Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Malware, trojan? - prosím o pomoc kontrolu logu FRST

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
mikkie
Návštěvník
Návštěvník
Příspěvky: 43
Registrován: 26 črc 2011 16:56

Malware, trojan? - prosím o pomoc kontrolu logu FRST

#1 Příspěvek od mikkie »

Dobrý den Rudy, někdo se neustále dostává k mým heslům, ikdyž je opakovaně měním. Avast nefunguje, a už nevím co dělat.. Posílám log z FRST. Děkuju


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <5>
(C:\Program Files\Avast Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <11>
(explorer.exe ->) (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler64.exe
(Malwarebytes Inc. -> Malwarebytes) C:\Users\micha\Desktop\adwcleaner.exe
(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe <2>
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_7.70.13002.0_x64__8wekyb3d8bbwe\gamingservices.exe
(services.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_7.70.13002.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_bd530e4cbd42e0a3\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Thales DIS CPL USA, Inc. -> Thales Group) C:\Program Files (x86)\Common Files\Aladdin Shared\HASP\hasplms.exe
(services.exe ->) (Urban Cyber Security Inc. -> ) C:\Program Files\UrbanVPN\bin\urbanvpnserv.exe
(svchost.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
HKLM\...\Run: [EPPCCMON] => C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE [445800 2021-10-08] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [212184 2022-10-24] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [UrbanVPN] => C:\Program Files\UrbanVPN\bin\urbanvpn-gui.exe [23796072 2022-09-29] (Urban Cyber Security Inc. -> )
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1151872 2016-11-18] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [XGAMER Audio 7.1] => C:\Program Files (x86)\XGAMER Audio 7.1\XGAMER Audio 7.1.exe [10700800 2020-09-09] (Solid State System) [File not signed]
HKLM-x32\...\Run: [CZC G GK1000] => C:\Program Files\CZC G GK1000\CZC G GK1000.exe [2031616 2019-02-14] (TODO: <Company name>) [File not signed]
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4245352 2022-11-17] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [365760 2020-04-04] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-10-22] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Run: [Discord] => C:\Users\micha\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Run: [GogGalaxy] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [13668840 2022-10-11] (GOG Sp. z o.o. -> GOG.com)
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1802584 2022-11-06] (Overwolf Ltd -> Overwolf Ltd.)
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Run: [Gaijin.Net Updater] => C:\Users\micha\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2793016 2022-05-19] (Gaijin Network LTD -> Gaijin)
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Run: [Wargaming.net Game Center] => L:\Downloads\Wargaming.net\GameCenter\wgc.exe [2148528 2022-10-11] (Wargaming.net Limited -> Wargaming.net)
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Run: [EPSDNMON] => C:\Program Files (x86)\Epson Software\Download Navigator\EPSDNMON.EXE [350032 2022-07-22] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Run: [MicrosoftEdgeAutoLaunch_ED02E366447D09E4F124EF89B233D989] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3892168 2022-11-17] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\MountPoints2: {cd0f9543-00d3-11eb-a686-a8a159192c9e} - "N:\O16Setup.EXE"
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [2007576 2017-02-03] (Autodesk, Inc -> Autodesk, Inc.)
HKLM\...\Print\Monitors\EPSON L3050 Series 64MonitorBE: C:\Windows\system32\E_YLMBR4E.DLL [187392 2018-06-15] (Microsoft Windows Hardware Compatibility Publisher -> Seiko Epson Corporation)
HKLM\...\Print\Monitors\PDF Architect 9 Monitor: C:\WINDOWS\system32\spool\DRIVERS\x64\brand_solution_name_pdfpmon_v.6.11.0.7.dll [960120 2022-11-19] (PDF Tools AG -> PDF Tools AG (hxxp://www.pdf-tools.com))
HKLM\...\Print\Monitors\pdfcmon: C:\Windows\system32\pdfcmon.dll [181248 2022-08-02] (pdfforge GmbH) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\107.0.5304.107\Installer\chrmstp.exe [2022-11-11] (Google LLC -> Google LLC)
Startup: C:\Users\micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon – zástupce.lnk [2022-08-24]
ShortcutTarget: ctfmon – zástupce.lnk -> C:\Windows\System32\ctfmon.exe (Microsoft Windows -> Microsoft Corporation)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {170E219B-8AC0-4ACD-A5B3-95E2B59342AF} - System32\Tasks\GoogleUpdateTaskMachineUA{CC6FCCFE-0B82-4CA0-9F44-D06B7A71F7C9} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-04] (Google LLC -> Google LLC)
Task: {1AF51550-6E9D-4293-8954-507DABBD02E0} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655864 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {1D13BDB4-DCB3-402E-BAF8-46542F03E489} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655864 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {1DDF7133-CCCB-44A4-9581-A6A002782203} - System32\Tasks\pdfforge GmbH\PDF Architect 9\Installer updater => C:\ProgramData\PDF Architect 9\Installation\PDF_Architect_9_Installer.exe [15918008 2022-11-19] (pdfforge GmbH -> pdfforge GmbH.)
Task: {2137B8ED-8431-4698-B440-E59641A34CC7} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144280 2022-11-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {2237D69A-2074-4A62-BD65-D0397D543BE3} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2576728 2022-11-06] (Overwolf Ltd -> Overwolf LTD)
Task: {417081D9-D47E-46B6-9340-84A2B9F4674D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1552376 2022-09-26] (Adobe Inc. -> Adobe Inc.)
Task: {4741C4FB-0026-418A-B88D-E4CBEB191DC5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8576000 2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {4808EE77-6D80-44BC-846C-3F93A6D56587} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144280 2022-11-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {5873D4AF-CDC1-4AE4-9500-CCAC20FCA8BE} - System32\Tasks\GoogleUpdateTaskMachineCore{378D9C95-EA40-4EDA-B415-F57806CDC798} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-04] (Google LLC -> Google LLC)
Task: {5A333012-983C-4390-BE1B-0B52106DDB39} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [66936 2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {5EEBF767-50B8-487C-BF8A-ECE05530ECC2} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [908856 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {60A2DFAB-8B01-4B94-911D-F5B5070A2D72} - System32\Tasks\pdfforge GmbH\PDF Architect 9\App Notification => C:\Program Files\PDF Architect 9\architect-launcher.exe [2123200 2022-10-18] (pdfforge GmbH -> pdfforge GmbH)
Task: {60BA3CEE-A47C-46F2-B2F1-A7EFCF225C43} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [908856 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {720E946F-CEDC-4AD3-8BFC-CA4135BFE0FC} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655864 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {7F3184BF-E48E-4B94-B1F0-E3C5113B959B} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4261871939-3680644312-2290833728-1001 => C:\Users\micha\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File)
Task: {99761133-1AA8-44AD-AD69-CA41D22485E7} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3342376 2022-10-17] (Nvidia Corporation -> NVIDIA Corporation)
Task: {9D17A3F8-8D22-4218-B129-35BF440806A8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26154376 2022-11-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {A29AE754-98A1-46F0-9BCC-EBAF583E3555} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4936920 2022-10-24] (Avast Software s.r.o. -> AVAST Software)
Task: {A9210039-5D08-41FA-B0B1-35592DF5F8B3} - System32\Tasks\pdfforge GmbH\PDF Architect 9\App Notification Logon => C:\Program Files\PDF Architect 9\architect-launcher.exe [2123200 2022-10-18] (pdfforge GmbH -> pdfforge GmbH)
Task: {ABFF3165-019B-491D-B5AB-04DD543997EC} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655864 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {B2A3FCB7-9970-4B18-8745-C94890D3431C} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649784 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {B628F759-22B6-428E-98CA-970E4A13E27C} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26154376 2022-11-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {CC8F4658-09C7-405C-AC65-C447B9291498} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2250576 2022-10-24] (Avast Software s.r.o. -> Avast Software)
Task: {D012BD15-A504-4F06-872B-2FF795B502CF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8576000 2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {EFF182B4-9790-439D-A881-BE0D318718D9} - System32\Tasks\pdfforge GmbH\PDF Architect 9\Update => C:\Program Files\PDF Architect 9\architect.exe [3438016 2022-10-18] (pdfforge GmbH -> pdfforge GmbH)
Task: {F26D76EA-C327-4A27-BE33-159501B8D157} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-4261871939-3680644312-2290833728-1001 => C:\Users\micha\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting (No File)
Task: {F7030443-2EB6-46CF-8562-FA23A1498001} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2022-08-30] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-4261871939-3680644312-2290833728-1001] => 182.71.146.148:8080
Tcpip\..\Interfaces\{a50b097d-b2f0-400f-88af-6fcafcb09065}: [NameServer] 31.192.72.13,10.0.0.1

Edge:
=======
Edge Profile: C:\Users\micha\AppData\Local\Microsoft\Edge\User Data\Default [2022-11-20]
Edge HomePage: Default -> hxxp://www.google.com/
Edge Extension: (Překladač Google) - C:\Users\micha\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2022-11-03]
Edge Extension: (FormApps Extension) - C:\Users\micha\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ilfoopambfaclfjmpiaijnccgcmbeigi [2022-11-03]
Edge Extension: (Free VPN for Edge - VPN Proxy VeePN) - C:\Users\micha\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\panammoooggmlehahpcjckcncfeffcoi [2022-11-03]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-11-14] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.10 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default [2022-11-20]
CHR Notifications: Default -> hxxps://app.smartsupp.com; hxxps://business.facebook.com; hxxps://www.facebook.com
CHR HomePage: Default -> hxxp://www.google.com/
CHR Extension: (Překladač Google) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2022-03-09]
CHR Extension: (Dokumenty Google offline) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-11-02]
CHR Extension: (FormApps Extension) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilfoopambfaclfjmpiaijnccgcmbeigi [2022-10-11]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-31]
CHR Profile: C:\Users\micha\AppData\Local\Google\Chrome\User Data\Guest Profile [2022-11-20]
CHR Profile: C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1 [2022-11-16]
CHR Notifications: Profile 1 -> hxxps://www.facebook.com
CHR HomePage: Profile 1 -> hxxp://www.google.cz/
CHR StartupUrls: Profile 1 -> ""
CHR Extension: (Překladač Google) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2022-03-10]
CHR Extension: (Entanglement Web App) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aciahcmjmecflokailenpkdchphgkefd [2021-10-29]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-10-29]
CHR Extension: (Eiffel Tower) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ppbaibkigenhdcommebegmmmpoolmpip [2021-10-29]
CHR Profile: C:\Users\micha\AppData\Local\Google\Chrome\User Data\System Profile [2022-11-20]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1134664 2022-02-24] (Autodesk, Inc. -> Autodesk Inc.)
S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2022-09-26] (Adobe Inc. -> Adobe Inc.)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8539032 2022-11-14] (Avast Software s.r.o. -> AVAST Software)
S2 AudioDeviceService; C:\Windows\system32\AudioDeviceService.exe [2730496 2020-09-09] (SSS) [File not signed]
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [592600 2022-10-24] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [592600 2022-10-24] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2022-10-24] (Avast Software s.r.o. -> AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8885112 2022-04-26] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12515768 2022-11-16] (Microsoft Corporation -> Microsoft Corporation)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4507328 2020-04-04] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 EABackgroundService; C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe [9946216 2022-11-17] (Electronic Arts, Inc. -> Electronic Arts)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [811496 2022-06-30] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [584680 2022-08-05] (EasyAntiCheat Oy -> Epic Games, Inc.)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [16029456 2022-08-04] (Epic Games Inc. -> Epic Games, Inc.)
S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [145224 2017-03-10] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [2131432 2022-10-11] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7166552 2022-04-27] (GOG Sp. z o.o. -> GOG.com)
R2 hasplms; C:\Program Files (x86)\Common Files\Aladdin Shared\HASP\hasplms.exe [8311152 2022-04-18] (Thales DIS CPL USA, Inc. -> Thales Group)
S2 NovaSkinResourcepack; C:\Users\micha\AppData\Roaming\.minecraft\resourcepacks\novaskin\bin\nssm-x86.exe [157696 2015-01-23] () [File not signed]
S3 OverwolfUpdater; C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2576728 2022-11-06] (Overwolf Ltd -> Overwolf LTD)
S3 PDF Architect 9; C:\Program Files\PDF Architect 9\activation-service.exe [3108800 2022-10-18] (pdfforge GmbH -> pdfforge GmbH)
S3 PDF Architect 9 Creator; C:\Program Files\PDF Architect 9\creator-ws.exe [507328 2022-10-18] (pdfforge GmbH -> pdfforge GmbH)
S3 PDF Architect 9 Update Service; C:\Program Files\PDF Architect 9\update-service.exe [414656 2022-10-18] (pdfforge GmbH -> pdfforge GmbH)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [2720088 2022-11-03] (Rockstar Games, Inc. -> Rockstar Games)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [224216 2022-11-11] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [182128 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 UrbanVPNServiceInteractive; C:\Program Files\UrbanVPN\bin\urbanvpnserv.exe [450768 2022-09-29] (Urban Cyber Security Inc. -> )
S3 UrbanVPNUpdater; C:\Program Files\UrbanVPN\UrbanVPNUpdater.exe [1022312 2022-09-29] (Urban Cyber Security Inc. -> Urban Security)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\NisSrv.exe [3170576 2022-10-14] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\MsMpEng.exe [133584 2022-10-14] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 LTService; C:\Windows\AmanUpdateLogLT.exe [X]
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_bd530e4cbd42e0a3\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_bd530e4cbd42e0a3\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
S4 uhssvc; "C:\Program Files\Microsoft Update Health Tools\uhssvc.exe" [X]
S2 WTService; C:\Windows\AmanOnlineWT.exe [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 akshasp; C:\WINDOWS\system32\DRIVERS\akshasp.sys [69576 2022-04-18] (Gemalto, Inc. -> SafeNet, Inc.)
R3 akshhl; C:\WINDOWS\system32\DRIVERS\akshhl.sys [68560 2022-04-18] (Gemalto, Inc. -> SafeNet, Inc.)
R3 aksusb; C:\WINDOWS\system32\DRIVERS\aksusb.sys [313784 2022-04-18] (Gemalto, Inc. -> SafeNet, Inc.)
S3 AsrDrv103; C:\Windows\SysWOW64\Drivers\AsrDrv103.sys [34568 2020-04-10] (ASROCK Incorporation -> ASRock Incorporation) [File not signed]
S3 AsrDrv104; C:\WINDOWS\SysWOW64\Drivers\AsrDrv104.sys [34536 2021-12-26] (ASROCK Incorporation -> ASRock Incorporation) [File not signed]
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [42304 2022-10-24] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [238152 2022-10-24] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [382504 2022-11-14] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [306128 2022-10-24] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [105936 2022-10-24] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [25576 2022-10-24] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [48512 2022-10-24] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [276520 2022-10-24] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [564304 2022-10-24] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [114464 2022-10-24] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [90008 2022-10-24] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [862936 2022-10-24] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [672272 2022-10-24] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [221944 2022-10-24] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [327896 2022-10-24] (Avast Software s.r.o. -> AVAST Software)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159864 2021-06-29] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2020-04-04] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [59360 2020-04-04] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 Hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [45680 2019-04-02] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
R3 keyboard; C:\Windows\System32\Drivers\keyboard.sys [18536 2022-10-08] (Francisco Lopes da Silva -> Oblita)
R2 mi2c; C:\Windows\system32\drivers\mi2c.sys [20784 2020-04-09] (AOC International (Europe) GmbH -> Nicomsoft Ltd.)
R3 mouse; C:\Windows\System32\Drivers\mouse.sys [18536 2022-10-08] (Francisco Lopes da Silva -> Oblita)
R3 NvModuleTracker; C:\WINDOWS\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [45656 2022-07-14] (Nvidia Corporation -> NVIDIA Corporation)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [44080 2022-10-08] (Shaul Eizikovich -> Nefarius Software Solutions)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [43376 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [39920 2019-10-23] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R3 UAExt; C:\WINDOWS\System32\DRIVERS\UAExt.sys [135264 2020-09-09] (Solid State System Co., Ltd -> Solid State System.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49616 2022-10-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [455968 2022-10-14] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [95520 2022-10-14] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-11-20 08:45 - 2022-11-20 08:45 - 000029910 _____ C:\Users\micha\Desktop\FRST.txt
2022-11-20 08:44 - 2022-11-20 08:44 - 002375680 _____ (Farbar) C:\Users\micha\Desktop\FRST64.exe
2022-11-20 08:43 - 2022-11-20 08:43 - 008791352 _____ (Malwarebytes) C:\Users\micha\Desktop\adwcleaner.exe
2022-11-19 16:21 - 2022-11-19 16:21 - 003408656 _____ (Nova Skin ) C:\Users\micha\Desktop\NovaSkinResourcepackInstaller.exe
2022-11-19 10:28 - 2022-11-19 10:30 - 000000000 ____D C:\Program Files\PDF Architect 9
2022-11-19 10:28 - 2022-11-19 10:28 - 000001181 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 9.lnk
2022-11-19 10:27 - 2022-11-19 10:27 - 000000680 _____ C:\Users\Public\Desktop\PDFCreator.lnk
2022-11-19 10:27 - 2022-11-19 10:27 - 000000000 ____D C:\ProgramData\PDF Architect 9
2022-11-19 10:27 - 2022-11-19 10:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2022-11-19 10:03 - 2022-11-19 10:03 - 000119728 _____ C:\Users\micha\Desktop\REVIZNÍ ZPRÁVA - Exelová Hana, Dolní Konec 68, 69606 Vacenovice.pdf
2022-11-19 09:55 - 2022-11-19 10:33 - 000001144 _____ C:\Users\micha\Desktop\Minecraft Launcher.lnk
2022-11-17 14:36 - 2022-11-17 14:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UrbanVPN
2022-11-17 14:36 - 2022-11-17 14:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2022-11-17 14:36 - 2022-11-17 14:36 - 000000000 ____D C:\Program Files\UrbanVPN
2022-11-17 14:35 - 2022-11-17 14:36 - 032229200 _____ (Urban Security) C:\Users\micha\Desktop\UrbanVPN2.exe
2022-11-17 14:32 - 2022-11-17 14:32 - 029264824 _____ (Hongkong Guangling NetWork Technology Co., Ltd.) C:\Users\micha\Desktop\aman_2.3.5_0928.exe
2022-11-17 14:32 - 2022-11-17 14:32 - 000000000 ____D C:\Users\micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AmanVPN
2022-11-17 14:32 - 2022-11-17 14:32 - 000000000 ____D C:\Users\micha\AppData\Local\Install
2022-11-17 14:32 - 2022-11-17 14:32 - 000000000 ____D C:\Program Files (x86)\aman
2022-11-17 14:29 - 2022-11-17 14:29 - 054263528 _____ (HIGH SPEED RABBIT LIMITED) C:\Users\micha\Desktop\rabbitvpn1_31.exe
2022-11-17 14:29 - 2022-11-17 14:29 - 000000000 ____D C:\ProgramData\Caphyon
2022-11-17 14:29 - 2022-11-17 14:29 - 000000000 ____D C:\Program Files\TAP-Windows
2022-11-16 19:44 - 2022-11-16 19:44 - 000127825 _____ C:\Users\micha\Desktop\Bohumil Metelka, Zahradní 1063, 691 42 Valtice.pdf
2022-11-15 16:16 - 2022-11-15 16:16 - 000000000 ____D C:\Users\micha\AppData\Roaming\PD Launcher
2022-11-15 16:16 - 2022-11-15 16:16 - 000000000 ____D C:\Users\micha\AppData\Local\PD Launcher
2022-11-13 19:20 - 2022-11-13 19:22 - 000251685 _____ C:\Users\micha\Desktop\REVIZNÍ ZPRÁVA - Jaroslav Chovanec, Rohatecká 241, 696 02 Rohatec.pdf
2022-11-13 18:42 - 2022-11-13 18:42 - 000463793 _____ C:\Users\micha\Desktop\REVIZNÍ ZPRÁVA - Radek Ševčík, Zahradní 5, 695 01 Hodonín.pdf
2022-11-13 17:29 - 2022-11-13 17:29 - 000162220 _____ C:\Users\micha\Desktop\REVIZNÍ ZPRÁVA - Svatava Mařáková, Okružní 1226, 696 42 Vracov.pdf
2022-11-13 11:16 - 2022-11-13 11:16 - 000000000 ____D C:\Users\micha\Desktop\forge-1.12.2-14.23.5.2860-installer
2022-11-13 11:15 - 2022-11-13 11:15 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2022-11-13 11:11 - 2022-11-09 11:03 - 002236992 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2022-11-13 11:11 - 2022-11-09 11:03 - 002236992 _____ C:\WINDOWS\system32\vulkaninfo.exe
2022-11-13 11:11 - 2022-11-09 11:03 - 001642592 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2022-11-13 11:11 - 2022-11-09 11:03 - 001642592 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2022-11-13 11:11 - 2022-11-09 11:03 - 001487912 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2022-11-13 11:11 - 2022-11-09 11:03 - 001444416 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2022-11-13 11:11 - 2022-11-09 11:03 - 001444416 _____ C:\WINDOWS\system32\vulkan-1.dll
2022-11-13 11:11 - 2022-11-09 11:03 - 001227304 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2022-11-13 11:11 - 2022-11-09 11:03 - 001168960 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2022-11-13 11:11 - 2022-11-09 11:03 - 001168960 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2022-11-13 11:11 - 2022-11-09 10:59 - 000865272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2022-11-13 11:11 - 2022-11-09 10:59 - 000672232 _____ C:\WINDOWS\system32\nvofapi64.dll
2022-11-13 11:11 - 2022-11-09 10:59 - 000507432 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2022-11-13 11:11 - 2022-11-09 10:58 - 002162176 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2022-11-13 11:11 - 2022-11-09 10:58 - 001618408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2022-11-13 11:11 - 2022-11-09 10:58 - 001531400 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2022-11-13 11:11 - 2022-11-09 10:58 - 001190392 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2022-11-13 11:11 - 2022-11-09 10:58 - 000950280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2022-11-13 11:11 - 2022-11-09 10:58 - 000746536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2022-11-13 11:11 - 2022-11-09 10:58 - 000734184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2022-11-13 11:11 - 2022-11-09 10:57 - 012452360 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2022-11-13 11:11 - 2022-11-09 10:57 - 010218488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2022-11-13 11:11 - 2022-11-09 10:57 - 005891072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2022-11-13 11:11 - 2022-11-09 10:57 - 005856744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcudadebugger.dll
2022-11-13 11:11 - 2022-11-09 10:57 - 003334136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2022-11-13 11:11 - 2022-11-09 10:57 - 000457752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2022-11-13 11:11 - 2022-11-09 10:56 - 005816312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2022-11-13 11:11 - 2022-11-09 10:56 - 000853016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2022-11-13 11:11 - 2022-11-08 23:40 - 000100589 _____ C:\WINDOWS\system32\nvinfo.pb
2022-11-12 11:34 - 2022-11-12 11:34 - 000000000 ___HD C:\$WinREAgent
2022-11-11 14:15 - 2022-11-11 14:15 - 000073216 _____ C:\WINDOWS\system32\nettraceex.dll
2022-11-11 14:14 - 2022-11-11 14:14 - 000688128 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2022-11-11 14:14 - 2022-11-11 14:14 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-11-11 14:14 - 2022-11-11 14:14 - 000012253 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-11-10 21:47 - 2022-11-10 21:47 - 000073742 _____ C:\Users\micha\Desktop\29-prohlaseni-o-vlastnostech-nerez-flex-03-04.pdf
2022-11-10 21:47 - 2022-11-10 21:47 - 000073168 _____ C:\Users\micha\Desktop\31-prohlaseni-flex-010-012-p1.pdf
2022-11-09 22:27 - 2022-11-09 22:27 - 040450839 _____ C:\Users\micha\Desktop\Zarosice.mp4
2022-11-08 21:08 - 2022-11-08 21:08 - 000052813 _____ C:\Users\micha\Desktop\Komin.pdf
2022-11-08 18:59 - 2022-11-08 18:59 - 022089136 _____ C:\Users\micha\Desktop\witherstormmod-1.19.2-3.1.1.jar
2022-11-08 18:59 - 2022-11-08 18:59 - 000000000 ____D C:\Users\micha\Desktop\witherstormmod-1.19.2-3.1.1
2022-11-07 21:15 - 2022-11-07 21:15 - 000054352 _____ C:\Users\micha\Desktop\Zdeněk Foltýn, Na rybníčku 397, Dubňany - tepelně technický výpočet SC.pdf
2022-11-05 15:49 - 2022-11-05 15:49 - 000000222 _____ C:\Users\micha\Desktop\Don't Starve Together.url
2022-11-04 19:36 - 2022-11-05 15:58 - 000000000 ____D C:\Users\micha\Documents\Klei
2022-11-03 21:51 - 2022-11-03 21:51 - 000002350 _____ C:\Users\micha\Desktop\Microsoft Edge.lnk
2022-11-01 22:20 - 2022-11-01 22:20 - 000053973 _____ C:\Users\micha\Desktop\Šebesta, Sudoměřice - výpočet.pdf
2022-11-01 21:28 - 2022-11-01 21:28 - 000198120 _____ C:\Users\micha\Desktop\REVIZNÍ ZPRÁVA - Jiří Janeček, Příšní 307D, 696 66 Sudoměřice.pdf
2022-10-30 21:44 - 2022-10-30 21:44 - 000637670 _____ C:\Users\micha\Desktop\schiedel-CZ-Prisl-ABS-UNIADV_napojovaci-dily_1.7.22.pdf
2022-10-30 09:31 - 2022-10-30 09:31 - 000000780 _____ C:\Users\micha\Desktop\Bugsnax.lnk
2022-10-30 09:05 - 2022-10-30 09:05 - 000046771 _____ C:\Users\micha\Desktop\almeva-kominovy-stitek-flex-g_0.pdf
2022-10-29 13:50 - 2022-10-29 13:50 - 000000000 ____D C:\Program Files (x86)\Windows Kits
2022-10-29 13:50 - 2022-10-29 13:50 - 000000000 ____D C:\Program Files (x86)\Microsoft GameInput
2022-10-26 19:56 - 2022-10-26 19:56 - 000000000 ____D C:\Users\micha\Documents\PDF Architect
2022-10-26 19:41 - 2022-11-19 18:45 - 000000000 ____D C:\Users\micha\AppData\Roaming\PDF Architect 9
2022-10-26 19:37 - 2022-10-26 19:37 - 000135815 _____ C:\Users\micha\Desktop\Marek Mužík, Nádražní 6, 691 51 Lanžhot.pdf
2022-10-25 21:07 - 2022-10-25 21:07 - 002149497 _____ C:\Users\micha\Desktop\návod Kamino.pdf
2022-10-25 18:37 - 2022-10-25 18:37 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2022-10-25 18:30 - 2022-10-25 18:30 - 000000000 ____D C:\Users\micha\AppData\Local\CrashBandicoot4
2022-10-25 18:16 - 2022-10-25 18:16 - 000000953 _____ C:\Users\Public\Desktop\Crash Bandicoot 4.lnk
2022-10-24 19:33 - 2022-10-24 19:37 - 000000000 ____D C:\Users\micha\AppData\Local\Avast Software
2022-10-24 19:32 - 2022-11-19 20:47 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2022-10-24 19:32 - 2022-11-14 21:05 - 000382504 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2022-10-24 19:32 - 2022-10-24 19:32 - 000672272 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2022-10-24 19:32 - 2022-10-24 19:32 - 000564304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2022-10-24 19:32 - 2022-10-24 19:32 - 000327896 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2022-10-24 19:32 - 2022-10-24 19:32 - 000306128 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2022-10-24 19:32 - 2022-10-24 19:32 - 000276520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2022-10-24 19:32 - 2022-10-24 19:32 - 000270552 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2022-10-24 19:32 - 2022-10-24 19:32 - 000221944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2022-10-24 19:32 - 2022-10-24 19:32 - 000114464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2022-10-24 19:32 - 2022-10-24 19:32 - 000105936 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2022-10-24 19:32 - 2022-10-24 19:32 - 000090008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2022-10-24 19:32 - 2022-10-24 19:32 - 000048512 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2022-10-24 19:32 - 2022-10-24 19:32 - 000025576 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2022-10-24 19:32 - 2022-10-24 19:32 - 000003990 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2022-10-24 19:32 - 2022-10-24 19:32 - 000002164 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2022-10-24 19:32 - 2022-10-24 19:32 - 000000000 ____D C:\Users\micha\AppData\Roaming\Avast Software
2022-10-24 19:32 - 2022-10-24 19:32 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2022-10-24 19:32 - 2022-10-24 19:31 - 000862936 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2022-10-24 19:32 - 2022-10-24 19:31 - 000238152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2022-10-24 19:32 - 2022-10-24 19:31 - 000042304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2022-10-24 19:31 - 2022-10-24 19:31 - 000000000 ____D C:\Program Files\Avast Software
2022-10-23 22:35 - 2022-11-19 10:04 - 000000000 ____D C:\Users\micha\AppData\Roaming\ImageGlass
2022-10-23 22:35 - 2022-11-17 14:36 - 000000000 ____D C:\Users\micha\AppData\Local\AdvinstAnalytics
2022-10-23 22:35 - 2022-10-23 22:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageGlass
2022-10-23 22:35 - 2022-10-23 22:35 - 000000000 ____D C:\Program Files\ImageGlass
2022-10-23 22:30 - 2022-10-17 10:59 - 006632744 _____ (Geek Uninstaller) C:\Users\micha\Desktop\geek.exe
2022-10-23 22:02 - 2022-10-23 22:02 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2022-10-23 21:57 - 2022-10-23 21:57 - 000002511 _____ C:\Users\micha\Desktop\Word 2016.lnk
2022-10-23 21:57 - 2022-10-23 21:57 - 000002483 _____ C:\Users\micha\Desktop\Excel 2016.lnk
2022-10-23 21:46 - 2022-10-23 21:46 - 000002511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2022-10-23 21:46 - 2022-10-23 21:46 - 000002483 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2022-10-23 21:46 - 2022-10-23 21:46 - 000002409 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2022-10-23 21:46 - 2022-10-23 21:46 - 000000000 ____D C:\Program Files\Microsoft Office 15
2022-10-23 21:12 - 2022-10-07 04:01 - 000041984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhdap64.dll
2022-10-23 21:11 - 2022-11-09 10:55 - 006512336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2022-10-23 21:08 - 2022-07-14 00:32 - 000060112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2022-10-23 17:01 - 2022-10-23 17:04 - 000000000 ____D C:\Users\micha\AppData\Roaming\Geek Uninstaller
2022-10-23 16:40 - 2022-10-24 19:35 - 000000000 ____D C:\Users\micha\AppData\Local\system32
2022-10-23 16:40 - 2022-10-23 16:41 - 000000000 ____D C:\Users\micha\AppData\Roaming\system32
2022-10-23 16:09 - 2022-11-16 17:18 - 000000000 ____D C:\Program Files\Microsoft Office
2022-10-23 16:09 - 2022-10-23 16:09 - 000000000 ____D C:\Users\micha\AppData\Local\Microsoft Help

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-11-20 08:45 - 2021-10-21 17:11 - 000000000 ____D C:\FRST
2022-11-20 08:44 - 2020-04-04 10:02 - 000000000 ____D C:\ProgramData\NVIDIA
2022-11-20 08:43 - 2020-12-15 21:23 - 000000000 ____D C:\Users\micha\AppData\Roaming\discord
2022-11-20 08:42 - 2020-04-04 09:18 - 000000000 ____D C:\Program Files (x86)\Steam
2022-11-20 08:41 - 2021-12-21 17:07 - 000002321 _____ C:\Users\micha\Desktop\CurseForge.lnk
2022-11-20 08:41 - 2021-12-21 17:06 - 000000000 ____D C:\Users\micha\AppData\Local\Overwolf
2022-11-20 08:41 - 2021-10-27 09:40 - 000000000 ____D C:\ProgramData\boost_interprocess
2022-11-20 08:41 - 2020-12-15 21:23 - 000000000 ____D C:\Users\micha\AppData\Local\Discord
2022-11-20 08:41 - 2020-04-04 09:19 - 000000000 ____D C:\Program Files (x86)\Google
2022-11-19 21:32 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-11-19 20:47 - 2022-08-29 18:24 - 000003478 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA{CC6FCCFE-0B82-4CA0-9F44-D06B7A71F7C9}
2022-11-19 20:47 - 2022-08-29 18:24 - 000003254 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore{378D9C95-EA40-4EDA-B415-F57806CDC798}
2022-11-19 20:47 - 2022-07-18 12:34 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2022-11-19 20:47 - 2022-05-26 20:45 - 000003398 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-11-19 20:47 - 2022-05-26 20:45 - 000003152 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-11-19 20:47 - 2022-05-26 20:45 - 000002984 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-11-19 20:47 - 2022-05-26 20:45 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-11-19 20:47 - 2022-05-26 20:45 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-11-19 20:47 - 2022-05-26 20:45 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-11-19 20:47 - 2022-05-26 20:45 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-11-19 20:47 - 2022-05-26 20:45 - 000002914 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-11-19 20:47 - 2022-05-26 20:45 - 000002744 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-11-19 20:47 - 2022-04-28 12:44 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4261871939-3680644312-2290833728-1001
2022-11-19 20:47 - 2022-04-28 12:33 - 000003270 _____ C:\WINDOWS\system32\Tasks\Overwolf Updater Task
2022-11-19 20:47 - 2022-04-22 18:21 - 000003568 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-11-19 20:47 - 2022-04-22 18:21 - 000003374 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6f8bfdbe63d84
2022-11-19 20:47 - 2022-04-22 18:20 - 000003066 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-4261871939-3680644312-2290833728-1001
2022-11-19 20:46 - 2020-04-04 10:17 - 000000000 ____D C:\Users\micha\AppData\Local\ClassicShell
2022-11-19 19:40 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-11-19 16:26 - 2021-08-06 16:29 - 000000000 ____D C:\Users\micha\AppData\Roaming\.minecraft
2022-11-19 16:25 - 2020-04-04 09:07 - 000000000 ____D C:\Users\micha\AppData\Local\Packages
2022-11-19 16:25 - 2020-04-04 08:57 - 000000000 ____D C:\ProgramData\Packages
2022-11-19 16:25 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-11-19 10:51 - 2021-02-01 18:31 - 001693140 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-11-19 10:51 - 2019-12-07 15:43 - 000716770 _____ C:\WINDOWS\system32\perfh005.dat
2022-11-19 10:51 - 2019-12-07 15:43 - 000144948 _____ C:\WINDOWS\system32\perfc005.dat
2022-11-19 10:51 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2022-11-19 10:48 - 2020-05-31 20:10 - 000000000 ____D C:\Users\micha\AppData\Local\CrashDumps
2022-11-19 10:44 - 2021-02-01 18:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-11-19 10:44 - 2021-02-01 18:25 - 000008192 ___SH C:\DumpStack.log.tmp
2022-11-19 10:44 - 2020-04-04 10:59 - 000000000 ____D C:\ProgramData\Avast Software
2022-11-19 10:44 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-11-19 10:37 - 2022-10-09 18:07 - 000001297 _____ C:\Users\micha\Desktop\KeyboardSplitter – zástupce.lnk
2022-11-19 10:28 - 2022-08-03 07:42 - 000000000 ____D C:\WINDOWS\system32\Tasks\pdfforge GmbH
2022-11-19 10:27 - 2021-10-27 09:36 - 000000000 ____D C:\Program Files\PDFCreator
2022-11-19 10:03 - 2022-09-11 19:31 - 000000000 ____D C:\Users\micha\AppData\Roaming\com.adobe.dunamis
2022-11-19 09:50 - 2022-10-12 19:43 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2022-11-19 09:50 - 2022-10-12 19:43 - 000002061 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2022-11-19 09:35 - 2020-06-06 21:23 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-11-17 15:15 - 2021-12-26 10:26 - 000000000 ____D C:\Program Files\CZC G GK1000
2022-11-17 14:37 - 2022-03-16 14:04 - 000000000 ____D C:\ProgramData\UrbanVPN
2022-11-17 14:32 - 2020-04-09 21:03 - 000000000 ____D C:\Users\micha\AppData\Local\cache
2022-11-15 20:36 - 2021-09-13 14:08 - 000000000 ____D C:\ProFact
2022-11-15 16:18 - 2020-04-04 10:02 - 000000000 ____D C:\Users\micha\AppData\Local\D3DSCache
2022-11-15 16:16 - 2020-04-04 10:00 - 000000000 ____D C:\ProgramData\Package Cache
2022-11-13 21:05 - 2021-02-01 18:25 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-11-13 11:15 - 2020-04-04 10:03 - 000000000 ____D C:\Users\micha\AppData\Local\NVIDIA
2022-11-13 09:52 - 2021-02-01 18:25 - 000546096 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-11-12 22:04 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-11-12 22:04 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2022-11-12 22:04 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-11-12 22:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-11-12 22:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-11-12 22:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-11-12 22:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-11-12 22:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-11-11 14:17 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-11-11 14:14 - 2021-02-01 18:29 - 003014656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-11-11 14:08 - 2020-04-04 22:43 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-11-11 14:06 - 2020-04-04 22:43 - 146960040 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-11-11 12:10 - 2020-04-04 09:19 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-11-09 22:27 - 2020-04-04 09:15 - 000000000 ____D C:\Users\micha\AppData\Roaming\vlc
2022-11-09 18:27 - 2021-12-21 17:06 - 000000000 ____D C:\Program Files (x86)\Overwolf
2022-11-09 10:55 - 2021-01-31 16:01 - 007642816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2022-11-05 20:49 - 2020-04-19 08:50 - 000000000 ____D C:\Users\micha\AppData\Roaming\qBittorrent
2022-10-31 21:49 - 2020-04-06 15:29 - 000000000 ____D C:\Users\micha\AppData\LocalLow\Temp
2022-10-29 20:56 - 2021-02-01 18:26 - 000000000 ____D C:\Users\micha
2022-10-29 13:50 - 2021-12-22 14:51 - 002815456 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll
2022-10-29 13:50 - 2021-12-22 14:51 - 000452048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
2022-10-29 13:50 - 2021-12-22 14:51 - 000243168 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingservicesproxy.dll
2022-10-29 13:50 - 2021-12-22 14:51 - 000198096 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll
2022-10-29 13:50 - 2021-12-22 14:51 - 000153048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamelaunchhelper.dll
2022-10-29 13:50 - 2021-12-22 14:51 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2022-10-26 20:00 - 2021-08-16 15:32 - 000000000 ____D C:\Moje kominictvi
2022-10-25 18:31 - 2021-09-02 18:20 - 000000000 ____D C:\Users\micha\AppData\Roaming\Goldberg SteamEmu Saves
2022-10-25 11:37 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2022-10-24 19:32 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-10-24 13:08 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-10-23 21:08 - 2020-04-04 10:02 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2022-10-23 21:08 - 2020-04-04 08:57 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2022-10-23 21:08 - 2020-04-04 08:57 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2022-10-23 21:06 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System
2022-10-23 21:06 - 2019-03-19 05:49 - 000000076 _____ C:\WINDOWS\win.ini
2022-10-23 21:03 - 2020-04-19 08:47 - 000000000 ____D C:\Users\micha\AppData\Local\yuzu
2022-10-23 17:00 - 2020-04-04 10:59 - 000000000 ____D C:\Users\micha\AppData\Roaming\DAEMON Tools Lite
2022-10-23 16:03 - 2020-08-16 20:05 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-10-23 16:03 - 2020-04-04 10:03 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2022-10-22 11:57 - 2021-02-01 18:26 - 000002381 _____ C:\Users\micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

==================== Files in the root of some directories ========

2020-07-29 19:21 - 2020-07-29 19:21 - 000056320 _____ (SSS) C:\ProgramData\FinalDeleteFile.exe
2022-04-27 10:50 - 2022-04-27 10:50 - 000007342 _____ () C:\Users\micha\AppData\Local\2573084692
2020-09-27 20:17 - 2020-09-27 20:17 - 000016438 _____ () C:\Users\micha\AppData\Local\partner.bmp
2021-01-10 19:43 - 2021-02-08 18:36 - 000007602 _____ () C:\Users\micha\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================





Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-11-2022
Ran by micha (20-11-2022 08:46:10)
Running from C:\Users\micha\Desktop
Microsoft Windows 10 Pro Version 21H2 19044.2251 (X64) (2021-02-01 17:30:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-4261871939-3680644312-2290833728-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4261871939-3680644312-2290833728-503 - Limited - Disabled)
Guest (S-1-5-21-4261871939-3680644312-2290833728-501 - Limited - Disabled)
micha (S-1-5-21-4261871939-3680644312-2290833728-1001 - Administrator - Enabled) => C:\Users\micha
micha_p24az47 (S-1-5-21-4261871939-3680644312-2290833728-1002 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-4261871939-3680644312-2290833728-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

A360 Desktop (HKLM\...\{B65CD59E-A771-4354-AA4B-C3E01B496BCD}) (Version: 8.2.3.1800 - Autodesk)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1029-1033-7760-BC15014EA700}) (Version: 22.003.20282 - Adobe)
Adobe Photoshop 2020 (HKLM-x32\...\PHSP_21_0_1) (Version: 21.0.1 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601032}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Aman (HKLM-x32\...\AmanVPN) (Version: 2.3.5.0907 - Hongkong Guangling Mdt InfoTech Limited)
AMD Ryzen Master (HKLM\...\{02247819-03CD-414E-AC8D-FD518BFBA445}) (Version: 2.1.1.1472 - Advanced Micro Devices, Inc.) Hidden
AMD Ryzen Master (HKLM\...\AMD Ryzen Master) (Version: 2.1.1.1472 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 19.10.16 - Advanced Micro Devices, Inc.)
ASRock Restart to UEFI v1.0.9 (HKLM-x32\...\ASRock Restart to UEFI_is1) (Version: 1.0.9 - ASRock Inc.)
A-Tuning v3.0.215 (HKLM-x32\...\A-Tuning_is1) (Version: 3.0.215 - ASRock Inc.)
AutoCAD 2018 - English (HKLM\...\{28B89EEF-1001-0409-2102-CF3F3A09B77D}) (Version: 22.0.49.0 - Autodesk) Hidden
Autodesk Advanced Material Library Image Library 2018 (HKLM-x32\...\{177AD7F6-9C77-4E50-BA53-B7259C5F282D}) (Version: 16.11.1.0 - Autodesk)
Autodesk App Manager 2016-2018 (HKLM-x32\...\{20EC0CA2-346E-4660-9903-51B278DF15F6}) (Version: 2.4.0 - Autodesk)
Autodesk AutoCAD 2018 - English (HKLM\...\AutoCAD 2018 - English) (Version: 22.0.49.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.8 (HKLM-x32\...\{214D3370-746E-4886-8EAA-5769EB87D044}) (Version: 1.2.8.0 - Autodesk)
Autodesk Genuine Service (HKLM\...\{8AD048E5-9570-442E-A5A2-B12C2618977E}) (Version: 4.6.0.124 - Autodesk)
Autodesk Material Library 2018 (HKLM-x32\...\{7847611E-92E9-4917-B395-71C91D523104}) (Version: 16.11.1.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2018 (HKLM-x32\...\{FCDED119-A969-4E48-8A32-D21AD6B03253}) (Version: 16.11.1.0 - Autodesk)
Autodesk ReCap (HKLM\...\Autodesk ReCap 360) (Version: 4.0.0.28 - Autodesk)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 22.10.6038 - Avast Software)
Balanced (HKLM-x32\...\{0EA45DD4-A825-420C-AFED-C659EFE3B84F}) (Version: 4.00.0000 - Advanced Micro Devices, Inc.) Hidden
Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft)
Core Epic (HKLM\...\{B51E6DE5-9A25-47E6-9806-24B4C62D42A6}) (Version: 1.3.1.0 - Manticore Games)
Core Epic Installer (HKLM-x32\...\{531451dd-91d4-4b27-a171-1b9c7f325969}) (Version: 1.3.0.0 - Manticore Games) Hidden
Core Temp 1.17.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.17.1 - ALCPU)
CPUID CPU-Z 1.92 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.92 - CPUID, Inc.)
Crash Bandicoot 4 (HKLM-x32\...\Crash Bandicoot 4_is1) (Version: - )
Crossout Launcher 1.0.3.144 (HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\CrossOutLauncher_is1) (Version: - )
Cuphead (HKLM-x32\...\1963513391_is1) (Version: 1.2.4 - GOG.com)
Cuphead (HKLM-x32\...\Cuphead_is1) (Version: - )
CurseForge (HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Overwolf_cchhcaiapeikjbdbpfplgmpobbcdkdaphclbmkbj) (Version: 0.212.3.7035 - Overwolf app)
CZC G GK1000 (HKLM-x32\...\CZC G GK1000) (Version: V1.01n - CZC G GK900)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.12.0.1184 - Disc Soft Ltd)
DCS World OpenBeta (HKLM\...\DCS World OpenBeta_is1) (Version: 2.5 - Eagle Dynamics)
Discord (HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
EA app (HKLM\...\{C2622085-ABD2-49E5-8AB9-D3D6A642C091}) (Version: 12.47.0.5304 - Electronic Arts) Hidden
EA app (HKLM-x32\...\{daaa5ef5-cad5-4ad1-b550-6f3388e65fe0}) (Version: 12.47.0.5304 - Electronic Arts)
Empires of the Undergrowth (HKLM-x32\...\1850642020_is1) (Version: 0.2324 - GOG.com)
Epic Games Launcher (HKLM-x32\...\{209F4B4B-3DF2-4825-9906-D4D6A80EC09E}) (Version: 1.3.0.0 - Epic Games, Inc.)
Epic Online Services (HKLM-x32\...\{32C68D93-D32F-4B01-8250-61642BFC22F8}) (Version: 2.0.28.0 - Epic Games, Inc.)
Epson Easy Photo Print 2 (HKLM-x32\...\{7E0261C4-8495-4365-BE48-647701D8B9BD}) (Version: 2.8.3.0 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{AB8BE3EA-01D3-44B7-8E77-A9601CBDEBDE}) (Version: 3.10.0085 - Seiko Epson Corporation)
EPSON L3050 Series Printer Uninstall (HKLM\...\EPSON L3050 Series) (Version: - Seiko Epson Corporation)
Epson Printer Connection Checker (HKLM-x32\...\{AA6AE72A-371E-4454-9066-3D02BB4BC4E9}) (Version: 3.3.1.0 - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version: - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.04 - SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32\...\{28C66F35-69BF-4376-BC80-4D5F4808FF3C}) (Version: 4.6.1 - Seiko Epson Corporation)
FARO LS 1.1.600.6 (64bit) (HKLM-x32\...\{510A08AF-1649-4844-94E5-EAC43A023685}) (Version: 6.0.6.5 - FARO Scanner Production)
FileZilla Client 3.47.2.1 (HKLM-x32\...\FileZilla Client) (Version: 3.47.2.1 - Tim Kosse)
Floating Sandbox 1.16.7.1 (HKLM\...\{E0EFB81F-319E-4AB2-80D9-38374D454C01}) (Version: 1.16.7.1 - Gabriele Giuseppini)
Gas Station Simulator (HKLM-x32\...\Gas Station Simulator_is1) (Version: - )
GOG GALAXY (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 107.0.5304.107 - Google LLC)
I Am Fish (HKLM-x32\...\I Am Fish_is1) (Version: - )
ImageGlass (HKLM\...\{15872342-C9E9-4C65-9586-35B4EFDB806B}) (Version: 8.6.7.13 - Duong Dieu Phap)
i-Menu version 4.3.6 (HKLM-x32\...\{0121C0BD-363C-4B1D-8B64-FE7681A37D0A}_is1) (Version: 4.3.6 - AOC)
Java(TM) SE Development Kit 17.0.1 (64-bit) (HKLM\...\{7ECAAC8F-FBBE-5265-BBF4-0AC48139FB26}) (Version: 17.0.1.0 - Oracle Corporation)
Kindergarten 2 v1.23 (HKLM-x32\...\tuttop.com Kindergarten 2 v1.23_is1) (Version: 1.23 - tuttop.com)
Kontrola stavu osobního počítače s Windows (HKLM\...\{D1F15F7A-707A-42BD-BE6B-3380616F796D}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 107.0.1418.52 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 107.0.1418.52 - Microsoft Corporation)
Microsoft GameInput (HKLM-x32\...\{B71DA3AB-24EC-9E95-A79B-7B5F92B0CEDD}) (Version: 10.1.22621.1846 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - cs-cz (HKLM\...\ProplusRetail - cs-cz) (Version: 16.0.15726.20202 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 18.151.0729.0013 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\OneDriveSetup.exe) (Version: 22.212.1009.0003 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40660 (HKLM\...\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40660 (HKLM\...\{CB0836EC-B072-368D-82B2-D3470BF95707}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40660 (HKLM-x32\...\{7DAD0258-515C-3DD4-8964-BD714199E0F7}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40660 (HKLM-x32\...\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30139 (HKLM-x32\...\{2c673fb6-3e65-4751-965d-33d30b68a8a6}) (Version: 14.29.30139.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.29.30135 (HKLM-x32\...\{b7a2b241-3f54-4d7d-94d1-8ce0146e03c7}) (Version: 14.29.30135.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.29.30139 (HKLM\...\{7F4A9F52-173F-4B0D-B1EA-269C32EDA827}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.29.30139 (HKLM\...\{A6D3F752-BF11-4D7C-B19C-F6F96A35CF50}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.29.30135 (HKLM-x32\...\{77EB1EA9-8E1B-459D-8CDC-1984D0FF15B6}) (Version: 14.29.30135 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.29.30135 (HKLM-x32\...\{36A1E79B-581A-4FE5-843D-84C2D3C9431E}) (Version: 14.29.30135 - Microsoft Corporation) Hidden
Minecraft Launcher (HKLM-x32\...\{733C3ACB-432D-4880-B0E1-660000D7974D}) (Version: 1.0.0.0 - Mojang)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.9.0 - F.J. Wechselberger)
Newgrounds Player (HKLM-x32\...\{B9735123-2823-49F8-8264-372895D39702}) (Version: 1.0.0 - Newgrounds)
Nova Skin resourcepack version 2 (HKLM-x32\...\{497EF1F8-2F52-45A5-BF36-C6D11773F093}_is1) (Version: 2 - Nova Skin)
NVIDIA FrameView SDK 1.3.8107.31782123 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8107.31782123 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.26.0.154 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.26.0.154 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.39.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.39.16 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 526.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 526.86 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
NVIDIA USBC Driver 1.50.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.50.831.832 - NVIDIA Corporation)
OEM Application Profile (HKLM-x32\...\{84AD2AF7-10C8-0395-66F9-FFAEB4C5DBF1}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15726.20202 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.15726.20202 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.12527.22215 - Microsoft Corporation) Hidden
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.208.1.2 - Overwolf Ltd.)
PDF Architect 9 (HKLM-x32\...\PDF Architect 9) (Version: 9.0.27.2538 - pdfforge GmbH)
PDF Architect 9 Edit Module (HKLM\...\{506451AA-F85D-45CB-865A-636C10931DD8}) (Version: 9.0.28.19771 - pdfforge GmbH) Hidden
PDF Architect 9 OCR Module (HKLM\...\{6A824BC0-872A-456F-991E-B8222937E17C}) (Version: 9.0.28.19771 - pdfforge GmbH) Hidden
PDF Architect 9 OCR TESS Module (HKLM\...\{3CB34A5C-AA27-46BE-8635-9BBC1D27E60B}) (Version: 9.0.28.19771 - pdfforge GmbH) Hidden
PDF Architect 9 View Module (HKLM\...\{FACC2AE6-8B2D-42AE-9A80-BB791422DA6B}) (Version: 9.0.28.19771 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{51D4D10A-490B-40A8-9C2A-853DC279013D}) (Version: 5.0.2 - pdfforge GmbH)
Počítačová aplikace Autodesk (HKLM-x32\...\Autodesk Desktop App) (Version: 8.3.0.71 - Autodesk)
ProFact 5 (HKLM-x32\...\ProFact_is1) (Version: - eXmind)
Project CARS 2 (HKLM-x32\...\Project CARS 2_is1) (Version: - )
PROTECH CD 676 (HKLM-x32\...\{F2BAF0DF-63ED-4BFC-ACA8-21355B235D7F}) (Version: 67.6.0 - PROTECH)
Příručky společnosti EPSON (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.57.0.0 - Seiko Epson Corporation)
PSPad editor (HKLM\...\PSPad editor 64bit_is1) (Version: 5.0.6.589 - Jan Fiala)
PSPad editor (HKLM-x32\...\PSPad editor_is1) (Version: 5.0.4.543 - Jan Fiala)
qBittorrent 4.4.0 (HKLM-x32\...\qBittorrent) (Version: 4.4.0 - The qBittorrent project)
Rayman Origins (HKLM-x32\...\Uplay Install 80) (Version: - Ubisoft)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.66.1083 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.1.5.1 - Rockstar Games)
Screen+ version Screen+ 1.4.2 (HKLM\...\Screen+_is1) (Version: Screen+ 1.4.2 - AOC)
Snowtopia Demo (HKLM-x32\...\1103034679_is1) (Version: 0.9.31.gog - GOG.com)
Snowtopia: Ski Resort Tycoon (HKLM-x32\...\1179524912_is1) (Version: 0.14.27 - GOG.com)
Speciální aplikace Autodesk 2016-2018 (HKLM-x32\...\{384C4B74-B749-4AB6-9367-4D51A6AA9CB8}) (Version: 2.4.0 - Autodesk)
Spotify (HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Spotify) (Version: 1.1.47.684.g136419d9 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Superliminal (HKLM-x32\...\Superliminal_is1) (Version: - )
TAP-Windows 9.24.2 (HKLM\...\TAP-Windows) (Version: 9.24.2 - OpenVPN Technologies, Inc.)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.5.6 - TeamSpeak Systems GmbH)
Tom Clancy's The Division 2 (HKLM-x32\...\Uplay Install 4932) (Version: - Ubisoft)
Total Commander 64+32-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.22 - Ghisler Software GmbH)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 128.0.10632 - Ubisoft)
UE4 Prerequisites (x64) (HKLM\...\{F9EC45F9-074A-48BF-92E9-A8CADD56F693}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{4e242cc8-5e3c-4b08-9d55-dbc62ddd1208}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
UNRAVEL™ two (HKLM-x32\...\{5DB117FE-6F05-40AC-B7A3-5C67641F14C0}) (Version: 1.0.0.1 - Electronic Arts, Inc.)
UrbanVPN (HKLM\...\{62F37AEF-93BF-4E7E-B5B6-97BFEC82BEF5}) (Version: 2.2.9 - Urban Security) Hidden
UrbanVPN (HKLM\...\UrbanVPN 2.2.9) (Version: 2.2.9 - Urban Security)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.10 - VideoLAN)
Wargaming.net Game Center (HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Wargaming.net Game Center) (Version: 22.4.1.367 - Wargaming.net)
WinRAR 5.80 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.80.0 - win.rar GmbH)
World of Tanks EU (HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\WOT.EU.PRODUCTION) (Version: - Wargaming.net)
XGAMER Audio 7.1 (HKLM-x32\...\SSS16xxAudioExt) (Version: 3.21.2018.104 - SADES)

Packages:
=========
Forager -> C:\Program Files\WindowsApps\HumbleBundle.ForagerWin10_1.0.1.2_x64__q2mcdwmzx4qja [2022-02-25] (Humble Bundle)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2022-10-25] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2022-10-25] (Microsoft Corporation) [MS Ad]
Minecraft Dungeons -> C:\Program Files\WindowsApps\Microsoft.Lovika_1.16.2.0_x64__8wekyb3d8bbwe [2022-11-17] (Microsoft Studios)
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.19.3101.0_x64__8wekyb3d8bbwe [2022-10-24] (Microsoft Studios)
Minecraft Launcher -> C:\Program Files\WindowsApps\Microsoft.4297127D64EC6_1.1.28.0_x64__8wekyb3d8bbwe [2022-09-03] (Microsoft Studios)
Minecraft: Java Edition -> C:\Program Files\WindowsApps\Microsoft.MinecraftJavaEdition_1.0.5.0_x64__8wekyb3d8bbwe [2022-11-19] (Microsoft Studios)
Roblox -> C:\Program Files\WindowsApps\ROBLOXCORPORATION.ROBLOX_2.553.620.0_x86__55nm5eh3cm0pr [2022-11-18] (ROBLOX Corporation)
Totally Accurate Battle Simulator -> C:\Program Files\WindowsApps\LandfallGames.TotallyAccurateBattleSimulator_1.0.6239.0_x64__r2vq7k2y0v9ct [2022-11-09] (Landfall Games)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-10-24] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2017-02-03] (Autodesk, Inc -> Autodesk, Inc.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-10-24] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2017-02-03] (Autodesk, Inc -> Autodesk)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-10-24] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1-x32: [MyPhoneExplorer] -> {A372C6DF-7A85-41B1-B3B0-D1E24073DCBF} => C:\Program Files (x86)\MyPhoneExplorer\DLL\ShellMgr.dll [2010-03-30] (F.J. Wechselberger) [File not signed]
ContextMenuHandlers1: [PDFArchitect8_ManagerExt] -> {EC981B88-4DFE-457D-B623-09D6C0E3EE6C} => C:\Program Files\PDF Architect 9\context-menu.dll [2022-10-18] (pdfforge GmbH -> pdfforge GmbH)
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Program Files\PDFCreator\PDFCreatorShell.DLL [2022-10-04] (pdfforge GmbH -> pdfforge GmbH)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2020-04-04] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-10-24] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2020-04-04] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_bd530e4cbd42e0a3\nvshext.dll [2022-11-09] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-10-24] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\system32\StartMenuHelper64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\micha\Desktop\Michal - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\micha\Desktop\Terezka - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) =============

2018-07-15 13:15 - 2018-07-15 13:15 - 003664696 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenuDLL.dll
2018-07-15 13:15 - 2018-07-15 13:15 - 000291128 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\WINDOWS\system32\StartMenuHelper64.dll
2021-10-27 09:36 - 2022-08-02 17:26 - 000181248 _____ (pdfforge GmbH) [File not signed] C:\WINDOWS\System32\pdfcmon.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 05:49 - 2019-03-19 05:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\Control Panel\Desktop\\Wallpaper -> c:\users\micha\desktop\foceni - vanoce 2019\dsc_9982.jpg
DNS Servers: 31.192.72.13 - 10.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "Trust GXT 354 Headset"
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\StartupApproved\Run: => "Gaijin.Net Updater"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{29458DEB-89BE-4F55-B362-0A79FF315AC2}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [TCP Query User{D73F25B8-73D8-4612-9013-00AFC67C6490}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [{C535DEAE-95B1-4EC1-9AE3-90F16FB847B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crash Drive 2\Crash Drive 2.exe () [File not signed]
FirewallRules: [{D00CE7CD-302D-4FC5-9DBD-BF6946EB2BC7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crash Drive 2\Crash Drive 2.exe () [File not signed]
FirewallRules: [UDP Query User{F873DD99-DACE-47FB-ACB7-FAF5D2D438EF}C:\program files\eagle dynamics\dcs world openbeta\bin\dcs_updater.exe] => (Allow) C:\program files\eagle dynamics\dcs world openbeta\bin\dcs_updater.exe (Eagle Dynamics SA -> Eagle Dynamics SA)
FirewallRules: [TCP Query User{A54F25F0-65EF-41E6-9DB2-01F8F95FD1E9}C:\program files\eagle dynamics\dcs world openbeta\bin\dcs_updater.exe] => (Allow) C:\program files\eagle dynamics\dcs world openbeta\bin\dcs_updater.exe (Eagle Dynamics SA -> Eagle Dynamics SA)
FirewallRules: [UDP Query User{446488F3-6A65-4A40-84ED-6D7DD85BC5F2}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [TCP Query User{0A1E29E9-17F5-49FA-831C-74E987176127}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [{54446129-352F-4716-A57E-817CFBE15A09}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{45E25852-2436-49B6-8730-460ABC3C1F32}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{864198A2-5A02-402B-BFBE-2A6092CE7CBA}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{89CCDD86-5ABB-49F9-ADA2-3AA16A9C0DFA}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{D790B858-A34F-48F3-BAB6-30E18C8B86A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe (Valve -> Valve)
FirewallRules: [{E45CB1FF-8765-4764-B6E5-03B0CFB43CD0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe (Valve -> Valve)
FirewallRules: [UDP Query User{11C83DD6-66C1-4B2A-95B9-F5595BAAE73F}C:\users\micha\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\micha\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{36435545-4B21-4506-82B2-85572F619B25}C:\users\micha\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\micha\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{DBF5FAC2-3ED8-4AB7-A39F-2F9A785F9F5A}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> TODO: <Company name>)
FirewallRules: [TCP Query User{975D2953-97C3-42CD-98A5-83734BE1D7B2}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> TODO: <Company name>)
FirewallRules: [{E1397ADB-175E-4CD9-B12F-39A92FBF12B3}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{3114659E-1964-4B01-88CD-D008340CB6FA}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{0356A693-A394-4772-B76B-BF4C327CF3EE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{8E292D98-5399-4BC6-8E9D-0B1CB269BB82}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{0586D70B-5F9B-4AE4-905B-6D8A0EB68614}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{6C369FD2-5CA0-46A5-AE4C-89BC129BAD00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{04EE9578-4475-4C45-8938-31CFCAC72E37}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{1422F21A-0FE6-4E04-8608-E0AB2E1E74A0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{59EC471F-33CD-4B0E-8E0A-29665C636ADF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve Corp. -> )
FirewallRules: [{B908D25C-2BCF-4188-BD0F-E397AC0F6BEF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve Corp. -> )
FirewallRules: [{0A77FFB5-C2E5-4D61-B0A6-F50C26917801}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe => No File
FirewallRules: [{3DDF4574-0231-4AB2-8264-9943794F7292}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe => No File
FirewallRules: [TCP Query User{EDB90044-B689-459D-A928-70A8E53D2179}C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe
FirewallRules: [UDP Query User{10816914-AC23-4957-AFA6-FF812C9B1605}C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe
FirewallRules: [TCP Query User{D941A9B7-F0DD-4690-9B9E-BA858CBD8690}C:\program files\eagle dynamics\dcs world openbeta\bin\dcs.exe] => (Allow) C:\program files\eagle dynamics\dcs world openbeta\bin\dcs.exe (Eagle Dynamics SA -> Eagle Dynamics)
FirewallRules: [UDP Query User{E3FF217D-D5A2-4FBB-9AA2-46E08FD69504}C:\program files\eagle dynamics\dcs world openbeta\bin\dcs.exe] => (Allow) C:\program files\eagle dynamics\dcs world openbeta\bin\dcs.exe (Eagle Dynamics SA -> Eagle Dynamics)
FirewallRules: [TCP Query User{37E4D05E-2ADF-410A-B96A-4FE1603EB75E}L:\downloads\wobbly.life.build 5917938\wobbly.life.build 5917938\wobbly life.exe] => (Allow) L:\downloads\wobbly.life.build 5917938\wobbly.life.build 5917938\wobbly life.exe () [File not signed]
FirewallRules: [UDP Query User{41A171F7-2F8E-4D4F-95D8-B31FB070B856}L:\downloads\wobbly.life.build 5917938\wobbly.life.build 5917938\wobbly life.exe] => (Allow) L:\downloads\wobbly.life.build 5917938\wobbly.life.build 5917938\wobbly life.exe () [File not signed]
FirewallRules: [{D7CD4EE0-8A58-464F-ACCA-A17B2148C55D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Raft\Raft.exe () [File not signed]
FirewallRules: [{B11CE916-FDDE-436A-B8EF-79A0AF4B214D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Raft\Raft.exe () [File not signed]
FirewallRules: [TCP Query User{C55AC7D3-0136-4931-8E8E-F9483277C5DA}L:\downloads\untitled.goose.game.v1.1.4\untitled.goose.game.v1.1.4\untitled.exe] => (Block) L:\downloads\untitled.goose.game.v1.1.4\untitled.goose.game.v1.1.4\untitled.exe () [File not signed]
FirewallRules: [UDP Query User{816377DE-18B1-4961-BDD4-D474969DCFA6}L:\downloads\untitled.goose.game.v1.1.4\untitled.goose.game.v1.1.4\untitled.exe] => (Block) L:\downloads\untitled.goose.game.v1.1.4\untitled.goose.game.v1.1.4\untitled.exe () [File not signed]
FirewallRules: [TCP Query User{F00BAB0A-4A0E-420B-90BC-3CC38FF11BDE}C:\program files (x86)\minecraft launcher\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe
FirewallRules: [UDP Query User{0130D317-847E-4D30-B195-B52A0FD1AC39}C:\program files (x86)\minecraft launcher\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe
FirewallRules: [{5EB038E2-3D18-44B7-8E96-890B39F3E827}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Thrive\Thrive Launcher.exe (Revolutionary Games) [File not signed]
FirewallRules: [{68A4ADEA-1C84-4789-A697-CB2D3B816771}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Thrive\Thrive Launcher.exe (Revolutionary Games) [File not signed]
FirewallRules: [TCP Query User{45ED595B-3318-4527-A16E-AE92F97115E2}L:\downloads\wobbly.life.v0.7.1\wobbly life.exe] => (Allow) L:\downloads\wobbly.life.v0.7.1\wobbly life.exe () [File not signed]
FirewallRules: [UDP Query User{F9D771D3-D794-453C-A170-D06223863C87}L:\downloads\wobbly.life.v0.7.1\wobbly life.exe] => (Allow) L:\downloads\wobbly.life.v0.7.1\wobbly life.exe () [File not signed]
FirewallRules: [{9561CBB4-7CD3-4A3F-BD3B-6578D946570C}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Rayman Origins\Rayman Origins.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [{72ECBBE5-8F9F-4A97-A7BF-C49729ADFABF}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Rayman Origins\Rayman Origins.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [TCP Query User{BCC952E8-88D5-462B-A31F-88AAAA2CD4C9}L:\downloads\deeeer.simulator.v6.3.1\deeeer simulator.exe] => (Allow) L:\downloads\deeeer.simulator.v6.3.1\deeeer simulator.exe () [File not signed]
FirewallRules: [UDP Query User{5F02E16D-3283-4B5A-A892-B478B3808213}L:\downloads\deeeer.simulator.v6.3.1\deeeer simulator.exe] => (Allow) L:\downloads\deeeer.simulator.v6.3.1\deeeer simulator.exe () [File not signed]
FirewallRules: [TCP Query User{70860165-FC28-4A9A-9549-72643AF82E96}L:\downloads\powerwash.simulator.v0.5.1\powerwashsimulator.exe] => (Allow) L:\downloads\powerwash.simulator.v0.5.1\powerwashsimulator.exe () [File not signed]
FirewallRules: [UDP Query User{06F8E3AC-4E9E-4F99-BC5F-B91E1909A464}L:\downloads\powerwash.simulator.v0.5.1\powerwashsimulator.exe] => (Allow) L:\downloads\powerwash.simulator.v0.5.1\powerwashsimulator.exe () [File not signed]
FirewallRules: [{D7E833B6-8C9E-4F53-ADCC-237CC74140B5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Builder Simulator Demo\PWLauncherBootstrapper.exe (XENO-PC\Xeno -> PWay Sp. z o.o.) [File not signed]
FirewallRules: [{92558988-B934-43A7-8992-25F6DB7CD255}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Builder Simulator Demo\PWLauncherBootstrapper.exe (XENO-PC\Xeno -> PWay Sp. z o.o.) [File not signed]
FirewallRules: [TCP Query User{0E856306-59C5-43ED-BBAB-5A6C6358A2EC}L:\games\i am fish\iamfish.exe] => (Block) L:\games\i am fish\iamfish.exe () [File not signed]
FirewallRules: [UDP Query User{7605C579-E973-4947-92C4-BE006BC64FF1}L:\games\i am fish\iamfish.exe] => (Block) L:\games\i am fish\iamfish.exe () [File not signed]
FirewallRules: [{B2DA71DE-1615-440A-BEB4-9A465F176CF0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Among Us\Among Us.exe () [File not signed]
FirewallRules: [{3930353B-5ACC-46D7-BFB3-5ABDF047A43B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Among Us\Among Us.exe () [File not signed]
FirewallRules: [{01DF4354-EA13-4B39-A5E2-D851CA21DEAE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PlagueInc\PlagueIncEvolved.exe () [File not signed]
FirewallRules: [{83AC1B05-9D39-4B0B-9721-60909619376E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PlagueInc\PlagueIncEvolved.exe () [File not signed]
FirewallRules: [TCP Query User{7D120729-8247-46E1-A96C-2897BE827323}L:\games\astroneer.v1.18.68.0\astro\binaries\win64\astro-win64-shipping.exe] => (Block) L:\games\astroneer.v1.18.68.0\astro\binaries\win64\astro-win64-shipping.exe (System Era Softworks) [File not signed]
FirewallRules: [UDP Query User{55274E68-151E-453B-BF06-F07E61CCE6E0}L:\games\astroneer.v1.18.68.0\astro\binaries\win64\astro-win64-shipping.exe] => (Block) L:\games\astroneer.v1.18.68.0\astro\binaries\win64\astro-win64-shipping.exe (System Era Softworks) [File not signed]
FirewallRules: [{D5E9125B-F4C3-4BE3-9C39-4327635141A9}] => (Allow) L:\SteamLibrary\steamapps\common\Rock of Ages III Make & Break\ROA3.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{1DBD88C5-F55B-403D-9D47-7509BA2B3F50}] => (Allow) L:\SteamLibrary\steamapps\common\Rock of Ages III Make & Break\ROA3.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [TCP Query User{82293978-6754-445C-9C19-4517C53B2CBE}L:\steamlibrary\steamapps\common\rock of ages iii make & break\roa3\binaries\win64\roa3-win64-shipping.exe] => (Allow) L:\steamlibrary\steamapps\common\rock of ages iii make & break\roa3\binaries\win64\roa3-win64-shipping.exe (ACE Team) [File not signed]
FirewallRules: [UDP Query User{6D4F340F-CC84-441A-8F08-7F597798B806}L:\steamlibrary\steamapps\common\rock of ages iii make & break\roa3\binaries\win64\roa3-win64-shipping.exe] => (Allow) L:\steamlibrary\steamapps\common\rock of ages iii make & break\roa3\binaries\win64\roa3-win64-shipping.exe (ACE Team) [File not signed]
FirewallRules: [{FB08CC40-5BB2-4929-AE72-E844CAA9BC4C}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{73AFC565-A221-4AF4-8B01-BF38A7E3AAFD}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [TCP Query User{3E1A716A-73A8-4971-82E0-3292C49B152E}L:\downloads\superliminal\superliminal.exe] => (Block) L:\downloads\superliminal\superliminal.exe () [File not signed]
FirewallRules: [UDP Query User{6C09B28E-8BF2-419B-8B46-19F6B2DAAC55}L:\downloads\superliminal\superliminal.exe] => (Block) L:\downloads\superliminal\superliminal.exe () [File not signed]
FirewallRules: [{887E5316-A9BD-460F-B213-61A3DD57E396}] => (Allow) L:\SteamLibrary\steamapps\common\Kerbal Space Program\KSP_x64.exe (Take-Two Interactive Software, Inc. -> )
FirewallRules: [{6AA2F05C-B390-46DC-9D2A-3AB006261BE6}] => (Allow) L:\SteamLibrary\steamapps\common\Kerbal Space Program\KSP_x64.exe (Take-Two Interactive Software, Inc. -> )
FirewallRules: [{A4F2B005-89AB-41F1-8F41-F596CDCADBC8}] => (Allow) L:\SteamLibrary\steamapps\common\Fat Baby\Fat baby.exe () [File not signed]
FirewallRules: [{1AC4CB70-2406-4DC8-BB08-9AFFDE94FC12}] => (Allow) L:\SteamLibrary\steamapps\common\Fat Baby\Fat baby.exe () [File not signed]
FirewallRules: [{68C1325C-7C3E-47E7-8B2E-A83D571D67FA}] => (Allow) L:\SteamLibrary\steamapps\common\Wobbly Life\Wobbly Life.exe (Unity Technologies ApS) [File not signed]
FirewallRules: [{4C2AA51F-46E3-4489-B00C-2D5B089EEE79}] => (Allow) L:\SteamLibrary\steamapps\common\Wobbly Life\Wobbly Life.exe (Unity Technologies ApS) [File not signed]
FirewallRules: [TCP Query User{F1BE06E4-5622-4761-B9FA-496F3C93E3EA}C:\users\micha\curseforge\minecraft\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\users\micha\curseforge\minecraft\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [UDP Query User{31CDE955-BC24-491A-89D0-0BD4AC1B4B34}C:\users\micha\curseforge\minecraft\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\users\micha\curseforge\minecraft\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [{ED21F7B5-C7C6-4DE2-8131-044A5F38C7AE}] => (Allow) L:\SteamLibrary\steamapps\common\Slime Rancher\SlimeRancher.exe () [File not signed]
FirewallRules: [{35553D72-31B7-4640-8FD1-E4E099F2862C}] => (Allow) L:\SteamLibrary\steamapps\common\Slime Rancher\SlimeRancher.exe () [File not signed]
FirewallRules: [TCP Query User{CBA75151-CD05-4556-A4C2-47B3C4034E44}C:\users\micha\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe] => (Allow) C:\users\micha\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe
FirewallRules: [UDP Query User{C012ED2B-A45E-4B0F-91F3-11B38F8D9C6B}C:\users\micha\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe] => (Allow) C:\users\micha\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe
FirewallRules: [{B20ED7C1-4DC5-4C0E-BB7F-FA796742B8B3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Builder Simulator Demo\Builder Simulator.exe () [File not signed]
FirewallRules: [{27433D62-6D09-436E-97E3-C80F1CC17D29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Builder Simulator Demo\Builder Simulator.exe () [File not signed]
FirewallRules: [TCP Query User{C526C79D-2F23-4659-8886-74EB1217C5BA}L:\xboxgames\kill it with fire\content\kani\binaries\wingdk\kani-wingdk-shipping.exe] => (Allow) L:\xboxgames\kill it with fire\content\kani\binaries\wingdk\kani-wingdk-shipping.exe (Access Denied) [File not signed]
FirewallRules: [UDP Query User{2B813FC4-335F-4364-A51B-96934E86E050}L:\xboxgames\kill it with fire\content\kani\binaries\wingdk\kani-wingdk-shipping.exe] => (Allow) L:\xboxgames\kill it with fire\content\kani\binaries\wingdk\kani-wingdk-shipping.exe (Access Denied) [File not signed]
FirewallRules: [TCP Query User{5398BB7F-69A6-413A-ABA0-D9CFD9C06102}L:\xboxgames\gang beasts\content\gang beasts.exe] => (Allow) L:\xboxgames\gang beasts\content\gang beasts.exe (Access Denied) [File not signed]
FirewallRules: [UDP Query User{4CE251E0-D80C-4B9F-AEBC-560ECD797F9F}L:\xboxgames\gang beasts\content\gang beasts.exe] => (Allow) L:\xboxgames\gang beasts\content\gang beasts.exe (Access Denied) [File not signed]
FirewallRules: [TCP Query User{1B203524-5397-4260-9EA2-E79C28F696BF}L:\downloads\turmoil.v3.0.39\turmoil.v3.0.39\turmoil.exe] => (Allow) L:\downloads\turmoil.v3.0.39\turmoil.v3.0.39\turmoil.exe () [File not signed]
FirewallRules: [UDP Query User{7729F747-4D8C-43A7-BC5D-C26A526AB26C}L:\downloads\turmoil.v3.0.39\turmoil.v3.0.39\turmoil.exe] => (Allow) L:\downloads\turmoil.v3.0.39\turmoil.v3.0.39\turmoil.exe () [File not signed]
FirewallRules: [TCP Query User{6891DA4E-A682-4013-AC9F-93F1F41538A1}L:\xboxgames\human fall flat\content\humanfallflat.exe] => (Block) L:\xboxgames\human fall flat\content\humanfallflat.exe (Access Denied) [File not signed]
FirewallRules: [UDP Query User{981D95FE-1B8B-4E50-9157-16E1841EFD0B}L:\xboxgames\human fall flat\content\humanfallflat.exe] => (Block) L:\xboxgames\human fall flat\content\humanfallflat.exe (Access Denied) [File not signed]
FirewallRules: [TCP Query User{1AEA2C90-34CF-4A28-8A8B-DECE34231209}C:\users\micha\appdata\local\crossout\launcher.exe] => (Allow) C:\users\micha\appdata\local\crossout\launcher.exe (Gaijin Network LTD -> Gaijin)
FirewallRules: [UDP Query User{CBD697BB-8858-43F9-8DEA-E68395D8B415}C:\users\micha\appdata\local\crossout\launcher.exe] => (Allow) C:\users\micha\appdata\local\crossout\launcher.exe (Gaijin Network LTD -> Gaijin)
FirewallRules: [{BBB18066-1A62-4B6F-AEA7-09012086A685}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mafia Definitive Edition\2KLauncher\LauncherPatcher.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.)
FirewallRules: [{23E7748A-E81A-4D11-8B2C-50BEC02C3E01}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mafia Definitive Edition\2KLauncher\LauncherPatcher.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.)
FirewallRules: [{FFED7C2C-8DFD-4B87-AB1E-363287DA7B00}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DFC43BAF-88F3-432F-8B96-EFD44F22E75D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9FEBE6DF-8741-45B6-9D50-1902184F120F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2C828F30-3503-4FF6-8558-8311BAA735E7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{68320D8A-6F97-411F-8955-B5800497F558}L:\downloads\mon.bazou.v0.256\mon.bazou.v0.256\monbazou\mon bazou.exe] => (Allow) L:\downloads\mon.bazou.v0.256\mon.bazou.v0.256\monbazou\mon bazou.exe () [File not signed]
FirewallRules: [UDP Query User{1E6F081F-E513-42C0-89FA-23B782AD3A98}L:\downloads\mon.bazou.v0.256\mon.bazou.v0.256\monbazou\mon bazou.exe] => (Allow) L:\downloads\mon.bazou.v0.256\mon.bazou.v0.256\monbazou\mon bazou.exe () [File not signed]
FirewallRules: [TCP Query User{CA702105-D56F-499F-95AB-CA71697C4C0D}L:\downloads\the.planet.crafter\planet crafter.exe] => (Allow) L:\downloads\the.planet.crafter\planet crafter.exe () [File not signed]
FirewallRules: [UDP Query User{840E18C3-0704-49A1-96F4-181A626B6797}L:\downloads\the.planet.crafter\planet crafter.exe] => (Allow) L:\downloads\the.planet.crafter\planet crafter.exe () [File not signed]
FirewallRules: [{59D404D5-8728-49AB-9E06-51D26700D695}] => (Allow) L:\SteamLibrary\steamapps\common\Aquarist Demo\Aquarist.exe () [File not signed]
FirewallRules: [{A96A6F90-7DD2-4995-88AA-0F956DB33A2C}] => (Allow) L:\SteamLibrary\steamapps\common\Aquarist Demo\Aquarist.exe () [File not signed]
FirewallRules: [{D2DBB5FE-E8B9-4ED4-AA67-937B6DDC8AB5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MonBazou\Mon Bazou.exe () [File not signed]
FirewallRules: [{851C3AE4-EC50-4BE6-BB77-4E72493806F5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MonBazou\Mon Bazou.exe () [File not signed]
FirewallRules: [TCP Query User{1E0AE19E-20F1-443B-906D-065238976E49}L:\downloads\feed.and.grow.fish.v0.14.3.5\feed and grow.exe] => (Allow) L:\downloads\feed.and.grow.fish.v0.14.3.5\feed and grow.exe () [File not signed]
FirewallRules: [UDP Query User{50D93168-8FA5-49AA-BABE-A5A8F88B3486}L:\downloads\feed.and.grow.fish.v0.14.3.5\feed and grow.exe] => (Allow) L:\downloads\feed.and.grow.fish.v0.14.3.5\feed and grow.exe () [File not signed]
FirewallRules: [{BC45F458-DEB7-4E71-8941-1742EE09E829}] => (Allow) L:\Downloads\UnravelTwo\UnravelTwo.exe (Coldwood Interactive AB -> Coldwood Interactive AB)
FirewallRules: [{4A30FB60-8369-40E0-906C-38AB2F7DF5FA}] => (Allow) L:\Downloads\UnravelTwo\UnravelTwo.exe (Coldwood Interactive AB -> Coldwood Interactive AB)
FirewallRules: [{3B90E320-F8B7-429E-99E6-314F048244CD}] => (Allow) L:\Downloads\UnravelTwo\UnravelTwo_trial.exe (Coldwood Interactive AB -> Coldwood Interactive AB)
FirewallRules: [{D368F37B-76C3-43B0-B0FD-F5AF2D450029}] => (Allow) L:\Downloads\UnravelTwo\UnravelTwo_trial.exe (Coldwood Interactive AB -> Coldwood Interactive AB)
FirewallRules: [{DCDA16F5-1AB3-4585-B939-34DA43598E9B}] => (Allow) L:\SteamLibrary\steamapps\common\Aquarist Demo\PWLauncherBootstrapper.exe (PWay Sp. z o.o.) [File not signed]
FirewallRules: [{592253A9-C2A2-4767-B3BF-DE9B0254A0FC}] => (Allow) L:\SteamLibrary\steamapps\common\Aquarist Demo\PWLauncherBootstrapper.exe (PWay Sp. z o.o.) [File not signed]
FirewallRules: [{2E8D51BF-5717-4012-BC0A-557AD5122175}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\House Builder Demo\PWLauncherBootstrapper.exe (PWay Sp. z o.o.) [File not signed]
FirewallRules: [{253299C3-BD33-41BB-971A-81703FF02A3A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\House Builder Demo\PWLauncherBootstrapper.exe (PWay Sp. z o.o.) [File not signed]
FirewallRules: [TCP Query User{9D9F2F4E-88B8-4E22-AADB-5A99589DB433}L:\games\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) L:\games\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{3A4B7A22-EC59-4D80-A5BA-66B42386D2F1}L:\games\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) L:\games\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{6E02E418-AA6F-4C92-9374-FFAA59441B23}L:\downloads\shotgun.king.the.final.checkmate.v1.244\shotgun_king.exe] => (Block) L:\downloads\shotgun.king.the.final.checkmate.v1.244\shotgun_king.exe () [File not signed]
FirewallRules: [UDP Query User{CD0D9E68-D68A-453C-A9EB-6B166701345C}L:\downloads\shotgun.king.the.final.checkmate.v1.244\shotgun_king.exe] => (Block) L:\downloads\shotgun.king.the.final.checkmate.v1.244\shotgun_king.exe () [File not signed]
FirewallRules: [{2F698A77-BA23-4B6C-9E39-3AB00712D141}] => (Allow) L:\SteamLibrary\steamapps\common\Totally Reliable Delivery Service\Totally Reliable Delivery Service.exe () [File not signed]
FirewallRules: [{DEDCE339-7914-48FF-A935-F774F7D0F667}] => (Allow) L:\SteamLibrary\steamapps\common\Totally Reliable Delivery Service\Totally Reliable Delivery Service.exe () [File not signed]
FirewallRules: [{61C77ED8-359C-49A2-BAE9-7042AE301115}] => (Allow) L:\SteamLibrary\steamapps\common\Toilet Chronicles\ToiletChronicles.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{77563C0C-B28D-4E56-98D2-9925DBECE044}] => (Allow) L:\SteamLibrary\steamapps\common\Toilet Chronicles\ToiletChronicles.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [TCP Query User{57023810-2F26-4628-B0D6-79A7505BB914}L:\downloads\cult of the lamb\cult of the lamb.exe] => (Allow) L:\downloads\cult of the lamb\cult of the lamb.exe () [File not signed]
FirewallRules: [UDP Query User{25FAEDB6-0F8B-43CC-B6E6-2710E6889A77}L:\downloads\cult of the lamb\cult of the lamb.exe] => (Allow) L:\downloads\cult of the lamb\cult of the lamb.exe () [File not signed]
FirewallRules: [{B85E4058-CFD6-4F39-961D-90E6963E4193}] => (Allow) L:\SteamLibrary\steamapps\common\Toadled\ToadledWindows.exe () [File not signed]
FirewallRules: [{A74B3AAB-4981-4778-A3FE-EB6E86A2F198}] => (Allow) L:\SteamLibrary\steamapps\common\Toadled\ToadledWindows.exe () [File not signed]
FirewallRules: [{FF5F70A8-DB4F-4EDD-A346-98C8AA0E687E}] => (Allow) L:\SteamLibrary\steamapps\common\RoboBunnies In Space\RoboBunniesInSpace.exe () [File not signed]
FirewallRules: [{9FB7769A-775F-4556-9E86-044FAF5824AF}] => (Allow) L:\SteamLibrary\steamapps\common\RoboBunnies In Space\RoboBunniesInSpace.exe () [File not signed]
FirewallRules: [{2C347C8D-86E0-4DDD-BD0D-A3782FEF06A9}] => (Allow) L:\SteamLibrary\steamapps\common\Evil Glitch\EvilGlitch.exe (GitHub, Inc.) [File not signed]
FirewallRules: [{195B5849-856F-428A-BB0D-B476E3435074}] => (Allow) L:\SteamLibrary\steamapps\common\Evil Glitch\EvilGlitch.exe (GitHub, Inc.) [File not signed]
FirewallRules: [TCP Query User{516191BA-DBEC-4FAF-9946-4711EAAEC309}L:\downloads\space.scavenger.creative.mode-goldberg\space.scavenger.creative.mode-goldberg\space scavenger.exe] => (Block) L:\downloads\space.scavenger.creative.mode-goldberg\space.scavenger.creative.mode-goldberg\space scavenger.exe () [File not signed]
FirewallRules: [UDP Query User{59E65718-8887-47CD-96D5-310FD61FE906}L:\downloads\space.scavenger.creative.mode-goldberg\space.scavenger.creative.mode-goldberg\space scavenger.exe] => (Block) L:\downloads\space.scavenger.creative.mode-goldberg\space.scavenger.creative.mode-goldberg\space scavenger.exe () [File not signed]
FirewallRules: [{81A9DA2F-FD87-4391-B65E-40D79423B2E2}] => (Allow) L:\SteamLibrary\steamapps\common\Bloons TD Battles 2\btdb2_game.exe (Ninja Kiwi Ltd.) [File not signed]
FirewallRules: [{29405DEF-F4BC-4A43-8B6E-7CC80609366E}] => (Allow) L:\SteamLibrary\steamapps\common\Bloons TD Battles 2\btdb2_game.exe (Ninja Kiwi Ltd.) [File not signed]
FirewallRules: [{9CD9235C-C999-46B4-8631-C1D39FD8A7E8}] => (Allow) L:\SteamLibrary\steamapps\common\BloonsTD6\BloonsTD6.exe () [File not signed]
FirewallRules: [{7E41DDFE-57B4-45C8-B5F5-B1B0247EF4BB}] => (Allow) L:\SteamLibrary\steamapps\common\BloonsTD6\BloonsTD6.exe () [File not signed]
FirewallRules: [{E127B333-F0E6-4725-82E4-A618C830930F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Whos Your Daddy\Classic\WhosYourDaddy.exe () [File not signed]
FirewallRules: [{E74FB68B-1AB4-48BB-AEEB-EF251C561118}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Whos Your Daddy\Classic\WhosYourDaddy.exe () [File not signed]
FirewallRules: [{AAD7A0A6-A98B-4756-8EF3-E431F797F72F}] => (Allow) C:\Program Files (x86)\Common Files\Aladdin Shared\HASP\hasplms.exe (Thales DIS CPL USA, Inc. -> Thales Group)
FirewallRules: [TCP Query User{C344E2D7-4B64-4821-BCE3-F336029A93C2}L:\downloads\doodle god\doodle god universe demo.exe] => (Allow) L:\downloads\doodle god\doodle god universe demo.exe () [File not signed]
FirewallRules: [UDP Query User{A58E2B62-54A6-449F-AB25-EE67D9D44B81}L:\downloads\doodle god\doodle god universe demo.exe] => (Allow) L:\downloads\doodle god\doodle god universe demo.exe () [File not signed]
FirewallRules: [TCP Query User{CF9A70CF-C2BB-4A61-A2DE-C43808CFFC76}L:\downloads\the.wandering.village.v0.1.33\wanderingvillage.exe] => (Block) L:\downloads\the.wandering.village.v0.1.33\wanderingvillage.exe () [File not signed]
FirewallRules: [UDP Query User{F7E16266-E721-4094-B7ED-C60E05D2815A}L:\downloads\the.wandering.village.v0.1.33\wanderingvillage.exe] => (Block) L:\downloads\the.wandering.village.v0.1.33\wanderingvillage.exe () [File not signed]
FirewallRules: [TCP Query User{A0F31908-0AA4-4918-A50D-C3D52156B3BA}L:\downloads\wargaming.net\gamecenter\wgc.exe] => (Allow) L:\downloads\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{4B05A387-D111-4438-8F06-394FDB23374A}L:\downloads\wargaming.net\gamecenter\wgc.exe] => (Allow) L:\downloads\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [TCP Query User{501B3C2F-61F4-4289-A963-D83801128738}L:\games\world_of_tanks_eu\win64\worldoftanks.exe] => (Allow) L:\games\world_of_tanks_eu\win64\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{8A76BF94-4C0D-4E28-A2E0-E29D32978136}L:\games\world_of_tanks_eu\win64\worldoftanks.exe] => (Allow) L:\games\world_of_tanks_eu\win64\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{51F9A459-0561-48C9-9031-30BB6A4B90A4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{0CA6B13D-C036-422F-AD8B-257BB1733E14}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{B60CC01D-1EE8-4AC0-91D1-B2993D535B91}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{7996D172-8295-4525-B96C-E8082649633B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{D5F722C2-5028-4C22-9EB3-0B544708B1E5}C:\windows\temp\files\bin\kmss.exe] => (Allow) C:\windows\temp\files\bin\kmss.exe => No File
FirewallRules: [UDP Query User{65739AAB-A55E-43AC-B6ED-428C5C6A7576}C:\windows\temp\files\bin\kmss.exe] => (Allow) C:\windows\temp\files\bin\kmss.exe => No File
FirewallRules: [{BEC8CA2B-642A-4C93-A84E-7FD8C6BFD325}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{F227DC9C-6F11-4757-9605-00E5F6855360}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{977EFF52-927F-4BC2-B864-1257474A16E6}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{96EED623-C06E-4F7E-8EA5-7A6DAA99CCE0}L:\downloads\crash bandicoot 4\lava\binaries\win64\crashbandicoot4.exe] => (Block) L:\downloads\crash bandicoot 4\lava\binaries\win64\crashbandicoot4.exe (Activision Publishing) [File not signed]
FirewallRules: [UDP Query User{946B9CFB-3FF7-417E-ACF0-4EF8F2DF3D9D}L:\downloads\crash bandicoot 4\lava\binaries\win64\crashbandicoot4.exe] => (Block) L:\downloads\crash bandicoot 4\lava\binaries\win64\crashbandicoot4.exe (Activision Publishing) [File not signed]
FirewallRules: [{8374F70F-CEA7-47DE-91D2-AF57F172F0E4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Whos Your Daddy\Remake\WhosYourDaddy.exe () [File not signed]
FirewallRules: [{8F5E94C6-8D4A-4C7C-B036-1D67CEB9C553}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Whos Your Daddy\Remake\WhosYourDaddy.exe () [File not signed]
FirewallRules: [{D76EB744-3DB2-447D-94D3-2348651742FC}] => (Allow) L:\SteamLibrary\steamapps\common\Kerbal Space Program\PDLauncher\LauncherPatcher.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.)
FirewallRules: [{2EC8DC50-A137-420B-A81E-AE6B43B655BF}] => (Allow) L:\SteamLibrary\steamapps\common\Kerbal Space Program\PDLauncher\LauncherPatcher.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.)
FirewallRules: [TCP Query User{36202B76-F12A-42BB-BA94-705081339BD7}L:\downloads\dont.starve.together.v522521\game\bin\dontstarve_steam.exe] => (Block) L:\downloads\dont.starve.together.v522521\game\bin\dontstarve_steam.exe => No File
FirewallRules: [UDP Query User{21BECE4E-3136-4D11-929B-86DF98CE9AED}L:\downloads\dont.starve.together.v522521\game\bin\dontstarve_steam.exe] => (Block) L:\downloads\dont.starve.together.v522521\game\bin\dontstarve_steam.exe => No File
FirewallRules: [TCP Query User{91E97C76-0FD0-4E5C-A105-31B906D45E34}L:\downloads\dont.starve.together.v522521\game\bin64\dontstarve_steam_x64.exe] => (Allow) L:\downloads\dont.starve.together.v522521\game\bin64\dontstarve_steam_x64.exe => No File
FirewallRules: [UDP Query User{13A91FD5-C6FF-4E5B-AB68-68F80347A1A1}L:\downloads\dont.starve.together.v522521\game\bin64\dontstarve_steam_x64.exe] => (Allow) L:\downloads\dont.starve.together.v522521\game\bin64\dontstarve_steam_x64.exe => No File
FirewallRules: [{36CA83F2-1470-4A2B-BFB5-60A53EBB7B83}] => (Allow) L:\SteamLibrary\steamapps\common\Don't Starve Together\bin64\dontstarve_steam_x64.exe () [File not signed]
FirewallRules: [{2D493646-197D-4656-99E9-2DEF3805D92C}] => (Allow) L:\SteamLibrary\steamapps\common\Don't Starve Together\bin64\dontstarve_steam_x64.exe () [File not signed]
FirewallRules: [{8964ED8C-3647-4573-A83F-6BC6ED8142D2}] => (Allow) L:\SteamLibrary\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe () [File not signed]
FirewallRules: [{9F4A2AB3-6490-44BF-9BF6-9FE93AAC5D0D}] => (Allow) L:\SteamLibrary\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe () [File not signed]
FirewallRules: [{9DE5AF6B-8316-46A0-A444-712C9B3FEC39}] => (Allow) C:\Program Files (x86)\Overwolf\0.204.2.2\OverwolfBrowser.exe => No File
FirewallRules: [{C93E0725-7E77-4F00-B162-749BE0591AC8}] => (Allow) C:\Program Files (x86)\Overwolf\0.204.2.2\OverwolfBrowser.exe => No File
FirewallRules: [{AB3E1717-DBAB-4C04-B476-B6A395F25833}] => (Block) C:\Program Files (x86)\Overwolf\0.204.2.2\OverwolfBrowser.exe => No File
FirewallRules: [{A7B8BF7B-3EF8-45F3-82CE-D7357C0B93DF}] => (Block) C:\Program Files (x86)\Overwolf\0.204.2.2\OverwolfBrowser.exe => No File
FirewallRules: [{A2084A57-B60E-49D6-9BE2-6F4484B68858}] => (Allow) C:\Program Files (x86)\Overwolf\0.208.1.2\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{D40BC4FE-9BA4-443B-A90C-FC45A777129D}] => (Allow) C:\Program Files (x86)\Overwolf\0.208.1.2\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{6BA8406D-5DEA-4382-BCA7-A71E356B0714}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{A48FD8E8-8785-4DC4-A4E1-D35BBCA6DEBE}] => (Allow) C:\Program Files\UrbanVPN\bin\urbanvpn.exe (Urban Cyber Security Inc. -> Urban Cyber Security Inc.)
FirewallRules: [{D71A2095-74F3-4534-A982-2D6D38CF1832}] => (Allow) C:\WINDOWS\SysWOW64\TCPSVCS.EXE (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{D7B64F9B-28FE-4AAF-8061-29C28D0B0349}] => (Allow) C:\Users\micha\AppData\Roaming\.minecraft\resourcepacks\novaskin\bin\node.exe (Joyent, Inc -> Joyent, Inc)
FirewallRules: [{1D1DF0BD-219B-4322-8F5A-DD1FA35CAC39}] => (Allow) C:\Users\micha\AppData\Roaming\.minecraft\resourcepacks\novaskin\bin\node.exe (Joyent, Inc -> Joyent, Inc)
FirewallRules: [{1F3A3F35-E6DA-4FCA-95FF-50D460896510}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\107.0.1418.52\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================


==================== Faulty Device Manager Devices ============

Name: Scp Virtual Bus Driver
Description: Scp Virtual Bus Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Nefarius Software Solutions
Service: ScpVBus
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Scp Virtual Bus Driver
Description: Scp Virtual Bus Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Nefarius Software Solutions
Service: ScpVBus
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (11/20/2022 08:46:42 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nepodařilo se naplánovat restartování služby Ochrana softwaru na 2022-11-22T20:57:42Z. Kód chyby: 0x80070002

Error: (11/20/2022 08:46:12 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nepodařilo se naplánovat restartování služby Ochrana softwaru na 2022-11-22T20:57:12Z. Kód chyby: 0x80070002

Error: (11/20/2022 08:45:42 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nepodařilo se naplánovat restartování služby Ochrana softwaru na 2022-11-22T20:57:42Z. Kód chyby: 0x80070002

Error: (11/20/2022 08:45:12 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nepodařilo se naplánovat restartování služby Ochrana softwaru na 2022-11-22T20:57:12Z. Kód chyby: 0x80070002

Error: (11/20/2022 08:44:42 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nepodařilo se naplánovat restartování služby Ochrana softwaru na 2022-11-22T20:57:42Z. Kód chyby: 0x80070002

Error: (11/20/2022 08:44:04 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nepodařilo se naplánovat restartování služby Ochrana softwaru na 2022-11-22T20:57:04Z. Kód chyby: 0x80070002

Error: (11/20/2022 08:43:00 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nepodařilo se naplánovat restartování služby Ochrana softwaru na 2022-11-22T20:58:00Z. Kód chyby: 0x80070002

Error: (11/20/2022 08:42:30 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nepodařilo se naplánovat restartování služby Ochrana softwaru na 2022-11-22T20:57:30Z. Kód chyby: 0x80070002


System errors:
=============
Error: (11/20/2022 08:44:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA LocalSystem Container byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 6000 milisekund: Restartovat službu.

Error: (11/20/2022 08:44:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Microsoft Office Klikni a spusť byla nečekaně ukončena. Stalo se to 2 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.

Error: (11/20/2022 08:44:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA Display Container LS byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 6000 milisekund: Restartovat službu.

Error: (11/20/2022 08:44:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba GameInput Service byla nečekaně ukončena. Stalo se to 2 krát. Následující opravná akce bude spuštěna za 1000 milisekund: Restartovat službu.

Error: (11/20/2022 08:43:28 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Realtek Bluetooth Device Manager Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (11/20/2022 08:43:28 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Steam Client Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (11/20/2022 08:43:28 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA LocalSystem Container byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 6000 milisekund: Restartovat službu.

Error: (11/20/2022 08:43:28 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba NovaSkinResourcepack byla neočekávaně ukončena. Tento stav nastal již 1krát.


Windows Defender:
================
Date: 2022-10-24 20:17:11
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Behavior:Win32/PShellPublicStager.A
Závažnost: Vážné
Kategorie: Podezřelé chování
Cesta: behavior:_pid:10524:1115676206035765; process:_pid:10524,ProcessStart:133111090313397368
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Neznámý
Uživatel:
Název procesu: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Verze bezpečnostních informací: AV: 1.377.727.0, AS: 1.377.727.0, NIS: 1.377.727.0
Verze modulu: AM: 1.1.19700.3, NIS: 1.1.19700.3

Date: 2022-10-24 20:17:11
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Behavior:Win32/PShellPublicStager.A
Závažnost: Vážné
Kategorie: Podezřelé chování
Cesta: behavior:_pid:10524:1115676206035765; process:_pid:10524,ProcessStart:133111090313397368
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Neznámý
Uživatel:
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.377.727.0, AS: 1.377.727.0, NIS: 1.377.727.0
Verze modulu: AM: 1.1.19700.3, NIS: 1.1.19700.3

Date: 2022-10-24 17:54:11
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Behavior:Win32/PShellPublicStager.A
Závažnost: Vážné
Kategorie: Podezřelé chování
Cesta: behavior:_pid:1416:1115676206035765; process:_pid:1416,ProcessStart:133111004510895624
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Neznámý
Uživatel:
Název procesu: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Verze bezpečnostních informací: AV: 1.377.727.0, AS: 1.377.727.0, NIS: 1.377.727.0
Verze modulu: AM: 1.1.19700.3, NIS: 1.1.19700.3

Date: 2022-10-24 17:54:11
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Behavior:Win32/PShellPublicStager.A
Závažnost: Vážné
Kategorie: Podezřelé chování
Cesta: behavior:_pid:1416:1115676206035765; process:_pid:1416,ProcessStart:133111004510895624
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Neznámý
Uživatel:
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.377.727.0, AS: 1.377.727.0, NIS: 1.377.727.0
Verze modulu: AM: 1.1.19700.3, NIS: 1.1.19700.3

Date: 2022-10-24 15:55:27
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Behavior:Win32/PShellPublicStager.A
Závažnost: Vážné
Kategorie: Podezřelé chování
Cesta: behavior:_pid:13976:1115676206035765; process:_pid:13976,ProcessStart:133110933268323507
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Neznámý
Uživatel:
Název procesu: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Verze bezpečnostních informací: AV: 1.377.727.0, AS: 1.377.727.0, NIS: 1.377.727.0
Verze modulu: AM: 1.1.19700.3, NIS: 1.1.19700.3
Event[0]:

Date: 2022-10-23 17:35:19
Description:
Antivirová ochrana v programu Microsoft Defender narazil na kritickou chybu při provádění akce s malwarem nebo jiným potenciálně nežádoucím softwarem.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/AutoKMS
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_N:\o16setup.exe; process:_pid:22740,ProcessStart:133110128935028981
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: N:\O16Setup.EXE
Akce: Karanténa
Stav akce: No additional actions required
Kód chyby: 0x80070005
Popis chyby: Přístup byl odepřen.
Verze bezpečnostních informací: AV: 1.377.658.0, AS: 1.377.658.0, NIS: 1.377.658.0
Verze modulu: AM: 1.1.19700.3, NIS: 1.1.19700.3

Date: 2022-10-23 17:34:40
Description:
Antivirová ochrana v programu Microsoft Defender narazil na kritickou chybu při provádění akce s malwarem nebo jiným potenciálně nežádoucím softwarem.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/AutoKMS!MSR
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_N:\o16setup.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Akce: Karanténa
Stav akce: No additional actions required
Kód chyby: 0x80070005
Popis chyby: Přístup byl odepřen.
Verze bezpečnostních informací: AV: 1.377.658.0, AS: 1.377.658.0, NIS: 1.377.658.0
Verze modulu: AM: 1.1.19700.3, NIS: 1.1.19700.3

Date: 2022-10-23 17:33:16
Description:
Antivirová ochrana v programu Microsoft Defender narazil na kritickou chybu při provádění akce s malwarem nebo jiným potenciálně nežádoucím softwarem.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/AutoKMS
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_N:\O16Setup.EXE
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Windows\explorer.exe
Akce: Karanténa
Stav akce: No additional actions required
Kód chyby: 0x80070005
Popis chyby: Přístup byl odepřen.
Verze bezpečnostních informací: AV: 1.377.658.0, AS: 1.377.658.0, NIS: 1.377.658.0
Verze modulu: AM: 1.1.19700.3, NIS: 1.1.19700.3

CodeIntegrity:
===============
Date: 2022-11-20 08:42:03
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2022-11-20 08:41:39
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume4\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. P3.90 12/09/2019
Motherboard: ASRock B450M Pro4
Processor: AMD Ryzen 5 3600 6-Core Processor
Percentage of memory in use: 33%
Total physical RAM: 16313.71 MB
Available physical RAM: 10780.55 MB
Total Virtual: 21433.71 MB
Available Virtual: 14212.22 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:475.87 GB) (Free:12.57 GB) (Model: ADATA SX8200PNP) NTFS
Drive d: (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) (Model: Patriot Burst) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) (Model: SAMSUNG HD642JJ) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.07 GB) (Model: WDC WD10EZEX-00RKKA0) NTFS ==>[system with boot components (obtained from drive)]
Drive g: () (Fixed) (Total:224.84 GB) (Free:67.95 GB) (Model: SAMSUNG HD642JJ) NTFS
Drive h: () (Fixed) (Total:224.84 GB) (Free:14.61 GB) (Model: SAMSUNG HD642JJ) NTFS
Drive i: () (Fixed) (Total:222.95 GB) (Free:2.32 GB) (Model: Patriot Burst) NTFS
Drive j: () (Fixed) (Total:146.38 GB) (Free:20.3 GB) (Model: SAMSUNG HD642JJ) NTFS
Drive k: () (Fixed) (Total:247.82 GB) (Free:115.57 GB) (Model: WDC WD10EZEX-00RKKA0) NTFS
Drive l: () (Fixed) (Total:683.59 GB) (Free:122.33 GB) (Model: WDC WD10EZEX-00RKKA0) NTFS

\\?\Volume{c4029046-716d-441f-a03d-cce2ceeeb070}\ (Obnovení) (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS
\\?\Volume{c6b8d1f4-ded1-4088-bf7e-f6bafaa17d56}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS
\\?\Volume{3a67c860-4f4a-07bf-1000-5763d3e2c1e4}\ () (Fixed) (Total:0.01 GB) (Free:0 GB) NTFS
\\?\Volume{9b707457-a5d8-f53d-3dbc-236db814aef8}\ () (Fixed) (Total:5.42 GB) (Free:0 GB) NTFS
\\?\Volume{7e630a01-0000-0000-0000-10c337000000}\ () (Fixed) (Total:0.52 GB) (Free:0.08 GB) NTFS
\\?\Volume{6ff619c6-97c5-4a7f-bd2f-8251e43ed227}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: 7E630A01)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=222.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=533 MB) - (Type=27)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 596.2 GB) (Disk ID: E274E274)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=449.7 GB) - (Type=0F Extended)

==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 0775D37C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=247.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=683.6 GB) - (Type=07 NTFS)

==========================================================
Disk: 3 (Protective MBR) (Size: 476.9 GB) (Disk ID: 00000000)

Partition: GPT.
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 4.
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 5.

==================== End of Addition.txt =======================
Nahoru
mikkie
Návštěvník
Návštěvník
Příspěvky: 43
Registrován: 26 črc 2011 16:56

Re: Malware, trojan? - prosím o pomoc kontrolu logu FRST

#2 Příspěvek od mikkie »

Posílám i log z Malware AdwCleaner

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 11-20-2022
# Duration: 00:00:00
# OS: Windows 10 (Build 19044.2251)
# Cleaned: 1
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted Spirální stabilizace páteře - Na Úbočí 10, Praha 8, Czech Republic, 00420-284 810 231, spirstab@spirstab.com

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1926 octets] - [21/10/2021 18:58:01]
AdwCleaner[C00].txt - [1966 octets] - [21/10/2021 18:58:43]
AdwCleaner[S01].txt - [1634 octets] - [21/10/2021 19:31:02]
AdwCleaner[C01].txt - [1804 octets] - [21/10/2021 19:31:07]
AdwCleaner[S02].txt - [1756 octets] - [21/10/2021 19:31:29]
AdwCleaner[C02].txt - [1926 octets] - [21/10/2021 19:31:36]
AdwCleaner[S03].txt - [1878 octets] - [21/10/2021 19:38:05]
AdwCleaner[C03].txt - [2048 octets] - [21/10/2021 19:38:11]
AdwCleaner[S04].txt - [2000 octets] - [21/10/2021 19:47:03]
AdwCleaner[S05].txt - [2061 octets] - [21/10/2021 19:51:29]
AdwCleaner[C05].txt - [2231 octets] - [21/10/2021 20:04:51]
AdwCleaner[S06].txt - [2345 octets] - [20/08/2022 18:20:15]
AdwCleaner[C06].txt - [2475 octets] - [20/08/2022 18:20:58]
AdwCleaner[S07].txt - [2373 octets] - [20/08/2022 18:22:12]
AdwCleaner[C07].txt - [2523 octets] - [20/08/2022 18:22:21]
AdwCleaner[S08].txt - [2442 octets] - [20/11/2022 08:43:22]
AdwCleaner[C08].txt - [2612 octets] - [20/11/2022 08:43:29]
AdwCleaner[S09].txt - [2564 octets] - [20/11/2022 08:43:58]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C09].txt ##########
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118275
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Malware, trojan? - prosím o pomoc kontrolu logu FRST

#3 Příspěvek od Rudy »

Zdravím!
Dejte nové logy FRST+Addition.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
mikkie
Návštěvník
Návštěvník
Příspěvky: 43
Registrován: 26 črc 2011 16:56

Re: Malware, trojan? - prosím o pomoc kontrolu logu FRST

#4 Příspěvek od mikkie »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-11-2022
Ran by micha (administrator) on DESKTOP-AUSGJMO (20-11-2022 16:35:59)
Running from C:\Users\micha\Desktop
Loaded Profiles: micha
Platform: Microsoft Windows 10 Pro Version 21H2 19044.2251 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <4>
(C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe ->) (Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe ->) (Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe ->) (GOG Sp. z o.o. -> GOG.com) C:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe <2>
(C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe ->) (GOG Sp. z o.o. -> GOG.com) C:\Program Files (x86)\GOG Galaxy\GOG Galaxy Notifications Renderer.exe
(C:\Program Files (x86)\Overwolf\Overwolf.exe ->) (Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.208.1.2\OverwolfHelper.exe
(C:\Program Files (x86)\Overwolf\Overwolf.exe ->) (Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.208.1.2\OverwolfHelper64.exe
(C:\Program Files (x86)\Overwolf\Overwolf.exe ->) (Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Overwolf\0.208.1.2\OverwolfBrowser.exe <3>
(C:\Program Files (x86)\Overwolf\Overwolf.exe ->) (Overwolf Ltd -> Overwolf LTD) C:\Users\micha\AppData\Local\Overwolf\ProcessCache\0.208.1.2\cchhcaiapeikjbdbpfplgmpobbcdkdaphclbmkbj\curseforge.exe
(C:\Program Files (x86)\Steam\steam.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(C:\Program Files\Avast Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22092.211.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22092.211.0_x64__8wekyb3d8bbwe\YourPhoneAppProxy.exe
(Discord Inc. -> Discord Inc.) C:\Users\micha\AppData\Local\Discord\app-1.0.9007\Discord.exe <6>
(explorer.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(explorer.exe ->) (GOG Sp. z o.o. -> GOG.com) C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <10>
(explorer.exe ->) (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE
(explorer.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNMON.EXE
(explorer.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE
(explorer.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
(explorer.exe ->) (Wargaming.net Limited -> Wargaming.net) L:\Downloads\Wargaming.net\GameCenter\wgc.exe
(GOG Sp. z o.o. -> GOG.com) C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler64.exe
(L:\Downloads\Wargaming.net\GameCenter\wgc.exe ->) (Wargaming.net Limited -> Wargaming.net) L:\Downloads\Wargaming.net\GameCenter\dlls\wgc_renderer_host.exe <3>
(L:\Downloads\Wargaming.net\GameCenter\wgc.exe ->) (Wargaming.net Limited -> Wargaming.net) L:\Downloads\Wargaming.net\GameCenter\WargamingErrorMonitor.exe
(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe
(pdfforge GmbH -> pdfforge) C:\Program Files\PDFCreator\PDFCreator.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(services.exe ->) (AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe <2>
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_7.70.13002.0_x64__8wekyb3d8bbwe\gamingservices.exe
(services.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_7.70.13002.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_bd530e4cbd42e0a3\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (pdfforge GmbH -> pdfforge GmbH) C:\Program Files\PDF Architect 9\activation-service.exe
(services.exe ->) (Thales DIS CPL USA, Inc. -> Thales Group) C:\Program Files (x86)\Common Files\Aladdin Shared\HASP\hasplms.exe
(services.exe ->) (Urban Cyber Security Inc. -> ) C:\Program Files\UrbanVPN\bin\urbanvpnserv.exe
(services.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22092.211.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(TODO: <Company name>) [File not signed] C:\Program Files\CZC G GK1000\CZC G GK1000.exe
(Urban Cyber Security Inc. -> ) C:\Program Files\UrbanVPN\bin\urbanvpn-gui.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
HKLM\...\Run: [EPPCCMON] => C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE [445800 2021-10-08] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [212184 2022-10-24] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [UrbanVPN] => C:\Program Files\UrbanVPN\bin\urbanvpn-gui.exe [23796072 2022-09-29] (Urban Cyber Security Inc. -> )
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1151872 2016-11-18] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [XGAMER Audio 7.1] => C:\Program Files (x86)\XGAMER Audio 7.1\XGAMER Audio 7.1.exe [10700800 2020-09-09] (Solid State System) [File not signed]
HKLM-x32\...\Run: [CZC G GK1000] => C:\Program Files\CZC G GK1000\CZC G GK1000.exe [2031616 2019-02-14] (TODO: <Company name>) [File not signed]
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4245352 2022-11-17] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [365760 2020-04-04] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-10-22] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Run: [Discord] => C:\Users\micha\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Run: [GogGalaxy] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [13668840 2022-10-11] (GOG Sp. z o.o. -> GOG.com)
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1802584 2022-11-06] (Overwolf Ltd -> Overwolf Ltd.)
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Run: [Gaijin.Net Updater] => C:\Users\micha\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2793016 2022-05-19] (Gaijin Network LTD -> Gaijin)
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Run: [Wargaming.net Game Center] => L:\Downloads\Wargaming.net\GameCenter\wgc.exe [2148528 2022-10-11] (Wargaming.net Limited -> Wargaming.net)
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Run: [EPSDNMON] => C:\Program Files (x86)\Epson Software\Download Navigator\EPSDNMON.EXE [350032 2022-07-22] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Run: [MicrosoftEdgeAutoLaunch_ED02E366447D09E4F124EF89B233D989] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3892168 2022-11-17] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\MountPoints2: {cd0f9543-00d3-11eb-a686-a8a159192c9e} - "N:\O16Setup.EXE"
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [2007576 2017-02-03] (Autodesk, Inc -> Autodesk, Inc.)
HKLM\...\Print\Monitors\EPSON L3050 Series 64MonitorBE: C:\Windows\system32\E_YLMBR4E.DLL [187392 2018-06-15] (Microsoft Windows Hardware Compatibility Publisher -> Seiko Epson Corporation)
HKLM\...\Print\Monitors\PDF Architect 9 Monitor: C:\WINDOWS\system32\spool\DRIVERS\x64\brand_solution_name_pdfpmon_v.6.11.0.7.dll [960120 2022-11-19] (PDF Tools AG -> PDF Tools AG (hxxp://www.pdf-tools.com))
HKLM\...\Print\Monitors\pdfcmon: C:\Windows\system32\pdfcmon.dll [181248 2022-08-02] (pdfforge GmbH) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\107.0.5304.107\Installer\chrmstp.exe [2022-11-11] (Google LLC -> Google LLC)
Startup: C:\Users\micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon – zástupce.lnk [2022-08-24]
ShortcutTarget: ctfmon – zástupce.lnk -> C:\Windows\System32\ctfmon.exe (Microsoft Windows -> Microsoft Corporation)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {170E219B-8AC0-4ACD-A5B3-95E2B59342AF} - System32\Tasks\GoogleUpdateTaskMachineUA{CC6FCCFE-0B82-4CA0-9F44-D06B7A71F7C9} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-04] (Google LLC -> Google LLC)
Task: {1AF51550-6E9D-4293-8954-507DABBD02E0} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655864 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {1D13BDB4-DCB3-402E-BAF8-46542F03E489} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655864 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {1DDF7133-CCCB-44A4-9581-A6A002782203} - System32\Tasks\pdfforge GmbH\PDF Architect 9\Installer updater => C:\ProgramData\PDF Architect 9\Installation\PDF_Architect_9_Installer.exe [15918008 2022-11-19] (pdfforge GmbH -> pdfforge GmbH.)
Task: {2137B8ED-8431-4698-B440-E59641A34CC7} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144280 2022-11-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {2237D69A-2074-4A62-BD65-D0397D543BE3} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2576728 2022-11-06] (Overwolf Ltd -> Overwolf LTD)
Task: {417081D9-D47E-46B6-9340-84A2B9F4674D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1552376 2022-09-26] (Adobe Inc. -> Adobe Inc.)
Task: {4741C4FB-0026-418A-B88D-E4CBEB191DC5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8576000 2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {4808EE77-6D80-44BC-846C-3F93A6D56587} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144280 2022-11-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {5873D4AF-CDC1-4AE4-9500-CCAC20FCA8BE} - System32\Tasks\GoogleUpdateTaskMachineCore{378D9C95-EA40-4EDA-B415-F57806CDC798} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-04] (Google LLC -> Google LLC)
Task: {5A333012-983C-4390-BE1B-0B52106DDB39} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [66936 2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {5EEBF767-50B8-487C-BF8A-ECE05530ECC2} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [908856 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {60A2DFAB-8B01-4B94-911D-F5B5070A2D72} - System32\Tasks\pdfforge GmbH\PDF Architect 9\App Notification => C:\Program Files\PDF Architect 9\architect-launcher.exe [2123200 2022-10-18] (pdfforge GmbH -> pdfforge GmbH)
Task: {60BA3CEE-A47C-46F2-B2F1-A7EFCF225C43} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [908856 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {720E946F-CEDC-4AD3-8BFC-CA4135BFE0FC} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655864 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {7F3184BF-E48E-4B94-B1F0-E3C5113B959B} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4261871939-3680644312-2290833728-1001 => C:\Users\micha\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File)
Task: {99761133-1AA8-44AD-AD69-CA41D22485E7} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3342376 2022-10-17] (Nvidia Corporation -> NVIDIA Corporation)
Task: {9D17A3F8-8D22-4218-B129-35BF440806A8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26154376 2022-11-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {A29AE754-98A1-46F0-9BCC-EBAF583E3555} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4936920 2022-10-24] (Avast Software s.r.o. -> AVAST Software)
Task: {A9210039-5D08-41FA-B0B1-35592DF5F8B3} - System32\Tasks\pdfforge GmbH\PDF Architect 9\App Notification Logon => C:\Program Files\PDF Architect 9\architect-launcher.exe [2123200 2022-10-18] (pdfforge GmbH -> pdfforge GmbH)
Task: {ABFF3165-019B-491D-B5AB-04DD543997EC} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655864 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {B2A3FCB7-9970-4B18-8745-C94890D3431C} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649784 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {B628F759-22B6-428E-98CA-970E4A13E27C} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26154376 2022-11-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {CC8F4658-09C7-405C-AC65-C447B9291498} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2250576 2022-10-24] (Avast Software s.r.o. -> Avast Software)
Task: {D012BD15-A504-4F06-872B-2FF795B502CF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8576000 2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {EFF182B4-9790-439D-A881-BE0D318718D9} - System32\Tasks\pdfforge GmbH\PDF Architect 9\Update => C:\Program Files\PDF Architect 9\architect.exe [3438016 2022-10-18] (pdfforge GmbH -> pdfforge GmbH)
Task: {F26D76EA-C327-4A27-BE33-159501B8D157} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-4261871939-3680644312-2290833728-1001 => C:\Users\micha\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting (No File)
Task: {F7030443-2EB6-46CF-8562-FA23A1498001} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2022-08-30] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-4261871939-3680644312-2290833728-1001] => 182.71.146.148:8080
Tcpip\..\Interfaces\{a50b097d-b2f0-400f-88af-6fcafcb09065}: [NameServer] 31.192.72.13,10.0.0.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\micha\AppData\Local\Microsoft\Edge\User Data\Default [2022-11-20]
Edge HomePage: Default -> hxxp://www.google.com/
Edge Extension: (Překladač Google) - C:\Users\micha\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2022-11-03]
Edge Extension: (FormApps Extension) - C:\Users\micha\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ilfoopambfaclfjmpiaijnccgcmbeigi [2022-11-03]
Edge Extension: (Free VPN for Edge - VPN Proxy VeePN) - C:\Users\micha\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\panammoooggmlehahpcjckcncfeffcoi [2022-11-03]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-11-14] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.10 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default [2022-11-20]
CHR Notifications: Default -> hxxps://app.smartsupp.com; hxxps://business.facebook.com; hxxps://www.facebook.com
CHR HomePage: Default -> hxxp://www.google.com/
CHR Extension: (Překladač Google) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2022-03-09]
CHR Extension: (Dokumenty Google offline) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-11-02]
CHR Extension: (FormApps Extension) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilfoopambfaclfjmpiaijnccgcmbeigi [2022-10-11]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-31]
CHR Profile: C:\Users\micha\AppData\Local\Google\Chrome\User Data\Guest Profile [2022-11-20]
CHR Profile: C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1 [2022-11-16]
CHR Notifications: Profile 1 -> hxxps://www.facebook.com
CHR HomePage: Profile 1 -> hxxp://www.google.cz/
CHR StartupUrls: Profile 1 -> ""
CHR Extension: (Překladač Google) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2022-03-10]
CHR Extension: (Entanglement Web App) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aciahcmjmecflokailenpkdchphgkefd [2021-10-29]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-10-29]
CHR Extension: (Eiffel Tower) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ppbaibkigenhdcommebegmmmpoolmpip [2021-10-29]
CHR Profile: C:\Users\micha\AppData\Local\Google\Chrome\User Data\System Profile [2022-11-20]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1134664 2022-02-24] (Autodesk, Inc. -> Autodesk Inc.)
S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2022-09-26] (Adobe Inc. -> Adobe Inc.)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8539032 2022-11-14] (Avast Software s.r.o. -> AVAST Software)
S2 AudioDeviceService; C:\Windows\system32\AudioDeviceService.exe [2730496 2020-09-09] (SSS) [File not signed]
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [592600 2022-10-24] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [592600 2022-10-24] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2022-10-24] (Avast Software s.r.o. -> AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8885112 2022-04-26] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12515768 2022-11-16] (Microsoft Corporation -> Microsoft Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4507328 2020-04-04] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 EABackgroundService; C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe [9946216 2022-11-17] (Electronic Arts, Inc. -> Electronic Arts)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [811496 2022-06-30] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [584680 2022-08-05] (EasyAntiCheat Oy -> Epic Games, Inc.)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [16029456 2022-08-04] (Epic Games Inc. -> Epic Games, Inc.)
S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [145224 2017-03-10] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [2131432 2022-10-11] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7166552 2022-04-27] (GOG Sp. z o.o. -> GOG.com)
R2 hasplms; C:\Program Files (x86)\Common Files\Aladdin Shared\HASP\hasplms.exe [8311152 2022-04-18] (Thales DIS CPL USA, Inc. -> Thales Group)
S2 NovaSkinResourcepack; C:\Users\micha\AppData\Roaming\.minecraft\resourcepacks\novaskin\bin\nssm-x86.exe [157696 2015-01-23] () [File not signed]
S3 OverwolfUpdater; C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2576728 2022-11-06] (Overwolf Ltd -> Overwolf LTD)
R3 PDF Architect 9; C:\Program Files\PDF Architect 9\activation-service.exe [3108800 2022-10-18] (pdfforge GmbH -> pdfforge GmbH)
S3 PDF Architect 9 Creator; C:\Program Files\PDF Architect 9\creator-ws.exe [507328 2022-10-18] (pdfforge GmbH -> pdfforge GmbH)
S3 PDF Architect 9 Update Service; C:\Program Files\PDF Architect 9\update-service.exe [414656 2022-10-18] (pdfforge GmbH -> pdfforge GmbH)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [2720088 2022-11-03] (Rockstar Games, Inc. -> Rockstar Games)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [224216 2022-11-11] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [182128 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 UrbanVPNServiceInteractive; C:\Program Files\UrbanVPN\bin\urbanvpnserv.exe [450768 2022-09-29] (Urban Cyber Security Inc. -> )
S3 UrbanVPNUpdater; C:\Program Files\UrbanVPN\UrbanVPNUpdater.exe [1022312 2022-09-29] (Urban Cyber Security Inc. -> Urban Security)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\NisSrv.exe [3170576 2022-10-14] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\MsMpEng.exe [133584 2022-10-14] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 LTService; C:\Windows\AmanUpdateLogLT.exe [X]
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_bd530e4cbd42e0a3\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_bd530e4cbd42e0a3\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
S4 uhssvc; "C:\Program Files\Microsoft Update Health Tools\uhssvc.exe" [X]
S2 WTService; C:\Windows\AmanOnlineWT.exe [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 akshasp; C:\WINDOWS\system32\DRIVERS\akshasp.sys [69576 2022-04-18] (Gemalto, Inc. -> SafeNet, Inc.)
R3 akshhl; C:\WINDOWS\system32\DRIVERS\akshhl.sys [68560 2022-04-18] (Gemalto, Inc. -> SafeNet, Inc.)
R3 aksusb; C:\WINDOWS\system32\DRIVERS\aksusb.sys [313784 2022-04-18] (Gemalto, Inc. -> SafeNet, Inc.)
S3 AsrDrv103; C:\Windows\SysWOW64\Drivers\AsrDrv103.sys [34568 2020-04-10] (ASROCK Incorporation -> ASRock Incorporation) [File not signed]
S3 AsrDrv104; C:\WINDOWS\SysWOW64\Drivers\AsrDrv104.sys [34536 2021-12-26] (ASROCK Incorporation -> ASRock Incorporation) [File not signed]
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [42304 2022-10-24] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [238152 2022-10-24] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [382504 2022-11-14] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [306128 2022-10-24] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [105936 2022-10-24] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [25576 2022-10-24] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [48512 2022-10-24] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [276520 2022-10-24] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [564304 2022-10-24] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [114464 2022-10-24] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [90008 2022-10-24] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [862936 2022-10-24] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [672272 2022-10-24] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [221944 2022-10-24] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [327896 2022-10-24] (Avast Software s.r.o. -> AVAST Software)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159864 2021-06-29] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2020-04-04] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [59360 2020-04-04] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 Hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [45680 2019-04-02] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
R3 keyboard; C:\Windows\System32\Drivers\keyboard.sys [18536 2022-10-08] (Francisco Lopes da Silva -> Oblita)
R2 mi2c; C:\Windows\system32\drivers\mi2c.sys [20784 2020-04-09] (AOC International (Europe) GmbH -> Nicomsoft Ltd.)
R3 mouse; C:\Windows\System32\Drivers\mouse.sys [18536 2022-10-08] (Francisco Lopes da Silva -> Oblita)
R3 NvModuleTracker; C:\WINDOWS\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [45656 2022-07-14] (Nvidia Corporation -> NVIDIA Corporation)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [44080 2022-10-08] (Shaul Eizikovich -> Nefarius Software Solutions)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [43376 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [39920 2019-10-23] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R3 UAExt; C:\WINDOWS\System32\DRIVERS\UAExt.sys [135264 2020-09-09] (Solid State System Co., Ltd -> Solid State System.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49616 2022-10-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [455968 2022-10-14] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [95520 2022-10-14] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-11-20 15:49 - 2022-11-20 15:49 - 001960838 _____ C:\Users\micha\Desktop\CIKO kalkulace položková 20221114.xlsm
2022-11-20 15:45 - 2022-11-20 15:45 - 000163484 _____ C:\Users\micha\Desktop\Lenka Ulmanová, Vypálená 459, Vracov - AK D150.pdf
2022-11-20 13:12 - 2022-11-20 13:12 - 000161431 _____ C:\Users\micha\Desktop\Berounská realitní, Koberce Trend Veselí nad Moravou.pdf
2022-11-20 12:29 - 2022-11-20 12:29 - 000083198 _____ C:\Users\micha\Desktop\REVIZNÍ ZPRÁVA - Štěpán Andrle, Hovorany 506, 696 12 Hovorany.pdf
2022-11-20 12:28 - 2022-11-20 12:28 - 000227945 _____ C:\Users\micha\Desktop\Faktura FA202245.pdf
2022-11-20 11:52 - 2022-11-20 11:52 - 000202290 _____ C:\Users\micha\Desktop\FAKTURA_202244 - Vít Novák, Mikulčice.pdf
2022-11-20 11:49 - 2022-11-20 11:49 - 000201296 _____ C:\Users\micha\Desktop\FAKTURA_202243 - EKOkonstrukce sro.pdf
2022-11-20 11:35 - 2022-11-20 11:35 - 000259571 _____ C:\Users\micha\Desktop\REVIZNÍ ZPRÁVA - Vít Novák, novostavba, Mikulčice.pdf
2022-11-20 11:30 - 2022-11-20 11:30 - 000053490 _____ C:\Users\micha\Desktop\Revize 62 - Vít Novák, Mikulčice.pdf
2022-11-20 11:14 - 2022-11-20 11:14 - 000447004 _____ C:\Users\micha\Desktop\technicky-list.pdf
2022-11-20 08:46 - 2022-11-20 08:47 - 000086527 _____ C:\Users\micha\Desktop\Addition.txt
2022-11-20 08:45 - 2022-11-20 16:36 - 000034327 _____ C:\Users\micha\Desktop\FRST.txt
2022-11-20 08:44 - 2022-11-20 08:44 - 002375680 _____ (Farbar) C:\Users\micha\Desktop\FRST64.exe
2022-11-20 08:43 - 2022-11-20 08:43 - 008791352 _____ (Malwarebytes) C:\Users\micha\Desktop\adwcleaner.exe
2022-11-19 16:21 - 2022-11-19 16:21 - 003408656 _____ (Nova Skin ) C:\Users\micha\Desktop\NovaSkinResourcepackInstaller.exe
2022-11-19 10:28 - 2022-11-19 10:30 - 000000000 ____D C:\Program Files\PDF Architect 9
2022-11-19 10:28 - 2022-11-19 10:28 - 000001181 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 9.lnk
2022-11-19 10:27 - 2022-11-19 10:27 - 000000680 _____ C:\Users\Public\Desktop\PDFCreator.lnk
2022-11-19 10:27 - 2022-11-19 10:27 - 000000000 ____D C:\ProgramData\PDF Architect 9
2022-11-19 10:27 - 2022-11-19 10:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2022-11-19 10:03 - 2022-11-19 10:03 - 000119728 _____ C:\Users\micha\Desktop\REVIZNÍ ZPRÁVA - Exelová Hana, Dolní Konec 68, 69606 Vacenovice.pdf
2022-11-19 09:55 - 2022-11-19 10:33 - 000001144 _____ C:\Users\micha\Desktop\Minecraft Launcher.lnk
2022-11-17 14:36 - 2022-11-17 14:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UrbanVPN
2022-11-17 14:36 - 2022-11-17 14:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2022-11-17 14:36 - 2022-11-17 14:36 - 000000000 ____D C:\Program Files\UrbanVPN
2022-11-17 14:35 - 2022-11-17 14:36 - 032229200 _____ (Urban Security) C:\Users\micha\Desktop\UrbanVPN2.exe
2022-11-17 14:32 - 2022-11-17 14:32 - 029264824 _____ (Hongkong Guangling NetWork Technology Co., Ltd.) C:\Users\micha\Desktop\aman_2.3.5_0928.exe
2022-11-17 14:32 - 2022-11-17 14:32 - 000000000 ____D C:\Users\micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AmanVPN
2022-11-17 14:32 - 2022-11-17 14:32 - 000000000 ____D C:\Users\micha\AppData\Local\Install
2022-11-17 14:32 - 2022-11-17 14:32 - 000000000 ____D C:\Program Files (x86)\aman
2022-11-17 14:29 - 2022-11-17 14:29 - 054263528 _____ (HIGH SPEED RABBIT LIMITED) C:\Users\micha\Desktop\rabbitvpn1_31.exe
2022-11-17 14:29 - 2022-11-17 14:29 - 000000000 ____D C:\ProgramData\Caphyon
2022-11-17 14:29 - 2022-11-17 14:29 - 000000000 ____D C:\Program Files\TAP-Windows
2022-11-16 19:44 - 2022-11-16 19:44 - 000127825 _____ C:\Users\micha\Desktop\Bohumil Metelka, Zahradní 1063, 691 42 Valtice.pdf
2022-11-15 16:16 - 2022-11-15 16:16 - 000000000 ____D C:\Users\micha\AppData\Roaming\PD Launcher
2022-11-15 16:16 - 2022-11-15 16:16 - 000000000 ____D C:\Users\micha\AppData\Local\PD Launcher
2022-11-13 19:20 - 2022-11-13 19:22 - 000251685 _____ C:\Users\micha\Desktop\REVIZNÍ ZPRÁVA - Jaroslav Chovanec, Rohatecká 241, 696 02 Rohatec.pdf
2022-11-13 18:42 - 2022-11-13 18:42 - 000463793 _____ C:\Users\micha\Desktop\REVIZNÍ ZPRÁVA - Radek Ševčík, Zahradní 5, 695 01 Hodonín.pdf
2022-11-13 17:29 - 2022-11-13 17:29 - 000162220 _____ C:\Users\micha\Desktop\REVIZNÍ ZPRÁVA - Svatava Mařáková, Okružní 1226, 696 42 Vracov.pdf
2022-11-13 11:16 - 2022-11-13 11:16 - 000000000 ____D C:\Users\micha\Desktop\forge-1.12.2-14.23.5.2860-installer
2022-11-13 11:15 - 2022-11-13 11:15 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2022-11-13 11:11 - 2022-11-09 11:03 - 002236992 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2022-11-13 11:11 - 2022-11-09 11:03 - 002236992 _____ C:\WINDOWS\system32\vulkaninfo.exe
2022-11-13 11:11 - 2022-11-09 11:03 - 001642592 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2022-11-13 11:11 - 2022-11-09 11:03 - 001642592 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2022-11-13 11:11 - 2022-11-09 11:03 - 001487912 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2022-11-13 11:11 - 2022-11-09 11:03 - 001444416 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2022-11-13 11:11 - 2022-11-09 11:03 - 001444416 _____ C:\WINDOWS\system32\vulkan-1.dll
2022-11-13 11:11 - 2022-11-09 11:03 - 001227304 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2022-11-13 11:11 - 2022-11-09 11:03 - 001168960 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2022-11-13 11:11 - 2022-11-09 11:03 - 001168960 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2022-11-13 11:11 - 2022-11-09 10:59 - 000865272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2022-11-13 11:11 - 2022-11-09 10:59 - 000672232 _____ C:\WINDOWS\system32\nvofapi64.dll
2022-11-13 11:11 - 2022-11-09 10:59 - 000507432 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2022-11-13 11:11 - 2022-11-09 10:58 - 002162176 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2022-11-13 11:11 - 2022-11-09 10:58 - 001618408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2022-11-13 11:11 - 2022-11-09 10:58 - 001531400 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2022-11-13 11:11 - 2022-11-09 10:58 - 001190392 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2022-11-13 11:11 - 2022-11-09 10:58 - 000950280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2022-11-13 11:11 - 2022-11-09 10:58 - 000746536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2022-11-13 11:11 - 2022-11-09 10:58 - 000734184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2022-11-13 11:11 - 2022-11-09 10:57 - 012452360 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2022-11-13 11:11 - 2022-11-09 10:57 - 010218488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2022-11-13 11:11 - 2022-11-09 10:57 - 005891072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2022-11-13 11:11 - 2022-11-09 10:57 - 005856744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcudadebugger.dll
2022-11-13 11:11 - 2022-11-09 10:57 - 003334136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2022-11-13 11:11 - 2022-11-09 10:57 - 000457752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2022-11-13 11:11 - 2022-11-09 10:56 - 005816312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2022-11-13 11:11 - 2022-11-09 10:56 - 000853016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2022-11-13 11:11 - 2022-11-08 23:40 - 000100589 _____ C:\WINDOWS\system32\nvinfo.pb
2022-11-12 11:34 - 2022-11-12 11:34 - 000000000 ___HD C:\$WinREAgent
2022-11-11 14:15 - 2022-11-11 14:15 - 000073216 _____ C:\WINDOWS\system32\nettraceex.dll
2022-11-11 14:14 - 2022-11-11 14:14 - 000688128 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2022-11-11 14:14 - 2022-11-11 14:14 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-11-11 14:14 - 2022-11-11 14:14 - 000012253 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-11-10 21:47 - 2022-11-10 21:47 - 000073742 _____ C:\Users\micha\Desktop\29-prohlaseni-o-vlastnostech-nerez-flex-03-04.pdf
2022-11-10 21:47 - 2022-11-10 21:47 - 000073168 _____ C:\Users\micha\Desktop\31-prohlaseni-flex-010-012-p1.pdf
2022-11-09 22:27 - 2022-11-09 22:27 - 040450839 _____ C:\Users\micha\Desktop\Zarosice.mp4
2022-11-08 21:08 - 2022-11-08 21:08 - 000052813 _____ C:\Users\micha\Desktop\Komin.pdf
2022-11-08 18:59 - 2022-11-08 18:59 - 022089136 _____ C:\Users\micha\Desktop\witherstormmod-1.19.2-3.1.1.jar
2022-11-08 18:59 - 2022-11-08 18:59 - 000000000 ____D C:\Users\micha\Desktop\witherstormmod-1.19.2-3.1.1
2022-11-07 21:15 - 2022-11-07 21:15 - 000054352 _____ C:\Users\micha\Desktop\Zdeněk Foltýn, Na rybníčku 397, Dubňany - tepelně technický výpočet SC.pdf
2022-11-05 15:49 - 2022-11-05 15:49 - 000000222 _____ C:\Users\micha\Desktop\Don't Starve Together.url
2022-11-04 19:36 - 2022-11-05 15:58 - 000000000 ____D C:\Users\micha\Documents\Klei
2022-11-03 21:51 - 2022-11-03 21:51 - 000002350 _____ C:\Users\micha\Desktop\Microsoft Edge.lnk
2022-11-01 22:20 - 2022-11-01 22:20 - 000053973 _____ C:\Users\micha\Desktop\Šebesta, Sudoměřice - výpočet.pdf
2022-11-01 21:28 - 2022-11-01 21:28 - 000198120 _____ C:\Users\micha\Desktop\REVIZNÍ ZPRÁVA - Jiří Janeček, Příšní 307D, 696 66 Sudoměřice.pdf
2022-10-30 21:44 - 2022-10-30 21:44 - 000637670 _____ C:\Users\micha\Desktop\schiedel-CZ-Prisl-ABS-UNIADV_napojovaci-dily_1.7.22.pdf
2022-10-30 09:31 - 2022-10-30 09:31 - 000000780 _____ C:\Users\micha\Desktop\Bugsnax.lnk
2022-10-30 09:05 - 2022-10-30 09:05 - 000046771 _____ C:\Users\micha\Desktop\almeva-kominovy-stitek-flex-g_0.pdf
2022-10-29 13:50 - 2022-10-29 13:50 - 000000000 ____D C:\Program Files (x86)\Windows Kits
2022-10-29 13:50 - 2022-10-29 13:50 - 000000000 ____D C:\Program Files (x86)\Microsoft GameInput
2022-10-26 19:56 - 2022-10-26 19:56 - 000000000 ____D C:\Users\micha\Documents\PDF Architect
2022-10-26 19:41 - 2022-11-19 18:45 - 000000000 ____D C:\Users\micha\AppData\Roaming\PDF Architect 9
2022-10-26 19:37 - 2022-10-26 19:37 - 000135815 _____ C:\Users\micha\Desktop\Marek Mužík, Nádražní 6, 691 51 Lanžhot.pdf
2022-10-25 21:07 - 2022-10-25 21:07 - 002149497 _____ C:\Users\micha\Desktop\návod Kamino.pdf
2022-10-25 18:37 - 2022-10-25 18:37 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2022-10-25 18:30 - 2022-10-25 18:30 - 000000000 ____D C:\Users\micha\AppData\Local\CrashBandicoot4
2022-10-25 18:16 - 2022-10-25 18:16 - 000000953 _____ C:\Users\Public\Desktop\Crash Bandicoot 4.lnk
2022-10-24 19:33 - 2022-10-24 19:37 - 000000000 ____D C:\Users\micha\AppData\Local\Avast Software
2022-10-24 19:32 - 2022-11-19 20:47 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2022-10-24 19:32 - 2022-11-14 21:05 - 000382504 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2022-10-24 19:32 - 2022-10-24 19:32 - 000672272 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2022-10-24 19:32 - 2022-10-24 19:32 - 000564304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2022-10-24 19:32 - 2022-10-24 19:32 - 000327896 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2022-10-24 19:32 - 2022-10-24 19:32 - 000306128 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2022-10-24 19:32 - 2022-10-24 19:32 - 000276520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2022-10-24 19:32 - 2022-10-24 19:32 - 000270552 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2022-10-24 19:32 - 2022-10-24 19:32 - 000221944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2022-10-24 19:32 - 2022-10-24 19:32 - 000114464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2022-10-24 19:32 - 2022-10-24 19:32 - 000105936 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2022-10-24 19:32 - 2022-10-24 19:32 - 000090008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2022-10-24 19:32 - 2022-10-24 19:32 - 000048512 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2022-10-24 19:32 - 2022-10-24 19:32 - 000025576 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2022-10-24 19:32 - 2022-10-24 19:32 - 000003990 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2022-10-24 19:32 - 2022-10-24 19:32 - 000002164 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2022-10-24 19:32 - 2022-10-24 19:32 - 000000000 ____D C:\Users\micha\AppData\Roaming\Avast Software
2022-10-24 19:32 - 2022-10-24 19:32 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2022-10-24 19:32 - 2022-10-24 19:31 - 000862936 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2022-10-24 19:32 - 2022-10-24 19:31 - 000238152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2022-10-24 19:32 - 2022-10-24 19:31 - 000042304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2022-10-24 19:31 - 2022-10-24 19:31 - 000000000 ____D C:\Program Files\Avast Software
2022-10-23 22:35 - 2022-11-20 15:36 - 000000000 ____D C:\Users\micha\AppData\Roaming\ImageGlass
2022-10-23 22:35 - 2022-11-17 14:36 - 000000000 ____D C:\Users\micha\AppData\Local\AdvinstAnalytics
2022-10-23 22:35 - 2022-10-23 22:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageGlass
2022-10-23 22:35 - 2022-10-23 22:35 - 000000000 ____D C:\Program Files\ImageGlass
2022-10-23 22:30 - 2022-10-17 10:59 - 006632744 _____ (Geek Uninstaller) C:\Users\micha\Desktop\geek.exe
2022-10-23 22:02 - 2022-10-23 22:02 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2022-10-23 21:57 - 2022-10-23 21:57 - 000002511 _____ C:\Users\micha\Desktop\Word 2016.lnk
2022-10-23 21:57 - 2022-10-23 21:57 - 000002483 _____ C:\Users\micha\Desktop\Excel 2016.lnk
2022-10-23 21:46 - 2022-10-23 21:46 - 000002511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2022-10-23 21:46 - 2022-10-23 21:46 - 000002483 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2022-10-23 21:46 - 2022-10-23 21:46 - 000002409 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2022-10-23 21:46 - 2022-10-23 21:46 - 000000000 ____D C:\Program Files\Microsoft Office 15
2022-10-23 21:12 - 2022-10-07 04:01 - 000041984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhdap64.dll
2022-10-23 21:11 - 2022-11-09 10:55 - 006512336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2022-10-23 21:08 - 2022-07-14 00:32 - 000060112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2022-10-23 17:01 - 2022-10-23 17:04 - 000000000 ____D C:\Users\micha\AppData\Roaming\Geek Uninstaller
2022-10-23 16:40 - 2022-10-24 19:35 - 000000000 ____D C:\Users\micha\AppData\Local\system32
2022-10-23 16:40 - 2022-10-23 16:41 - 000000000 ____D C:\Users\micha\AppData\Roaming\system32
2022-10-23 16:09 - 2022-11-16 17:18 - 000000000 ____D C:\Program Files\Microsoft Office
2022-10-23 16:09 - 2022-10-23 16:09 - 000000000 ____D C:\Users\micha\AppData\Local\Microsoft Help

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-11-20 16:36 - 2021-10-21 17:11 - 000000000 ____D C:\FRST
2022-11-20 16:29 - 2020-12-15 21:23 - 000000000 ____D C:\Users\micha\AppData\Roaming\discord
2022-11-20 16:29 - 2020-04-04 09:19 - 000000000 ____D C:\Program Files (x86)\Google
2022-11-20 16:27 - 2020-12-15 21:23 - 000000000 ____D C:\Users\micha\AppData\Local\Discord
2022-11-20 16:27 - 2020-04-04 09:18 - 000000000 ____D C:\Program Files (x86)\Steam
2022-11-20 15:27 - 2021-12-21 17:07 - 000002321 _____ C:\Users\micha\Desktop\CurseForge.lnk
2022-11-20 15:27 - 2021-12-21 17:06 - 000000000 ____D C:\Users\micha\AppData\Local\Overwolf
2022-11-20 15:27 - 2021-10-27 09:40 - 000000000 ____D C:\ProgramData\boost_interprocess
2022-11-20 15:27 - 2020-04-04 10:02 - 000000000 ____D C:\ProgramData\NVIDIA
2022-11-20 15:27 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-11-20 13:16 - 2020-04-04 10:17 - 000000000 ____D C:\Users\micha\AppData\Local\ClassicShell
2022-11-19 20:47 - 2022-08-29 18:24 - 000003478 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA{CC6FCCFE-0B82-4CA0-9F44-D06B7A71F7C9}
2022-11-19 20:47 - 2022-08-29 18:24 - 000003254 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore{378D9C95-EA40-4EDA-B415-F57806CDC798}
2022-11-19 20:47 - 2022-07-18 12:34 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2022-11-19 20:47 - 2022-05-26 20:45 - 000003398 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-11-19 20:47 - 2022-05-26 20:45 - 000003152 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-11-19 20:47 - 2022-05-26 20:45 - 000002984 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-11-19 20:47 - 2022-05-26 20:45 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-11-19 20:47 - 2022-05-26 20:45 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-11-19 20:47 - 2022-05-26 20:45 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-11-19 20:47 - 2022-05-26 20:45 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-11-19 20:47 - 2022-05-26 20:45 - 000002914 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-11-19 20:47 - 2022-05-26 20:45 - 000002744 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-11-19 20:47 - 2022-04-28 12:44 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4261871939-3680644312-2290833728-1001
2022-11-19 20:47 - 2022-04-28 12:33 - 000003270 _____ C:\WINDOWS\system32\Tasks\Overwolf Updater Task
2022-11-19 20:47 - 2022-04-22 18:21 - 000003568 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-11-19 20:47 - 2022-04-22 18:21 - 000003374 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6f8bfdbe63d84
2022-11-19 20:47 - 2022-04-22 18:20 - 000003066 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-4261871939-3680644312-2290833728-1001
2022-11-19 19:40 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-11-19 16:26 - 2021-08-06 16:29 - 000000000 ____D C:\Users\micha\AppData\Roaming\.minecraft
2022-11-19 16:25 - 2020-04-04 09:07 - 000000000 ____D C:\Users\micha\AppData\Local\Packages
2022-11-19 16:25 - 2020-04-04 08:57 - 000000000 ____D C:\ProgramData\Packages
2022-11-19 16:25 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-11-19 10:51 - 2021-02-01 18:31 - 001693140 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-11-19 10:51 - 2019-12-07 15:43 - 000716770 _____ C:\WINDOWS\system32\perfh005.dat
2022-11-19 10:51 - 2019-12-07 15:43 - 000144948 _____ C:\WINDOWS\system32\perfc005.dat
2022-11-19 10:51 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2022-11-19 10:48 - 2020-05-31 20:10 - 000000000 ____D C:\Users\micha\AppData\Local\CrashDumps
2022-11-19 10:44 - 2021-02-01 18:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-11-19 10:44 - 2021-02-01 18:25 - 000008192 ___SH C:\DumpStack.log.tmp
2022-11-19 10:44 - 2020-04-04 10:59 - 000000000 ____D C:\ProgramData\Avast Software
2022-11-19 10:44 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-11-19 10:37 - 2022-10-09 18:07 - 000001297 _____ C:\Users\micha\Desktop\KeyboardSplitter – zástupce.lnk
2022-11-19 10:28 - 2022-08-03 07:42 - 000000000 ____D C:\WINDOWS\system32\Tasks\pdfforge GmbH
2022-11-19 10:27 - 2021-10-27 09:36 - 000000000 ____D C:\Program Files\PDFCreator
2022-11-19 10:03 - 2022-09-11 19:31 - 000000000 ____D C:\Users\micha\AppData\Roaming\com.adobe.dunamis
2022-11-19 09:50 - 2022-10-12 19:43 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2022-11-19 09:50 - 2022-10-12 19:43 - 000002061 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2022-11-19 09:35 - 2020-06-06 21:23 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-11-17 15:15 - 2021-12-26 10:26 - 000000000 ____D C:\Program Files\CZC G GK1000
2022-11-17 14:37 - 2022-03-16 14:04 - 000000000 ____D C:\ProgramData\UrbanVPN
2022-11-17 14:32 - 2020-04-09 21:03 - 000000000 ____D C:\Users\micha\AppData\Local\cache
2022-11-15 20:36 - 2021-09-13 14:08 - 000000000 ____D C:\ProFact
2022-11-15 16:18 - 2020-04-04 10:02 - 000000000 ____D C:\Users\micha\AppData\Local\D3DSCache
2022-11-15 16:16 - 2020-04-04 10:00 - 000000000 ____D C:\ProgramData\Package Cache
2022-11-13 21:05 - 2021-02-01 18:25 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-11-13 11:15 - 2020-04-04 10:03 - 000000000 ____D C:\Users\micha\AppData\Local\NVIDIA
2022-11-13 09:52 - 2021-02-01 18:25 - 000546096 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-11-12 22:04 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-11-12 22:04 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2022-11-12 22:04 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-11-12 22:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-11-12 22:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-11-12 22:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-11-12 22:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-11-12 22:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-11-11 14:17 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-11-11 14:14 - 2021-02-01 18:29 - 003014656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-11-11 14:08 - 2020-04-04 22:43 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-11-11 14:06 - 2020-04-04 22:43 - 146960040 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-11-11 12:10 - 2020-04-04 09:19 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-11-09 22:27 - 2020-04-04 09:15 - 000000000 ____D C:\Users\micha\AppData\Roaming\vlc
2022-11-09 18:27 - 2021-12-21 17:06 - 000000000 ____D C:\Program Files (x86)\Overwolf
2022-11-09 10:55 - 2021-01-31 16:01 - 007642816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2022-11-05 20:49 - 2020-04-19 08:50 - 000000000 ____D C:\Users\micha\AppData\Roaming\qBittorrent
2022-10-31 21:49 - 2020-04-06 15:29 - 000000000 ____D C:\Users\micha\AppData\LocalLow\Temp
2022-10-29 20:56 - 2021-02-01 18:26 - 000000000 ____D C:\Users\micha
2022-10-29 13:50 - 2021-12-22 14:51 - 002815456 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll
2022-10-29 13:50 - 2021-12-22 14:51 - 000452048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
2022-10-29 13:50 - 2021-12-22 14:51 - 000243168 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingservicesproxy.dll
2022-10-29 13:50 - 2021-12-22 14:51 - 000198096 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll
2022-10-29 13:50 - 2021-12-22 14:51 - 000153048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamelaunchhelper.dll
2022-10-29 13:50 - 2021-12-22 14:51 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2022-10-26 20:00 - 2021-08-16 15:32 - 000000000 ____D C:\Moje kominictvi
2022-10-25 18:31 - 2021-09-02 18:20 - 000000000 ____D C:\Users\micha\AppData\Roaming\Goldberg SteamEmu Saves
2022-10-25 11:37 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2022-10-24 19:32 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-10-24 13:08 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-10-23 21:08 - 2020-04-04 10:02 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2022-10-23 21:08 - 2020-04-04 08:57 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2022-10-23 21:08 - 2020-04-04 08:57 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2022-10-23 21:06 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System
2022-10-23 21:06 - 2019-03-19 05:49 - 000000076 _____ C:\WINDOWS\win.ini
2022-10-23 21:03 - 2020-04-19 08:47 - 000000000 ____D C:\Users\micha\AppData\Local\yuzu
2022-10-23 17:00 - 2020-04-04 10:59 - 000000000 ____D C:\Users\micha\AppData\Roaming\DAEMON Tools Lite
2022-10-23 16:03 - 2020-08-16 20:05 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-10-23 16:03 - 2020-04-04 10:03 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2022-10-22 11:57 - 2021-02-01 18:26 - 000002381 _____ C:\Users\micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

==================== Files in the root of some directories ========

2020-07-29 19:21 - 2020-07-29 19:21 - 000056320 _____ (SSS) C:\ProgramData\FinalDeleteFile.exe
2022-04-27 10:50 - 2022-04-27 10:50 - 000007342 _____ () C:\Users\micha\AppData\Local\2573084692
2020-09-27 20:17 - 2020-09-27 20:17 - 000016438 _____ () C:\Users\micha\AppData\Local\partner.bmp
2021-01-10 19:43 - 2021-02-08 18:36 - 000007602 _____ () C:\Users\micha\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118275
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Malware, trojan? - prosím o pomoc kontrolu logu FRST

#5 Příspěvek od Rudy »

Rudy píše: 20 lis 2022 11:17 Zdravím!
Dejte nové logy FRST+Addition.
Addition chybí.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
mikkie
Návštěvník
Návštěvník
Příspěvky: 43
Registrován: 26 črc 2011 16:56

Re: Malware, trojan? - prosím o pomoc kontrolu logu FRST

#6 Příspěvek od mikkie »

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-11-2022
Ran by micha (20-11-2022 16:36:45)
Running from C:\Users\micha\Desktop
Microsoft Windows 10 Pro Version 21H2 19044.2251 (X64) (2021-02-01 17:30:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-4261871939-3680644312-2290833728-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4261871939-3680644312-2290833728-503 - Limited - Disabled)
Guest (S-1-5-21-4261871939-3680644312-2290833728-501 - Limited - Disabled)
micha (S-1-5-21-4261871939-3680644312-2290833728-1001 - Administrator - Enabled) => C:\Users\micha
micha_p24az47 (S-1-5-21-4261871939-3680644312-2290833728-1002 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-4261871939-3680644312-2290833728-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

A360 Desktop (HKLM\...\{B65CD59E-A771-4354-AA4B-C3E01B496BCD}) (Version: 8.2.3.1800 - Autodesk)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1029-1033-7760-BC15014EA700}) (Version: 22.003.20282 - Adobe)
Adobe Photoshop 2020 (HKLM-x32\...\PHSP_21_0_1) (Version: 21.0.1 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601032}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Aman (HKLM-x32\...\AmanVPN) (Version: 2.3.5.0907 - Hongkong Guangling Mdt InfoTech Limited)
AMD Ryzen Master (HKLM\...\{02247819-03CD-414E-AC8D-FD518BFBA445}) (Version: 2.1.1.1472 - Advanced Micro Devices, Inc.) Hidden
AMD Ryzen Master (HKLM\...\AMD Ryzen Master) (Version: 2.1.1.1472 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 19.10.16 - Advanced Micro Devices, Inc.)
ASRock Restart to UEFI v1.0.9 (HKLM-x32\...\ASRock Restart to UEFI_is1) (Version: 1.0.9 - ASRock Inc.)
A-Tuning v3.0.215 (HKLM-x32\...\A-Tuning_is1) (Version: 3.0.215 - ASRock Inc.)
AutoCAD 2018 - English (HKLM\...\{28B89EEF-1001-0409-2102-CF3F3A09B77D}) (Version: 22.0.49.0 - Autodesk) Hidden
Autodesk Advanced Material Library Image Library 2018 (HKLM-x32\...\{177AD7F6-9C77-4E50-BA53-B7259C5F282D}) (Version: 16.11.1.0 - Autodesk)
Autodesk App Manager 2016-2018 (HKLM-x32\...\{20EC0CA2-346E-4660-9903-51B278DF15F6}) (Version: 2.4.0 - Autodesk)
Autodesk AutoCAD 2018 - English (HKLM\...\AutoCAD 2018 - English) (Version: 22.0.49.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.8 (HKLM-x32\...\{214D3370-746E-4886-8EAA-5769EB87D044}) (Version: 1.2.8.0 - Autodesk)
Autodesk Genuine Service (HKLM\...\{8AD048E5-9570-442E-A5A2-B12C2618977E}) (Version: 4.6.0.124 - Autodesk)
Autodesk Material Library 2018 (HKLM-x32\...\{7847611E-92E9-4917-B395-71C91D523104}) (Version: 16.11.1.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2018 (HKLM-x32\...\{FCDED119-A969-4E48-8A32-D21AD6B03253}) (Version: 16.11.1.0 - Autodesk)
Autodesk ReCap (HKLM\...\Autodesk ReCap 360) (Version: 4.0.0.28 - Autodesk)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 22.10.6038 - Avast Software)
Balanced (HKLM-x32\...\{0EA45DD4-A825-420C-AFED-C659EFE3B84F}) (Version: 4.00.0000 - Advanced Micro Devices, Inc.) Hidden
Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft)
Core Epic (HKLM\...\{B51E6DE5-9A25-47E6-9806-24B4C62D42A6}) (Version: 1.3.1.0 - Manticore Games)
Core Epic Installer (HKLM-x32\...\{531451dd-91d4-4b27-a171-1b9c7f325969}) (Version: 1.3.0.0 - Manticore Games) Hidden
Core Temp 1.17.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.17.1 - ALCPU)
CPUID CPU-Z 1.92 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.92 - CPUID, Inc.)
Crash Bandicoot 4 (HKLM-x32\...\Crash Bandicoot 4_is1) (Version: - )
Crossout Launcher 1.0.3.144 (HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\CrossOutLauncher_is1) (Version: - )
Cuphead (HKLM-x32\...\1963513391_is1) (Version: 1.2.4 - GOG.com)
Cuphead (HKLM-x32\...\Cuphead_is1) (Version: - )
CurseForge (HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Overwolf_cchhcaiapeikjbdbpfplgmpobbcdkdaphclbmkbj) (Version: 0.212.3.7035 - Overwolf app)
CZC G GK1000 (HKLM-x32\...\CZC G GK1000) (Version: V1.01n - CZC G GK900)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.12.0.1184 - Disc Soft Ltd)
DCS World OpenBeta (HKLM\...\DCS World OpenBeta_is1) (Version: 2.5 - Eagle Dynamics)
Discord (HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
EA app (HKLM\...\{C2622085-ABD2-49E5-8AB9-D3D6A642C091}) (Version: 12.47.0.5304 - Electronic Arts) Hidden
EA app (HKLM-x32\...\{daaa5ef5-cad5-4ad1-b550-6f3388e65fe0}) (Version: 12.47.0.5304 - Electronic Arts)
Empires of the Undergrowth (HKLM-x32\...\1850642020_is1) (Version: 0.2324 - GOG.com)
Epic Games Launcher (HKLM-x32\...\{209F4B4B-3DF2-4825-9906-D4D6A80EC09E}) (Version: 1.3.0.0 - Epic Games, Inc.)
Epic Online Services (HKLM-x32\...\{32C68D93-D32F-4B01-8250-61642BFC22F8}) (Version: 2.0.28.0 - Epic Games, Inc.)
Epson Easy Photo Print 2 (HKLM-x32\...\{7E0261C4-8495-4365-BE48-647701D8B9BD}) (Version: 2.8.3.0 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{AB8BE3EA-01D3-44B7-8E77-A9601CBDEBDE}) (Version: 3.10.0085 - Seiko Epson Corporation)
EPSON L3050 Series Printer Uninstall (HKLM\...\EPSON L3050 Series) (Version: - Seiko Epson Corporation)
Epson Printer Connection Checker (HKLM-x32\...\{AA6AE72A-371E-4454-9066-3D02BB4BC4E9}) (Version: 3.3.1.0 - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version: - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.04 - SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32\...\{28C66F35-69BF-4376-BC80-4D5F4808FF3C}) (Version: 4.6.1 - Seiko Epson Corporation)
FARO LS 1.1.600.6 (64bit) (HKLM-x32\...\{510A08AF-1649-4844-94E5-EAC43A023685}) (Version: 6.0.6.5 - FARO Scanner Production)
FileZilla Client 3.47.2.1 (HKLM-x32\...\FileZilla Client) (Version: 3.47.2.1 - Tim Kosse)
Floating Sandbox 1.16.7.1 (HKLM\...\{E0EFB81F-319E-4AB2-80D9-38374D454C01}) (Version: 1.16.7.1 - Gabriele Giuseppini)
Gas Station Simulator (HKLM-x32\...\Gas Station Simulator_is1) (Version: - )
GOG GALAXY (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 107.0.5304.107 - Google LLC)
I Am Fish (HKLM-x32\...\I Am Fish_is1) (Version: - )
ImageGlass (HKLM\...\{15872342-C9E9-4C65-9586-35B4EFDB806B}) (Version: 8.6.7.13 - Duong Dieu Phap)
i-Menu version 4.3.6 (HKLM-x32\...\{0121C0BD-363C-4B1D-8B64-FE7681A37D0A}_is1) (Version: 4.3.6 - AOC)
Java(TM) SE Development Kit 17.0.1 (64-bit) (HKLM\...\{7ECAAC8F-FBBE-5265-BBF4-0AC48139FB26}) (Version: 17.0.1.0 - Oracle Corporation)
Kindergarten 2 v1.23 (HKLM-x32\...\tuttop.com Kindergarten 2 v1.23_is1) (Version: 1.23 - tuttop.com)
Kontrola stavu osobního počítače s Windows (HKLM\...\{D1F15F7A-707A-42BD-BE6B-3380616F796D}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 107.0.1418.52 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 107.0.1418.52 - Microsoft Corporation)
Microsoft GameInput (HKLM-x32\...\{B71DA3AB-24EC-9E95-A79B-7B5F92B0CEDD}) (Version: 10.1.22621.1846 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - cs-cz (HKLM\...\ProplusRetail - cs-cz) (Version: 16.0.15726.20202 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 18.151.0729.0013 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\OneDriveSetup.exe) (Version: 22.212.1009.0003 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40660 (HKLM\...\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40660 (HKLM\...\{CB0836EC-B072-368D-82B2-D3470BF95707}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40660 (HKLM-x32\...\{7DAD0258-515C-3DD4-8964-BD714199E0F7}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40660 (HKLM-x32\...\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30139 (HKLM-x32\...\{2c673fb6-3e65-4751-965d-33d30b68a8a6}) (Version: 14.29.30139.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.29.30135 (HKLM-x32\...\{b7a2b241-3f54-4d7d-94d1-8ce0146e03c7}) (Version: 14.29.30135.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.29.30139 (HKLM\...\{7F4A9F52-173F-4B0D-B1EA-269C32EDA827}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.29.30139 (HKLM\...\{A6D3F752-BF11-4D7C-B19C-F6F96A35CF50}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.29.30135 (HKLM-x32\...\{77EB1EA9-8E1B-459D-8CDC-1984D0FF15B6}) (Version: 14.29.30135 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.29.30135 (HKLM-x32\...\{36A1E79B-581A-4FE5-843D-84C2D3C9431E}) (Version: 14.29.30135 - Microsoft Corporation) Hidden
Minecraft Launcher (HKLM-x32\...\{733C3ACB-432D-4880-B0E1-660000D7974D}) (Version: 1.0.0.0 - Mojang)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.9.0 - F.J. Wechselberger)
Newgrounds Player (HKLM-x32\...\{B9735123-2823-49F8-8264-372895D39702}) (Version: 1.0.0 - Newgrounds)
Nova Skin resourcepack version 2 (HKLM-x32\...\{497EF1F8-2F52-45A5-BF36-C6D11773F093}_is1) (Version: 2 - Nova Skin)
NVIDIA FrameView SDK 1.3.8107.31782123 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8107.31782123 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.26.0.154 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.26.0.154 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.39.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.39.16 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 526.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 526.86 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
NVIDIA USBC Driver 1.50.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.50.831.832 - NVIDIA Corporation)
OEM Application Profile (HKLM-x32\...\{84AD2AF7-10C8-0395-66F9-FFAEB4C5DBF1}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15726.20202 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.15726.20202 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.12527.22215 - Microsoft Corporation) Hidden
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.208.1.2 - Overwolf Ltd.)
PDF Architect 9 (HKLM-x32\...\PDF Architect 9) (Version: 9.0.27.2538 - pdfforge GmbH)
PDF Architect 9 Edit Module (HKLM\...\{506451AA-F85D-45CB-865A-636C10931DD8}) (Version: 9.0.28.19771 - pdfforge GmbH) Hidden
PDF Architect 9 OCR Module (HKLM\...\{6A824BC0-872A-456F-991E-B8222937E17C}) (Version: 9.0.28.19771 - pdfforge GmbH) Hidden
PDF Architect 9 OCR TESS Module (HKLM\...\{3CB34A5C-AA27-46BE-8635-9BBC1D27E60B}) (Version: 9.0.28.19771 - pdfforge GmbH) Hidden
PDF Architect 9 View Module (HKLM\...\{FACC2AE6-8B2D-42AE-9A80-BB791422DA6B}) (Version: 9.0.28.19771 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{51D4D10A-490B-40A8-9C2A-853DC279013D}) (Version: 5.0.2 - pdfforge GmbH)
Počítačová aplikace Autodesk (HKLM-x32\...\Autodesk Desktop App) (Version: 8.3.0.71 - Autodesk)
ProFact 5 (HKLM-x32\...\ProFact_is1) (Version: - eXmind)
Project CARS 2 (HKLM-x32\...\Project CARS 2_is1) (Version: - )
PROTECH CD 676 (HKLM-x32\...\{F2BAF0DF-63ED-4BFC-ACA8-21355B235D7F}) (Version: 67.6.0 - PROTECH)
Příručky společnosti EPSON (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.57.0.0 - Seiko Epson Corporation)
PSPad editor (HKLM\...\PSPad editor 64bit_is1) (Version: 5.0.6.589 - Jan Fiala)
PSPad editor (HKLM-x32\...\PSPad editor_is1) (Version: 5.0.4.543 - Jan Fiala)
qBittorrent 4.4.0 (HKLM-x32\...\qBittorrent) (Version: 4.4.0 - The qBittorrent project)
Rayman Origins (HKLM-x32\...\Uplay Install 80) (Version: - Ubisoft)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.66.1083 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.1.5.1 - Rockstar Games)
Screen+ version Screen+ 1.4.2 (HKLM\...\Screen+_is1) (Version: Screen+ 1.4.2 - AOC)
Snowtopia Demo (HKLM-x32\...\1103034679_is1) (Version: 0.9.31.gog - GOG.com)
Snowtopia: Ski Resort Tycoon (HKLM-x32\...\1179524912_is1) (Version: 0.14.27 - GOG.com)
Speciální aplikace Autodesk 2016-2018 (HKLM-x32\...\{384C4B74-B749-4AB6-9367-4D51A6AA9CB8}) (Version: 2.4.0 - Autodesk)
Spotify (HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Spotify) (Version: 1.1.47.684.g136419d9 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Superliminal (HKLM-x32\...\Superliminal_is1) (Version: - )
TAP-Windows 9.24.2 (HKLM\...\TAP-Windows) (Version: 9.24.2 - OpenVPN Technologies, Inc.)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.5.6 - TeamSpeak Systems GmbH)
Tom Clancy's The Division 2 (HKLM-x32\...\Uplay Install 4932) (Version: - Ubisoft)
Total Commander 64+32-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.22 - Ghisler Software GmbH)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 128.0.10632 - Ubisoft)
UE4 Prerequisites (x64) (HKLM\...\{F9EC45F9-074A-48BF-92E9-A8CADD56F693}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{4e242cc8-5e3c-4b08-9d55-dbc62ddd1208}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
UNRAVEL™ two (HKLM-x32\...\{5DB117FE-6F05-40AC-B7A3-5C67641F14C0}) (Version: 1.0.0.1 - Electronic Arts, Inc.)
UrbanVPN (HKLM\...\{62F37AEF-93BF-4E7E-B5B6-97BFEC82BEF5}) (Version: 2.2.9 - Urban Security) Hidden
UrbanVPN (HKLM\...\UrbanVPN 2.2.9) (Version: 2.2.9 - Urban Security)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.10 - VideoLAN)
Wargaming.net Game Center (HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\Wargaming.net Game Center) (Version: 22.4.1.367 - Wargaming.net)
WinRAR 5.80 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.80.0 - win.rar GmbH)
World of Tanks EU (HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\WOT.EU.PRODUCTION) (Version: - Wargaming.net)
XGAMER Audio 7.1 (HKLM-x32\...\SSS16xxAudioExt) (Version: 3.21.2018.104 - SADES)

Packages:
=========
Forager -> C:\Program Files\WindowsApps\HumbleBundle.ForagerWin10_1.0.1.2_x64__q2mcdwmzx4qja [2022-02-25] (Humble Bundle)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2022-10-25] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2022-10-25] (Microsoft Corporation) [MS Ad]
Minecraft Dungeons -> C:\Program Files\WindowsApps\Microsoft.Lovika_1.16.2.0_x64__8wekyb3d8bbwe [2022-11-17] (Microsoft Studios)
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.19.3101.0_x64__8wekyb3d8bbwe [2022-10-24] (Microsoft Studios)
Minecraft Launcher -> C:\Program Files\WindowsApps\Microsoft.4297127D64EC6_1.1.28.0_x64__8wekyb3d8bbwe [2022-09-03] (Microsoft Studios)
Minecraft: Java Edition -> C:\Program Files\WindowsApps\Microsoft.MinecraftJavaEdition_1.0.5.0_x64__8wekyb3d8bbwe [2022-11-19] (Microsoft Studios)
Roblox -> C:\Program Files\WindowsApps\ROBLOXCORPORATION.ROBLOX_2.553.620.0_x86__55nm5eh3cm0pr [2022-11-18] (ROBLOX Corporation)
Totally Accurate Battle Simulator -> C:\Program Files\WindowsApps\LandfallGames.TotallyAccurateBattleSimulator_1.0.6239.0_x64__r2vq7k2y0v9ct [2022-11-09] (Landfall Games)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-10-24] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2017-02-03] (Autodesk, Inc -> Autodesk, Inc.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-10-24] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2017-02-03] (Autodesk, Inc -> Autodesk)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-10-24] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1-x32: [MyPhoneExplorer] -> {A372C6DF-7A85-41B1-B3B0-D1E24073DCBF} => C:\Program Files (x86)\MyPhoneExplorer\DLL\ShellMgr.dll [2010-03-30] (F.J. Wechselberger) [File not signed]
ContextMenuHandlers1: [PDFArchitect8_ManagerExt] -> {EC981B88-4DFE-457D-B623-09D6C0E3EE6C} => C:\Program Files\PDF Architect 9\context-menu.dll [2022-10-18] (pdfforge GmbH -> pdfforge GmbH)
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Program Files\PDFCreator\PDFCreatorShell.DLL [2022-10-04] (pdfforge GmbH -> pdfforge GmbH)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2020-04-04] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-10-24] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2020-04-04] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_bd530e4cbd42e0a3\nvshext.dll [2022-11-09] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-10-24] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\system32\StartMenuHelper64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\micha\Desktop\Michal - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\micha\Desktop\Terezka - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) =============

2020-04-06 15:24 - 2022-11-10 07:19 - 134859776 _____ () [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libcef.dll
2020-04-06 15:24 - 2022-11-07 11:17 - 000387072 _____ () [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libegl.dll
2020-04-06 15:24 - 2022-11-07 11:17 - 008052736 _____ () [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libglesv2.dll
2018-10-26 09:07 - 2018-10-26 09:07 - 000204800 _____ () [File not signed] C:\Program Files\CZC G GK1000\bin\GK\SonixHidDll.dll
2018-10-26 09:07 - 2018-10-26 09:07 - 000204800 _____ () [File not signed] C:\Program Files\CZC G GK1000\bin\GM\SonixHidDll.dll
2018-07-15 13:15 - 2018-07-15 13:15 - 003664696 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenuDLL.dll
2022-10-23 21:46 - 2022-10-23 21:46 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll
2022-10-23 21:46 - 2022-10-23 21:46 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\Office16\c2r64.dll
2021-10-27 09:36 - 2022-08-02 17:26 - 000181248 _____ (pdfforge GmbH) [File not signed] C:\WINDOWS\System32\pdfcmon.dll
2017-02-13 13:54 - 2017-02-13 13:54 - 000132096 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\epnsm.dll
2009-10-21 16:39 - 2009-10-21 16:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\LcMgr.dll
2019-02-14 07:40 - 2019-02-14 07:40 - 001660416 _____ (SONiX Technology Co., Ltd.) [File not signed] c:\program files\czc g gk1000\bin\css.dll
2019-02-14 07:46 - 2019-02-14 07:46 - 002033152 _____ (SONiX Technology Co., Ltd.) [File not signed] c:\program files\czc g gk1000\bin\cwt.dll
2019-02-14 07:49 - 2019-02-14 07:49 - 001659904 _____ (SONiX Technology Co., Ltd.) [File not signed] c:\program files\czc g gk1000\bin\messageprompter.dll
2019-02-14 07:38 - 2019-02-14 07:38 - 001648640 _____ (SONiX Technology Co., Ltd.) [File not signed] c:\program files\czc g gk1000\bin\messageprovider.dll
2019-02-14 08:00 - 2019-02-14 08:00 - 001655808 _____ (SONiX Technology Co., Ltd.) [File not signed] C:\Program Files\CZC G GK1000\Bin\Plugin.dll
2020-04-06 15:24 - 2022-11-07 11:17 - 000992256 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\chrome_elf.dll
2019-02-14 08:00 - 2019-02-14 08:00 - 001651200 _____ (TODO: <Company name>) [File not signed] c:\program files\czc g gk1000\bin\dialoginvoker.dll
2019-02-14 07:28 - 2019-02-14 07:28 - 001633792 _____ (TODO: <Company name>) [File not signed] c:\program files\czc g gk1000\bin\gamingforceledsyncer.dll
2019-02-14 07:51 - 2019-02-14 07:51 - 001665024 _____ (TODO: <Company name>) [File not signed] c:\program files\czc g gk1000\bin\gamingforcemain.dll
2019-02-14 07:52 - 2019-02-14 07:52 - 001656832 _____ (TODO: <Company name>) [File not signed] c:\program files\czc g gk1000\bin\gk\gamingkeyboardmacro.dll
2019-02-14 07:38 - 2019-02-14 07:38 - 002036224 _____ (TODO: <Company name>) [File not signed] c:\program files\czc g gk1000\bin\gk\gamingkeyboardmain.dll
2019-02-14 07:46 - 2019-02-14 07:46 - 002195968 _____ (TODO: <Company name>) [File not signed] c:\program files\czc g gk1000\bin\gk\gamingkeyboardpersister.dll
2019-02-14 07:30 - 2019-02-14 07:30 - 001723904 _____ (TODO: <Company name>) [File not signed] c:\program files\czc g gk1000\bin\gk\gamingkeyboardprofile.dll
2019-02-14 07:51 - 2019-02-14 07:51 - 001652736 _____ (TODO: <Company name>) [File not signed] c:\program files\czc g gk1000\bin\gk\gamingkeyboardskin.dll
2019-02-14 08:00 - 2019-02-14 08:00 - 001680384 _____ (TODO: <Company name>) [File not signed] c:\program files\czc g gk1000\bin\gk\gamingkeyboardwriter.dll
2019-02-14 07:24 - 2019-02-14 07:24 - 001656320 _____ (TODO: <Company name>) [File not signed] c:\program files\czc g gk1000\bin\gm\gamingmousemacro.dll
2019-02-14 07:27 - 2019-02-14 07:27 - 001936384 _____ (TODO: <Company name>) [File not signed] c:\program files\czc g gk1000\bin\gm\gamingmousemain.dll
2019-02-14 07:27 - 2019-02-14 07:27 - 002195456 _____ (TODO: <Company name>) [File not signed] c:\program files\czc g gk1000\bin\gm\gamingmousepersister.dll
2019-02-14 07:25 - 2019-02-14 07:25 - 001701888 _____ (TODO: <Company name>) [File not signed] c:\program files\czc g gk1000\bin\gm\gamingmouseprofile.dll
2019-02-14 07:15 - 2019-02-14 07:15 - 001664000 _____ (TODO: <Company name>) [File not signed] c:\program files\czc g gk1000\bin\gm\gamingmouseskin.dll
2019-02-14 07:15 - 2019-02-14 07:15 - 001656832 _____ (TODO: <Company name>) [File not signed] c:\program files\czc g gk1000\bin\gm\gamingmousewriter.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 05:49 - 2019-03-19 05:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\Control Panel\Desktop\\Wallpaper -> c:\users\micha\desktop\foceni - vanoce 2019\dsc_9982.jpg
DNS Servers: 31.192.72.13 - 10.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "Trust GXT 354 Headset"
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\StartupApproved\Run: => "Gaijin.Net Updater"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{29458DEB-89BE-4F55-B362-0A79FF315AC2}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [TCP Query User{D73F25B8-73D8-4612-9013-00AFC67C6490}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [{C535DEAE-95B1-4EC1-9AE3-90F16FB847B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crash Drive 2\Crash Drive 2.exe () [File not signed]
FirewallRules: [{D00CE7CD-302D-4FC5-9DBD-BF6946EB2BC7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crash Drive 2\Crash Drive 2.exe () [File not signed]
FirewallRules: [UDP Query User{F873DD99-DACE-47FB-ACB7-FAF5D2D438EF}C:\program files\eagle dynamics\dcs world openbeta\bin\dcs_updater.exe] => (Allow) C:\program files\eagle dynamics\dcs world openbeta\bin\dcs_updater.exe (Eagle Dynamics SA -> Eagle Dynamics SA)
FirewallRules: [TCP Query User{A54F25F0-65EF-41E6-9DB2-01F8F95FD1E9}C:\program files\eagle dynamics\dcs world openbeta\bin\dcs_updater.exe] => (Allow) C:\program files\eagle dynamics\dcs world openbeta\bin\dcs_updater.exe (Eagle Dynamics SA -> Eagle Dynamics SA)
FirewallRules: [UDP Query User{446488F3-6A65-4A40-84ED-6D7DD85BC5F2}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [TCP Query User{0A1E29E9-17F5-49FA-831C-74E987176127}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [{54446129-352F-4716-A57E-817CFBE15A09}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{45E25852-2436-49B6-8730-460ABC3C1F32}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{864198A2-5A02-402B-BFBE-2A6092CE7CBA}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{89CCDD86-5ABB-49F9-ADA2-3AA16A9C0DFA}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{D790B858-A34F-48F3-BAB6-30E18C8B86A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe (Valve -> Valve)
FirewallRules: [{E45CB1FF-8765-4764-B6E5-03B0CFB43CD0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe (Valve -> Valve)
FirewallRules: [UDP Query User{11C83DD6-66C1-4B2A-95B9-F5595BAAE73F}C:\users\micha\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\micha\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{36435545-4B21-4506-82B2-85572F619B25}C:\users\micha\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\micha\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{DBF5FAC2-3ED8-4AB7-A39F-2F9A785F9F5A}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> TODO: <Company name>)
FirewallRules: [TCP Query User{975D2953-97C3-42CD-98A5-83734BE1D7B2}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> TODO: <Company name>)
FirewallRules: [{E1397ADB-175E-4CD9-B12F-39A92FBF12B3}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{3114659E-1964-4B01-88CD-D008340CB6FA}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{0356A693-A394-4772-B76B-BF4C327CF3EE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{8E292D98-5399-4BC6-8E9D-0B1CB269BB82}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{0586D70B-5F9B-4AE4-905B-6D8A0EB68614}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{6C369FD2-5CA0-46A5-AE4C-89BC129BAD00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{04EE9578-4475-4C45-8938-31CFCAC72E37}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{1422F21A-0FE6-4E04-8608-E0AB2E1E74A0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{59EC471F-33CD-4B0E-8E0A-29665C636ADF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve Corp. -> )
FirewallRules: [{B908D25C-2BCF-4188-BD0F-E397AC0F6BEF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve Corp. -> )
FirewallRules: [{0A77FFB5-C2E5-4D61-B0A6-F50C26917801}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe => No File
FirewallRules: [{3DDF4574-0231-4AB2-8264-9943794F7292}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe => No File
FirewallRules: [TCP Query User{EDB90044-B689-459D-A928-70A8E53D2179}C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe
FirewallRules: [UDP Query User{10816914-AC23-4957-AFA6-FF812C9B1605}C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe
FirewallRules: [TCP Query User{D941A9B7-F0DD-4690-9B9E-BA858CBD8690}C:\program files\eagle dynamics\dcs world openbeta\bin\dcs.exe] => (Allow) C:\program files\eagle dynamics\dcs world openbeta\bin\dcs.exe (Eagle Dynamics SA -> Eagle Dynamics)
FirewallRules: [UDP Query User{E3FF217D-D5A2-4FBB-9AA2-46E08FD69504}C:\program files\eagle dynamics\dcs world openbeta\bin\dcs.exe] => (Allow) C:\program files\eagle dynamics\dcs world openbeta\bin\dcs.exe (Eagle Dynamics SA -> Eagle Dynamics)
FirewallRules: [TCP Query User{37E4D05E-2ADF-410A-B96A-4FE1603EB75E}L:\downloads\wobbly.life.build 5917938\wobbly.life.build 5917938\wobbly life.exe] => (Allow) L:\downloads\wobbly.life.build 5917938\wobbly.life.build 5917938\wobbly life.exe () [File not signed]
FirewallRules: [UDP Query User{41A171F7-2F8E-4D4F-95D8-B31FB070B856}L:\downloads\wobbly.life.build 5917938\wobbly.life.build 5917938\wobbly life.exe] => (Allow) L:\downloads\wobbly.life.build 5917938\wobbly.life.build 5917938\wobbly life.exe () [File not signed]
FirewallRules: [{D7CD4EE0-8A58-464F-ACCA-A17B2148C55D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Raft\Raft.exe () [File not signed]
FirewallRules: [{B11CE916-FDDE-436A-B8EF-79A0AF4B214D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Raft\Raft.exe () [File not signed]
FirewallRules: [TCP Query User{C55AC7D3-0136-4931-8E8E-F9483277C5DA}L:\downloads\untitled.goose.game.v1.1.4\untitled.goose.game.v1.1.4\untitled.exe] => (Block) L:\downloads\untitled.goose.game.v1.1.4\untitled.goose.game.v1.1.4\untitled.exe () [File not signed]
FirewallRules: [UDP Query User{816377DE-18B1-4961-BDD4-D474969DCFA6}L:\downloads\untitled.goose.game.v1.1.4\untitled.goose.game.v1.1.4\untitled.exe] => (Block) L:\downloads\untitled.goose.game.v1.1.4\untitled.goose.game.v1.1.4\untitled.exe () [File not signed]
FirewallRules: [TCP Query User{F00BAB0A-4A0E-420B-90BC-3CC38FF11BDE}C:\program files (x86)\minecraft launcher\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe
FirewallRules: [UDP Query User{0130D317-847E-4D30-B195-B52A0FD1AC39}C:\program files (x86)\minecraft launcher\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe
FirewallRules: [{5EB038E2-3D18-44B7-8E96-890B39F3E827}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Thrive\Thrive Launcher.exe (Revolutionary Games) [File not signed]
FirewallRules: [{68A4ADEA-1C84-4789-A697-CB2D3B816771}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Thrive\Thrive Launcher.exe (Revolutionary Games) [File not signed]
FirewallRules: [TCP Query User{45ED595B-3318-4527-A16E-AE92F97115E2}L:\downloads\wobbly.life.v0.7.1\wobbly life.exe] => (Allow) L:\downloads\wobbly.life.v0.7.1\wobbly life.exe () [File not signed]
FirewallRules: [UDP Query User{F9D771D3-D794-453C-A170-D06223863C87}L:\downloads\wobbly.life.v0.7.1\wobbly life.exe] => (Allow) L:\downloads\wobbly.life.v0.7.1\wobbly life.exe () [File not signed]
FirewallRules: [{9561CBB4-7CD3-4A3F-BD3B-6578D946570C}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Rayman Origins\Rayman Origins.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [{72ECBBE5-8F9F-4A97-A7BF-C49729ADFABF}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Rayman Origins\Rayman Origins.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [TCP Query User{BCC952E8-88D5-462B-A31F-88AAAA2CD4C9}L:\downloads\deeeer.simulator.v6.3.1\deeeer simulator.exe] => (Allow) L:\downloads\deeeer.simulator.v6.3.1\deeeer simulator.exe () [File not signed]
FirewallRules: [UDP Query User{5F02E16D-3283-4B5A-A892-B478B3808213}L:\downloads\deeeer.simulator.v6.3.1\deeeer simulator.exe] => (Allow) L:\downloads\deeeer.simulator.v6.3.1\deeeer simulator.exe () [File not signed]
FirewallRules: [TCP Query User{70860165-FC28-4A9A-9549-72643AF82E96}L:\downloads\powerwash.simulator.v0.5.1\powerwashsimulator.exe] => (Allow) L:\downloads\powerwash.simulator.v0.5.1\powerwashsimulator.exe () [File not signed]
FirewallRules: [UDP Query User{06F8E3AC-4E9E-4F99-BC5F-B91E1909A464}L:\downloads\powerwash.simulator.v0.5.1\powerwashsimulator.exe] => (Allow) L:\downloads\powerwash.simulator.v0.5.1\powerwashsimulator.exe () [File not signed]
FirewallRules: [{D7E833B6-8C9E-4F53-ADCC-237CC74140B5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Builder Simulator Demo\PWLauncherBootstrapper.exe (XENO-PC\Xeno -> PWay Sp. z o.o.) [File not signed]
FirewallRules: [{92558988-B934-43A7-8992-25F6DB7CD255}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Builder Simulator Demo\PWLauncherBootstrapper.exe (XENO-PC\Xeno -> PWay Sp. z o.o.) [File not signed]
FirewallRules: [TCP Query User{0E856306-59C5-43ED-BBAB-5A6C6358A2EC}L:\games\i am fish\iamfish.exe] => (Block) L:\games\i am fish\iamfish.exe () [File not signed]
FirewallRules: [UDP Query User{7605C579-E973-4947-92C4-BE006BC64FF1}L:\games\i am fish\iamfish.exe] => (Block) L:\games\i am fish\iamfish.exe () [File not signed]
FirewallRules: [{B2DA71DE-1615-440A-BEB4-9A465F176CF0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Among Us\Among Us.exe () [File not signed]
FirewallRules: [{3930353B-5ACC-46D7-BFB3-5ABDF047A43B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Among Us\Among Us.exe () [File not signed]
FirewallRules: [{01DF4354-EA13-4B39-A5E2-D851CA21DEAE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PlagueInc\PlagueIncEvolved.exe () [File not signed]
FirewallRules: [{83AC1B05-9D39-4B0B-9721-60909619376E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PlagueInc\PlagueIncEvolved.exe () [File not signed]
FirewallRules: [TCP Query User{7D120729-8247-46E1-A96C-2897BE827323}L:\games\astroneer.v1.18.68.0\astro\binaries\win64\astro-win64-shipping.exe] => (Block) L:\games\astroneer.v1.18.68.0\astro\binaries\win64\astro-win64-shipping.exe (System Era Softworks) [File not signed]
FirewallRules: [UDP Query User{55274E68-151E-453B-BF06-F07E61CCE6E0}L:\games\astroneer.v1.18.68.0\astro\binaries\win64\astro-win64-shipping.exe] => (Block) L:\games\astroneer.v1.18.68.0\astro\binaries\win64\astro-win64-shipping.exe (System Era Softworks) [File not signed]
FirewallRules: [{D5E9125B-F4C3-4BE3-9C39-4327635141A9}] => (Allow) L:\SteamLibrary\steamapps\common\Rock of Ages III Make & Break\ROA3.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{1DBD88C5-F55B-403D-9D47-7509BA2B3F50}] => (Allow) L:\SteamLibrary\steamapps\common\Rock of Ages III Make & Break\ROA3.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [TCP Query User{82293978-6754-445C-9C19-4517C53B2CBE}L:\steamlibrary\steamapps\common\rock of ages iii make & break\roa3\binaries\win64\roa3-win64-shipping.exe] => (Allow) L:\steamlibrary\steamapps\common\rock of ages iii make & break\roa3\binaries\win64\roa3-win64-shipping.exe (ACE Team) [File not signed]
FirewallRules: [UDP Query User{6D4F340F-CC84-441A-8F08-7F597798B806}L:\steamlibrary\steamapps\common\rock of ages iii make & break\roa3\binaries\win64\roa3-win64-shipping.exe] => (Allow) L:\steamlibrary\steamapps\common\rock of ages iii make & break\roa3\binaries\win64\roa3-win64-shipping.exe (ACE Team) [File not signed]
FirewallRules: [{FB08CC40-5BB2-4929-AE72-E844CAA9BC4C}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{73AFC565-A221-4AF4-8B01-BF38A7E3AAFD}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [TCP Query User{3E1A716A-73A8-4971-82E0-3292C49B152E}L:\downloads\superliminal\superliminal.exe] => (Block) L:\downloads\superliminal\superliminal.exe () [File not signed]
FirewallRules: [UDP Query User{6C09B28E-8BF2-419B-8B46-19F6B2DAAC55}L:\downloads\superliminal\superliminal.exe] => (Block) L:\downloads\superliminal\superliminal.exe () [File not signed]
FirewallRules: [{887E5316-A9BD-460F-B213-61A3DD57E396}] => (Allow) L:\SteamLibrary\steamapps\common\Kerbal Space Program\KSP_x64.exe (Take-Two Interactive Software, Inc. -> )
FirewallRules: [{6AA2F05C-B390-46DC-9D2A-3AB006261BE6}] => (Allow) L:\SteamLibrary\steamapps\common\Kerbal Space Program\KSP_x64.exe (Take-Two Interactive Software, Inc. -> )
FirewallRules: [{A4F2B005-89AB-41F1-8F41-F596CDCADBC8}] => (Allow) L:\SteamLibrary\steamapps\common\Fat Baby\Fat baby.exe () [File not signed]
FirewallRules: [{1AC4CB70-2406-4DC8-BB08-9AFFDE94FC12}] => (Allow) L:\SteamLibrary\steamapps\common\Fat Baby\Fat baby.exe () [File not signed]
FirewallRules: [{68C1325C-7C3E-47E7-8B2E-A83D571D67FA}] => (Allow) L:\SteamLibrary\steamapps\common\Wobbly Life\Wobbly Life.exe (Unity Technologies ApS) [File not signed]
FirewallRules: [{4C2AA51F-46E3-4489-B00C-2D5B089EEE79}] => (Allow) L:\SteamLibrary\steamapps\common\Wobbly Life\Wobbly Life.exe (Unity Technologies ApS) [File not signed]
FirewallRules: [TCP Query User{F1BE06E4-5622-4761-B9FA-496F3C93E3EA}C:\users\micha\curseforge\minecraft\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\users\micha\curseforge\minecraft\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [UDP Query User{31CDE955-BC24-491A-89D0-0BD4AC1B4B34}C:\users\micha\curseforge\minecraft\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\users\micha\curseforge\minecraft\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [{ED21F7B5-C7C6-4DE2-8131-044A5F38C7AE}] => (Allow) L:\SteamLibrary\steamapps\common\Slime Rancher\SlimeRancher.exe () [File not signed]
FirewallRules: [{35553D72-31B7-4640-8FD1-E4E099F2862C}] => (Allow) L:\SteamLibrary\steamapps\common\Slime Rancher\SlimeRancher.exe () [File not signed]
FirewallRules: [TCP Query User{CBA75151-CD05-4556-A4C2-47B3C4034E44}C:\users\micha\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe] => (Allow) C:\users\micha\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe
FirewallRules: [UDP Query User{C012ED2B-A45E-4B0F-91F3-11B38F8D9C6B}C:\users\micha\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe] => (Allow) C:\users\micha\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe
FirewallRules: [{B20ED7C1-4DC5-4C0E-BB7F-FA796742B8B3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Builder Simulator Demo\Builder Simulator.exe () [File not signed]
FirewallRules: [{27433D62-6D09-436E-97E3-C80F1CC17D29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Builder Simulator Demo\Builder Simulator.exe () [File not signed]
FirewallRules: [TCP Query User{C526C79D-2F23-4659-8886-74EB1217C5BA}L:\xboxgames\kill it with fire\content\kani\binaries\wingdk\kani-wingdk-shipping.exe] => (Allow) L:\xboxgames\kill it with fire\content\kani\binaries\wingdk\kani-wingdk-shipping.exe (Access Denied) [File not signed]
FirewallRules: [UDP Query User{2B813FC4-335F-4364-A51B-96934E86E050}L:\xboxgames\kill it with fire\content\kani\binaries\wingdk\kani-wingdk-shipping.exe] => (Allow) L:\xboxgames\kill it with fire\content\kani\binaries\wingdk\kani-wingdk-shipping.exe (Access Denied) [File not signed]
FirewallRules: [TCP Query User{5398BB7F-69A6-413A-ABA0-D9CFD9C06102}L:\xboxgames\gang beasts\content\gang beasts.exe] => (Allow) L:\xboxgames\gang beasts\content\gang beasts.exe (Access Denied) [File not signed]
FirewallRules: [UDP Query User{4CE251E0-D80C-4B9F-AEBC-560ECD797F9F}L:\xboxgames\gang beasts\content\gang beasts.exe] => (Allow) L:\xboxgames\gang beasts\content\gang beasts.exe (Access Denied) [File not signed]
FirewallRules: [TCP Query User{1B203524-5397-4260-9EA2-E79C28F696BF}L:\downloads\turmoil.v3.0.39\turmoil.v3.0.39\turmoil.exe] => (Allow) L:\downloads\turmoil.v3.0.39\turmoil.v3.0.39\turmoil.exe () [File not signed]
FirewallRules: [UDP Query User{7729F747-4D8C-43A7-BC5D-C26A526AB26C}L:\downloads\turmoil.v3.0.39\turmoil.v3.0.39\turmoil.exe] => (Allow) L:\downloads\turmoil.v3.0.39\turmoil.v3.0.39\turmoil.exe () [File not signed]
FirewallRules: [TCP Query User{6891DA4E-A682-4013-AC9F-93F1F41538A1}L:\xboxgames\human fall flat\content\humanfallflat.exe] => (Block) L:\xboxgames\human fall flat\content\humanfallflat.exe (Access Denied) [File not signed]
FirewallRules: [UDP Query User{981D95FE-1B8B-4E50-9157-16E1841EFD0B}L:\xboxgames\human fall flat\content\humanfallflat.exe] => (Block) L:\xboxgames\human fall flat\content\humanfallflat.exe (Access Denied) [File not signed]
FirewallRules: [TCP Query User{1AEA2C90-34CF-4A28-8A8B-DECE34231209}C:\users\micha\appdata\local\crossout\launcher.exe] => (Allow) C:\users\micha\appdata\local\crossout\launcher.exe (Gaijin Network LTD -> Gaijin)
FirewallRules: [UDP Query User{CBD697BB-8858-43F9-8DEA-E68395D8B415}C:\users\micha\appdata\local\crossout\launcher.exe] => (Allow) C:\users\micha\appdata\local\crossout\launcher.exe (Gaijin Network LTD -> Gaijin)
FirewallRules: [{BBB18066-1A62-4B6F-AEA7-09012086A685}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mafia Definitive Edition\2KLauncher\LauncherPatcher.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.)
FirewallRules: [{23E7748A-E81A-4D11-8B2C-50BEC02C3E01}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mafia Definitive Edition\2KLauncher\LauncherPatcher.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.)
FirewallRules: [{FFED7C2C-8DFD-4B87-AB1E-363287DA7B00}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DFC43BAF-88F3-432F-8B96-EFD44F22E75D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9FEBE6DF-8741-45B6-9D50-1902184F120F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2C828F30-3503-4FF6-8558-8311BAA735E7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{68320D8A-6F97-411F-8955-B5800497F558}L:\downloads\mon.bazou.v0.256\mon.bazou.v0.256\monbazou\mon bazou.exe] => (Allow) L:\downloads\mon.bazou.v0.256\mon.bazou.v0.256\monbazou\mon bazou.exe () [File not signed]
FirewallRules: [UDP Query User{1E6F081F-E513-42C0-89FA-23B782AD3A98}L:\downloads\mon.bazou.v0.256\mon.bazou.v0.256\monbazou\mon bazou.exe] => (Allow) L:\downloads\mon.bazou.v0.256\mon.bazou.v0.256\monbazou\mon bazou.exe () [File not signed]
FirewallRules: [TCP Query User{CA702105-D56F-499F-95AB-CA71697C4C0D}L:\downloads\the.planet.crafter\planet crafter.exe] => (Allow) L:\downloads\the.planet.crafter\planet crafter.exe () [File not signed]
FirewallRules: [UDP Query User{840E18C3-0704-49A1-96F4-181A626B6797}L:\downloads\the.planet.crafter\planet crafter.exe] => (Allow) L:\downloads\the.planet.crafter\planet crafter.exe () [File not signed]
FirewallRules: [{59D404D5-8728-49AB-9E06-51D26700D695}] => (Allow) L:\SteamLibrary\steamapps\common\Aquarist Demo\Aquarist.exe () [File not signed]
FirewallRules: [{A96A6F90-7DD2-4995-88AA-0F956DB33A2C}] => (Allow) L:\SteamLibrary\steamapps\common\Aquarist Demo\Aquarist.exe () [File not signed]
FirewallRules: [{D2DBB5FE-E8B9-4ED4-AA67-937B6DDC8AB5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MonBazou\Mon Bazou.exe () [File not signed]
FirewallRules: [{851C3AE4-EC50-4BE6-BB77-4E72493806F5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MonBazou\Mon Bazou.exe () [File not signed]
FirewallRules: [TCP Query User{1E0AE19E-20F1-443B-906D-065238976E49}L:\downloads\feed.and.grow.fish.v0.14.3.5\feed and grow.exe] => (Allow) L:\downloads\feed.and.grow.fish.v0.14.3.5\feed and grow.exe () [File not signed]
FirewallRules: [UDP Query User{50D93168-8FA5-49AA-BABE-A5A8F88B3486}L:\downloads\feed.and.grow.fish.v0.14.3.5\feed and grow.exe] => (Allow) L:\downloads\feed.and.grow.fish.v0.14.3.5\feed and grow.exe () [File not signed]
FirewallRules: [{BC45F458-DEB7-4E71-8941-1742EE09E829}] => (Allow) L:\Downloads\UnravelTwo\UnravelTwo.exe (Coldwood Interactive AB -> Coldwood Interactive AB)
FirewallRules: [{4A30FB60-8369-40E0-906C-38AB2F7DF5FA}] => (Allow) L:\Downloads\UnravelTwo\UnravelTwo.exe (Coldwood Interactive AB -> Coldwood Interactive AB)
FirewallRules: [{3B90E320-F8B7-429E-99E6-314F048244CD}] => (Allow) L:\Downloads\UnravelTwo\UnravelTwo_trial.exe (Coldwood Interactive AB -> Coldwood Interactive AB)
FirewallRules: [{D368F37B-76C3-43B0-B0FD-F5AF2D450029}] => (Allow) L:\Downloads\UnravelTwo\UnravelTwo_trial.exe (Coldwood Interactive AB -> Coldwood Interactive AB)
FirewallRules: [{DCDA16F5-1AB3-4585-B939-34DA43598E9B}] => (Allow) L:\SteamLibrary\steamapps\common\Aquarist Demo\PWLauncherBootstrapper.exe (PWay Sp. z o.o.) [File not signed]
FirewallRules: [{592253A9-C2A2-4767-B3BF-DE9B0254A0FC}] => (Allow) L:\SteamLibrary\steamapps\common\Aquarist Demo\PWLauncherBootstrapper.exe (PWay Sp. z o.o.) [File not signed]
FirewallRules: [{2E8D51BF-5717-4012-BC0A-557AD5122175}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\House Builder Demo\PWLauncherBootstrapper.exe (PWay Sp. z o.o.) [File not signed]
FirewallRules: [{253299C3-BD33-41BB-971A-81703FF02A3A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\House Builder Demo\PWLauncherBootstrapper.exe (PWay Sp. z o.o.) [File not signed]
FirewallRules: [TCP Query User{9D9F2F4E-88B8-4E22-AADB-5A99589DB433}L:\games\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) L:\games\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{3A4B7A22-EC59-4D80-A5BA-66B42386D2F1}L:\games\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) L:\games\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{6E02E418-AA6F-4C92-9374-FFAA59441B23}L:\downloads\shotgun.king.the.final.checkmate.v1.244\shotgun_king.exe] => (Block) L:\downloads\shotgun.king.the.final.checkmate.v1.244\shotgun_king.exe () [File not signed]
FirewallRules: [UDP Query User{CD0D9E68-D68A-453C-A9EB-6B166701345C}L:\downloads\shotgun.king.the.final.checkmate.v1.244\shotgun_king.exe] => (Block) L:\downloads\shotgun.king.the.final.checkmate.v1.244\shotgun_king.exe () [File not signed]
FirewallRules: [{2F698A77-BA23-4B6C-9E39-3AB00712D141}] => (Allow) L:\SteamLibrary\steamapps\common\Totally Reliable Delivery Service\Totally Reliable Delivery Service.exe () [File not signed]
FirewallRules: [{DEDCE339-7914-48FF-A935-F774F7D0F667}] => (Allow) L:\SteamLibrary\steamapps\common\Totally Reliable Delivery Service\Totally Reliable Delivery Service.exe () [File not signed]
FirewallRules: [{61C77ED8-359C-49A2-BAE9-7042AE301115}] => (Allow) L:\SteamLibrary\steamapps\common\Toilet Chronicles\ToiletChronicles.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{77563C0C-B28D-4E56-98D2-9925DBECE044}] => (Allow) L:\SteamLibrary\steamapps\common\Toilet Chronicles\ToiletChronicles.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [TCP Query User{57023810-2F26-4628-B0D6-79A7505BB914}L:\downloads\cult of the lamb\cult of the lamb.exe] => (Allow) L:\downloads\cult of the lamb\cult of the lamb.exe () [File not signed]
FirewallRules: [UDP Query User{25FAEDB6-0F8B-43CC-B6E6-2710E6889A77}L:\downloads\cult of the lamb\cult of the lamb.exe] => (Allow) L:\downloads\cult of the lamb\cult of the lamb.exe () [File not signed]
FirewallRules: [{B85E4058-CFD6-4F39-961D-90E6963E4193}] => (Allow) L:\SteamLibrary\steamapps\common\Toadled\ToadledWindows.exe () [File not signed]
FirewallRules: [{A74B3AAB-4981-4778-A3FE-EB6E86A2F198}] => (Allow) L:\SteamLibrary\steamapps\common\Toadled\ToadledWindows.exe () [File not signed]
FirewallRules: [{FF5F70A8-DB4F-4EDD-A346-98C8AA0E687E}] => (Allow) L:\SteamLibrary\steamapps\common\RoboBunnies In Space\RoboBunniesInSpace.exe () [File not signed]
FirewallRules: [{9FB7769A-775F-4556-9E86-044FAF5824AF}] => (Allow) L:\SteamLibrary\steamapps\common\RoboBunnies In Space\RoboBunniesInSpace.exe () [File not signed]
FirewallRules: [{2C347C8D-86E0-4DDD-BD0D-A3782FEF06A9}] => (Allow) L:\SteamLibrary\steamapps\common\Evil Glitch\EvilGlitch.exe (GitHub, Inc.) [File not signed]
FirewallRules: [{195B5849-856F-428A-BB0D-B476E3435074}] => (Allow) L:\SteamLibrary\steamapps\common\Evil Glitch\EvilGlitch.exe (GitHub, Inc.) [File not signed]
FirewallRules: [TCP Query User{516191BA-DBEC-4FAF-9946-4711EAAEC309}L:\downloads\space.scavenger.creative.mode-goldberg\space.scavenger.creative.mode-goldberg\space scavenger.exe] => (Block) L:\downloads\space.scavenger.creative.mode-goldberg\space.scavenger.creative.mode-goldberg\space scavenger.exe () [File not signed]
FirewallRules: [UDP Query User{59E65718-8887-47CD-96D5-310FD61FE906}L:\downloads\space.scavenger.creative.mode-goldberg\space.scavenger.creative.mode-goldberg\space scavenger.exe] => (Block) L:\downloads\space.scavenger.creative.mode-goldberg\space.scavenger.creative.mode-goldberg\space scavenger.exe () [File not signed]
FirewallRules: [{81A9DA2F-FD87-4391-B65E-40D79423B2E2}] => (Allow) L:\SteamLibrary\steamapps\common\Bloons TD Battles 2\btdb2_game.exe (Ninja Kiwi Ltd.) [File not signed]
FirewallRules: [{29405DEF-F4BC-4A43-8B6E-7CC80609366E}] => (Allow) L:\SteamLibrary\steamapps\common\Bloons TD Battles 2\btdb2_game.exe (Ninja Kiwi Ltd.) [File not signed]
FirewallRules: [{9CD9235C-C999-46B4-8631-C1D39FD8A7E8}] => (Allow) L:\SteamLibrary\steamapps\common\BloonsTD6\BloonsTD6.exe () [File not signed]
FirewallRules: [{7E41DDFE-57B4-45C8-B5F5-B1B0247EF4BB}] => (Allow) L:\SteamLibrary\steamapps\common\BloonsTD6\BloonsTD6.exe () [File not signed]
FirewallRules: [{E127B333-F0E6-4725-82E4-A618C830930F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Whos Your Daddy\Classic\WhosYourDaddy.exe () [File not signed]
FirewallRules: [{E74FB68B-1AB4-48BB-AEEB-EF251C561118}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Whos Your Daddy\Classic\WhosYourDaddy.exe () [File not signed]
FirewallRules: [{AAD7A0A6-A98B-4756-8EF3-E431F797F72F}] => (Allow) C:\Program Files (x86)\Common Files\Aladdin Shared\HASP\hasplms.exe (Thales DIS CPL USA, Inc. -> Thales Group)
FirewallRules: [TCP Query User{C344E2D7-4B64-4821-BCE3-F336029A93C2}L:\downloads\doodle god\doodle god universe demo.exe] => (Allow) L:\downloads\doodle god\doodle god universe demo.exe () [File not signed]
FirewallRules: [UDP Query User{A58E2B62-54A6-449F-AB25-EE67D9D44B81}L:\downloads\doodle god\doodle god universe demo.exe] => (Allow) L:\downloads\doodle god\doodle god universe demo.exe () [File not signed]
FirewallRules: [TCP Query User{CF9A70CF-C2BB-4A61-A2DE-C43808CFFC76}L:\downloads\the.wandering.village.v0.1.33\wanderingvillage.exe] => (Block) L:\downloads\the.wandering.village.v0.1.33\wanderingvillage.exe () [File not signed]
FirewallRules: [UDP Query User{F7E16266-E721-4094-B7ED-C60E05D2815A}L:\downloads\the.wandering.village.v0.1.33\wanderingvillage.exe] => (Block) L:\downloads\the.wandering.village.v0.1.33\wanderingvillage.exe () [File not signed]
FirewallRules: [TCP Query User{A0F31908-0AA4-4918-A50D-C3D52156B3BA}L:\downloads\wargaming.net\gamecenter\wgc.exe] => (Allow) L:\downloads\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{4B05A387-D111-4438-8F06-394FDB23374A}L:\downloads\wargaming.net\gamecenter\wgc.exe] => (Allow) L:\downloads\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [TCP Query User{501B3C2F-61F4-4289-A963-D83801128738}L:\games\world_of_tanks_eu\win64\worldoftanks.exe] => (Allow) L:\games\world_of_tanks_eu\win64\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{8A76BF94-4C0D-4E28-A2E0-E29D32978136}L:\games\world_of_tanks_eu\win64\worldoftanks.exe] => (Allow) L:\games\world_of_tanks_eu\win64\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{51F9A459-0561-48C9-9031-30BB6A4B90A4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{0CA6B13D-C036-422F-AD8B-257BB1733E14}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{B60CC01D-1EE8-4AC0-91D1-B2993D535B91}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{7996D172-8295-4525-B96C-E8082649633B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{D5F722C2-5028-4C22-9EB3-0B544708B1E5}C:\windows\temp\files\bin\kmss.exe] => (Allow) C:\windows\temp\files\bin\kmss.exe => No File
FirewallRules: [UDP Query User{65739AAB-A55E-43AC-B6ED-428C5C6A7576}C:\windows\temp\files\bin\kmss.exe] => (Allow) C:\windows\temp\files\bin\kmss.exe => No File
FirewallRules: [{BEC8CA2B-642A-4C93-A84E-7FD8C6BFD325}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{F227DC9C-6F11-4757-9605-00E5F6855360}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{977EFF52-927F-4BC2-B864-1257474A16E6}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{96EED623-C06E-4F7E-8EA5-7A6DAA99CCE0}L:\downloads\crash bandicoot 4\lava\binaries\win64\crashbandicoot4.exe] => (Block) L:\downloads\crash bandicoot 4\lava\binaries\win64\crashbandicoot4.exe (Activision Publishing) [File not signed]
FirewallRules: [UDP Query User{946B9CFB-3FF7-417E-ACF0-4EF8F2DF3D9D}L:\downloads\crash bandicoot 4\lava\binaries\win64\crashbandicoot4.exe] => (Block) L:\downloads\crash bandicoot 4\lava\binaries\win64\crashbandicoot4.exe (Activision Publishing) [File not signed]
FirewallRules: [{8374F70F-CEA7-47DE-91D2-AF57F172F0E4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Whos Your Daddy\Remake\WhosYourDaddy.exe () [File not signed]
FirewallRules: [{8F5E94C6-8D4A-4C7C-B036-1D67CEB9C553}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Whos Your Daddy\Remake\WhosYourDaddy.exe () [File not signed]
FirewallRules: [{D76EB744-3DB2-447D-94D3-2348651742FC}] => (Allow) L:\SteamLibrary\steamapps\common\Kerbal Space Program\PDLauncher\LauncherPatcher.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.)
FirewallRules: [{2EC8DC50-A137-420B-A81E-AE6B43B655BF}] => (Allow) L:\SteamLibrary\steamapps\common\Kerbal Space Program\PDLauncher\LauncherPatcher.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.)
FirewallRules: [TCP Query User{36202B76-F12A-42BB-BA94-705081339BD7}L:\downloads\dont.starve.together.v522521\game\bin\dontstarve_steam.exe] => (Block) L:\downloads\dont.starve.together.v522521\game\bin\dontstarve_steam.exe => No File
FirewallRules: [UDP Query User{21BECE4E-3136-4D11-929B-86DF98CE9AED}L:\downloads\dont.starve.together.v522521\game\bin\dontstarve_steam.exe] => (Block) L:\downloads\dont.starve.together.v522521\game\bin\dontstarve_steam.exe => No File
FirewallRules: [TCP Query User{91E97C76-0FD0-4E5C-A105-31B906D45E34}L:\downloads\dont.starve.together.v522521\game\bin64\dontstarve_steam_x64.exe] => (Allow) L:\downloads\dont.starve.together.v522521\game\bin64\dontstarve_steam_x64.exe => No File
FirewallRules: [UDP Query User{13A91FD5-C6FF-4E5B-AB68-68F80347A1A1}L:\downloads\dont.starve.together.v522521\game\bin64\dontstarve_steam_x64.exe] => (Allow) L:\downloads\dont.starve.together.v522521\game\bin64\dontstarve_steam_x64.exe => No File
FirewallRules: [{36CA83F2-1470-4A2B-BFB5-60A53EBB7B83}] => (Allow) L:\SteamLibrary\steamapps\common\Don't Starve Together\bin64\dontstarve_steam_x64.exe () [File not signed]
FirewallRules: [{2D493646-197D-4656-99E9-2DEF3805D92C}] => (Allow) L:\SteamLibrary\steamapps\common\Don't Starve Together\bin64\dontstarve_steam_x64.exe () [File not signed]
FirewallRules: [{8964ED8C-3647-4573-A83F-6BC6ED8142D2}] => (Allow) L:\SteamLibrary\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe () [File not signed]
FirewallRules: [{9F4A2AB3-6490-44BF-9BF6-9FE93AAC5D0D}] => (Allow) L:\SteamLibrary\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe () [File not signed]
FirewallRules: [{9DE5AF6B-8316-46A0-A444-712C9B3FEC39}] => (Allow) C:\Program Files (x86)\Overwolf\0.204.2.2\OverwolfBrowser.exe => No File
FirewallRules: [{C93E0725-7E77-4F00-B162-749BE0591AC8}] => (Allow) C:\Program Files (x86)\Overwolf\0.204.2.2\OverwolfBrowser.exe => No File
FirewallRules: [{AB3E1717-DBAB-4C04-B476-B6A395F25833}] => (Block) C:\Program Files (x86)\Overwolf\0.204.2.2\OverwolfBrowser.exe => No File
FirewallRules: [{A7B8BF7B-3EF8-45F3-82CE-D7357C0B93DF}] => (Block) C:\Program Files (x86)\Overwolf\0.204.2.2\OverwolfBrowser.exe => No File
FirewallRules: [{A2084A57-B60E-49D6-9BE2-6F4484B68858}] => (Allow) C:\Program Files (x86)\Overwolf\0.208.1.2\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{D40BC4FE-9BA4-443B-A90C-FC45A777129D}] => (Allow) C:\Program Files (x86)\Overwolf\0.208.1.2\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{6BA8406D-5DEA-4382-BCA7-A71E356B0714}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{A48FD8E8-8785-4DC4-A4E1-D35BBCA6DEBE}] => (Allow) C:\Program Files\UrbanVPN\bin\urbanvpn.exe (Urban Cyber Security Inc. -> Urban Cyber Security Inc.)
FirewallRules: [{D71A2095-74F3-4534-A982-2D6D38CF1832}] => (Allow) C:\WINDOWS\SysWOW64\TCPSVCS.EXE (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{D7B64F9B-28FE-4AAF-8061-29C28D0B0349}] => (Allow) C:\Users\micha\AppData\Roaming\.minecraft\resourcepacks\novaskin\bin\node.exe (Joyent, Inc -> Joyent, Inc)
FirewallRules: [{1D1DF0BD-219B-4322-8F5A-DD1FA35CAC39}] => (Allow) C:\Users\micha\AppData\Roaming\.minecraft\resourcepacks\novaskin\bin\node.exe (Joyent, Inc -> Joyent, Inc)
FirewallRules: [{1F3A3F35-E6DA-4FCA-95FF-50D460896510}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\107.0.1418.52\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================


==================== Faulty Device Manager Devices ============

Name: Scp Virtual Bus Driver
Description: Scp Virtual Bus Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Nefarius Software Solutions
Service: ScpVBus
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Scp Virtual Bus Driver
Description: Scp Virtual Bus Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Nefarius Software Solutions
Service: ScpVBus
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (11/20/2022 04:37:27 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nepodařilo se naplánovat restartování služby Ochrana softwaru na 2022-11-22T20:57:27Z. Kód chyby: 0x80070002

Error: (11/20/2022 04:36:57 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nepodařilo se naplánovat restartování služby Ochrana softwaru na 2022-11-22T20:57:57Z. Kód chyby: 0x80070002

Error: (11/20/2022 04:36:27 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nepodařilo se naplánovat restartování služby Ochrana softwaru na 2022-11-22T20:57:27Z. Kód chyby: 0x80070002

Error: (11/20/2022 04:35:57 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nepodařilo se naplánovat restartování služby Ochrana softwaru na 2022-11-22T20:57:57Z. Kód chyby: 0x80070002

Error: (11/20/2022 04:35:27 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nepodařilo se naplánovat restartování služby Ochrana softwaru na 2022-11-22T20:57:27Z. Kód chyby: 0x80070002

Error: (11/20/2022 04:34:57 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nepodařilo se naplánovat restartování služby Ochrana softwaru na 2022-11-22T20:57:57Z. Kód chyby: 0x80070002

Error: (11/20/2022 04:34:27 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nepodařilo se naplánovat restartování služby Ochrana softwaru na 2022-11-22T20:57:27Z. Kód chyby: 0x80070002

Error: (11/20/2022 04:33:57 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nepodařilo se naplánovat restartování služby Ochrana softwaru na 2022-11-22T20:57:57Z. Kód chyby: 0x80070002


System errors:
=============
Error: (11/20/2022 01:16:16 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-AUSGJMO)
Description: Server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} se v daném časovém limitu neregistroval u služby DCOM.

Error: (11/20/2022 01:16:16 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-AUSGJMO)
Description: Server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} se v daném časovém limitu neregistroval u služby DCOM.

Error: (11/20/2022 01:16:06 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-AUSGJMO)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.

Error: (11/20/2022 08:44:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA LocalSystem Container byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 6000 milisekund: Restartovat službu.

Error: (11/20/2022 08:44:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Microsoft Office Klikni a spusť byla nečekaně ukončena. Stalo se to 2 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.

Error: (11/20/2022 08:44:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA Display Container LS byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 6000 milisekund: Restartovat službu.

Error: (11/20/2022 08:44:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba GameInput Service byla nečekaně ukončena. Stalo se to 2 krát. Následující opravná akce bude spuštěna za 1000 milisekund: Restartovat službu.

Error: (11/20/2022 08:43:28 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Realtek Bluetooth Device Manager Service byla neočekávaně ukončena. Tento stav nastal již 1krát.


Windows Defender:
================
Date: 2022-10-24 20:17:11
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Behavior:Win32/PShellPublicStager.A
Závažnost: Vážné
Kategorie: Podezřelé chování
Cesta: behavior:_pid:10524:1115676206035765; process:_pid:10524,ProcessStart:133111090313397368
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Neznámý
Uživatel:
Název procesu: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Verze bezpečnostních informací: AV: 1.377.727.0, AS: 1.377.727.0, NIS: 1.377.727.0
Verze modulu: AM: 1.1.19700.3, NIS: 1.1.19700.3

Date: 2022-10-24 20:17:11
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Behavior:Win32/PShellPublicStager.A
Závažnost: Vážné
Kategorie: Podezřelé chování
Cesta: behavior:_pid:10524:1115676206035765; process:_pid:10524,ProcessStart:133111090313397368
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Neznámý
Uživatel:
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.377.727.0, AS: 1.377.727.0, NIS: 1.377.727.0
Verze modulu: AM: 1.1.19700.3, NIS: 1.1.19700.3

Date: 2022-10-24 17:54:11
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Behavior:Win32/PShellPublicStager.A
Závažnost: Vážné
Kategorie: Podezřelé chování
Cesta: behavior:_pid:1416:1115676206035765; process:_pid:1416,ProcessStart:133111004510895624
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Neznámý
Uživatel:
Název procesu: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Verze bezpečnostních informací: AV: 1.377.727.0, AS: 1.377.727.0, NIS: 1.377.727.0
Verze modulu: AM: 1.1.19700.3, NIS: 1.1.19700.3

Date: 2022-10-24 17:54:11
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Behavior:Win32/PShellPublicStager.A
Závažnost: Vážné
Kategorie: Podezřelé chování
Cesta: behavior:_pid:1416:1115676206035765; process:_pid:1416,ProcessStart:133111004510895624
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Neznámý
Uživatel:
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.377.727.0, AS: 1.377.727.0, NIS: 1.377.727.0
Verze modulu: AM: 1.1.19700.3, NIS: 1.1.19700.3

Date: 2022-10-24 15:55:27
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Behavior:Win32/PShellPublicStager.A
Závažnost: Vážné
Kategorie: Podezřelé chování
Cesta: behavior:_pid:13976:1115676206035765; process:_pid:13976,ProcessStart:133110933268323507
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Neznámý
Uživatel:
Název procesu: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Verze bezpečnostních informací: AV: 1.377.727.0, AS: 1.377.727.0, NIS: 1.377.727.0
Verze modulu: AM: 1.1.19700.3, NIS: 1.1.19700.3
Event[0]:

Date: 2022-10-23 17:35:19
Description:
Antivirová ochrana v programu Microsoft Defender narazil na kritickou chybu při provádění akce s malwarem nebo jiným potenciálně nežádoucím softwarem.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/AutoKMS
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_N:\o16setup.exe; process:_pid:22740,ProcessStart:133110128935028981
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: N:\O16Setup.EXE
Akce: Karanténa
Stav akce: No additional actions required
Kód chyby: 0x80070005
Popis chyby: Přístup byl odepřen.
Verze bezpečnostních informací: AV: 1.377.658.0, AS: 1.377.658.0, NIS: 1.377.658.0
Verze modulu: AM: 1.1.19700.3, NIS: 1.1.19700.3

Date: 2022-10-23 17:34:40
Description:
Antivirová ochrana v programu Microsoft Defender narazil na kritickou chybu při provádění akce s malwarem nebo jiným potenciálně nežádoucím softwarem.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/AutoKMS!MSR
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_N:\o16setup.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Akce: Karanténa
Stav akce: No additional actions required
Kód chyby: 0x80070005
Popis chyby: Přístup byl odepřen.
Verze bezpečnostních informací: AV: 1.377.658.0, AS: 1.377.658.0, NIS: 1.377.658.0
Verze modulu: AM: 1.1.19700.3, NIS: 1.1.19700.3

Date: 2022-10-23 17:33:16
Description:
Antivirová ochrana v programu Microsoft Defender narazil na kritickou chybu při provádění akce s malwarem nebo jiným potenciálně nežádoucím softwarem.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/AutoKMS
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_N:\O16Setup.EXE
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Windows\explorer.exe
Akce: Karanténa
Stav akce: No additional actions required
Kód chyby: 0x80070005
Popis chyby: Přístup byl odepřen.
Verze bezpečnostních informací: AV: 1.377.658.0, AS: 1.377.658.0, NIS: 1.377.658.0
Verze modulu: AM: 1.1.19700.3, NIS: 1.1.19700.3

CodeIntegrity:
===============
Date: 2022-11-20 08:42:03
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2022-11-20 08:41:39
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume4\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. P3.90 12/09/2019
Motherboard: ASRock B450M Pro4
Processor: AMD Ryzen 5 3600 6-Core Processor
Percentage of memory in use: 48%
Total physical RAM: 16313.71 MB
Available physical RAM: 8454.37 MB
Total Virtual: 21433.71 MB
Available Virtual: 10775.69 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:475.87 GB) (Free:13.64 GB) (Model: ADATA SX8200PNP) NTFS
Drive d: (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) (Model: Patriot Burst) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) (Model: SAMSUNG HD642JJ) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.07 GB) (Model: WDC WD10EZEX-00RKKA0) NTFS ==>[system with boot components (obtained from drive)]
Drive g: () (Fixed) (Total:224.84 GB) (Free:67.95 GB) (Model: SAMSUNG HD642JJ) NTFS
Drive h: () (Fixed) (Total:224.84 GB) (Free:14.61 GB) (Model: SAMSUNG HD642JJ) NTFS
Drive i: () (Fixed) (Total:222.95 GB) (Free:2.31 GB) (Model: Patriot Burst) NTFS
Drive j: () (Fixed) (Total:146.38 GB) (Free:20.3 GB) (Model: SAMSUNG HD642JJ) NTFS
Drive k: () (Fixed) (Total:247.82 GB) (Free:115.57 GB) (Model: WDC WD10EZEX-00RKKA0) NTFS
Drive l: () (Fixed) (Total:683.59 GB) (Free:122.33 GB) (Model: WDC WD10EZEX-00RKKA0) NTFS

\\?\Volume{c4029046-716d-441f-a03d-cce2ceeeb070}\ (Obnovení) (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS
\\?\Volume{c6b8d1f4-ded1-4088-bf7e-f6bafaa17d56}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS
\\?\Volume{3a67c860-4f4a-07bf-1000-5763d3e2c1e4}\ () (Fixed) (Total:0.01 GB) (Free:0 GB) NTFS
\\?\Volume{9b707457-a5d8-f53d-3dbc-236db814aef8}\ () (Fixed) (Total:5.42 GB) (Free:0 GB) NTFS
\\?\Volume{7e630a01-0000-0000-0000-10c337000000}\ () (Fixed) (Total:0.52 GB) (Free:0.08 GB) NTFS
\\?\Volume{6ff619c6-97c5-4a7f-bd2f-8251e43ed227}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: 7E630A01)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=222.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=533 MB) - (Type=27)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 596.2 GB) (Disk ID: E274E274)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=449.7 GB) - (Type=0F Extended)

==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 0775D37C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=247.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=683.6 GB) - (Type=07 NTFS)

==========================================================
Disk: 3 (Protective MBR) (Size: 476.9 GB) (Disk ID: 00000000)

Partition: GPT.
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 4.
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 5.

==================== End of Addition.txt =======================
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118275
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Malware, trojan? - prosím o pomoc kontrolu logu FRST

#7 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
Start
CloseProcesses:

ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FirewallRules: [{0A77FFB5-C2E5-4D61-B0A6-F50C26917801}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe => No File
FirewallRules: [{3DDF4574-0231-4AB2-8264-9943794F7292}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe => No File
FirewallRules: [TCP Query User{D5F722C2-5028-4C22-9EB3-0B544708B1E5}C:\windows\temp\files\bin\kmss.exe] => (Allow) C:\windows\temp\files\bin\kmss.exe => No File
FirewallRules: [UDP Query User{65739AAB-A55E-43AC-B6ED-428C5C6A7576}C:\windows\temp\files\bin\kmss.exe] => (Allow) C:\windows\temp\files\bin\kmss.exe => No File
FirewallRules: [TCP Query User{91E97C76-0FD0-4E5C-A105-31B906D45E34}L:\downloads\dont.starve.together.v522521\game\bin64\dontstarve_steam_x64.exe] => (Allow) L:\downloads\dont.starve.together.v522521\game\bin64\dontstarve_steam_x64.exe => No File
FirewallRules: [UDP Query User{13A91FD5-C6FF-4E5B-AB68-68F80347A1A1}L:\downloads\dont.starve.together.v522521\game\bin64\dontstarve_steam_x64.exe] => (Allow) L:\downloads\dont.starve.together.v522521\game\bin64\dontstarve_steam_x64.exe => No File
FirewallRules: [{9DE5AF6B-8316-46A0-A444-712C9B3FEC39}] => (Allow) C:\Program Files (x86)\Overwolf\0.204.2.2\OverwolfBrowser.exe => No File
FirewallRules: [{C93E0725-7E77-4F00-B162-749BE0591AC8}] => (Allow) C:\Program Files (x86)\Overwolf\0.204.2.2\OverwolfBrowser.exe => No File
FirewallRules: [{AB3E1717-DBAB-4C04-B476-B6A395F25833}] => (Block) C:\Program Files (x86)\Overwolf\0.204.2.2\OverwolfBrowser.exe => No File
FirewallRules: [{A7B8BF7B-3EF8-45F3-82CE-D7357C0B93DF}] => (Block) C:\Program Files (x86)\Overwolf\0.204.2.2\OverwolfBrowser.exe => No File
N:\o16setup.exe
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\MountPoints2: {cd0f9543-00d3-11eb-a686-a8a159192c9e} - "N:\O16Setup.EXE"
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {5873D4AF-CDC1-4AE4-9500-CCAC20FCA8BE} - System32\Tasks\GoogleUpdateTaskMachineCore{378D9C95-EA40-4EDA-B415-F57806CDC798} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-04] (Google LLC ->
Google LLC)
Task: {170E219B-8AC0-4ACD-A5B3-95E2B59342AF} - System32\Tasks\GoogleUpdateTaskMachineUA{CC6FCCFE-0B82-4CA0-9F44-D06B7A71F7C9} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-04] (Google LLC -> Google LLC)
C:\Users\micha\AppData\Local\2573084692

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
mikkie
Návštěvník
Návštěvník
Příspěvky: 43
Registrován: 26 črc 2011 16:56

Re: Malware, trojan? - prosím o pomoc kontrolu logu FRST

#8 Příspěvek od mikkie »

Po dokončení to po mě chtělo restart, a na ploše se objevil fixlog



Fix result of Farbar Recovery Scan Tool (x64) Version: 18-11-2022
Ran by micha (21-11-2022 18:55:54) Run:3
Running from C:\Users\micha\Desktop
Loaded Profiles: micha
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:

ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FirewallRules: [{0A77FFB5-C2E5-4D61-B0A6-F50C26917801}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe => No File
FirewallRules: [{3DDF4574-0231-4AB2-8264-9943794F7292}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe => No File
FirewallRules: [TCP Query User{D5F722C2-5028-4C22-9EB3-0B544708B1E5}C:\windows\temp\files\bin\kmss.exe] => (Allow) C:\windows\temp\files\bin\kmss.exe => No File
FirewallRules: [UDP Query User{65739AAB-A55E-43AC-B6ED-428C5C6A7576}C:\windows\temp\files\bin\kmss.exe] => (Allow) C:\windows\temp\files\bin\kmss.exe => No File
FirewallRules: [TCP Query User{91E97C76-0FD0-4E5C-A105-31B906D45E34}L:\downloads\dont.starve.together.v522521\game\bin64\dontstarve_steam_x64.exe] => (Allow) L:\downloads\dont.starve.together.v522521\game\bin64\dontstarve_steam_x64.exe => No File
FirewallRules: [UDP Query User{13A91FD5-C6FF-4E5B-AB68-68F80347A1A1}L:\downloads\dont.starve.together.v522521\game\bin64\dontstarve_steam_x64.exe] => (Allow) L:\downloads\dont.starve.together.v522521\game\bin64\dontstarve_steam_x64.exe => No File
FirewallRules: [{9DE5AF6B-8316-46A0-A444-712C9B3FEC39}] => (Allow) C:\Program Files (x86)\Overwolf\0.204.2.2\OverwolfBrowser.exe => No File
FirewallRules: [{C93E0725-7E77-4F00-B162-749BE0591AC8}] => (Allow) C:\Program Files (x86)\Overwolf\0.204.2.2\OverwolfBrowser.exe => No File
FirewallRules: [{AB3E1717-DBAB-4C04-B476-B6A395F25833}] => (Block) C:\Program Files (x86)\Overwolf\0.204.2.2\OverwolfBrowser.exe => No File
FirewallRules: [{A7B8BF7B-3EF8-45F3-82CE-D7357C0B93DF}] => (Block) C:\Program Files (x86)\Overwolf\0.204.2.2\OverwolfBrowser.exe => No File
N:\o16setup.exe
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\...\MountPoints2: {cd0f9543-00d3-11eb-a686-a8a159192c9e} - "N:\O16Setup.EXE"
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {5873D4AF-CDC1-4AE4-9500-CCAC20FCA8BE} - System32\Tasks\GoogleUpdateTaskMachineCore{378D9C95-EA40-4EDA-B415-F57806CDC798} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-04] (Google LLC ->
Google LLC)
Task: {170E219B-8AC0-4ACD-A5B3-95E2B59342AF} - System32\Tasks\GoogleUpdateTaskMachineUA{CC6FCCFE-0B82-4CA0-9F44-D06B7A71F7C9} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-04] (Google LLC -> Google LLC)
C:\Users\micha\AppData\Local\2573084692

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKU\.DEFAULT\Software\Classes\*\ShellEx\ContextMenuHandlers\ FileSyncEx => removed successfully
HKU\.DEFAULT\SOFTWARE\Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => removed successfully
HKU\.DEFAULT\Software\Classes\Directory\ShellEx\ContextMenuHandlers\ FileSyncEx => removed successfully
HKU\.DEFAULT\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\ FileSyncEx => removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0A77FFB5-C2E5-4D61-B0A6-F50C26917801}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3DDF4574-0231-4AB2-8264-9943794F7292}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D5F722C2-5028-4C22-9EB3-0B544708B1E5}C:\windows\temp\files\bin\kmss.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{65739AAB-A55E-43AC-B6ED-428C5C6A7576}C:\windows\temp\files\bin\kmss.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{91E97C76-0FD0-4E5C-A105-31B906D45E34}L:\downloads\dont.starve.together.v522521\game\bin64\dontstarve_steam_x64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{13A91FD5-C6FF-4E5B-AB68-68F80347A1A1}L:\downloads\dont.starve.together.v522521\game\bin64\dontstarve_steam_x64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9DE5AF6B-8316-46A0-A444-712C9B3FEC39}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C93E0725-7E77-4F00-B162-749BE0591AC8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AB3E1717-DBAB-4C04-B476-B6A395F25833}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A7B8BF7B-3EF8-45F3-82CE-D7357C0B93DF}" => removed successfully
"N:\o16setup.exe" => not found
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiSpyware"="0" => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiVirus"="0" => value restored successfully
HKU\S-1-5-21-4261871939-3680644312-2290833728-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cd0f9543-00d3-11eb-a686-a8a159192c9e} => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5873D4AF-CDC1-4AE4-9500-CCAC20FCA8BE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5873D4AF-CDC1-4AE4-9500-CCAC20FCA8BE}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore{378D9C95-EA40-4EDA-B415-F57806CDC798} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore{378D9C95-EA40-4EDA-B415-F57806CDC798}" => removed successfully
Google LLC) => Error: No automatic fix found for this entry.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{170E219B-8AC0-4ACD-A5B3-95E2B59342AF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{170E219B-8AC0-4ACD-A5B3-95E2B59342AF}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA{CC6FCCFE-0B82-4CA0-9F44-D06B7A71F7C9} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA{CC6FCCFE-0B82-4CA0-9F44-D06B7A71F7C9}" => removed successfully
C:\Users\micha\AppData\Local\2573084692 => moved successfully

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 126993352 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 748462146 B
Windows/system/drivers => 36585258 B
Edge => 0 B
Chrome => 986950738 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 27494 B
NetworkService => 177870 B
micha => 255748562 B

RecycleBin => 13201318 B
EmptyTemp: => 2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:56:57 ====
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118275
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Malware, trojan? - prosím o pomoc kontrolu logu FRST

#9 Příspěvek od Rudy »

Pro jistotu ještě spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
mikkie
Návštěvník
Návštěvník
Příspěvky: 43
Registrován: 26 črc 2011 16:56

Re: Malware, trojan? - prosím o pomoc kontrolu logu FRST

#10 Příspěvek od mikkie »

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 11-21-2022
# Duration: 00:00:00
# OS: Windows 10 (Build 19044.2251)
# Cleaned: 0
# Failed: 1


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Not Deleted Spirální stabilizace páteře - Na Úbočí 10, Praha 8, Czech Republic, 00420-284 810 231, spirstab@spirstab.com

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1926 octets] - [21/10/2021 18:58:01]
AdwCleaner[C00].txt - [1966 octets] - [21/10/2021 18:58:43]
AdwCleaner[S01].txt - [1634 octets] - [21/10/2021 19:31:02]
AdwCleaner[C01].txt - [1804 octets] - [21/10/2021 19:31:07]
AdwCleaner[S02].txt - [1756 octets] - [21/10/2021 19:31:29]
AdwCleaner[C02].txt - [1926 octets] - [21/10/2021 19:31:36]
AdwCleaner[S03].txt - [1878 octets] - [21/10/2021 19:38:05]
AdwCleaner[C03].txt - [2048 octets] - [21/10/2021 19:38:11]
AdwCleaner[S04].txt - [2000 octets] - [21/10/2021 19:47:03]
AdwCleaner[S05].txt - [2061 octets] - [21/10/2021 19:51:29]
AdwCleaner[C05].txt - [2231 octets] - [21/10/2021 20:04:51]
AdwCleaner[S06].txt - [2345 octets] - [20/08/2022 18:20:15]
AdwCleaner[C06].txt - [2475 octets] - [20/08/2022 18:20:58]
AdwCleaner[S07].txt - [2373 octets] - [20/08/2022 18:22:12]
AdwCleaner[C07].txt - [2523 octets] - [20/08/2022 18:22:21]
AdwCleaner[S08].txt - [2442 octets] - [20/11/2022 08:43:22]
AdwCleaner[C08].txt - [2612 octets] - [20/11/2022 08:43:29]
AdwCleaner[S09].txt - [2564 octets] - [20/11/2022 08:43:58]
AdwCleaner[C09].txt - [2734 octets] - [20/11/2022 08:44:07]
AdwCleaner[S10].txt - [2686 octets] - [21/11/2022 20:43:55]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C10].txt ##########
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118275
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Malware, trojan? - prosím o pomoc kontrolu logu FRST

#11 Příspěvek od Rudy »

Je to OK.Žádný malware v PC není, to, co smazal FRST byly jen zbytečnosti.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
mikkie
Návštěvník
Návštěvník
Příspěvky: 43
Registrován: 26 črc 2011 16:56

Re: Malware, trojan? - prosím o pomoc kontrolu logu FRST

#12 Příspěvek od mikkie »

zvlaštní, nevím jak se teda dostávají k mým heslům k FB, Steam apod.. uvidím jestli se to uklidní. Každopádně děkuju moc za pomoc
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118275
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Malware, trojan? - prosím o pomoc kontrolu logu FRST

#13 Příspěvek od Rudy »

Rádo se stalo! :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“