {bootloadersettings}
displaymessage Recovery
osdevice ramdisk=[\Device\HarddiskVolume7]\Recovery\WindowsRE\Winre.wim,{dbe6eaba-36ed-11eb-b574-bca2d926fc1d}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes
Resume from Hibernate
---------------------
identifier {dbe6eab7-36ed-11eb-b574-bca2d926fc1d}
device partition=C:
path \WINDOWS\system32\winresume.efi
description Windows Resume Application
locale cs-CZ
inherit {resumeloadersettings}
recoverysequence {dbe6eab9-36ed-11eb-b574-bca2d926fc1d}
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No
Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume2
path \EFI\Microsoft\Boot\memtest.efi
description Diagnostika pamŘti syst‚mu Windows
locale cs-CZ
inherit {globalsettings}
badmemoryaccess Yes
EMS Settings
------------
identifier {emssettings}
bootems No
Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200
badmemoryaccess Yes
RAM Defects
-----------
identifier {badmemory}
Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}
Device options
--------------
identifier {dbe6eaba-36ed-11eb-b574-bca2d926fc1d}
description Windows Recovery
ramdisksdidevice partition=\Device\HarddiskVolume7
ramdisksdipath \Recovery\WindowsRE\boot.sdi
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-11-2021
Ran by Marek (07-11-2021 14:20:23)
Running from C:\Users\Marek\Downloads
Microsoft Windows 10 Home Version 20H2 19042.1320 (X64) (2020-12-05 12:20:48)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-2684046251-4145855513-4240160385-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2684046251-4145855513-4240160385-503 - Limited - Disabled)
Guest (S-1-5-21-2684046251-4145855513-4240160385-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2684046251-4145855513-4240160385-1003 - Limited - Enabled)
Marek (S-1-5-21-2684046251-4145855513-4240160385-1001 - Administrator - Enabled) => C:\Users\Marek
WDAGUtilityAccount (S-1-5-21-2684046251-4145855513-4240160385-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: ESET Security (Enabled - Up to date) {89B55CC4-3881-78B2-11E2-479AE0371896}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Security (Enabled - Up to date) {885D845F-AF19-0124-FECE-FFF49D00F440}
AS: ESET Security (Disabled - Up to date) {333C65BB-8923-0EAA-C47E-C486E687BEFD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Firewall (Enabled) {B066057A-E576-007C-D591-56C163D3B33B}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{36381D51-CC5E-4698-A0CC-E939C75EC9D8}) (Version: 1.5 - Eyeo GmbH)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 21.007.20099 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.465 - Adobe)
Age Of Empires 2 (HKLM-x32\...\Age Of Empires 2_is1) (Version: - Martin)
Age of Empires complete version 1.0c (HKLM-x32\...\{F7F0D70E-9027-4DF5-B67F-4B48CE29565A}_is1) (Version: 1.0c - vol1)
Aplikace Intel® PROSet/Wireless (HKLM-x32\...\{a914536c-bd41-479c-96aa-dee4a9639c22}) (Version: 21.10.1 - Intel Corporation)
Battle for Wesnoth 1.14.15 (HKLM-x32\...\Battle for Wesnoth 1.14.15) (Version: 1.14.15 - )
Battle for Wesnoth 1.14.9 (HKLM-x32\...\Battle for Wesnoth 1.14.9) (Version: 1.14.9 - )
BrLauncher (HKLM-x32\...\{42D26B47-887C-45FC-BCAE-0BE485C5C0BB}) (Version: 2.0.11.0 - Brother Industries Ltd.) Hidden
BrLogRx (HKLM-x32\...\{190861E7-09C5-42D8-BB4B-0AFB234BCFC1}) (Version: 1.0.3.1 - Brother Industries Ltd.) Hidden
Brother iPrint&Scan (HKLM-x32\...\{569f9640-fd0a-4a52-97f2-11277f65a3f0}) (Version: 4.4.0.33 - Brother Industries, Ltd.)
Brother iPrint&Scan (HKLM-x32\...\{FE65E525-8FCA-43BE-8D7F-0C4665FAE1A5}) (Version: 4.4.0.33 - Brother Industries, Ltd.) Hidden
Brother Printer Driver (HKLM-x32\...\{272543B6-B337-4C8F-B9F1-19E884C2C7AC}) (Version: 1.4.0.0 - Brother Industries Ltd.) Hidden
Brother Scanner Driver (HKLM-x32\...\{1162495D-7CE7-4EF9-A0F8-151196F3A660}) (Version: 1.0.17.1 - Brother Industries Ltd.) Hidden
BrSupportTools (HKLM-x32\...\{32F47565-84B1-42CC-B09A-4CDDD9A32F94}) (Version: 1.0.20.0 - Brother Industries Ltd.) Hidden
Caesar 3 (HKLM-x32\...\GOGPACKCAESAR3_is1) (Version: 2.0.0.9 - GOG.com)
CCSDK (HKLM-x32\...\{AE75190B-11B4-4F90-8254-DAB275CF2557}_is1) (Version: 1.0.3.4 - Lenovo)
ControlCenter4 (HKLM-x32\...\{9091B952-8719-49C3-9CC7-6E20EC61081F}) (Version: 4.6.6.1 - Brother Industries, Ltd.) Hidden
ControlCenter4 CSDK (HKLM-x32\...\{FD8A9511-BFC9-43B5-BB75-9CEC0EA03CF0}) (Version: 4.6.1.1 - Brother Industries, Ltd.) Hidden
Corel Graphics - Windows Shell Extension (HKLM\...\_{5D262585-5C19-4279-B1BC-C0D242E6AA3E}) (Version: 20.1.0.708 - Corel Corporation)
Corel Graphics - Windows Shell Extension (HKLM\...\{5D262585-5C19-4279-B1BC-C0D242E6AA3E}) (Version: 20.1.708 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit Keys (HKLM\...\{9D4064B2-A6B6-42E6-8695-7C9B3D69954E}) (Version: 20.1.708 - Corel Corporation) Hidden
Čeština do hry South Park: Klacek Pravdy verze 1.1 (HKLM-x32\...\{C1EA3034-6A86-4C18-A91F-SPSOTCZ110FE}_is1) (Version: 1.1 - Ubisoft)
Dependency Package Update (HKLM\...\{0788641D-D31A-478D-BB34-C41564AE9F93}) (Version: 1.6.26.00 - Lenovo Inc.) Hidden
Dependency Package Update (HKLM\...\{5252431C-288E-409D-ADCF-24407E0E6F70}) (Version: 1.6.32.00 - Lenovo Inc.) Hidden
Dependency Package Update (HKLM\...\{FFED38DF-94DC-4FF9-96C1-A6990EDA6B03}) (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (HKLM-x32\...\{1D2682EA-75DD-44B6-BF2D-CD3C49EAD012}) (Version: 1.6.38.01 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{3117B53D-A409-4D99-A0DE-11A1A40696FA}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{4430150F-61B3-4142-BE04-EAC68C8DDA18}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{4AF6C9BC-D8DB-4286-94D9-474CE54ADAA2}) (Version: 1.6.38.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{503B47A9-E34A-4841-ADD7-417191D5DB5E}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{546FF45D-2467-4950-AAFB-0A06ACBB6B2C}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{5B2190E9-199D-450A-94B3-4D6826C770C2}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{5BEFE1E1-F597-4B79-913B-15FFDB25B744}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{63DE35C9-B080-4D03-B110-99E14FD35BCE}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{65316098-0220-4D5C-B37A-6136083A0897}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{E966DBE4-5075-465E-BA81-BC9A3A3204B3}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Discord (HKU\S-1-5-21-2684046251-4145855513-4240160385-1001\...\Discord) (Version: 0.0.307 - Discord Inc.)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.3.1 - Dolby Laboratories Inc)
Energy Manager (HKLM-x32\...\{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.5.0.21 - Lenovo) Hidden
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.5.0.21 - Lenovo)
ESET Security (HKLM\...\{37E67F0A-50BB-430A-A2A5-F5E2F6EE96DB}) (Version: 15.0.18.0 - ESET, spol. s r.o.)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.2.0 - Genesys Logic)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 95.0.4638.69 - Google LLC)
GTA 3 CZ (HKLM-x32\...\GTA 3 CZ 1.2.0) (Version: 1.2.0 - Rockstar Games)
Heroes of Might and Magic III Complete (HKLM-x32\...\InstallShield_{EDFB64A7-5BFD-4137-943D-5663149A15F5}) (Version: 1.00.0000 - CD Projekt)
HowToGuide (HKLM-x32\...\{36580EEB-4EDF-4880-BBD4-097E2C645ECD}) (Version: 1.0.1.0 - Brother Industries Ltd.) Hidden
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Kodi (HKU\S-1-5-21-2684046251-4145855513-4240160385-1001\...\Kodi) (Version: - XBMC Foundation)
Kontrola stavu osobního počítače s Windows (HKLM\...\{D18FE9D2-2F54-4C68-A2DE-A59D4A80A9BC}) (Version: 3.1.2109.29003 - Microsoft Corporation)
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
Lenovo App Services (HKLM\...\Lenovo App Services) (Version: 0.200.8.268 - Lenovo)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10269 - Realtek Semiconductor Corp.)
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11103 - Realtek Semiconductor Corp.)
Lenovo FusionEngine (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.)
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo) Hidden
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\InstallShield_{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo)
Lenovo Motion Control (HKLM-x32\...\{DB34780A-6749-4AA3-A1E5-A56747EF4B04}) (Version: 2.5.1.0528 - PointGrab) Hidden
Lenovo Motion Control (HKLM-x32\...\InstallShield_{DB34780A-6749-4AA3-A1E5-A56747EF4B04}) (Version: 2.5.1.0528 - PointGrab)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.5708 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.5708 - CyberLink Corp.)
Lenovo PhoneCompanion (HKLM-x32\...\{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 2.0.0.19 - Lenovo) Hidden
Lenovo PhoneCompanion (HKLM-x32\...\InstallShield_{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 2.0.0.19 - Lenovo)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.68.3 - ELAN Microelectronic Corp.)
Lenovo Transition (HKLM\...\Lenovo Transition) (Version: 2.1.14.1221 - Lenovo)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.9.23.0 - Lenovo Group Ltd.)
Magic Transfer (HKLM-x32\...\{AD2B2BD1-A1D7-4798-8FDD-B2A58FD94E68}) (Version: 1.1.1.11 - Lenovo) Hidden
Magic Transfer (HKLM-x32\...\InstallShield_{AD2B2BD1-A1D7-4798-8FDD-B2A58FD94E68}) (Version: 1.1.1.11 - Lenovo)
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft Age of Empires (HKLM-x32\...\Age of Empires) (Version: - )
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 95.0.1020.44 - Microsoft Corporation)
Microsoft Office Language Pack 2013 - Czech/čeština (HKLM\...\Office15.OMUI.cs-cz) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2684046251-4145855513-4240160385-1001\...\OneDriveSetup.exe) (Version: 21.205.1003.0005 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2017 (HKLM-x32\...\{5a7dc0ad-cdb2-43b5-8b82-f81065fe6092}) (Version: 15.0.26717 - Microsoft Corporation)
Mozilla Firefox (x64 cs) (HKLM\...\Mozilla Firefox 94.0.1 (x64 cs)) (Version: 94.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 94.0.1.7977 - Mozilla)
Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (HKLM\...\{90150000-001F-0405-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (HKLM\...\{90150000-001F-041B-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
NetworkRepairTool (HKLM-x32\...\{86E68F57-FAFE-4052-BDD4-3B90C38236AE}) (Version: 1.2.16.0 - Brother Industries, Ltd.) Hidden
Nuance PaperPort 14 (HKLM-x32\...\{24510774-4424-46C2-8FB7-5DE0C945ED2B}) (Version: 14.5.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer SE (HKLM-x32\...\{D8151965-282B-4EB6-A3F1-68AB555D8423}) (Version: 7.20.3230 - Nuance Communications, Inc.)
NVIDIA GeForce Experience 2.4.5.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.28 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
ODD Auto Firmware Update (HKLM-x32\...\{3DD8DB1B-20D0-447C-940A-1306B3931FED}) (Version: 1.0.1807.2501 - Hitachi-LG Data Storage, Inc.)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0002 - Nuance Communications, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7560 - Realtek Semiconductor Corp.)
RogueKiller version 15.1.2.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.1.2.0 - Adlice Software)
ScannerUtilityInstaller (HKLM-x32\...\{5B645FE2-19E9-4B15-B5B2-3D8766F6FA27}) (Version: 1.0.0.0 - Brother) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0100-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{010BF41A-4D78-40C3-90BA-117DF64A0AE2}) (Version: - Microsoft)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.1.8.0 - Lenovo Group Limited)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype verze 8.66 (HKLM-x32\...\Skype_is1) (Version: 8.66 - Skype Technologies S.A.)
SoftwareUpdateNotification (HKLM-x32\...\{34F12379-C924-41E6-921D-51C71217F58C}) (Version: 1.0.9.0 - Brother Industries, Ltd.) Hidden
StatusMonitor (HKLM-x32\...\{40578A7A-6E36-457F-A4F0-45BC37EB61FD}) (Version: 1.20.1.0 - Brother Insutries Ltd.) Hidden
UESDK (HKLM-x32\...\{EB3F6640-58AE-4886-B8BA-466B6939A933}_is1) (Version: 1.0.3.6 - Lenovo)
Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM\...\{90150000-012B-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version: - Microsoft)
UsbRepairTool (HKLM-x32\...\{F8762A81-32B5-4144-9F3C-9274F515A651}) (Version: 1.4.0.0 - Brother Industries, Ltd.) Hidden
User Manuals (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo) Hidden
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
Ve stínu havrana (HKLM-x32\...\Ve stínu havrana_is1) (Version: - CINEMAX, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Windows Driver Package - Lenovo (ACPIVPC) System (09/24/2013 19.29.2.34) (HKLM\...\EE9B1F2037C580F36D92FA431CC02BFF04C31F15) (Version: 09/24/2013 19.29.2.34 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Packages:
=========
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_3.1.0.0_neutral__6e5tt8cgb93ep [2021-02-18] (Canon Inc.)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-03-08] (Microsoft Corporation)
Lenovo Recommends -> C:\Program Files\WindowsApps\E0469640.LenovoRecommends_1.5.14.117_x64__5grkq8ppsgwt4 [2015-09-05] (LENOVO INC)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2110.15.0_x64__k1h2ywk1493x8 [2021-10-25] (LENOVO INC.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-20] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-20] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.10270.0_x64__8wekyb3d8bbwe [2021-10-30] (Microsoft Studios) [MS Ad]
Phone Companion -> C:\Program Files\WindowsApps\E0469640.DeviceCollaboration_2.0.0.9_x64__5grkq8ppsgwt4 [2015-09-05] (LENOVO INC)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2684046251-4145855513-4240160385-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2021-11-04] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => C:\Program Files (x86)\Lenovo\SHAREit\ShellEx\ShellExt64.dll [2014-08-13] (Lenovo) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR 5.21\rarext.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR 5.21\rarext32.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2021-11-04] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers4: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => C:\Program Files (x86)\Lenovo\SHAREit\ShellEx\ShellExt64.dll [2014-08-13] (Lenovo) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-06-12] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-12-29] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2021-11-04] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR 5.21\rarext.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR 5.21\rarext32.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [VIDC.IV41] => C:\Windows\SysWOW64\ir41_32.dll [756736 1997-07-06] (Intel Corporation) [File not signed]
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2020-02-02 13:58 - 2005-04-22 13:36 - 000143360 _____ () [File not signed] C:\WINDOWS\system32\BrSNMP64.dll
2012-12-05 12:29 - 2012-12-05 12:29 - 004883456 _____ (BCGSoft Ltd) [File not signed] C:\Program Files (x86)\Nuance\PaperPort\BCGCBPRO1100u100.dll
2020-02-02 13:58 - 2016-11-01 11:27 - 000090112 _____ (Brother Industries, Ltd.) [File not signed] C:\WINDOWS\system32\BrNetSti.dll
2015-06-23 15:00 - 2015-06-23 15:00 - 000285696 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\PsiData.dll
2015-06-23 15:00 - 2015-06-23 15:00 - 000562688 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll
2015-05-27 04:40 - 2014-08-13 00:32 - 000468480 _____ (Lenovo) [File not signed] C:\Program Files (x86)\Lenovo\SHAREit\ShellEx\ShellExt64.dll
2015-05-27 04:15 - 2015-05-23 08:47 - 001903232 _____ (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\NvStreamSrv\rxinput.dll
2020-05-30 15:04 - 2020-05-30 15:04 - 001638912 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\Vantage\Addins\GenericTelemetryAddin\1.0.0.34\x64\SQLite.Interop.dll
2021-06-04 12:17 - 2020-11-03 04:08 - 000954864 _____ (SQLite Development Team) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\LenovoWiFiSecurityPlugin\x86\x86\e_sqlite3.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-2684046251-4145855513-4240160385-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
HKU\S-1-5-21-2684046251-4145855513-4240160385-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-2684046251-4145855513-4240160385-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
SearchScopes: HKU\S-1-5-21-2684046251-4145855513-4240160385-1001 -> DefaultScope {B9F25DF4-4227-461D-898E-BA786BFDAFD4} URL =
SearchScopes: HKU\S-1-5-21-2684046251-4145855513-4240160385-1001 -> {B9F25DF4-4227-461D-898E-BA786BFDAFD4} URL =
SearchScopes: HKU\S-1-5-21-2684046251-4145855513-4240160385-1001 -> {C08C6E27-2BFC-4965-9044-394C9FE663F1} URL = hxxps://www.google.com/search?q={searchTerms}&s ... utEncoding?}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2020-04-14] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH -> Eyeo GmbH)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2020-04-14] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll [2011-06-30] (Zeon Corporation -> Zeon Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH -> Eyeo GmbH)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-2684046251-4145855513-4240160385-1001\...\sharepoint.com -> hxxps://czuvpraze.sharepoint.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2016-01-12 22:27 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
2016-07-03 10:25 - 2020-01-29 20:37 - 000000503 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Lenovo\FusionEngine;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Lenovo\Motion Control\;C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2684046251-4145855513-4240160385-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 172.19.29.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run: => "PhoneCompanion"
HKLM\...\StartupApproved\Run32: => "ISUSPM"
HKLM\...\StartupApproved\Run32: => "ControlCenter4"
HKLM\...\StartupApproved\Run32: => "IndexSearch"
HKLM\...\StartupApproved\Run32: => "PaperPort PTD"
HKLM\...\StartupApproved\Run32: => "BrotherSoftwareUpdateNotification"
HKLM\...\StartupApproved\Run32: => "BrStsMon00"
HKU\S-1-5-21-2684046251-4145855513-4240160385-1001\...\StartupApproved\Run: => "OneDrive"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{4447DF68-CCE0-4BDE-8340-DF9BBF84FD3D}C:\users\marek\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe] => (Block) C:\users\marek\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
FirewallRules: [TCP Query User{D864A3CB-2098-4B1A-9B1D-A8D4CF6C6594}C:\users\marek\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe] => (Block) C:\users\marek\appdata\roaming\xiaomi\miphonemanager\plugin\xunlei\download\minithunderplatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
FirewallRules: [UDP Query User{1A3D9B70-46A6-447B-A8AE-8A25C650DE2A}C:\program files (x86)\total war - rome 2 - emperor edition\rome2.exe] => (Allow) C:\program files (x86)\total war - rome 2 - emperor edition\rome2.exe => No File
FirewallRules: [TCP Query User{1A272CB2-CF7B-4AFD-98FD-3527FC826C18}C:\program files (x86)\total war - rome 2 - emperor edition\rome2.exe] => (Allow) C:\program files (x86)\total war - rome 2 - emperor edition\rome2.exe => No File
FirewallRules: [UDP Query User{229F963E-3E10-4A8F-9244-193C56715903}C:\users\marek\desktop\diablo\diablo.exe] => (Block) C:\users\marek\desktop\diablo\diablo.exe => No File
FirewallRules: [TCP Query User{92DBA40D-E46F-4159-9F54-8A3A533311B0}C:\users\marek\desktop\diablo\diablo.exe] => (Block) C:\users\marek\desktop\diablo\diablo.exe => No File
FirewallRules: [UDP Query User{CFC80D13-ED51-42FC-A056-81716D79E85A}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe => No File
FirewallRules: [TCP Query User{34E747F9-1337-48B5-8D45-437398576CD1}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe => No File
FirewallRules: [UDP Query User{3402CC95-1C9E-49C7-8E74-8C237A9CA182}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe => No File
FirewallRules: [TCP Query User{B19EB3B7-C988-44F4-8BE4-128787D961E8}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe => No File
FirewallRules: [UDP Query User{A89AED65-1568-4810-88B7-6165A3627737}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.171\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.171\deploy\leagueclient.exe => No File
FirewallRules: [TCP Query User{ED552A77-A21D-4C89-8EC8-A194E9934321}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.171\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.171\deploy\leagueclient.exe => No File
FirewallRules: [UDP Query User{7E0577EC-1D4B-4EE1-B471-A0803E3396A6}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe] => (Block) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe => No File
FirewallRules: [TCP Query User{47033250-E247-46F8-AB45-CC8135556416}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe] => (Block) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe => No File
FirewallRules: [UDP Query User{E5D9D14B-931A-4F58-BDCB-FA977AE7A840}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.169\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.169\deploy\leagueclient.exe => No File
FirewallRules: [TCP Query User{806C9A9F-4AFD-4DC1-8993-5EE283C04E6A}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.169\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.169\deploy\leagueclient.exe => No File
FirewallRules: [UDP Query User{A5169E2D-3A10-43AF-80DF-433C35D70D27}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.168\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.168\deploy\leagueclient.exe => No File
FirewallRules: [TCP Query User{A934827A-A0D6-4584-9B92-CBE4BF50591B}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.168\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.168\deploy\leagueclient.exe => No File
FirewallRules: [UDP Query User{79ECE1F6-411B-4589-9A51-1FF1D71AEEE0}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.167\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.167\deploy\leagueclient.exe => No File
FirewallRules: [TCP Query User{14031D83-F43B-4263-B30A-73C66B43B63B}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.167\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.167\deploy\leagueclient.exe => No File
FirewallRules: [UDP Query User{12EB767A-4793-4669-AAF4-3EFB2B80296A}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.166\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.166\deploy\leagueclient.exe => No File
FirewallRules: [TCP Query User{F3B0B5B0-8BDE-491B-A7C1-C37C8B46A48B}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.166\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.166\deploy\leagueclient.exe => No File
FirewallRules: [UDP Query User{A57DD699-DC7A-4F11-A266-9E9CD77CE594}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.165\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.165\deploy\leagueclient.exe => No File
FirewallRules: [TCP Query User{9E1DA30C-AFEA-4780-BE6F-82D817E65BA8}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.165\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.165\deploy\leagueclient.exe => No File
FirewallRules: [UDP Query User{F6FEE0D6-29B3-4996-9A6F-D694A77FD43C}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.164\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.164\deploy\leagueclient.exe => No File
FirewallRules: [TCP Query User{031C98FD-A5A5-475D-8CBC-486A12013D9B}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.164\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.164\deploy\leagueclient.exe => No File
FirewallRules: [UDP Query User{E2B29210-185E-4798-9F5F-CAD10480FBCF}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe => No File
FirewallRules: [TCP Query User{93EB00F6-9BC1-4924-8C0D-BE111372361F}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.163\deploy\leagueclient.exe => No File
FirewallRules: [UDP Query User{A992342C-414A-4767-83FA-15FD8D83A93F}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.162\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.162\deploy\leagueclient.exe => No File
FirewallRules: [TCP Query User{00276E73-2362-4098-BA49-429EB71B35BF}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.162\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.162\deploy\leagueclient.exe => No File
FirewallRules: [UDP Query User{4F0523BB-767E-482D-AFC1-201C26214712}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.161\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.161\deploy\leagueclient.exe => No File
FirewallRules: [TCP Query User{728440E3-DC4C-472E-9190-987BC5F7FD80}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.161\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.161\deploy\leagueclient.exe => No File
FirewallRules: [UDP Query User{9A1ABED3-C5A8-4191-B136-D5344896A29F}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.160\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.160\deploy\leagueclient.exe => No File
FirewallRules: [TCP Query User{F745DF28-C523-413E-A8AE-6373858CCEF6}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.160\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.160\deploy\leagueclient.exe => No File
FirewallRules: [UDP Query User{E505D533-283E-4522-96E8-6E88685423CC}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.159\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.159\deploy\leagueclient.exe => No File
FirewallRules: [TCP Query User{ACCFF8A8-73B3-41A0-B7E2-7D492865A4EC}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.159\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.159\deploy\leagueclient.exe => No File
FirewallRules: [UDP Query User{43A3F859-C118-4AF7-B771-0E23A0C24173}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe => No File
FirewallRules: [TCP Query User{CBB4995C-D4DB-4E7F-B8AA-22E594D6A93B}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.156\deploy\leagueclient.exe => No File
FirewallRules: [UDP Query User{D1FAEDEE-A62C-48AF-9C6B-B1829F1A574E}C:\users\marek\desktop\hry\borderlands\binaries\borderlands.exe] => (Allow) C:\users\marek\desktop\hry\borderlands\binaries\borderlands.exe (Take-Two Interactive Software, Inc.) [File not signed]
FirewallRules: [TCP Query User{411A8172-71E9-4A61-877C-E0ED13D84112}C:\users\marek\desktop\hry\borderlands\binaries\borderlands.exe] => (Allow) C:\users\marek\desktop\hry\borderlands\binaries\borderlands.exe (Take-Two Interactive Software, Inc.) [File not signed]
FirewallRules: [UDP Query User{BF004235-F6A9-41F9-A15B-6E8E65B5029C}C:\users\marek\desktop\hry\borderlands\binaries\borderlands.exe] => (Allow) C:\users\marek\desktop\hry\borderlands\binaries\borderlands.exe (Take-Two Interactive Software, Inc.) [File not signed]
FirewallRules: [TCP Query User{B6C84E86-DA08-4881-9945-1F30135CAFD0}C:\users\marek\desktop\hry\borderlands\binaries\borderlands.exe] => (Allow) C:\users\marek\desktop\hry\borderlands\binaries\borderlands.exe (Take-Two Interactive Software, Inc.) [File not signed]
FirewallRules: [UDP Query User{6360524C-4307-415A-AF8E-D9E9C4B85F4C}C:\users\marek\desktop\hry\warcraft 3\war3.exe] => (Block) C:\users\marek\desktop\hry\warcraft 3\war3.exe (Blizzard Entertainment) [File not signed]
FirewallRules: [TCP Query User{A320301C-30B1-4B09-B9A3-D26C719A8AF3}C:\users\marek\desktop\hry\warcraft 3\war3.exe] => (Block) C:\users\marek\desktop\hry\warcraft 3\war3.exe (Blizzard Entertainment) [File not signed]
FirewallRules: [UDP Query User{A90F764A-1CF2-4B8F-97F4-42593DC5A871}C:\program files (x86)\age of empires\age of empires + rise of rome expansion\empiresx.exe] => (Block) C:\program files (x86)\age of empires\age of empires + rise of rome expansion\empiresx.exe (Microsoft Corporation) [File not signed]
FirewallRules: [TCP Query User{75D49363-9EDC-4B0C-BD0D-7A5625AE7747}C:\program files (x86)\age of empires\age of empires + rise of rome expansion\empiresx.exe] => (Block) C:\program files (x86)\age of empires\age of empires + rise of rome expansion\empiresx.exe (Microsoft Corporation) [File not signed]
FirewallRules: [UDP Query User{68334CD7-20E9-491C-92A3-F324F8F76AFC}C:\users\marek\desktop\age of empires + rise of rome expansion\empires.exe] => (Block) C:\users\marek\desktop\age of empires + rise of rome expansion\empires.exe => No File
FirewallRules: [TCP Query User{F8D841B9-1E4B-45E3-89FD-703818011127}C:\users\marek\desktop\age of empires + rise of rome expansion\empires.exe] => (Block) C:\users\marek\desktop\age of empires + rise of rome expansion\empires.exe => No File
FirewallRules: [{507DE25D-94F9-474F-AE08-CDC6896BEE75}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A5D08D2C-1AAF-4BC8-B5ED-8564A40BA6A6}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C3DF8874-B7F4-45B0-8364-D54F7BF9F574}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EA86995B-F12A-4481-93FE-388C077286FA}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{83E588AC-1A0D-4A59-B250-072E5B285794}C:\users\marek\desktop\warcraft 3\war3.exe] => (Allow) C:\users\marek\desktop\warcraft 3\war3.exe => No File
FirewallRules: [TCP Query User{1EA0A7D7-5EF0-497B-8018-0788AE87155D}C:\users\marek\desktop\warcraft 3\war3.exe] => (Allow) C:\users\marek\desktop\warcraft 3\war3.exe => No File
FirewallRules: [UDP Query User{A3129948-CA15-4FAF-B5FE-89FF8A785E4E}C:\users\marek\desktop\warcraft 3\war3.exe] => (Block) C:\users\marek\desktop\warcraft 3\war3.exe => No File
FirewallRules: [TCP Query User{B3D22B17-35B4-4726-9B69-15F03A0F2F5A}C:\users\marek\desktop\warcraft 3\war3.exe] => (Block) C:\users\marek\desktop\warcraft 3\war3.exe => No File
FirewallRules: [{1847D6ED-B0B4-41CE-89F4-B628B155BB27}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{16C81C94-BC48-48B8-814A-FE04FABDD765}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B56D0460-31B9-418C-854B-9D8E6F825616}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9E63AB6E-38FA-46B3-8B24-91ED9F81F90F}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{284CFEB7-8B13-45A1-AD6F-6E6A990BDA62}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E6B926BE-A7CB-48FD-A231-9469107F23B8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3D41A4B0-8848-4EA7-A697-A6E649EA37EA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3151A61E-7496-4245-9CDC-9185F125CE61}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{08E7120D-0907-477B-9609-623CBDE555EC}] => (Allow) C:\Program Files\Lenovo PhotoMasterImport\PhotoMasterImport.exe (Lenovo (Beijing) Limited -> Lenovo)
FirewallRules: [{6EEFE0DE-9A57-4BE2-9771-BAEB6FFFC32D}] => (Allow) LPort=55100
FirewallRules: [{76185744-3FE2-4D71-9ED8-C2A17ECD46AB}] => (Allow) C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe (Lenovo -> )
FirewallRules: [{EAD4BF15-9E94-49E5-B3FE-B31B56C25DB3}] => (Allow) C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe (Lenovo -> )
FirewallRules: [{1597762B-05F0-4587-A0BB-7D2A1A1B6D43}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe (LENOVO -> Lenovo)
FirewallRules: [{67163B54-CB5C-4043-98E9-77829A882A67}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe (LENOVO -> Lenovo)
FirewallRules: [{516B56DC-AFF0-4AC3-B06F-935630602FC5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{D020D3A9-E243-49F5-9743-35EBD911DD4F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{FB26CB9C-DFAD-4685-B84C-BC18DA2866B6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe => No File
FirewallRules: [{1B35E1BE-2BA4-4D75-8EDC-51E183FA016D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe => No File
FirewallRules: [{C5C598A6-4A69-4838-A59E-73868EC7EFF4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F37F955D-E119-4AAD-9A47-E6AC3F104A0F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{6EB8B282-167C-46F5-BF97-4339B27F2B4D}C:\program files (x86)\borderlands game of the year edition\binaries\borderlands.exe] => (Block) C:\program files (x86)\borderlands game of the year edition\binaries\borderlands.exe => No File
FirewallRules: [UDP Query User{BFB5D697-626A-44E5-8EF7-D09ECCF07710}C:\program files (x86)\borderlands game of the year edition\binaries\borderlands.exe] => (Block) C:\program files (x86)\borderlands game of the year edition\binaries\borderlands.exe => No File
FirewallRules: [TCP Query User{0E610789-C149-4855-B6CD-39A2BE0EB36F}C:\users\marek\desktop\borderlands\binaries\borderlands.exe] => (Block) C:\users\marek\desktop\borderlands\binaries\borderlands.exe => No File
FirewallRules: [UDP Query User{E8A4A5D0-2B0F-400D-9FE3-CF3D8635D4A6}C:\users\marek\desktop\borderlands\binaries\borderlands.exe] => (Block) C:\users\marek\desktop\borderlands\binaries\borderlands.exe => No File
FirewallRules: [TCP Query User{A9AB2BCA-CDE0-4907-B09F-BAEDE9467AD1}C:\users\marek\desktop\borderlands\binaries\borderlands.exe] => (Block) C:\users\marek\desktop\borderlands\binaries\borderlands.exe => No File
FirewallRules: [UDP Query User{60395623-C28F-4101-AE49-89E260F6C5BC}C:\users\marek\desktop\borderlands\binaries\borderlands.exe] => (Block) C:\users\marek\desktop\borderlands\binaries\borderlands.exe => No File
FirewallRules: [{4777E459-FEDE-43B2-B1A2-607E619D6C31}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{29C00148-A2F5-4623-9DB4-831FEA4CCD3F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{ACF21724-6CB8-408F-A8AF-4995D159D18E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{E1ABA894-8DA1-42C4-941C-64B92DE3CBCE}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{B28519FE-2829-4ABB-96C8-D619D7033EE1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Icewind Dale Enhanced Edition\icewind.exe => No File
FirewallRules: [{AE02DD2B-8791-4B8A-B3C4-FD4734AAB378}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Icewind Dale Enhanced Edition\icewind.exe => No File
FirewallRules: [TCP Query User{71457C53-730F-4C1D-BAD1-51034F373A52}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{6C4965BA-E6E4-4D79-AB43-25D3A4FD55FB}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{6EBCC2BA-F0BA-4A31-91FF-D822398ED0CB}C:\program files (x86)\age of empires complete\empiresx.exe] => (Block) C:\program files (x86)\age of empires complete\empiresx.exe (Microsoft Corporation) [File not signed]
FirewallRules: [UDP Query User{1FB48175-808C-42B5-9DA6-82AF0DF72461}C:\program files (x86)\age of empires complete\empiresx.exe] => (Block) C:\program files (x86)\age of empires complete\empiresx.exe (Microsoft Corporation) [File not signed]
FirewallRules: [TCP Query User{23B176AD-B481-4CAF-BD8E-FA7105338D66}C:\program files (x86)\kingdom come deliverance\bin\win64\kingdomcome.exe] => (Allow) C:\program files (x86)\kingdom come deliverance\bin\win64\kingdomcome.exe => No File
FirewallRules: [UDP Query User{C2AAF259-27FD-4039-A84E-E5870E5D5AB8}C:\program files (x86)\kingdom come deliverance\bin\win64\kingdomcome.exe] => (Allow) C:\program files (x86)\kingdom come deliverance\bin\win64\kingdomcome.exe => No File
FirewallRules: [TCP Query User{D3E5885F-6168-488D-8113-FFBC75D92561}C:\program files (x86)\kingdom come deliverance\bin\win64\kingdomcome.exe] => (Allow) C:\program files (x86)\kingdom come deliverance\bin\win64\kingdomcome.exe => No File
FirewallRules: [UDP Query User{7EE43458-EA33-4163-9828-22AE230C10EC}C:\program files (x86)\kingdom come deliverance\bin\win64\kingdomcome.exe] => (Allow) C:\program files (x86)\kingdom come deliverance\bin\win64\kingdomcome.exe => No File
FirewallRules: [TCP Query User{55D7947D-531D-4A0C-8071-9BAAA49A8033}C:\program files (x86)\microsoft\skype for desktop\skype.exe] => (Allow) C:\program files (x86)\microsoft\skype for desktop\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{EEE49C5A-0CC3-4DA1-8D44-69126DC374D3}C:\program files (x86)\microsoft\skype for desktop\skype.exe] => (Allow) C:\program files (x86)\microsoft\skype for desktop\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{F27E1D22-7D4A-4F70-A845-B7D6042967D6}C:\program files (x86)\battle for wesnoth 1.14.9\wesnothd.exe] => (Allow) C:\program files (x86)\battle for wesnoth 1.14.9\wesnothd.exe (The Battle for Wesnoth Project) [File not signed]
FirewallRules: [UDP Query User{92EDCB67-42A2-4759-A49D-8B8D168CBF54}C:\program files (x86)\battle for wesnoth 1.14.9\wesnothd.exe] => (Allow) C:\program files (x86)\battle for wesnoth 1.14.9\wesnothd.exe (The Battle for Wesnoth Project) [File not signed]
FirewallRules: [{96C3AA44-995E-43B1-98C5-FDFEA1FC2D73}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cryptic Studios\Neverwinter.exe => No File
FirewallRules: [{D5D5C2D6-D2CE-4869-8FEE-C27D534DB161}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cryptic Studios\Neverwinter.exe => No File
FirewallRules: [TCP Query User{8FB7B2DD-02DA-4315-8E0E-8DE42F1C978B}C:\program files (x86)\steam\steamapps\common\cryptic studios\neverwinter\live\x64\gameclient.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cryptic studios\neverwinter\live\x64\gameclient.exe => No File
FirewallRules: [UDP Query User{12714F8C-2983-479D-8219-1C86A998EADC}C:\program files (x86)\steam\steamapps\common\cryptic studios\neverwinter\live\x64\gameclient.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cryptic studios\neverwinter\live\x64\gameclient.exe => No File
FirewallRules: [{3E108696-64CF-45DB-A879-98148AA2567D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD18\PowerDVD.exe => No File
FirewallRules: [{99B51080-5225-47DF-8773-90771F3D3DF1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD18\Kernel\DMS\CLMSServerPDVD18.exe => No File
FirewallRules: [{809B4D6B-4F4D-4648-9782-9911E33D0153}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD18\PowerDVD18Agent.exe => No File
FirewallRules: [{FB6EAD2A-4D29-465A-9939-19CF2D077D4C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD18\Movie\PowerDVDMovie.exe => No File
FirewallRules: [{26E40E94-A96A-4EE2-8514-AA8B0F605DD4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD18\CastingStation.exe => No File
FirewallRules: [{BFA311A5-366A-4847-AC44-16E7638036C8}] => (Allow) LPort=54925
FirewallRules: [{2A7FAF82-B3DB-4280-9EA7-55BE645BC198}] => (Allow) F:\Install\wlan_wiz\.\wlan_assistant\waw.exe => No File
FirewallRules: [{9A4A33D5-D2AA-4DDA-8012-C8A7D6B453BE}] => (Allow) LPort=54950
FirewallRules: [{EC380AF6-1A01-41F1-B35A-12C13515493D}] => (Allow) LPort=54955
FirewallRules: [{AF07BD28-352A-4068-BDCC-DEF3674DDD88}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{655041B2-7FA1-45A2-9D86-3C4E6188B6D0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [TCP Query User{FDE97D37-3E3F-422C-A06B-0B388B3D21C9}C:\program files (x86)\age of empires\empires.exe] => (Block) C:\program files (x86)\age of empires\empires.exe (Microsoft Corporation) [File not signed]
FirewallRules: [UDP Query User{568A2FB2-BF78-432A-8155-402C33629B43}C:\program files (x86)\age of empires\empires.exe] => (Block) C:\program files (x86)\age of empires\empires.exe (Microsoft Corporation) [File not signed]
FirewallRules: [TCP Query User{31444480-A3B5-4BA1-94A5-E27E18D71CFC}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe => No File
FirewallRules: [UDP Query User{420E8ACA-A854-461F-855B-251691A9863F}C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe] => (Allow) C:\program files (x86)\league of legends\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe => No File
FirewallRules: [TCP Query User{EB87F90B-8F1F-4702-AB2B-3960F4E67064}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{359DDCFC-52D3-470E-905B-C21668363BDB}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{6331E2DD-3B4F-44E6-9F14-612354334F78}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{025B7531-E610-48CB-B5BC-28F09F928925}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{11293C5D-184B-459F-A1E9-314C735B4C85}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{422E03E9-B1B3-4C90-905C-F7FCA2433A9D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{045498CD-6DEF-4C07-95A0-7B14FA208381}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9EFF06FC-083A-405A-9547-2858D4654B7F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D2A751D2-DBB2-4C44-B10B-AEB07DA1624D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
==================== Restore Points =========================
21-10-2021 14:54:47 Naplánovaný kontrolní bod
30-10-2021 14:55:02 Naplánovaný kontrolní bod
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (11/07/2021 07:25:09 AM) (Source: Microsoft Security Client) (EventID: 3002) (User: )
Description: Event-ID 3002
Error: (11/07/2021 07:25:09 AM) (Source: Microsoft Security Client) (EventID: 2002) (User: )
Description: Event-ID 2002
Error: (11/07/2021 07:25:09 AM) (Source: Microsoft Security Client) (EventID: 2003) (User: )
Description: Event-ID 2003
Error: (11/07/2021 06:12:12 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (11/06/2021 07:18:29 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (11/05/2021 01:56:01 PM) (Source: SecurityCenter) (EventID: 18) (User: )
Description: Službě Centrum zabezpečení Windows se nepodařilo načíst instance objektu FirewallProduct z úložiště dat.
Error: (11/05/2021 01:54:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: PG_Service_Launcher.exe, verze: 2.5.1.5858, časové razítko: 0x5385af26
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0145b320
ID chybujícího procesu: 0x1154
Čas spuštění chybující aplikace: 0x01d7d24330fc12f5
Cesta k chybující aplikaci: C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: b08d6e74-b7fd-49e0-90df-9ce39c477268
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (11/05/2021 01:47:19 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Start Broadcast Receiver Server...
System errors:
=============
Error: (11/07/2021 01:12:58 PM) (Source: DCOM) (EventID: 10010) (User: MAREKT-NB-10)
Description: Server {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C} se v daném časovém limitu neregistroval u služby DCOM.
Error: (11/07/2021 12:11:18 PM) (Source: DCOM) (EventID: 10010) (User: MAREKT-NB-10)
Description: Server {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C} se v daném časovém limitu neregistroval u služby DCOM.
Error: (11/07/2021 12:10:48 PM) (Source: DCOM) (EventID: 10010) (User: MAREKT-NB-10)
Description: Server {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C} se v daném časovém limitu neregistroval u služby DCOM.
Error: (11/07/2021 12:10:18 PM) (Source: DCOM) (EventID: 10010) (User: MAREKT-NB-10)
Description: Server {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C} se v daném časovém limitu neregistroval u služby DCOM.
Error: (11/07/2021 12:09:48 PM) (Source: DCOM) (EventID: 10010) (User: MAREKT-NB-10)
Description: Server {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C} se v daném časovém limitu neregistroval u služby DCOM.
Error: (11/07/2021 12:09:17 PM) (Source: DCOM) (EventID: 10010) (User: MAREKT-NB-10)
Description: Server {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C} se v daném časovém limitu neregistroval u služby DCOM.
Error: (11/07/2021 12:08:47 PM) (Source: DCOM) (EventID: 10010) (User: MAREKT-NB-10)
Description: Server {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C} se v daném časovém limitu neregistroval u služby DCOM.
Error: (11/06/2021 02:54:55 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {F3B4E234-7A68-4E43-B813-E4BA55A065F6} se v daném časovém limitu neregistroval u služby DCOM.
Windows Defender:
================
Date: 2020-12-16 02:35:19
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {93801337-D2A0-4B36-B276-0A44A18FEA58}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2020-12-15 02:35:19
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {EC298179-0916-4E65-96A2-4527C166B14C}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2020-12-14 22:00:50
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/Gamehack.F!MSR
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_F:\CRACK\steam_api.dll
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: MarekT-NB-10\Marek
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.329.391.0, AS: 1.329.391.0, NIS: 1.329.391.0
Verze modulu: AM: 1.1.17700.4, NIS: 1.1.17700.4
Date: 2020-12-14 21:59:29
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/Gamehack.F!MSR
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_F:\CRACK\steam_api.dll
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: MarekT-NB-10\Marek
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.329.391.0, AS: 1.329.391.0, NIS: 1.329.391.0
Verze modulu: AM: 1.1.17700.4, NIS: 1.1.17700.4
Date: 2020-12-14 21:59:22
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/Gamehack.F!MSR
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_F:\CRACK\steam_api.dll
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: MarekT-NB-10\Marek
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.329.391.0, AS: 1.329.391.0, NIS: 1.329.391.0
Verze modulu: AM: 1.1.17700.4, NIS: 1.1.17700.4
CodeIntegrity:
===============
Date: 2021-11-07 11:18:13
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\ESET\ESET NOD32 Antivirus\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.