Ahoj prosim o kontrolu logu , pred dovolenou bylo vse v poradku a kdyz jsem se vratil a zapl pc zacali me stale vyskakovat okenka vbscript a skace to kazdou chvilku nevim co s tim tvari se to jako by to bylo neco z windows. Projel sem to malwarebytem , zkousel pres "spustit" opravit windows a stale to vyskakuje uz si nevim rady.To hlavni sem potlacil aby me nevyskakovalo a stejne vyskoci vzdy 3 male " Windows script host" a v okenku jako text je vzdy jen "F" Diky za vas cas.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-08-2023
Ran by Petr (administrator) on DESKTOP-PTGKVCQ (Gigabyte Technology Co., Ltd. B550 AORUS ELITE V2) (13-08-2023 22:25:59)
Running from C:\Users\Petr\Downloads\FRST64.exe
Loaded Profiles: Petr
Platform: Microsoft Windows 10 Home Version 21H2 19044.3086 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Elaborate Bytes AG -> Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(explorer.exe ->) (Gaijin Network Ltd -> Gaijin) C:\Users\Petr\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <14>
(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Safer-Networking Limited -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_7e5fd280efaa5445\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(services.exe ->) (Safer-Networking Limited -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(services.exe ->) (Safer-Networking Limited -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(services.exe ->) (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(services.exe ->) (Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe
(svchost.exe ->) (AO Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 10.2\kpm_tray.exe
(svchost.exe ->) (Microsoft Corporation) [File not signed] C:\Users\Petr\AppData\Roaming\CSPX\UGNSQGTYKYNEIGRT.exe <4>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.3025_none_7e36ee127c6f13fc\TiWorker.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [1090784 2020-07-19] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [105280 2020-02-23] (Elaborate Bytes AG -> Elaborate Bytes AG)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5204968 2021-11-16] (Safer-Networking Limited -> Safer-Networking Ltd.)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\Run: [] => [X]
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\Run: [Wargaming.net Game Center] => C:\ProgramData\Wargaming.net\GameCenter\wgc.exe [2148016 2022-11-24] (Wargaming.net Limited -> Wargaming.net)
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\Run: [icq.desktop] => C:\Users\Petr\AppData\Roaming\ICQ\bin\icq.exe [121607136 2022-12-08] (LLC Mail.Ru -> )
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\Run: [Discord] => C:\Users\Petr\AppData\Local\Discord\Update.exe [1512608 2021-09-21] (Discord Inc. -> GitHub)
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\Run: [Microsoft Edge Update] => C:\Users\Petr\AppData\Local\Microsoft\EdgeUpdate\1.3.177.11\MicrosoftEdgeUpdateCore.exe [263648 2023-07-08] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\Run: [MicrosoftEdgeAutoLaunch_88D36A2D9DF9AF2106D8CF7538FE64F2] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4088272 2023-08-10] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\Run: [Gaijin.Net Updater] => C:\Users\Petr\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [3053768 2023-06-16] (Gaijin Network Ltd -> Gaijin)
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --load-extension="C:\Users\Petr\AppData\Roaming\YSPX\v3-21\dist" --new-window --no-default-browser-check --profile-directory=Default --ren (the data entry has 108 more characters). [4088272 2023-08-10] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\MountPoints2: {58bd2585-855b-11ed-90b3-18c04dade4bd} - "G:\setup.exe"
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\MountPoints2: {7441e713-684b-11ec-9007-18c04dade4bd} - "H:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\MountPoints2: {fd5938ec-14b7-11ee-90db-18c04dade4bd} - "H:\HiSuiteDownLoader.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MobileGo Service.lnk [2021-07-30]
ShortcutTarget: MobileGo Service.lnk -> C:\Program Files (x86)\Wondershare\MobileGo\MobileGoService.exe (Wondershare Technology Co.,Ltd -> Wondershare)
Startup: C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Minion.lnk [2023-08-03]
ShortcutTarget: Minion.lnk -> C:\Users\Petr\AppData\Local\Minion\Minion.exe (No File)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {3B624549-91C9-4302-BF7B-AC8675423C5A} - \VSPXService_LG -> No File <==== ATTENTION
Task: {8C039E35-0594-4590-8A43-9FFE23E095F8} - \VSPXService -> No File <==== ATTENTION
Task: {27D57B48-4AAC-4B57-B877-F6ECCECA2448} - System32\Tasks\APTXService => C:\Users\Petr\AppData\Local\WAAC\v2519-1\rhc.exe [1536 2023-03-20] () [File not signed] -> php.exe index.php <==== ATTENTION
Task: {7384436F-8910-4B29-8AC4-6316E2D37989} - System32\Tasks\APTXService_LG => Command(1): rhc.exe -> php.exe include.php <==== ATTENTION
Task: {7384436F-8910-4B29-8AC4-6316E2D37989} - System32\Tasks\APTXService_LG => Command(2): rhc.exe -> php.exe index.php <==== ATTENTION
Task: {D19F368B-010B-4FF4-AFE7-9DB92620711E} - System32\Tasks\BlueStacksHelper_nxt => C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe [275136 2021-07-27] (Bluestack Systems, Inc -> BlueStack Systems, Inc.)
Task: {A07BFDA1-0E66-4A5E-B899-6F7DD0340576} - System32\Tasks\CnfCr0x120 => C:\Users\Petr\AppData\Local\Packages\Conf\v13-17\rnews.exe [7929856 2022-12-06] () [File not signed]
Task: {D09E5A12-C5A1-4E6B-863C-DBB794B26E05} - System32\Tasks\CnfCr0x122 => C:\Users\Petr\AppData\Local\Mozilla\Conf\v13-17\rnews.exe [7929856 2022-12-06] () [File not signed]
Task: {3FDEF3E0-47AF-42B9-9737-C763847AEE9C} - System32\Tasks\CnfCr0x123 => C:\Users\Petr\AppData\Local\Microsoft\Conf\v13-17\rnews.exe [7929856 2022-12-06] () [File not signed]
Task: {C2CCC1CA-6004-4BDC-A440-38620D995BF6} - System32\Tasks\CnfCr0x124 => C:\Users\Petr\AppData\Local\Media\Conf\v13-17\rnews.exe [7929856 2022-12-06] () [File not signed]
Task: {0AD79546-2D28-4C33-B443-2D5630930BC5} - System32\Tasks\CnfCr0x125 => C:\Users\Petr\AppData\Local\Packages\Rnews\v13-17\rnews.exe (No File)
Task: {472F5CBD-7E5B-4308-A035-B317B251E455} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [59856 2023-08-12] (HP Inc. -> HP Inc.)
Task: {C97AE61F-6053-4559-8DAC-38689B4BEA52} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [59856 2023-08-12] (HP Inc. -> HP Inc.)
Task: {599FAC34-DF03-4B7E-B743-6BF5A7F91F7A} - System32\Tasks\kpm_tray.exe => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 10.2\kpm_tray.exe [521416 2022-10-25] (AO Kaspersky Lab -> AO Kaspersky Lab)
Task: {5D186E80-7AAE-4F98-BD72-EAC404F69A6A} - System32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-2572895026-2735717841-2913369703-1002Core => C:\Users\Petr\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [205744 2022-07-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {91DEAA94-F0A1-494D-BC64-5FD6C7FAF8F1} - System32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-2572895026-2735717841-2913369703-1002UA => C:\Users\Petr\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [205744 2022-07-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {FF7F8BEF-465C-42DE-BCAC-590528CF4EF6} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [686496 2023-08-12] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {8A981979-232C-4192-8106-B7A22254DB2C} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [733088 2023-08-12] (Mozilla Corporation -> Mozilla Foundation)
Task: {E045DF61-11E1-46CB-9FEC-C9E45ADD8F49} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2022-03-02] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {A6246505-9C43-4A54-A2E2-79337B3ECB61} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3342376 2022-09-12] (Nvidia Corporation -> NVIDIA Corporation)
Task: {EF7A65A2-C743-47F5-917A-975F014666C4} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649256 2022-09-12] (Nvidia Corporation -> NVIDIA Corporation)
Task: {30ECC605-D859-4F58-9BED-1AE02D831D8E} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [908328 2022-09-12] (Nvidia Corporation -> NVIDIA Corporation)
Task: {912542B7-7EF2-464F-8686-C503331D6C18} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [908328 2022-09-12] (Nvidia Corporation -> NVIDIA Corporation)
Task: {0D0F49E0-3A2C-4B6B-8FC1-DF1B88F34113} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655336 2022-09-12] (Nvidia Corporation -> NVIDIA Corporation)
Task: {350F3170-1DFC-43BC-B5C0-AAB37B6B0CCB} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655336 2022-09-12] (Nvidia Corporation -> NVIDIA Corporation)
Task: {5A5DECA4-E69B-4A4E-A0B2-D4EAFAD914E1} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655336 2022-09-12] (Nvidia Corporation -> NVIDIA Corporation)
Task: {48BC324C-DEF7-4349-AB14-AF4B59D45543} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655336 2022-09-12] (Nvidia Corporation -> NVIDIA Corporation)
Task: {B80CDF19-0F8A-4C49-AF50-05F09C86864E} - System32\Tasks\PxService => C:\Users\Petr\AppData\Local\Packages\Paon\v1-5\paon.exe [13776272 2021-11-03] (PAN Software -> ) [File not signed]
Task: {04CE45AE-A2C7-4E23-8E63-E0255610CF50} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [5363552 2021-11-16] (Safer-Networking Limited -> Safer-Networking Ltd.)
Task: {F3FE52F5-982D-43B3-BCF2-00740919436E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [5629064 2021-11-23] (Safer-Networking Limited -> Safer-Networking Ltd.)
Task: {FC11986C-7274-4351-93BC-6C2EE03E1FFA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [6093928 2021-12-20] (Safer-Networking Limited -> Safer-Networking Ltd.)
Task: {2765F3AD-50BA-4823-A82C-28CED7B37446} - System32\Tasks\UGNSQGTYKYNEIGRT_run => C:\Users\Petr\AppData\Roaming\CSPX\UGNSQGTYKYNEIGRT.exe [803176 2023-03-24] (Microsoft Corporation) [File not signed]
Task: {73DDD113-A144-47B8-BAF4-3C9D720789AC} - System32\Tasks\WDDiscovery Service => C:\Users\Petr\AppData\Roaming\UPDX\v3-5\WDDiscovery.exe [844664 2013-07-31] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
Task: {513DC482-F4A6-44FF-AD9A-293B8A787EE2} - System32\Tasks\WDSync => C:\Users\Petr\AppData\Roaming\APDX\v3-4\WDSync.exe [157048 2022-11-30] (WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.)
Task: {36D3719B-0AB0-4E78-BC7B-D3F245B5CCE7} - System32\Tasks\WNVIDIA_FACTORY_LG => C:\Users\Petr\AppData\Local\CloudUpgrade\rhc.exe [1536 2023-03-20] () [File not signed] -> php.exe infinity.php <==== ATTENTION
Task: {0D0EB4E6-8B65-413E-9B02-75BFB3D6DA33} - System32\Tasks\wupdatecloud => C:\Users\Petr\AppData\Local\WAAC\wupdater_cloud\rhc.exe [1536 2023-03-06] () [File not signed] -> php.exe index.php <==== ATTENTION
Task: {10154789-2435-4B44-B382-16617D072A38} - System32\Tasks\wupdatecloud_LG => Command(1): rhc.exe -> php.exe include.php <==== ATTENTION
Task: {10154789-2435-4B44-B382-16617D072A38} - System32\Tasks\wupdatecloud_LG => Command(2): rhc.exe -> php.exe index.php <==== ATTENTION
Task: {11F29BDA-2D3E-4D20-912D-CE8F9D5CC1AF} - System32\Tasks\YTPXCheck => C:\Users\Petr\AppData\Local\WAAC\wupdater_cloud\rhc.exe [1536 2023-03-06] () [File not signed] -> php.exe keep_play.php <==== ATTENTION
Task: {FB457702-BDD0-48D2-9C56-D81A66F73C6E} - System32\Tasks\YTPXCheck LG => C:\Users\Petr\AppData\Local\WAAC\wupdater_cloud\rhc.exe [1536 2023-03-06] () [File not signed] -> php.exe keep_play.php <==== ATTENTION
Task: {5366B2FB-F3D9-454F-827B-EF1E8F580F31} - System32\Tasks\zends-et => C:\Users\Petr\AppData\Local\WAAC\wtraff_cloud\rhc.exe [1536 2023-05-07] () [File not signed] -> php.exe index.php <==== ATTENTION
Task: {CE7E32EE-7285-4F49-859A-01E88BAAEB82} - System32\Tasks\zends-et-LG => Command(1): rhc.exe -> php.exe include.php <==== ATTENTION
Task: {CE7E32EE-7285-4F49-859A-01E88BAAEB82} - System32\Tasks\zends-et-LG => Command(2): rhc.exe -> php.exe index.php <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ATTENTION (Restriction - Zones)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{a1cc4f1f-7551-4ece-af50-ec2e1eb0e793}: [DhcpNameServer] 192.168.0.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Petr\AppData\Local\Microsoft\Edge\User Data\Default [2023-08-13]
Edge Extension: (BattleTabs) - C:\Users\Petr\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gipocgejiebilnhkjplhfklahbdndlli [2023-07-14]
Edge Extension: (Edge relevant text changes) - C:\Users\Petr\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-08-12]
Edge Extension: (Sheets) - C:\Users\Petr\AppData\Local\Packages\Paon\v1-5\addon [2021-11-05]
Edge Profile: C:\Users\Petr\AppData\Local\Microsoft\Edge\User Data\Guest Profile [2021-08-13]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
FireFox:
========
FF DefaultProfile: 83onx1sj.default
FF ProfilePath: C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\83onx1sj.default [2022-12-26]
FF ProfilePath: C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\qxhmo9kp.default-release [2023-08-13]
FF Homepage: Mozilla\Firefox\Profiles\qxhmo9kp.default-release -> hxxps://www.google.com/
FF Notifications: Mozilla\Firefox\Profiles\qxhmo9kp.default-release -> hxxps://www.hlavnespravy.sk; hxxps://hypebeast.com; hxxps://www.bestdiscoveries.co; hxxps://www.facebook.com
FF Extension: (Ochrana Kaspersky) - C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\qxhmo9kp.default-release\Extensions\light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com.xpi [2023-06-18]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\qxhmo9kp.default-release\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2022-10-11]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AntiCheatExpert Service; C:\Program Files\AntiCheatExpert\SGuard\x64\SGuardSvc64.exe [2700648 2022-12-22] (HIGH MORALE DEVELOPMENTS LIMITED -> )
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8567960 2020-04-12] (BattlEye Innovations e.K. -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [1135648 2023-05-12] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [935344 2023-06-02] (EasyAntiCheat Oy -> Epic Games, Inc.)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [16029472 2021-11-29] (Epic Games Inc. -> Epic Games, Inc.)
S3 FacSvc_Infestation; C:\Users\Petr\AppData\Roaming\FAC\Infestation\FacSvc.exe [506968 2021-07-23] (Fredaikis AB -> )
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [230352 2023-08-12] (HP Inc. -> HP Inc.)
S3 kpm_service_10.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 10.2\kpm_service.exe [520904 2022-10-25] (AO Kaspersky Lab -> AO Kaspersky Lab)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9278784 2023-08-12] (Malwarebytes Inc. -> Malwarebytes)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2782080 2021-11-16] (Safer-Networking Limited -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4605312 2021-11-16] (Safer-Networking Limited -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [940976 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7793960 2021-04-15] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2304.8-0\NisSrv.exe [3216064 2023-05-03] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2304.8-0\MsMpEng.exe [133544 2023-05-03] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe [473312 2017-03-20] (Wondershare Technology Co.,Ltd -> Wondershare)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\MobileGo\DriverInstall.exe [101152 2017-06-01] (Wondershare Technology Co.,Ltd -> Wondershare)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_7e5fd280efaa5445\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_7e5fd280efaa5445\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ACE-BASE; C:\Windows\system32\drivers\ACE-BASE.sys [1868832 2022-12-23] (HIGH MORALE DEVELOPMENTS LIMITED -> ANTICHEATEXPERT.COM)
S3 ACE-GAME; C:\Windows\system32\drivers\ACE-GAME.sys [772656 2022-12-23] (HIGH MORALE DEVELOPMENTS LIMITED -> ANTICHEATEXPERT.COM)
R2 BlueStacksDrv_nxt; C:\Program Files\BlueStacks_nxt\BstkDrv_nxt.sys [320728 2021-07-27] (Bluestack Systems, Inc -> Bluestack System Inc.)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [42616 2017-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [158640 2023-08-12] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 GUMHFilters; C:\Program Files (x86)\Glarysoft\Malware Hunter\Native\winxp_x64\GUMHFilter.sys [42976 2021-07-26] (Microsoft Windows Hardware Compatibility Publisher -> Glarysoft Ltd)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223176 2023-08-13] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2023-08-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [199640 2023-08-13] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [77752 2023-08-13] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2023-08-13] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [181984 2023-08-13] (Malwarebytes Inc. -> Malwarebytes)
R3 NvModuleTracker; C:\Windows\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [45656 2022-07-14] (Nvidia Corporation -> NVIDIA Corporation)
S0 Spybot3ELAM; C:\Windows\System32\drivers\Spybot3ELAM.sys [19904 2019-06-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Windows (R) Win 7 DDK provider)
R3 VClone; C:\Windows\System32\drivers\VClone.sys [44544 2020-02-22] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [49616 2023-05-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [498944 2023-05-03] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (NGO -> MBB)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [99608 2023-05-03] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-08-13 22:25 - 2023-08-13 22:26 - 000026399 _____ C:\Users\Petr\Downloads\FRST.txt
2023-08-13 22:25 - 2023-08-13 22:25 - 002385408 _____ (Farbar) C:\Users\Petr\Downloads\FRST64.exe
2023-08-13 22:14 - 2023-08-13 22:14 - 000000000 ____D C:\Users\Petr\AppData\LocalLow\IGDump
2023-08-13 22:10 - 2023-08-13 22:10 - 000181984 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2023-08-13 21:59 - 2023-08-13 22:01 - 000267974 _____ C:\Windows\ntbtlog.txt
2023-08-13 21:59 - 2023-08-13 21:59 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2023-08-13 21:36 - 2023-08-13 21:46 - 000000000 ____D C:\Users\Petr\AppData\Roaming\QtProject
2023-08-13 21:35 - 2023-08-13 21:35 - 000000000 ____D C:\Users\Petr\AppData\Local\system_backup_gui
2023-08-13 21:35 - 2023-08-13 21:35 - 000000000 ____D C:\Users\Petr\AppData\Local\CornerTips
2023-08-13 21:34 - 2023-08-13 21:47 - 000000000 ____D C:\Program Files (x86)\MiniTool ShadowMaker
2023-08-13 21:34 - 2023-05-08 18:36 - 215450560 _____ (MiniTool Software Limited ) C:\Users\Petr\Downloads\sm_x64.exe
2023-08-13 21:33 - 2023-08-13 21:34 - 002008616 _____ (MiniTool Software Limited) C:\Users\Petr\Downloads\sm-online.exe
2023-08-13 00:30 - 2023-08-13 00:30 - 000112948 _____ C:\Users\Petr\Downloads\lang_rus.rar
2023-08-13 00:30 - 2023-08-13 00:30 - 000000000 ____D C:\Users\Petr\Downloads\lang_rus
2023-08-12 00:15 - 2023-08-13 22:11 - 000000000 ____D C:\Users\Petr\AppData\Local\Malwarebytes
2023-08-12 00:15 - 2023-08-12 00:15 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2023-08-12 00:15 - 2023-08-12 00:15 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2023-08-12 00:14 - 2023-08-12 00:14 - 002606880 _____ (Malwarebytes) C:\Users\Petr\Downloads\MBSetup.exe
2023-08-12 00:14 - 2023-08-12 00:14 - 000000000 ____D C:\ProgramData\Malwarebytes
2023-08-11 21:33 - 2023-08-13 22:26 - 000003838 _____ C:\Windows\system32\Tasks\YTPXCheck
2023-08-11 21:33 - 2023-08-11 21:33 - 000003380 _____ C:\Windows\system32\Tasks\YTPXCheck LG
2023-08-06 17:17 - 2023-08-13 00:50 - 000000000 ____D C:\Users\Petr\AppData\Local\Loop_Hero
2023-08-06 17:15 - 2023-08-06 17:15 - 000000348 _____ C:\Users\Petr\Desktop\Loop Hero.url
2023-08-06 00:34 - 2023-08-06 00:34 - 001590272 _____ C:\Users\Petr\Downloads\Kolín.xls
2023-08-05 22:12 - 2023-08-05 22:12 - 000048980 _____ C:\Users\Petr\Downloads\LibAddonMenu-2.0r34.zip
2023-08-05 22:12 - 2023-08-05 22:12 - 000000000 ____D C:\Users\Petr\Downloads\LibAddonMenu-2.0r34
2023-08-05 22:08 - 2023-08-05 22:08 - 000000000 ____D C:\Users\Petr\Downloads\AdvancedAutoLoot-198
2023-08-05 22:07 - 2023-08-05 22:07 - 000080782 _____ C:\Users\Petr\Downloads\AdvancedAutoLoot-198.zip
2023-08-03 22:10 - 2023-08-03 22:10 - 000000000 _____ C:\Users\Petr\Desktop\Minion bandit UI.txt
2023-08-03 22:05 - 2023-08-11 23:31 - 000000000 ____D C:\Users\Petr\.junique
2023-08-03 22:05 - 2023-08-03 22:05 - 000000000 ____D C:\Users\Petr\AppData\Roaming\gg.minion.Minion
2023-08-03 22:05 - 2023-08-03 22:05 - 000000000 ____D C:\Users\Petr\.oracle_jre_usage
2023-08-03 22:04 - 2023-08-12 13:26 - 000000000 ____D C:\Users\Petr\AppData\Local\Minion
2023-08-03 22:03 - 2023-08-03 22:04 - 052825304 _____ (Good Game Mods LLC ) C:\Users\Petr\Downloads\Minion3.0.5.exe
2023-08-02 17:09 - 2023-08-13 21:38 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-08-01 14:47 - 2023-08-01 14:47 - 000000000 ____D C:\Users\Petr\Downloads\TESO_CZ_v.0.81
2023-08-01 14:46 - 2023-08-01 14:46 - 025954622 _____ C:\Users\Petr\Downloads\TESO_CZ_v.0.81.zip
2023-07-22 21:37 - 2023-07-22 21:37 - 000000000 ____D C:\Users\Petr\AppData\Local\Elder Scrolls Online
2023-07-22 08:08 - 2023-07-22 08:08 - 000000365 _____ C:\Users\Petr\Desktop\The Elder Scrolls Online.url
2023-07-15 20:46 - 2023-07-15 20:46 - 000000000 ____D C:\Windows\LastGood
2023-07-15 20:45 - 2023-06-21 04:50 - 001227248 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2023-07-15 20:45 - 2023-06-21 04:50 - 000848936 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2023-07-15 20:45 - 2023-06-21 04:50 - 000848936 _____ C:\Windows\system32\vulkaninfo.exe
2023-07-15 20:45 - 2023-06-21 04:50 - 000713768 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2023-07-15 20:45 - 2023-06-21 04:50 - 000713768 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2023-07-15 20:45 - 2023-06-21 04:50 - 000653352 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2023-07-15 20:45 - 2023-06-21 04:50 - 000653352 _____ C:\Windows\system32\vulkan-1.dll
2023-07-15 20:45 - 2023-06-21 04:50 - 000636968 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2023-07-15 20:45 - 2023-06-21 04:50 - 000636968 _____ C:\Windows\SysWOW64\vulkan-1.dll
2023-07-15 20:45 - 2023-06-21 04:46 - 000933896 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2023-07-15 20:45 - 2023-06-21 04:46 - 000668688 _____ C:\Windows\system32\nvofapi64.dll
2023-07-15 20:45 - 2023-06-21 04:46 - 000504352 _____ C:\Windows\SysWOW64\nvofapi.dll
2023-07-15 20:45 - 2023-06-21 04:45 - 002167824 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2023-07-15 20:45 - 2023-06-21 04:45 - 001621520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2023-07-15 20:45 - 2023-06-21 04:45 - 001537504 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2023-07-15 20:45 - 2023-06-21 04:45 - 001195024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2023-07-15 20:45 - 2023-06-21 04:45 - 000992272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2023-07-15 20:45 - 2023-06-21 04:45 - 000777200 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
2023-07-15 20:45 - 2023-06-21 04:45 - 000768520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2023-07-15 20:45 - 2023-06-21 04:44 - 014520288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2023-07-15 20:45 - 2023-06-21 04:44 - 012066800 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2023-07-15 20:45 - 2023-06-21 04:44 - 006190088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2023-07-15 20:45 - 2023-06-21 04:44 - 005844496 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2023-07-15 20:45 - 2023-06-21 04:44 - 005550624 _____ (NVIDIA Corporation) C:\Windows\system32\nvcudadebugger.dll
2023-07-15 20:45 - 2023-06-21 04:44 - 000853536 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2023-07-15 20:45 - 2023-06-21 04:44 - 000459760 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2023-07-15 20:45 - 2023-06-21 04:43 - 006736984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2023-07-15 20:45 - 2023-06-21 04:12 - 000107938 _____ C:\Windows\system32\nvinfo.pb
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-08-13 22:26 - 2021-10-21 22:16 - 000000000 ____D C:\FRST
2023-08-13 22:26 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-08-13 22:18 - 2022-02-09 01:05 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-08-13 22:17 - 2021-07-11 17:00 - 001693820 _____ C:\Windows\system32\PerfStringBackup.INI
2023-08-13 22:17 - 2019-12-07 16:41 - 000716932 _____ C:\Windows\system32\perfh005.dat
2023-08-13 22:17 - 2019-12-07 16:41 - 000145110 _____ C:\Windows\system32\perfc005.dat
2023-08-13 22:17 - 2019-12-07 11:13 - 000000000 ____D C:\Windows\INF
2023-08-13 22:11 - 2023-05-08 21:33 - 000003822 _____ C:\Windows\system32\Tasks\zends-et
2023-08-13 22:11 - 2023-05-07 21:34 - 000003842 _____ C:\Windows\system32\Tasks\wupdatecloud
2023-08-13 22:11 - 2023-04-23 19:41 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2023-08-13 22:11 - 2022-12-27 02:01 - 000002420 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-08-13 22:11 - 2021-07-11 19:41 - 000000000 ____D C:\ProgramData\NVIDIA
2023-08-13 22:11 - 2020-11-19 01:32 - 000002582 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-08-13 22:10 - 2021-07-11 23:00 - 000008192 ___SH C:\DumpStack.log.tmp
2023-08-13 22:10 - 2020-11-19 01:30 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-08-13 22:10 - 2019-12-07 11:03 - 000524288 _____ C:\Windows\system32\config\BBI
2023-08-13 22:07 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\CbsTemp
2023-08-13 22:01 - 2021-12-16 01:22 - 000000000 ____D C:\Windows\SystemTemp
2023-08-13 21:35 - 2021-10-21 21:56 - 000004210 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{9FFE6BE3-006E-4DC2-B38E-1CEB36D4519F}
2023-08-13 21:35 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\AppReadiness
2023-08-13 21:32 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-08-13 00:26 - 2021-07-13 20:56 - 000000000 ____D C:\Users\Petr\AppData\Local\CrashDumps
2023-08-12 21:18 - 2020-11-19 00:29 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-08-12 13:26 - 2021-07-11 18:44 - 000000000 ____D C:\Users\Petr
2023-08-12 11:03 - 2021-07-11 21:33 - 000000000 ____D C:\Windows\system32\MRT
2023-08-12 11:02 - 2022-03-10 10:24 - 000000000 ____D C:\Windows\system32\Tasks\HP
2023-08-12 11:02 - 2022-03-10 10:12 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
2023-08-12 11:00 - 2021-07-11 21:33 - 175983240 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2023-08-12 09:26 - 2021-08-17 11:46 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-08-12 09:26 - 2021-08-17 11:46 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-08-12 00:18 - 2023-03-24 17:20 - 000000000 ____D C:\Users\Petr\Downloads\Glary Malware Hunter Pro 1.145.0.762 Multilingual
2023-08-12 00:15 - 2019-12-07 11:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2023-08-12 00:14 - 2021-08-06 01:48 - 000000000 ____D C:\Program Files\Malwarebytes
2023-08-12 00:11 - 2023-03-24 12:53 - 000000000 ____D C:\DeadByDaylight
2023-08-11 23:30 - 2022-01-02 21:40 - 000000000 ____D C:\Users\Petr\AppData\Roaming\discord
2023-08-11 22:34 - 2022-01-02 21:40 - 000000000 ____D C:\Users\Petr\AppData\Local\Discord
2023-08-11 22:15 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\LiveKernelReports
2023-08-11 21:42 - 2021-12-15 02:28 - 000000000 ____D C:\Orion Launcher
2023-08-11 21:36 - 2021-12-11 00:58 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2572895026-2735717841-2913369703-1002
2023-08-11 21:36 - 2021-07-11 18:47 - 000003378 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2572895026-2735717841-2913369703-1002
2023-08-11 21:36 - 2021-07-11 18:46 - 000000000 ____D C:\Users\Petr\AppData\Local\D3DSCache
2023-08-11 21:36 - 2021-07-11 18:44 - 000002378 _____ C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-08-11 21:34 - 2023-05-11 20:17 - 000000000 ____D C:\Users\Petr\AppData\Local\Enlisted
2023-08-05 21:17 - 2022-01-02 21:40 - 000002226 _____ C:\Users\Petr\Desktop\Discord.lnk
2023-07-22 16:33 - 2021-07-14 07:29 - 000000000 ____D C:\Program Files (x86)\Steam
2023-07-22 12:30 - 2023-01-05 18:48 - 000000000 ____D C:\poco X3 yaloha 5.1.2023
2023-07-22 08:01 - 2021-07-11 20:06 - 000000000 ____D C:\Games
2023-07-22 07:27 - 2022-12-21 00:29 - 000000000 ____D C:\Users\Petr\AppData\Local\WAAC
2023-07-15 20:46 - 2021-07-11 16:59 - 000000000 ____D C:\Program Files\NVIDIA Corporation
==================== Files in the root of some directories ========
2021-11-05 01:41 - 2021-11-05 01:41 - 014480256 _____ (PAN Software ) C:\Users\Petr\AppData\Local\install.exe
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-08-2023
Ran by Petr (13-08-2023 22:26:35)
Running from C:\Users\Petr\Downloads
Microsoft Windows 10 Home Version 21H2 19044.3086 (X64) (2021-07-11 14:56:14)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-2572895026-2735717841-2913369703-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2572895026-2735717841-2913369703-503 - Limited - Disabled)
Guest (S-1-5-21-2572895026-2735717841-2913369703-501 - Limited - Disabled)
Petr (S-1-5-21-2572895026-2735717841-2913369703-1002 - Administrator - Enabled) => C:\Users\Petr
WDAGUtilityAccount (S-1-5-21-2572895026-2735717841-2913369703-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Spybot - Search and Destroy (Enabled - Up to date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Free (Enabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Artix Game Launcher 2.1.2 (HKLM\...\{3BECECC9-207F-4FAE-A1EA-207D7F8B9AB4}) (Version: 2.1.2 - Artix Entertainment, LLC)
BlueStacks 5 (HKLM\...\BlueStacks_nxt) (Version: 5.2.0.1052 - BlueStack Systems, Inc.)
Discord (HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\Discord) (Version: 1.0.9003 - Discord Inc.)
Enlisted Launcher 1.0.3.109 (HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\{5fcad5a5-d0d8-4edf-a5ba-040b397eac31}}_is1) (Version: - Gaijin Network)
Epic Games Launcher (HKLM-x32\...\{A7BBC0A6-3DB0-41CC-BCED-DDFC5D4F3060}) (Version: 1.2.17.0 - Epic Games, Inc.)
Epic Online Services (HKLM-x32\...\{32C68D93-D32F-4B01-8250-61642BFC22F8}) (Version: 2.0.28.0 - Epic Games, Inc.)
FoneLab Data Retriever 1.2.28 (HKLM-x32\...\{84530085-7274-4236-91A8-5DBF484771F7}_is1) (Version: 1.2.28 - FoneLab)
Gorky 17 (HKLM-x32\...\1207658744_is1) (Version: 1.0 - GOG.com)
ICQ (verze 22.10.2.47603) (HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\icq.desktop) (Version: 22.10.2.47603 - Mail.ru LLC)
IrfanView 4.62 (64-bit) (HKLM\...\IrfanView64) (Version: 4.62 - Irfan Skiljan)
Java(TM) SE Development Kit 19.0.2 (64-bit) (HKLM\...\{5E32314F-F4C9-59D1-A229-BC58CEA0D74A}) (Version: 19.0.2.0 - Oracle Corporation)
Kaspersky Password Manager (HKLM-x32\...\{BE877CFF-5461-441D-8A15-299DA7509968}) (Version: 10.2.0.341 - Kaspersky Lab) Hidden
Kaspersky Password Manager (HKLM-x32\...\InstallWIX_{BE877CFF-5461-441D-8A15-299DA7509968}) (Version: 10.2.0.341 - Kaspersky Lab)
Kontrola stavu osobního počítače s Windows (HKLM\...\{D1F15F7A-707A-42BD-BE6B-3380616F796D}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Kontrola stavu osobního počítače s Windows (HKLM\...\{E496AFB7-CB04-46CF-8FBB-5D665BC8811B}) (Version: 3.3.2110.22002 - Microsoft Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\Riot Game league_of_legends.live) (Version: - Riot Games, Inc)
Malware Hunter 1.145.0.762 (HKLM-x32\...\Malware Hunter) (Version: 1.145.0.762 - Glarysoft Ltd)
Malwarebytes version 4.5.34.275 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.34.275 - Malwarebytes)
Microsoft .NET Host - 5.0.17 (x86) (HKLM-x32\...\{54DE7EA9-E391-4BD2-A373-3A72A18EBDB5}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.17 (x86) (HKLM-x32\...\{AF01038B-6523-4EA7-9D9E-4F1E2927D88B}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.17 (x86) (HKLM-x32\...\{59650A2A-3839-46EC-9D9C-6B3B1C743C55}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 115.0.1901.203 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 115.0.1901.203 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\OneDriveSetup.exe) (Version: 23.158.0730.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{BB052C53-34CB-42DE-AF41-66FDFCEEC868}) (Version: 3.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (HKLM-x32\...\{8bdfe669-9705-4184-9368-db9ce581e0e7}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (HKLM-x32\...\{410c0ee1-00bb-41b6-9772-e12c2828b02f}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (HKLM\...\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (HKLM\...\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (HKLM-x32\...\{C2C59CAB-8766-4ABD-A8EF-1151A36C41E5}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (HKLM-x32\...\{73F77E4E-5A17-46E5-A5FC-8A061047725F}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 5.0.17 (x86) (HKLM-x32\...\{098c6ff7-1af1-4c4a-b86f-c60608c98e31}) (Version: 5.0.17.31219 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 5.0.17 (x86) (HKLM-x32\...\{0D02D706-44F2-4957-A448-E7259A0B56B9}) (Version: 40.68.31219 - Microsoft Corporation) Hidden
Mount & Blade II: Bannerlord [1.7.1] (HKLM-x32\...\Mount & Blade II: Bannerlord_is1) (Version: - TaleWorlds Entertainment)
Mozilla Firefox (x64 cs) (HKLM\...\Mozilla Firefox 116.0.2 (x64 cs)) (Version: 116.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 91.0 - Mozilla)
MPC-HC 1.7.13 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.13 - MPC-HC Team)
Niceboy ORYX K600 Mechanical Keyboard v1.6.5 (HKLM-x32\...\{2C0A8508-5710-4207-8ED8-57518B198878}_is1) (Version: - )
NVIDIA FrameView SDK 1.3.8107.31782123 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8107.31782123 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.26.0.131 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.26.0.131 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 536.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 536.23 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 28.0.3 - OBS Project)
Pokémon Trading Card Game Live (HKLM\...\{C63D0335-E4E3-4F4D-A98A-AAF8544FB551}) (Version: 1.6.1.0 - The Pokémon Company International)
qBittorrent (HKLM-x32\...\qBittorrent) (Version: 4.5.0 - The qBittorrent project)
Reborn Full Client 2014-02-28 version 1 (HKLM-x32\...\Reborn Full Client 2014-02-28_is1) (Version: 1 - )
Seal Hunter (HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\Seal Hunter) (Version: - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.9.82.0 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.5.6 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.259193 - TeamViewer)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 2.6.3.0 - Zenimax Online Studios)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 140.0.10857 - Ubisoft)
UE4 Prerequisites (x64) (HKLM\...\{D7B591D8-1091-4A00-A0B3-5301C45E5D51}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{0d995f46-317b-4b5f-bf3e-9f98bae9d339}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
Uninstall Orion Launcher (HKLM-x32\...\{9759746F-CA20-4A89-AD9B-F82E122D67D5}_is1) (Version: 2.0.0.0 - )
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{C270D21B-2327-49B8-85F7-395133A93C75}) (Version: 8.92.0.0 - Microsoft Corporation)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.2.0 - Elaborate Bytes)
Wargaming.net Game Center (HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\Wargaming.net Game Center) (Version: 22.5.0.733 - Wargaming.net)
WinRAR 6.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH)
Packages:
=========
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe [2023-08-04] (Microsoft Corporation)
File Analyzer Plus -> C:\Program Files\WindowsApps\BitberrySoftware.FileAnalyzerPlus_1.0.7.0_x86__2js97y2b9kjke [2023-02-08] (Bitberry Software)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_148.2.1069.0_x64__v10z8vjag6ke6 [2023-08-12] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-07-13] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-07-13] (Microsoft Corporation) [MS Ad]
Microsoft Midi gm.dls -> C:\Program Files\WindowsApps\Microsoft.Midi.GmDls_1.0.1.0_neutral__8wekyb3d8bbwe [2022-09-05] (Microsoft Platform Extensions)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2023-03-09] (NVIDIA Corp.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-05-15] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.11.217.0_x64__dt26b99r8h8gj [2021-07-11] (Realtek Semiconductor Corp)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.17.8040.0_x64__8wekyb3d8bbwe [2023-08-06] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.217.834.0_x64__zpdnekdrzrea0 [2023-08-04] (Spotify AB) [Startup Task]
Trio Office -> C:\Program Files\WindowsApps\64343GTDocStudio.OfficeDocOpener_3.3.5.0_x86__3h5nez1g3qt2c [2023-06-02] (GT Office PDF Studio)
WPS Office Suite - PDF, Word, Spreadsheet, Slide View & Edit -> C:\Program Files\WindowsApps\ZhuhaiKingsoftOfficeSoftw.WPSOffice2019_11.2.11219.0_x86__924xes6e8q1tw [2023-02-07] (Kingsoft Office Software Corporation Limited)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2572895026-2735717841-2913369703-1002_Classes\CLSID\{2EF7E390-2F7C-4F9A-9B7D-4A87B56B711D}\InprocServer32 -> C:\Users\Petr\AppData\Local\Microsoft\EdgeUpdate\1.3.173.51\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2572895026-2735717841-2913369703-1002_Classes\CLSID\{38971E90-14FD-44F6-AA45-1447B653F873}\InprocServer32 -> C:\Users\Petr\AppData\Local\Microsoft\EdgeUpdate\1.3.173.45\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2572895026-2735717841-2913369703-1002_Classes\CLSID\{5EA43877-C6D8-4885-B77A-C0BB27E94372}\InprocServer32 -> C:\Users\Petr\AppData\Local\Microsoft\EdgeUpdate\1.3.177.11\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2572895026-2735717841-2913369703-1002_Classes\CLSID\{608D599A-DCA6-4A7C-BED7-AFCD8465345A}\InprocServer32 -> C:\Users\Petr\AppData\Local\Microsoft\EdgeUpdate\1.3.175.29\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2572895026-2735717841-2913369703-1002_Classes\CLSID\{64C6EFB9-8F79-4106-B975-067448DC768F}\InprocServer32 -> C:\Users\Petr\AppData\Local\Microsoft\EdgeUpdate\1.3.177.11\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2572895026-2735717841-2913369703-1002_Classes\CLSID\{7C9A348D-C321-47AC-904F-150312A5430F}\InprocServer32 -> C:\Users\Petr\AppData\Local\Microsoft\EdgeUpdate\1.3.175.27\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2572895026-2735717841-2913369703-1002_Classes\CLSID\{81093D63-7825-417B-BFC8-ADC63FA4E53D}\InprocServer32 -> C:\Users\Petr\AppData\Local\Microsoft\EdgeUpdate\1.3.177.11\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2572895026-2735717841-2913369703-1002_Classes\CLSID\{88B20FC8-EBD6-4181-B5F6-50F45BFF722E}\InprocServer32 -> C:\Users\Petr\AppData\Local\Microsoft\EdgeUpdate\1.3.167.21\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2572895026-2735717841-2913369703-1002_Classes\CLSID\{997809F3-33FD-4FD6-A2ED-CEF50F3263B1}\InprocServer32 -> C:\Users\Petr\AppData\Local\Microsoft\EdgeUpdate\1.3.169.31\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2572895026-2735717841-2913369703-1002_Classes\CLSID\{ABF66F82-B04C-4FE4-8272-661539463FE1}\InprocServer32 -> C:\Users\Petr\AppData\Local\Microsoft\EdgeUpdate\1.3.171.37\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2572895026-2735717841-2913369703-1002_Classes\CLSID\{B29F5F83-90DF-479A-BDE7-8A9F4412E394}\InprocServer32 -> C:\Users\Petr\AppData\Local\Microsoft\EdgeUpdate\1.3.171.39\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2572895026-2735717841-2913369703-1002_Classes\CLSID\{BFBE0943-74C5-40E0-9E80-0B808109E95D}\InprocServer32 -> C:\Users\Petr\AppData\Local\Microsoft\EdgeUpdate\1.3.163.19\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2572895026-2735717841-2913369703-1002_Classes\CLSID\{D1CE12B0-2529-4B24-BE8E-189735EA0DC1}\InprocServer32 -> C:\Users\Petr\AppData\Local\Microsoft\EdgeUpdate\1.3.165.21\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2572895026-2735717841-2913369703-1002_Classes\CLSID\{E8791438-3525-48BF-A600-C577AD1674C2}\InprocServer32 -> C:\Users\Petr\AppData\Local\Microsoft\EdgeUpdate\1.3.173.49\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2572895026-2735717841-2913369703-1002_Classes\CLSID\{F1CBF5EB-347F-4E4C-90AC-E43339FC34EC}\InprocServer32 -> C:\Users\Petr\AppData\Local\Microsoft\EdgeUpdate\1.3.173.55\psuser_64.dll => No File
ContextMenuHandlers1: [Glarysoft MalwareHunter] -> {EA847F47-97F1-4D78-AB99-C63CA1C327F0} => C:\Program Files (x86)\Glarysoft\Malware Hunter\x64\MHContextHandlerx64.dll [2021-07-26] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2020-02-23] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Glarysoft MalwareHunter] -> {EA847F47-97F1-4D78-AB99-C63CA1C327F0} => C:\Program Files (x86)\Glarysoft\Malware Hunter\x64\MHContextHandlerx64.dll [2021-07-26] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers2: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers2: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2020-02-23] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-08-12] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers3: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_7e5fd280efaa5445\nvshext.dll [2023-06-21] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [Glarysoft MalwareHunter] -> {EA847F47-97F1-4D78-AB99-C63CA1C327F0} => C:\Program Files (x86)\Glarysoft\Malware Hunter\x64\MHContextHandlerx64.dll [2021-07-26] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-08-12] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2021-12-21] (Safer-Networking Limited -> Safer-Networking Ltd.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Razor\Visit Razor's Website.lnk -> hxxp://www.runuo.com/razor
ShortcutWithArgument: C:\Users\Petr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --load-extension="C:\Users\Petr\AppData\Local\Packages\Paon\v1-5\addon"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --load-extension="C:\Users\Petr\AppData\Local\Packages\Paon\v1-5\addon"
ShortcutWithArgument: C:\Users\Public\Desktop\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --load-extension="C:\Users\Petr\AppData\Local\Packages\Paon\v1-5\addon"
==================== Loaded Modules (Whitelisted) =============
2021-07-30 20:20 - 2015-02-27 10:35 - 000489984 _____ (Newtonsoft) [File not signed] [File is in use] C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\Newtonsoft.Json.dll
2023-04-23 19:41 - 2021-06-19 01:55 - 001079909 _____ (SQLite Development Team) [File not signed] C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2023-04-23 19:41 - 2018-11-22 16:48 - 001374208 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Spybot - Search & Destroy 2\libeay32.dll
2023-04-23 19:41 - 2018-11-22 16:48 - 000337920 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Spybot - Search & Destroy 2\ssleay32.dll
2021-07-30 20:20 - 2017-03-20 16:13 - 000087552 _____ (Wondershare) [File not signed] [File is in use] C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppCollect.dll
2021-07-30 20:20 - 2017-03-20 16:13 - 000197632 _____ (Wondershare) [File not signed] [File is in use] C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppCommon.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Petr\Downloads\FRST64.exe:MBAM.Zone.Identifier [240]
AlternateDataStreams: C:\Users\Petr\Downloads\sm-online.exe:MBAM.Zone.Identifier [115]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\dotnet\
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Pozadí plochy.bmp
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\StartupFolder: => "MobileGo Service.lnk"
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\StartupApproved\StartupFolder: => "Minion.lnk"
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\StartupApproved\Run: => "Microsoft Edge Update"
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\StartupApproved\Run: => "ImageGlass Spider"
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\StartupApproved\Run: => "Wargaming.net Game Center"
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_88D36A2D9DF9AF2106D8CF7538FE64F2"
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\StartupApproved\Run: => "icq.desktop"
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\StartupApproved\Run: => "Discord"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{624E245D-5EBC-4BA9-B180-F5201449E7CE}C:\program files (x86)\seal hunter\seal hunter.exe] => (Allow) C:\program files (x86)\seal hunter\seal hunter.exe (hxxp://sealhunter.se/) [File not signed]
FirewallRules: [UDP Query User{A4818567-05FA-4615-9EB7-BE6FF321D7B3}C:\program files (x86)\seal hunter\seal hunter.exe] => (Allow) C:\program files (x86)\seal hunter\seal hunter.exe (hxxp://sealhunter.se/) [File not signed]
FirewallRules: [{485733CD-8D4C-4EFE-939A-ED5B33FFA779}] => (Allow) C:\Users\Petr\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{2C0767E0-D029-4F52-A37F-D38A70DAEA62}] => (Allow) C:\Users\Petr\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [TCP Query User{37F83282-95C9-4BCC-8CC0-AC78EB4B4494}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{33AA0C75-BFF9-4ED6-852F-05EDEF3F92CC}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{E405B985-C38F-4599-94C7-66F5276C52F0}C:\program files\epic games\remnantfromtheashes\remnant\binaries\win64\remnant-win64-shipping.exe] => (Allow) C:\program files\epic games\remnantfromtheashes\remnant\binaries\win64\remnant-win64-shipping.exe => No File
FirewallRules: [UDP Query User{80D9EB72-9B7B-41E2-944F-1DE39D1CB7F1}C:\program files\epic games\remnantfromtheashes\remnant\binaries\win64\remnant-win64-shipping.exe] => (Allow) C:\program files\epic games\remnantfromtheashes\remnant\binaries\win64\remnant-win64-shipping.exe => No File
FirewallRules: [TCP Query User{28F1C750-4A5A-4ADD-A823-C3A6CCF976FA}C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe] => (Block) C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe (Wondershare Technology Co.,Ltd -> Wondershare)
FirewallRules: [UDP Query User{AA0D8E41-B446-4EAF-8F74-993FEE190748}C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe] => (Block) C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe (Wondershare Technology Co.,Ltd -> Wondershare)
FirewallRules: [TCP Query User{33E28785-8812-453F-B0AB-92AA04A411C5}C:\program files\windowsapps\spotifyab.spotifymusic_1.179.763.0_x86__zpdnekdrzrea0\spotify.exe] => (Block) C:\program files\windowsapps\spotifyab.spotifymusic_1.179.763.0_x86__zpdnekdrzrea0\spotify.exe => No File
FirewallRules: [UDP Query User{9D1031AE-8425-4A8C-800B-005092A92E4D}C:\program files\windowsapps\spotifyab.spotifymusic_1.179.763.0_x86__zpdnekdrzrea0\spotify.exe] => (Block) C:\program files\windowsapps\spotifyab.spotifymusic_1.179.763.0_x86__zpdnekdrzrea0\spotify.exe => No File
FirewallRules: [{1196FCBB-162C-4A5B-8D57-38C66CF50FDC}] => (Allow) C:\Users\Petr\Downloads\Mount & Blade 2 Bannerlord\Setup.exe => No File
FirewallRules: [{D8DD3156-BD20-47B0-A5F3-AF8CB43B8BDD}] => (Allow) C:\Users\Petr\Downloads\Mount & Blade 2 Bannerlord\Setup.exe => No File
FirewallRules: [{161506F7-E854-43F0-8EEA-DC868D4606C0}] => (Allow) C:\Users\Petr\Downloads\Mount & Blade 2 Bannerlord\Setup.exe => No File
FirewallRules: [{E9DB49AA-5FFA-4573-8268-FC4FAF425670}] => (Allow) C:\Users\Petr\Downloads\Mount & Blade 2 Bannerlord\Setup.exe => No File
FirewallRules: [{192B9EAA-7957-4335-A754-5418341F3A48}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{65473C9D-7AC3-4E73-856C-00D1BA30F66D}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{93CA5BFE-A657-459B-A442-471FD4791697}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{059691AC-A557-486E-9660-32C1DF3D3947}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{EC35831F-F196-4A22-99C4-CA754067636A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{C60788E5-DE6A-473F-976C-6414F77FA0B4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{9B0D50C3-7C01-44F0-8A48-0D4496C9D6B7}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{9F910333-45D6-4BEB-A58B-F91E0922EA84}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{27BDA38F-8CA9-4EBD-8E47-945CB50E5D42}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{CEBC72DD-BFBD-4B92-97A7-06CC29804EF5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{39831F52-E711-43FC-BA01-B7ABD60FA70A}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Block) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{1B2B82EE-B2E6-4F01-B628-5F28AA256A59}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Block) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [TCP Query User{07766D9A-7564-4B5C-922A-11F7B2181D40}F:\dark paradise\ultima online 2d\uoam\uoam_orion.exe] => (Allow) F:\dark paradise\ultima online 2d\uoam\uoam_orion.exe () [File not signed]
FirewallRules: [UDP Query User{A5868089-C39C-4C92-B6AC-AB3732AD46B8}F:\dark paradise\ultima online 2d\uoam\uoam_orion.exe] => (Allow) F:\dark paradise\ultima online 2d\uoam\uoam_orion.exe () [File not signed]
FirewallRules: [TCP Query User{A29A478D-AF01-4E6F-A784-409A2A82BBC9}C:\orion launcher\orionuo64.exe] => (Allow) C:\orion launcher\orionuo64.exe (OrionUO Team) [File not signed]
FirewallRules: [UDP Query User{ABC06FDA-0F00-4E8C-A2B3-62DEF8529E82}C:\orion launcher\orionuo64.exe] => (Allow) C:\orion launcher\orionuo64.exe (OrionUO Team) [File not signed]
FirewallRules: [{48A917E1-CBDF-4AF2-BBB1-DE05C4E9607B}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{4EF9A402-E2F9-400F-A0E4-1676318C9232}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{D0CE989E-62A3-4CA3-BA00-0C701763ED0D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rampage Knights\rampage_knights.exe (Rake in Grass) [File not signed]
FirewallRules: [{ACA83D8C-7D23-48BE-9810-A446E46EDBC0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rampage Knights\rampage_knights.exe (Rake in Grass) [File not signed]
FirewallRules: [{69B74A78-D120-45AA-83BE-9A1B683EC546}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{217DAA85-81F9-4F37-B744-ECB15C0C4D51}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{5505D773-0E04-43F4-A654-184A80635FC7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{9AA9652C-0185-44CC-A9AB-47287E8B7EDA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{8FFF4A5C-546F-42C1-88F1-D88C3DF095F2}C:\users\petr\appdata\local\temp\npxdata\browser\msedge\application\msedge_worker_background.exe] => (Block) C:\users\petr\appdata\local\temp\npxdata\browser\msedge\application\msedge_worker_background.exe => No File
FirewallRules: [UDP Query User{6296800D-69DF-4E2B-95E6-F015DE3BBA0E}C:\users\petr\appdata\local\temp\npxdata\browser\msedge\application\msedge_worker_background.exe] => (Block) C:\users\petr\appdata\local\temp\npxdata\browser\msedge\application\msedge_worker_background.exe => No File
FirewallRules: [TCP Query User{3E58FE5F-3015-4E90-B345-15A46C2B8193}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [UDP Query User{D8221B88-A7C5-47A2-9B13-F3C0A48A055B}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{4DF867DE-42A2-4ED9-9B9B-3704867DDA67}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{944700FF-00F4-4048-8B5E-5839F67A586D}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{94D088C6-1113-419C-AB93-A3FFAB294CF1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{4EB4B8A2-FE6F-497E-BD4E-1B8E9E011B27}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{179ABFAC-5A4A-43CD-AB2C-B863E93A9475}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{2CDF209D-8798-49E8-9BAB-71797145A1C7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{3E5726D9-611F-43DB-AE07-D1ED5C50A7FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin64\dontstarve_steam_x64.exe () [File not signed]
FirewallRules: [{96864273-3435-4D00-95B7-BAABDCBE2BBB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin64\dontstarve_steam_x64.exe () [File not signed]
FirewallRules: [{0BCB45C5-D78C-4684-ABDE-C544C1DC5605}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe () [File not signed]
FirewallRules: [{7A70F7D5-5D2B-49DE-A707-474E5971306C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe () [File not signed]
FirewallRules: [TCP Query User{E487096D-FA90-4DA4-83F9-F7F3FBEE0BCD}C:\dyinglight\dyinglightgame.exe] => (Allow) C:\dyinglight\dyinglightgame.exe => No File
FirewallRules: [UDP Query User{A513CB7C-02EE-4DC7-9C11-85FD91724E5A}C:\dyinglight\dyinglightgame.exe] => (Allow) C:\dyinglight\dyinglightgame.exe => No File
FirewallRules: [{FD938F9A-9AEC-45A2-B87D-89EE246C6B57}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Company of Heroes Relaunch\Blitzkrieg Launcher.exe (Wolf) [File not signed]
FirewallRules: [{4A2731C4-8C2E-40EC-80AB-111DFCB68195}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Company of Heroes Relaunch\Blitzkrieg Launcher.exe (Wolf) [File not signed]
FirewallRules: [TCP Query User{DD69DED5-0937-447D-9FF7-F6B0895D7264}C:\program files (x86)\steam\steamapps\common\company of heroes relaunch\reliccoh.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\company of heroes relaunch\reliccoh.exe (The build server will stamp this field) [File not signed]
FirewallRules: [UDP Query User{C725F145-C0E8-45BE-90B7-29A2C700C429}C:\program files (x86)\steam\steamapps\common\company of heroes relaunch\reliccoh.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\company of heroes relaunch\reliccoh.exe (The build server will stamp this field) [File not signed]
FirewallRules: [TCP Query User{2E2D609B-6A2D-492C-A6CA-B15D59C53183}C:\users\petr\appdata\local\enlisted\launcher.exe] => (Allow) C:\users\petr\appdata\local\enlisted\launcher.exe (Gaijin Network Ltd -> Gaijin)
FirewallRules: [UDP Query User{DFDF9D24-BF13-4280-BB42-9882A0758D14}C:\users\petr\appdata\local\enlisted\launcher.exe] => (Allow) C:\users\petr\appdata\local\enlisted\launcher.exe (Gaijin Network Ltd -> Gaijin)
FirewallRules: [TCP Query User{E80D5D60-3523-4F58-8890-F681AADA8B79}C:\users\petr\appdata\local\enlisted\win64\enlisted.exe] => (Allow) C:\users\petr\appdata\local\enlisted\win64\enlisted.exe (Gaijin Network Ltd -> Gaijin Entertainment)
FirewallRules: [UDP Query User{0B3590A4-989A-4905-A08C-96B49A8BF614}C:\users\petr\appdata\local\enlisted\win64\enlisted.exe] => (Allow) C:\users\petr\appdata\local\enlisted\win64\enlisted.exe (Gaijin Network Ltd -> Gaijin Entertainment)
FirewallRules: [TCP Query User{95419A40-7815-45E7-949E-2F19B6067F82}F:\midnightghosthunt\midnightghosthunt\binaries\win64\midnightghosthunt-win64-shipping.exe] => (Allow) F:\midnightghosthunt\midnightghosthunt\binaries\win64\midnightghosthunt-win64-shipping.exe (Vaulted Sky Games) [File not signed]
FirewallRules: [UDP Query User{C6FBC7F3-9F1A-4B0D-B8FB-0C45C9382934}F:\midnightghosthunt\midnightghosthunt\binaries\win64\midnightghosthunt-win64-shipping.exe] => (Allow) F:\midnightghosthunt\midnightghosthunt\binaries\win64\midnightghosthunt-win64-shipping.exe (Vaulted Sky Games) [File not signed]
FirewallRules: [{92976CBA-9F63-4C14-81EE-407A407148B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trackmania\Trackmania.exe (NADEO SAS -> Nadeo)
FirewallRules: [{C6FE319C-9012-494E-8B18-74423C7594C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trackmania\Trackmania.exe (NADEO SAS -> Nadeo)
FirewallRules: [TCP Query User{7DC1D02E-B20B-4BF4-807A-81806AF3433E}F:\payday2\payday2_win32_release.exe] => (Allow) F:\payday2\payday2_win32_release.exe => No File
FirewallRules: [UDP Query User{BBEC616F-95EE-4CBD-8542-22BBD21F3E48}F:\payday2\payday2_win32_release.exe] => (Allow) F:\payday2\payday2_win32_release.exe => No File
FirewallRules: [TCP Query User{EA583445-8FE0-486A-96E7-7FA4815F93DE}C:\users\petr\appdata\local\discord\app-1.0.9013\discord.exe] => (Allow) C:\users\petr\appdata\local\discord\app-1.0.9013\discord.exe => No File
FirewallRules: [UDP Query User{0BA47732-D3F0-44DF-9830-B6560BCE6A1C}C:\users\petr\appdata\local\discord\app-1.0.9013\discord.exe] => (Allow) C:\users\petr\appdata\local\discord\app-1.0.9013\discord.exe => No File
FirewallRules: [TCP Query User{C8842839-5070-40FE-8C3D-3DF2A0E6B654}C:\users\petr\the pokémon company international\pokémon trading card game live\pokemon tcg live.exe] => (Allow) C:\users\petr\the pokémon company international\pokémon trading card game live\pokemon tcg live.exe (The Pokemon Company International, Inc. -> )
FirewallRules: [UDP Query User{16BCB03D-2BB6-4B10-A7E8-C12FDBE32B73}C:\users\petr\the pokémon company international\pokémon trading card game live\pokemon tcg live.exe] => (Allow) C:\users\petr\the pokémon company international\pokémon trading card game live\pokemon tcg live.exe (The Pokemon Company International, Inc. -> )
FirewallRules: [{9E143723-7006-43BE-BE7D-64AF3C1B1E17}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.217.834.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{8C410B74-11B5-4291-94CB-8AA58B68AC70}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.217.834.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{A0D30B31-F355-4B1E-932E-1EF43A5FBA60}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.217.834.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{72643C62-BDB2-456D-950A-42601E7C66FA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.217.834.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{378389A7-C2E7-48E1-8001-9B69BD1C9848}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.217.834.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{C4D2817C-4744-4588-A57B-E8AA01787714}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.217.834.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{25819FE6-3583-4332-BF05-20CA28485532}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.217.834.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{773221E8-0CBC-442F-9C46-61CE1262C553}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.217.834.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{3A7A9E4B-F8DE-439C-B732-2178FFDC86ED}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.217.834.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{3BB2D469-433D-4BAF-819C-8DD1B497F026}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.217.834.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{CAF00978-A6FF-40A2-9FD0-C61E39C2B3F1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.101.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E5609209-8535-4DBE-AE52-20DDD6A44812}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.101.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{09C5FE5C-8FD8-4782-ABBE-B457A5D74084}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.101.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D420BFA2-5AF0-4EAF-9019-26F1633ECD26}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.101.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{29E31CAF-EC28-4672-9CEE-621BE61701F2}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.203\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{29F6AFEA-788F-4984-B89F-2BDD7CD86907}] => (Allow) C:\Program Files (x86)\MiniTool ShadowMaker\AgentService.exe => No File
FirewallRules: [{AD401B6E-CB3C-4820-AA09-CE05D866901B}] => (Allow) C:\Program Files (x86)\MiniTool ShadowMaker\AgentService.exe => No File
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
==================== Restore Points =========================
12-08-2023 11:52:18 Naplánovaný kontrolní bod
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (08/13/2023 09:34:58 PM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: )
Description: Event-ID 2
Error: (08/13/2023 12:26:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: UGNSQGTYKYNEIGRT.exe, verze: 1.1.18500.10, časové razítko: 0x500ea6ce
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000140003be2
ID chybujícího procesu: 0x3978
Čas spuštění chybující aplikace: 0x01d9cd4a915736a6
Cesta k chybující aplikaci: C:\Users\Petr\AppData\Roaming\CSPX\UGNSQGTYKYNEIGRT.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 1ce5fd2d-f377-4f7e-abed-06305451bab9
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (08/12/2023 08:26:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: UGNSQGTYKYNEIGRT.exe, verze: 1.1.18500.10, časové razítko: 0x500ea6ce
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000140003be2
ID chybujícího procesu: 0x2934
Čas spuštění chybující aplikace: 0x01d9cd422b9346bc
Cesta k chybující aplikaci: C:\Users\Petr\AppData\Roaming\CSPX\UGNSQGTYKYNEIGRT.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 6efd1fbc-2c8d-4e34-9b5b-32d0494906b9
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (08/12/2023 07:26:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: UGNSQGTYKYNEIGRT.exe, verze: 1.1.18500.10, časové razítko: 0x500ea6ce
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000140003be2
ID chybujícího procesu: 0x664
Čas spuštění chybující aplikace: 0x01d9cd39c5ca5838
Cesta k chybující aplikaci: C:\Users\Petr\AppData\Roaming\CSPX\UGNSQGTYKYNEIGRT.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: b010d05d-2b19-4e87-b288-72eddc08af10
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (08/12/2023 06:26:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: UGNSQGTYKYNEIGRT.exe, verze: 1.1.18500.10, časové razítko: 0x500ea6ce
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000140003be2
ID chybujícího procesu: 0x2240
Čas spuštění chybující aplikace: 0x01d9cd209c6e9cb4
Cesta k chybující aplikaci: C:\Users\Petr\AppData\Roaming\CSPX\UGNSQGTYKYNEIGRT.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 1961a582-e7c5-4c64-a49c-584ff914aeab
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (08/12/2023 03:26:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: UGNSQGTYKYNEIGRT.exe, verze: 1.1.18500.10, časové razítko: 0x500ea6ce
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000140003be2
ID chybujícího procesu: 0x9b4
Čas spuštění chybující aplikace: 0x01d9cd18369fcab8
Cesta k chybující aplikaci: C:\Users\Petr\AppData\Roaming\CSPX\UGNSQGTYKYNEIGRT.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: eb3ceb60-4dfb-42ee-bfac-f2123325ff4c
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (08/12/2023 02:26:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: UGNSQGTYKYNEIGRT.exe, verze: 1.1.18500.10, časové razítko: 0x500ea6ce
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000140003be2
ID chybujícího procesu: 0x3910
Čas spuštění chybující aplikace: 0x01d9cd0fd0f4ba15
Cesta k chybující aplikaci: C:\Users\Petr\AppData\Roaming\CSPX\UGNSQGTYKYNEIGRT.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 03d5c279-e04f-4bd9-ab13-e784ed3a6952
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (08/12/2023 01:26:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: UGNSQGTYKYNEIGRT.exe, verze: 1.1.18500.10, časové razítko: 0x500ea6ce
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000140003be2
ID chybujícího procesu: 0x3e40
Čas spuštění chybující aplikace: 0x01d9ccf6a946d237
Cesta k chybující aplikaci: C:\Users\Petr\AppData\Roaming\CSPX\UGNSQGTYKYNEIGRT.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 3102860f-7bf1-44fe-9116-66905297f345
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
System errors:
=============
Error: (08/13/2023 10:10:59 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Při pokusu o načtení souboru místních hostitelů došlo k chybě.
Error: (08/13/2023 10:10:56 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Při pokusu o načtení souboru místních hostitelů došlo k chybě.
Error: (08/13/2023 10:09:34 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Služba DCOM zjistila chybu 1084 při pokusu o spuštění služby UsoSvc s argumenty Není k dispozici za účelem spuštění serveru:
{B91D5831-B1BD-4608-8198-D72E155020F7}
Error: (08/13/2023 10:09:34 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Služba DCOM zjistila chybu 1084 při pokusu o spuštění služby UsoSvc s argumenty Není k dispozici za účelem spuštění serveru:
{B91D5831-B1BD-4608-8198-D72E155020F7}
Error: (08/13/2023 10:09:14 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-PTGKVCQ)
Description: Služba DCOM zjistila chybu 1084 při pokusu o spuštění služby ShellHWDetection s argumenty Není k dispozici za účelem spuštění serveru:
{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (08/13/2023 10:09:08 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-PTGKVCQ)
Description: Služba DCOM zjistila chybu 1084 při pokusu o spuštění služby TokenBroker s argumenty Není k dispozici za účelem spuštění serveru:
Windows.Internal.Security.Authentication.Web.TokenBrokerInternal
Error: (08/13/2023 10:09:08 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-PTGKVCQ)
Description: Služba DCOM zjistila chybu 1084 při pokusu o spuštění služby TokenBroker s argumenty Není k dispozici za účelem spuštění serveru:
Windows.Internal.Security.Authentication.Web.TokenBrokerInternal
Error: (08/13/2023 10:07:49 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-PTGKVCQ)
Description: Služba DCOM zjistila chybu 1084 při pokusu o spuštění služby TokenBroker s argumenty Není k dispozici za účelem spuštění serveru:
Windows.Internal.Security.Authentication.Web.TokenBrokerInternal
Windows Defender:
================
Date: 2023-03-24 16:43:53
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Backdoor:Win32/Sdbot
Závažnost: Vážné
Kategorie: Zadní vrátka
Cesta: file:_C:\Users\Petr\Desktop\Old-Games\Commandos-Behind_Enemy_Lines\comandos.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-PTGKVCQ\Petr
Název procesu: C:\Program Files (x86)\Glarysoft\Malware Hunter\MalwareHunter.exe
Verze bezpečnostních informací: AV: 1.385.977.0, AS: 1.385.977.0, NIS: 1.385.977.0
Verze modulu: AM: 1.1.20100.6, NIS: 1.1.20100.6
Date: 2023-03-24 16:25:23
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/Keygen
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Users\Petr\Downloads\Glary Malware Hunter Pro 1.145.0.762 Multilingual\Patch\Glary.Malware.Hunter.Pro.1.x.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-PTGKVCQ\Petr
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.385.977.0, AS: 1.385.977.0, NIS: 1.385.977.0
Verze modulu: AM: 1.1.20100.6, NIS: 1.1.20100.6
Date: 2023-03-24 16:25:19
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/Keygen
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Users\Petr\Downloads\Glary Malware Hunter Pro 1.145.0.762 Multilingual\Patch\Glary.Malware.Hunter.Pro.1.x.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-PTGKVCQ\Petr
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.385.977.0, AS: 1.385.977.0, NIS: 1.385.977.0
Verze modulu: AM: 1.1.20100.6, NIS: 1.1.20100.6
Date: 2023-03-24 16:25:08
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/Keygen
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Users\Petr\Downloads\Glary Malware Hunter Pro 1.145.0.762 Multilingual\Patch\Patch-Glary.Malware.Hunter.Pro.1.x.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel:
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.385.977.0, AS: 1.385.977.0, NIS: 1.385.977.0
Verze modulu: AM: 1.1.20100.6, NIS: 1.1.20100.6
Date: 2023-03-24 16:23:17
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/Keygen
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Users\Petr\Downloads\Glary Malware Hunter Pro 1.145.0.762 Multilingual\Patch\Patch-Glary.Malware.Hunter.Pro.1.x.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-PTGKVCQ\Petr
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.385.977.0, AS: 1.385.977.0, NIS: 1.385.977.0
Verze modulu: AM: 1.1.20100.6, NIS: 1.1.20100.6
Event[0]:
Date: 2022-12-25 04:33:48
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.381.1007.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.19900.2
Kód chyby: 0x80080005
Popis chyby: Provádění serveru selhalo
CodeIntegrity:
===============
Date: 2023-08-13 22:10:57
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2023-08-13 22:10:57
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe) attempted to load \Device\HarddiskVolume6\Program Files (x86)\Spybot - Search & Destroy 2\SDLicense.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2023-08-12 00:15:34
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Mozilla Firefox\firefox.exe) attempted to load \Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends Inc. F11 12/31/2020
Motherboard: Gigabyte Technology Co., Ltd. B550 AORUS ELITE V2
Processor: AMD Ryzen 5 3600 6-Core Processor
Percentage of memory in use: 26%
Total physical RAM: 16330.43 MB
Available physical RAM: 11983.21 MB
Total Virtual: 17354.43 MB
Available Virtual: 10255.52 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.16 GB) (Free:75.05 GB) (Model: Samsung SSD 980 500GB) NTFS
Drive d: () (Fixed) (Total:0.1 GB) (Free:0.06 GB) (Model: ST3320620AS) NTFS ==>[system with boot components (obtained from drive)]
Drive e: () (Fixed) (Total:95.61 GB) (Free:3.61 GB) (Model: ST3320620AS) NTFS
Drive f: () (Fixed) (Total:202.39 GB) (Free:68.78 GB) (Model: ST3320620AS) NTFS
\\?\Volume{5731620d-b247-4517-81ae-70e9438d9312}\ () (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS
\\?\Volume{0b11d4b4-6e91-448a-8dad-3e1e86043c70}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 7877BB04)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=95.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=202.4 GB) - (Type=07 NTFS)
==========================================================
Disk: 1 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt =======================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
popup vbscript - Prosim o kontrolu logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: popup vbscript - Prosim o kontrolu logu
ahoj,
na zaciatok:
1. odinstaluj SpyBot
2. vycisti PC s Adwcleanerom - log sem
3. po vycisteni nove logy FRST
na zaciatok:
1. odinstaluj SpyBot
2. vycisti PC s Adwcleanerom - log sem
3. po vycisteni nove logy FRST
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: popup vbscript - Prosim o kontrolu logu
# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2023-07-19.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 08-14-2023
# Duration: 00:00:00
# OS: Windows 10 (Build 19044.3086)
# Cleaned: 1
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
Deleted C:\Windows\Reimage.ini
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
No malicious registry entries cleaned.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [1449 octets] - [14/08/2023 18:34:35]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-08-2023
Ran by Petr (14-08-2023 18:37:35)
Running from C:\Users\Petr\Downloads
Microsoft Windows 10 Home Version 21H2 19044.3086 (X64) (2021-07-11 14:56:14)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-2572895026-2735717841-2913369703-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2572895026-2735717841-2913369703-503 - Limited - Disabled)
Guest (S-1-5-21-2572895026-2735717841-2913369703-501 - Limited - Disabled)
Petr (S-1-5-21-2572895026-2735717841-2913369703-1002 - Administrator - Enabled) => C:\Users\Petr
WDAGUtilityAccount (S-1-5-21-2572895026-2735717841-2913369703-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Spybot - Search and Destroy (Disabled - Out of date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Free (Enabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Artix Game Launcher 2.1.2 (HKLM\...\{3BECECC9-207F-4FAE-A1EA-207D7F8B9AB4}) (Version: 2.1.2 - Artix Entertainment, LLC)
BlueStacks 5 (HKLM\...\BlueStacks_nxt) (Version: 5.2.0.1052 - BlueStack Systems, Inc.)
Discord (HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\Discord) (Version: 1.0.9003 - Discord Inc.)
Enlisted Launcher 1.0.3.109 (HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\{5fcad5a5-d0d8-4edf-a5ba-040b397eac31}}_is1) (Version: - Gaijin Network)
Epic Games Launcher (HKLM-x32\...\{A7BBC0A6-3DB0-41CC-BCED-DDFC5D4F3060}) (Version: 1.2.17.0 - Epic Games, Inc.)
Epic Online Services (HKLM-x32\...\{32C68D93-D32F-4B01-8250-61642BFC22F8}) (Version: 2.0.28.0 - Epic Games, Inc.)
FoneLab Data Retriever 1.2.28 (HKLM-x32\...\{84530085-7274-4236-91A8-5DBF484771F7}_is1) (Version: 1.2.28 - FoneLab)
Gorky 17 (HKLM-x32\...\1207658744_is1) (Version: 1.0 - GOG.com)
ICQ (verze 22.10.2.47603) (HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\icq.desktop) (Version: 22.10.2.47603 - Mail.ru LLC)
IrfanView 4.62 (64-bit) (HKLM\...\IrfanView64) (Version: 4.62 - Irfan Skiljan)
Java(TM) SE Development Kit 19.0.2 (64-bit) (HKLM\...\{5E32314F-F4C9-59D1-A229-BC58CEA0D74A}) (Version: 19.0.2.0 - Oracle Corporation)
Kaspersky Password Manager (HKLM-x32\...\{BE877CFF-5461-441D-8A15-299DA7509968}) (Version: 10.2.0.341 - Kaspersky Lab) Hidden
Kaspersky Password Manager (HKLM-x32\...\InstallWIX_{BE877CFF-5461-441D-8A15-299DA7509968}) (Version: 10.2.0.341 - Kaspersky Lab)
Kontrola stavu osobního počítače s Windows (HKLM\...\{D1F15F7A-707A-42BD-BE6B-3380616F796D}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Kontrola stavu osobního počítače s Windows (HKLM\...\{E496AFB7-CB04-46CF-8FBB-5D665BC8811B}) (Version: 3.3.2110.22002 - Microsoft Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\Riot Game league_of_legends.live) (Version: - Riot Games, Inc)
Malware Hunter 1.145.0.762 (HKLM-x32\...\Malware Hunter) (Version: 1.145.0.762 - Glarysoft Ltd)
Malwarebytes version 4.5.34.275 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.34.275 - Malwarebytes)
Microsoft .NET Host - 5.0.17 (x86) (HKLM-x32\...\{54DE7EA9-E391-4BD2-A373-3A72A18EBDB5}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.17 (x86) (HKLM-x32\...\{AF01038B-6523-4EA7-9D9E-4F1E2927D88B}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.17 (x86) (HKLM-x32\...\{59650A2A-3839-46EC-9D9C-6B3B1C743C55}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 115.0.1901.203 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 115.0.1901.203 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\OneDriveSetup.exe) (Version: 23.158.0730.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{BB052C53-34CB-42DE-AF41-66FDFCEEC868}) (Version: 3.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (HKLM-x32\...\{8bdfe669-9705-4184-9368-db9ce581e0e7}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (HKLM-x32\...\{410c0ee1-00bb-41b6-9772-e12c2828b02f}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (HKLM\...\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (HKLM\...\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (HKLM-x32\...\{C2C59CAB-8766-4ABD-A8EF-1151A36C41E5}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (HKLM-x32\...\{73F77E4E-5A17-46E5-A5FC-8A061047725F}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 5.0.17 (x86) (HKLM-x32\...\{098c6ff7-1af1-4c4a-b86f-c60608c98e31}) (Version: 5.0.17.31219 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 5.0.17 (x86) (HKLM-x32\...\{0D02D706-44F2-4957-A448-E7259A0B56B9}) (Version: 40.68.31219 - Microsoft Corporation) Hidden
Mount & Blade II: Bannerlord [1.7.1] (HKLM-x32\...\Mount & Blade II: Bannerlord_is1) (Version: - TaleWorlds Entertainment)
Mozilla Firefox (x64 cs) (HKLM\...\Mozilla Firefox 116.0.2 (x64 cs)) (Version: 116.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 91.0 - Mozilla)
MPC-HC 1.7.13 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.13 - MPC-HC Team)
Niceboy ORYX K600 Mechanical Keyboard v1.6.5 (HKLM-x32\...\{2C0A8508-5710-4207-8ED8-57518B198878}_is1) (Version: - )
NVIDIA FrameView SDK 1.3.8107.31782123 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8107.31782123 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.26.0.131 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.26.0.131 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 536.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 536.23 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 28.0.3 - OBS Project)
Pokémon Trading Card Game Live (HKLM\...\{C63D0335-E4E3-4F4D-A98A-AAF8544FB551}) (Version: 1.6.1.0 - The Pokémon Company International)
qBittorrent (HKLM-x32\...\qBittorrent) (Version: 4.5.0 - The qBittorrent project)
Reborn Full Client 2014-02-28 version 1 (HKLM-x32\...\Reborn Full Client 2014-02-28_is1) (Version: 1 - )
Seal Hunter (HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\Seal Hunter) (Version: - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.5.6 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.259193 - TeamViewer)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 2.6.3.0 - Zenimax Online Studios)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 140.0.10857 - Ubisoft)
UE4 Prerequisites (x64) (HKLM\...\{D7B591D8-1091-4A00-A0B3-5301C45E5D51}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{0d995f46-317b-4b5f-bf3e-9f98bae9d339}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
Uninstall Orion Launcher (HKLM-x32\...\{9759746F-CA20-4A89-AD9B-F82E122D67D5}_is1) (Version: 2.0.0.0 - )
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{C270D21B-2327-49B8-85F7-395133A93C75}) (Version: 8.92.0.0 - Microsoft Corporation)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.2.0 - Elaborate Bytes)
Wargaming.net Game Center (HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\Wargaming.net Game Center) (Version: 22.5.0.733 - Wargaming.net)
WinRAR 6.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH)
Packages:
=========
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe [2023-08-04] (Microsoft Corporation)
File Analyzer Plus -> C:\Program Files\WindowsApps\BitberrySoftware.FileAnalyzerPlus_1.0.7.0_x86__2js97y2b9kjke [2023-02-08] (Bitberry Software)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_148.2.1069.0_x64__v10z8vjag6ke6 [2023-08-12] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-07-13] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-07-13] (Microsoft Corporation) [MS Ad]
Microsoft Midi gm.dls -> C:\Program Files\WindowsApps\Microsoft.Midi.GmDls_1.0.1.0_neutral__8wekyb3d8bbwe [2022-09-05] (Microsoft Platform Extensions)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2023-03-09] (NVIDIA Corp.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-05-15] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.11.217.0_x64__dt26b99r8h8gj [2021-07-11] (Realtek Semiconductor Corp)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.17.8040.0_x64__8wekyb3d8bbwe [2023-08-06] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.217.834.0_x64__zpdnekdrzrea0 [2023-08-04] (Spotify AB) [Startup Task]
Trio Office -> C:\Program Files\WindowsApps\64343GTDocStudio.OfficeDocOpener_3.3.5.0_x86__3h5nez1g3qt2c [2023-06-02] (GT Office PDF Studio)
WPS Office Suite - PDF, Word, Spreadsheet, Slide View & Edit -> C:\Program Files\WindowsApps\ZhuhaiKingsoftOfficeSoftw.WPSOffice2019_11.2.11219.0_x86__924xes6e8q1tw [2023-02-07] (Kingsoft Office Software Corporation Limited)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2572895026-2735717841-2913369703-1002_Classes\CLSID\{2EF7E390-2F7C-4F9A-9B7D-4A87B56B711D}\InprocServer32 -> C:\Users\Petr\AppData\Local\Microsoft\EdgeUpdate\1.3.173.51\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2572895026-2735717841-2913369703-1002_Classes\CLSID\{38971E90-14FD-44F6-AA45-1447B653F873}\InprocServer32 -> C:\Users\Petr\AppData\Local\Microsoft\EdgeUpdate\1.3.173.45\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2572895026-2735717841-2913369703-1002_Classes\CLSID\{5EA43877-C6D8-4885-B77A-C0BB27E94372}\InprocServer32 -> C:\Users\Petr\AppData\Local\Microsoft\EdgeUpdate\1.3.177.11\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2572895026-2735717841-2913369703-1002_Classes\CLSID\{608D599A-DCA6-4A7C-BED7-AFCD8465345A}\InprocServer32 -> C:\Users\Petr\AppData\Local\Microsoft\EdgeUpdate\1.3.175.29\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2572895026-2735717841-2913369703-1002_Classes\CLSID\{64C6EFB9-8F79-4106-B975-067448DC768F}\InprocServer32 -> C:\Users\Petr\AppData\Local\Microsoft\EdgeUpdate\1.3.177.11\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2572895026-2735717841-2913369703-1002_Classes\CLSID\{7C9A348D-C321-47AC-904F-150312A5430F}\InprocServer32 -> C:\Users\Petr\AppData\Local\Microsoft\EdgeUpdate\1.3.175.27\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2572895026-2735717841-2913369703-1002_Classes\CLSID\{81093D63-7825-417B-BFC8-ADC63FA4E53D}\InprocServer32 -> C:\Users\Petr\AppData\Local\Microsoft\EdgeUpdate\1.3.177.11\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2572895026-2735717841-2913369703-1002_Classes\CLSID\{88B20FC8-EBD6-4181-B5F6-50F45BFF722E}\InprocServer32 -> C:\Users\Petr\AppData\Local\Microsoft\EdgeUpdate\1.3.167.21\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2572895026-2735717841-2913369703-1002_Classes\CLSID\{997809F3-33FD-4FD6-A2ED-CEF50F3263B1}\InprocServer32 -> C:\Users\Petr\AppData\Local\Microsoft\EdgeUpdate\1.3.169.31\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2572895026-2735717841-2913369703-1002_Classes\CLSID\{ABF66F82-B04C-4FE4-8272-661539463FE1}\InprocServer32 -> C:\Users\Petr\AppData\Local\Microsoft\EdgeUpdate\1.3.171.37\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2572895026-2735717841-2913369703-1002_Classes\CLSID\{B29F5F83-90DF-479A-BDE7-8A9F4412E394}\InprocServer32 -> C:\Users\Petr\AppData\Local\Microsoft\EdgeUpdate\1.3.171.39\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2572895026-2735717841-2913369703-1002_Classes\CLSID\{BFBE0943-74C5-40E0-9E80-0B808109E95D}\InprocServer32 -> C:\Users\Petr\AppData\Local\Microsoft\EdgeUpdate\1.3.163.19\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2572895026-2735717841-2913369703-1002_Classes\CLSID\{D1CE12B0-2529-4B24-BE8E-189735EA0DC1}\InprocServer32 -> C:\Users\Petr\AppData\Local\Microsoft\EdgeUpdate\1.3.165.21\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2572895026-2735717841-2913369703-1002_Classes\CLSID\{E8791438-3525-48BF-A600-C577AD1674C2}\InprocServer32 -> C:\Users\Petr\AppData\Local\Microsoft\EdgeUpdate\1.3.173.49\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2572895026-2735717841-2913369703-1002_Classes\CLSID\{F1CBF5EB-347F-4E4C-90AC-E43339FC34EC}\InprocServer32 -> C:\Users\Petr\AppData\Local\Microsoft\EdgeUpdate\1.3.173.55\psuser_64.dll => No File
ContextMenuHandlers1: [Glarysoft MalwareHunter] -> {EA847F47-97F1-4D78-AB99-C63CA1C327F0} => C:\Program Files (x86)\Glarysoft\Malware Hunter\x64\MHContextHandlerx64.dll [2021-07-26] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2020-02-23] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Glarysoft MalwareHunter] -> {EA847F47-97F1-4D78-AB99-C63CA1C327F0} => C:\Program Files (x86)\Glarysoft\Malware Hunter\x64\MHContextHandlerx64.dll [2021-07-26] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers2: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers2: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2020-02-23] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-08-12] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_7e5fd280efaa5445\nvshext.dll [2023-06-21] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [Glarysoft MalwareHunter] -> {EA847F47-97F1-4D78-AB99-C63CA1C327F0} => C:\Program Files (x86)\Glarysoft\Malware Hunter\x64\MHContextHandlerx64.dll [2021-07-26] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-08-12] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Razor\Visit Razor's Website.lnk -> hxxp://www.runuo.com/razor
ShortcutWithArgument: C:\Users\Petr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --load-extension="C:\Users\Petr\AppData\Local\Packages\Paon\v1-5\addon"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --load-extension="C:\Users\Petr\AppData\Local\Packages\Paon\v1-5\addon"
ShortcutWithArgument: C:\Users\Public\Desktop\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --load-extension="C:\Users\Petr\AppData\Local\Packages\Paon\v1-5\addon"
==================== Loaded Modules (Whitelisted) =============
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Petr\Downloads\adwcleaner.exe:MBAM.Zone.Identifier [141]
AlternateDataStreams: C:\Users\Petr\Downloads\FRST64.exe:MBAM.Zone.Identifier [240]
AlternateDataStreams: C:\Users\Petr\Downloads\sm-online.exe:MBAM.Zone.Identifier [115]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\dotnet\
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Pozadí plochy.bmp
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\StartupFolder: => "MobileGo Service.lnk"
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\StartupApproved\StartupFolder: => "Minion.lnk"
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\StartupApproved\Run: => "Microsoft Edge Update"
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\StartupApproved\Run: => "ImageGlass Spider"
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\StartupApproved\Run: => "Wargaming.net Game Center"
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_88D36A2D9DF9AF2106D8CF7538FE64F2"
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\StartupApproved\Run: => "icq.desktop"
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\StartupApproved\Run: => "Discord"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{624E245D-5EBC-4BA9-B180-F5201449E7CE}C:\program files (x86)\seal hunter\seal hunter.exe] => (Allow) C:\program files (x86)\seal hunter\seal hunter.exe (hxxp://sealhunter.se/) [File not signed]
FirewallRules: [UDP Query User{A4818567-05FA-4615-9EB7-BE6FF321D7B3}C:\program files (x86)\seal hunter\seal hunter.exe] => (Allow) C:\program files (x86)\seal hunter\seal hunter.exe (hxxp://sealhunter.se/) [File not signed]
FirewallRules: [{485733CD-8D4C-4EFE-939A-ED5B33FFA779}] => (Allow) C:\Users\Petr\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{2C0767E0-D029-4F52-A37F-D38A70DAEA62}] => (Allow) C:\Users\Petr\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [TCP Query User{37F83282-95C9-4BCC-8CC0-AC78EB4B4494}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{33AA0C75-BFF9-4ED6-852F-05EDEF3F92CC}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{E405B985-C38F-4599-94C7-66F5276C52F0}C:\program files\epic games\remnantfromtheashes\remnant\binaries\win64\remnant-win64-shipping.exe] => (Allow) C:\program files\epic games\remnantfromtheashes\remnant\binaries\win64\remnant-win64-shipping.exe => No File
FirewallRules: [UDP Query User{80D9EB72-9B7B-41E2-944F-1DE39D1CB7F1}C:\program files\epic games\remnantfromtheashes\remnant\binaries\win64\remnant-win64-shipping.exe] => (Allow) C:\program files\epic games\remnantfromtheashes\remnant\binaries\win64\remnant-win64-shipping.exe => No File
FirewallRules: [TCP Query User{28F1C750-4A5A-4ADD-A823-C3A6CCF976FA}C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe] => (Block) C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe (Wondershare Technology Co.,Ltd -> Wondershare)
FirewallRules: [UDP Query User{AA0D8E41-B446-4EAF-8F74-993FEE190748}C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe] => (Block) C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe (Wondershare Technology Co.,Ltd -> Wondershare)
FirewallRules: [TCP Query User{33E28785-8812-453F-B0AB-92AA04A411C5}C:\program files\windowsapps\spotifyab.spotifymusic_1.179.763.0_x86__zpdnekdrzrea0\spotify.exe] => (Block) C:\program files\windowsapps\spotifyab.spotifymusic_1.179.763.0_x86__zpdnekdrzrea0\spotify.exe => No File
FirewallRules: [UDP Query User{9D1031AE-8425-4A8C-800B-005092A92E4D}C:\program files\windowsapps\spotifyab.spotifymusic_1.179.763.0_x86__zpdnekdrzrea0\spotify.exe] => (Block) C:\program files\windowsapps\spotifyab.spotifymusic_1.179.763.0_x86__zpdnekdrzrea0\spotify.exe => No File
FirewallRules: [{1196FCBB-162C-4A5B-8D57-38C66CF50FDC}] => (Allow) C:\Users\Petr\Downloads\Mount & Blade 2 Bannerlord\Setup.exe => No File
FirewallRules: [{D8DD3156-BD20-47B0-A5F3-AF8CB43B8BDD}] => (Allow) C:\Users\Petr\Downloads\Mount & Blade 2 Bannerlord\Setup.exe => No File
FirewallRules: [{161506F7-E854-43F0-8EEA-DC868D4606C0}] => (Allow) C:\Users\Petr\Downloads\Mount & Blade 2 Bannerlord\Setup.exe => No File
FirewallRules: [{E9DB49AA-5FFA-4573-8268-FC4FAF425670}] => (Allow) C:\Users\Petr\Downloads\Mount & Blade 2 Bannerlord\Setup.exe => No File
FirewallRules: [{192B9EAA-7957-4335-A754-5418341F3A48}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{65473C9D-7AC3-4E73-856C-00D1BA30F66D}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{93CA5BFE-A657-459B-A442-471FD4791697}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{059691AC-A557-486E-9660-32C1DF3D3947}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{EC35831F-F196-4A22-99C4-CA754067636A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{C60788E5-DE6A-473F-976C-6414F77FA0B4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{9B0D50C3-7C01-44F0-8A48-0D4496C9D6B7}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{9F910333-45D6-4BEB-A58B-F91E0922EA84}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{27BDA38F-8CA9-4EBD-8E47-945CB50E5D42}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{CEBC72DD-BFBD-4B92-97A7-06CC29804EF5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{39831F52-E711-43FC-BA01-B7ABD60FA70A}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Block) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{1B2B82EE-B2E6-4F01-B628-5F28AA256A59}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Block) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [TCP Query User{07766D9A-7564-4B5C-922A-11F7B2181D40}F:\dark paradise\ultima online 2d\uoam\uoam_orion.exe] => (Allow) F:\dark paradise\ultima online 2d\uoam\uoam_orion.exe () [File not signed]
FirewallRules: [UDP Query User{A5868089-C39C-4C92-B6AC-AB3732AD46B8}F:\dark paradise\ultima online 2d\uoam\uoam_orion.exe] => (Allow) F:\dark paradise\ultima online 2d\uoam\uoam_orion.exe () [File not signed]
FirewallRules: [TCP Query User{A29A478D-AF01-4E6F-A784-409A2A82BBC9}C:\orion launcher\orionuo64.exe] => (Allow) C:\orion launcher\orionuo64.exe (OrionUO Team) [File not signed]
FirewallRules: [UDP Query User{ABC06FDA-0F00-4E8C-A2B3-62DEF8529E82}C:\orion launcher\orionuo64.exe] => (Allow) C:\orion launcher\orionuo64.exe (OrionUO Team) [File not signed]
FirewallRules: [{48A917E1-CBDF-4AF2-BBB1-DE05C4E9607B}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{4EF9A402-E2F9-400F-A0E4-1676318C9232}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{D0CE989E-62A3-4CA3-BA00-0C701763ED0D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rampage Knights\rampage_knights.exe (Rake in Grass) [File not signed]
FirewallRules: [{ACA83D8C-7D23-48BE-9810-A446E46EDBC0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rampage Knights\rampage_knights.exe (Rake in Grass) [File not signed]
FirewallRules: [{69B74A78-D120-45AA-83BE-9A1B683EC546}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{217DAA85-81F9-4F37-B744-ECB15C0C4D51}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{5505D773-0E04-43F4-A654-184A80635FC7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{9AA9652C-0185-44CC-A9AB-47287E8B7EDA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{8FFF4A5C-546F-42C1-88F1-D88C3DF095F2}C:\users\petr\appdata\local\temp\npxdata\browser\msedge\application\msedge_worker_background.exe] => (Block) C:\users\petr\appdata\local\temp\npxdata\browser\msedge\application\msedge_worker_background.exe => No File
FirewallRules: [UDP Query User{6296800D-69DF-4E2B-95E6-F015DE3BBA0E}C:\users\petr\appdata\local\temp\npxdata\browser\msedge\application\msedge_worker_background.exe] => (Block) C:\users\petr\appdata\local\temp\npxdata\browser\msedge\application\msedge_worker_background.exe => No File
FirewallRules: [TCP Query User{3E58FE5F-3015-4E90-B345-15A46C2B8193}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [UDP Query User{D8221B88-A7C5-47A2-9B13-F3C0A48A055B}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{4DF867DE-42A2-4ED9-9B9B-3704867DDA67}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{944700FF-00F4-4048-8B5E-5839F67A586D}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{94D088C6-1113-419C-AB93-A3FFAB294CF1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{4EB4B8A2-FE6F-497E-BD4E-1B8E9E011B27}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{179ABFAC-5A4A-43CD-AB2C-B863E93A9475}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{2CDF209D-8798-49E8-9BAB-71797145A1C7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{3E5726D9-611F-43DB-AE07-D1ED5C50A7FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin64\dontstarve_steam_x64.exe () [File not signed]
FirewallRules: [{96864273-3435-4D00-95B7-BAABDCBE2BBB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin64\dontstarve_steam_x64.exe () [File not signed]
FirewallRules: [{0BCB45C5-D78C-4684-ABDE-C544C1DC5605}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe () [File not signed]
FirewallRules: [{7A70F7D5-5D2B-49DE-A707-474E5971306C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe () [File not signed]
FirewallRules: [TCP Query User{E487096D-FA90-4DA4-83F9-F7F3FBEE0BCD}C:\dyinglight\dyinglightgame.exe] => (Allow) C:\dyinglight\dyinglightgame.exe => No File
FirewallRules: [UDP Query User{A513CB7C-02EE-4DC7-9C11-85FD91724E5A}C:\dyinglight\dyinglightgame.exe] => (Allow) C:\dyinglight\dyinglightgame.exe => No File
FirewallRules: [{FD938F9A-9AEC-45A2-B87D-89EE246C6B57}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Company of Heroes Relaunch\Blitzkrieg Launcher.exe (Wolf) [File not signed]
FirewallRules: [{4A2731C4-8C2E-40EC-80AB-111DFCB68195}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Company of Heroes Relaunch\Blitzkrieg Launcher.exe (Wolf) [File not signed]
FirewallRules: [TCP Query User{DD69DED5-0937-447D-9FF7-F6B0895D7264}C:\program files (x86)\steam\steamapps\common\company of heroes relaunch\reliccoh.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\company of heroes relaunch\reliccoh.exe (The build server will stamp this field) [File not signed]
FirewallRules: [UDP Query User{C725F145-C0E8-45BE-90B7-29A2C700C429}C:\program files (x86)\steam\steamapps\common\company of heroes relaunch\reliccoh.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\company of heroes relaunch\reliccoh.exe (The build server will stamp this field) [File not signed]
FirewallRules: [TCP Query User{2E2D609B-6A2D-492C-A6CA-B15D59C53183}C:\users\petr\appdata\local\enlisted\launcher.exe] => (Allow) C:\users\petr\appdata\local\enlisted\launcher.exe (Gaijin Network Ltd -> Gaijin)
FirewallRules: [UDP Query User{DFDF9D24-BF13-4280-BB42-9882A0758D14}C:\users\petr\appdata\local\enlisted\launcher.exe] => (Allow) C:\users\petr\appdata\local\enlisted\launcher.exe (Gaijin Network Ltd -> Gaijin)
FirewallRules: [TCP Query User{E80D5D60-3523-4F58-8890-F681AADA8B79}C:\users\petr\appdata\local\enlisted\win64\enlisted.exe] => (Allow) C:\users\petr\appdata\local\enlisted\win64\enlisted.exe (Gaijin Network Ltd -> Gaijin Entertainment)
FirewallRules: [UDP Query User{0B3590A4-989A-4905-A08C-96B49A8BF614}C:\users\petr\appdata\local\enlisted\win64\enlisted.exe] => (Allow) C:\users\petr\appdata\local\enlisted\win64\enlisted.exe (Gaijin Network Ltd -> Gaijin Entertainment)
FirewallRules: [TCP Query User{95419A40-7815-45E7-949E-2F19B6067F82}F:\midnightghosthunt\midnightghosthunt\binaries\win64\midnightghosthunt-win64-shipping.exe] => (Allow) F:\midnightghosthunt\midnightghosthunt\binaries\win64\midnightghosthunt-win64-shipping.exe (Vaulted Sky Games) [File not signed]
FirewallRules: [UDP Query User{C6FBC7F3-9F1A-4B0D-B8FB-0C45C9382934}F:\midnightghosthunt\midnightghosthunt\binaries\win64\midnightghosthunt-win64-shipping.exe] => (Allow) F:\midnightghosthunt\midnightghosthunt\binaries\win64\midnightghosthunt-win64-shipping.exe (Vaulted Sky Games) [File not signed]
FirewallRules: [{92976CBA-9F63-4C14-81EE-407A407148B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trackmania\Trackmania.exe (NADEO SAS -> Nadeo)
FirewallRules: [{C6FE319C-9012-494E-8B18-74423C7594C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trackmania\Trackmania.exe (NADEO SAS -> Nadeo)
FirewallRules: [TCP Query User{7DC1D02E-B20B-4BF4-807A-81806AF3433E}F:\payday2\payday2_win32_release.exe] => (Allow) F:\payday2\payday2_win32_release.exe => No File
FirewallRules: [UDP Query User{BBEC616F-95EE-4CBD-8542-22BBD21F3E48}F:\payday2\payday2_win32_release.exe] => (Allow) F:\payday2\payday2_win32_release.exe => No File
FirewallRules: [TCP Query User{EA583445-8FE0-486A-96E7-7FA4815F93DE}C:\users\petr\appdata\local\discord\app-1.0.9013\discord.exe] => (Allow) C:\users\petr\appdata\local\discord\app-1.0.9013\discord.exe => No File
FirewallRules: [UDP Query User{0BA47732-D3F0-44DF-9830-B6560BCE6A1C}C:\users\petr\appdata\local\discord\app-1.0.9013\discord.exe] => (Allow) C:\users\petr\appdata\local\discord\app-1.0.9013\discord.exe => No File
FirewallRules: [TCP Query User{C8842839-5070-40FE-8C3D-3DF2A0E6B654}C:\users\petr\the pokémon company international\pokémon trading card game live\pokemon tcg live.exe] => (Allow) C:\users\petr\the pokémon company international\pokémon trading card game live\pokemon tcg live.exe (The Pokemon Company International, Inc. -> )
FirewallRules: [UDP Query User{16BCB03D-2BB6-4B10-A7E8-C12FDBE32B73}C:\users\petr\the pokémon company international\pokémon trading card game live\pokemon tcg live.exe] => (Allow) C:\users\petr\the pokémon company international\pokémon trading card game live\pokemon tcg live.exe (The Pokemon Company International, Inc. -> )
FirewallRules: [{9E143723-7006-43BE-BE7D-64AF3C1B1E17}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.217.834.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{8C410B74-11B5-4291-94CB-8AA58B68AC70}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.217.834.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{A0D30B31-F355-4B1E-932E-1EF43A5FBA60}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.217.834.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{72643C62-BDB2-456D-950A-42601E7C66FA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.217.834.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{378389A7-C2E7-48E1-8001-9B69BD1C9848}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.217.834.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{C4D2817C-4744-4588-A57B-E8AA01787714}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.217.834.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{25819FE6-3583-4332-BF05-20CA28485532}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.217.834.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{773221E8-0CBC-442F-9C46-61CE1262C553}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.217.834.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{3A7A9E4B-F8DE-439C-B732-2178FFDC86ED}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.217.834.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{3BB2D469-433D-4BAF-819C-8DD1B497F026}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.217.834.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{CAF00978-A6FF-40A2-9FD0-C61E39C2B3F1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.101.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E5609209-8535-4DBE-AE52-20DDD6A44812}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.101.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{09C5FE5C-8FD8-4782-ABBE-B457A5D74084}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.101.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D420BFA2-5AF0-4EAF-9019-26F1633ECD26}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.101.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{29E31CAF-EC28-4672-9CEE-621BE61701F2}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.203\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{29F6AFEA-788F-4984-B89F-2BDD7CD86907}] => (Allow) C:\Program Files (x86)\MiniTool ShadowMaker\AgentService.exe => No File
FirewallRules: [{AD401B6E-CB3C-4820-AA09-CE05D866901B}] => (Allow) C:\Program Files (x86)\MiniTool ShadowMaker\AgentService.exe => No File
==================== Restore Points =========================
12-08-2023 11:52:18 Naplánovaný kontrolní bod
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (08/14/2023 03:11:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: UGNSQGTYKYNEIGRT.exe, verze: 1.1.18500.10, časové razítko: 0x500ea6ce
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000140003be2
ID chybujícího procesu: 0x2094
Čas spuštění chybující aplikace: 0x01d9ce43e4d4982f
Cesta k chybující aplikaci: C:\Users\Petr\AppData\Roaming\CSPX\UGNSQGTYKYNEIGRT.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 14f86276-bdc2-4c5a-9505-b9c5488a2b38
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (08/14/2023 02:11:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: UGNSQGTYKYNEIGRT.exe, verze: 1.1.18500.10, časové razítko: 0x500ea6ce
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000140003be2
ID chybujícího procesu: 0x930
Čas spuštění chybující aplikace: 0x01d9ce3b7e6e7bc9
Cesta k chybující aplikaci: C:\Users\Petr\AppData\Roaming\CSPX\UGNSQGTYKYNEIGRT.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 1a1a0c63-d2fd-4d3d-96ed-bca6d7f4544f
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (08/14/2023 01:11:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: UGNSQGTYKYNEIGRT.exe, verze: 1.1.18500.10, časové razítko: 0x500ea6ce
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000140003be2
ID chybujícího procesu: 0x1670
Čas spuštění chybující aplikace: 0x01d9ce33184b3260
Cesta k chybující aplikaci: C:\Users\Petr\AppData\Roaming\CSPX\UGNSQGTYKYNEIGRT.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: c50bbd9e-b2a6-46ed-af4e-a150bd413cf8
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (08/14/2023 12:11:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: UGNSQGTYKYNEIGRT.exe, verze: 1.1.18500.10, časové razítko: 0x500ea6ce
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000140003be2
ID chybujícího procesu: 0x5c8
Čas spuštění chybující aplikace: 0x01d9ce2ab2214a1d
Cesta k chybující aplikaci: C:\Users\Petr\AppData\Roaming\CSPX\UGNSQGTYKYNEIGRT.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: e51ec675-bc39-4708-b2a6-90a2c90549a6
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (08/13/2023 11:11:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: UGNSQGTYKYNEIGRT.exe, verze: 1.1.18500.10, časové razítko: 0x500ea6ce
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000140003be2
ID chybujícího procesu: 0x2dc8
Čas spuštění chybující aplikace: 0x01d9ce224ad8f593
Cesta k chybující aplikaci: C:\Users\Petr\AppData\Roaming\CSPX\UGNSQGTYKYNEIGRT.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: d7c8e72e-c72f-4295-98eb-2bcc1ef5edcd
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (08/13/2023 09:34:58 PM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: )
Description: Event-ID 2
Error: (08/13/2023 12:26:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: UGNSQGTYKYNEIGRT.exe, verze: 1.1.18500.10, časové razítko: 0x500ea6ce
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000140003be2
ID chybujícího procesu: 0x3978
Čas spuštění chybující aplikace: 0x01d9cd4a915736a6
Cesta k chybující aplikaci: C:\Users\Petr\AppData\Roaming\CSPX\UGNSQGTYKYNEIGRT.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 1ce5fd2d-f377-4f7e-abed-06305451bab9
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (08/12/2023 08:26:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: UGNSQGTYKYNEIGRT.exe, verze: 1.1.18500.10, časové razítko: 0x500ea6ce
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000140003be2
ID chybujícího procesu: 0x2934
Čas spuštění chybující aplikace: 0x01d9cd422b9346bc
Cesta k chybující aplikaci: C:\Users\Petr\AppData\Roaming\CSPX\UGNSQGTYKYNEIGRT.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 6efd1fbc-2c8d-4e34-9b5b-32d0494906b9
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
System errors:
=============
Error: (08/14/2023 06:36:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA LocalSystem Container byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 6000 milisekund: Restartovat službu.
Error: (08/14/2023 06:36:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Wondershare Application Framework Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (08/14/2023 06:36:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Realtek Audio Universal Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.
Error: (08/14/2023 06:36:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba HP Print Scan Doctor Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 5000 milisekund: Restartovat službu.
Error: (08/14/2023 06:36:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA Display Container LS byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 6000 milisekund: Restartovat službu.
Error: (08/14/2023 06:31:01 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Při pokusu o načtení souboru místních hostitelů došlo k chybě.
Error: (08/14/2023 06:30:58 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Při pokusu o načtení souboru místních hostitelů došlo k chybě.
Error: (08/14/2023 06:30:29 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Služba DCOM zjistila chybu 1115 při pokusu o spuštění služby wuauserv s argumenty Není k dispozici za účelem spuštění serveru:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}
Windows Defender:
================
Date: 2023-03-24 16:43:53
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Backdoor:Win32/Sdbot
Závažnost: Vážné
Kategorie: Zadní vrátka
Cesta: file:_C:\Users\Petr\Desktop\Old-Games\Commandos-Behind_Enemy_Lines\comandos.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-PTGKVCQ\Petr
Název procesu: C:\Program Files (x86)\Glarysoft\Malware Hunter\MalwareHunter.exe
Verze bezpečnostních informací: AV: 1.385.977.0, AS: 1.385.977.0, NIS: 1.385.977.0
Verze modulu: AM: 1.1.20100.6, NIS: 1.1.20100.6
Date: 2023-03-24 16:25:23
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/Keygen
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Users\Petr\Downloads\Glary Malware Hunter Pro 1.145.0.762 Multilingual\Patch\Glary.Malware.Hunter.Pro.1.x.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-PTGKVCQ\Petr
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.385.977.0, AS: 1.385.977.0, NIS: 1.385.977.0
Verze modulu: AM: 1.1.20100.6, NIS: 1.1.20100.6
Date: 2023-03-24 16:25:19
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/Keygen
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Users\Petr\Downloads\Glary Malware Hunter Pro 1.145.0.762 Multilingual\Patch\Glary.Malware.Hunter.Pro.1.x.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-PTGKVCQ\Petr
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.385.977.0, AS: 1.385.977.0, NIS: 1.385.977.0
Verze modulu: AM: 1.1.20100.6, NIS: 1.1.20100.6
Date: 2023-03-24 16:25:08
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/Keygen
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Users\Petr\Downloads\Glary Malware Hunter Pro 1.145.0.762 Multilingual\Patch\Patch-Glary.Malware.Hunter.Pro.1.x.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel:
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.385.977.0, AS: 1.385.977.0, NIS: 1.385.977.0
Verze modulu: AM: 1.1.20100.6, NIS: 1.1.20100.6
Date: 2023-03-24 16:23:17
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/Keygen
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Users\Petr\Downloads\Glary Malware Hunter Pro 1.145.0.762 Multilingual\Patch\Patch-Glary.Malware.Hunter.Pro.1.x.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-PTGKVCQ\Petr
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.385.977.0, AS: 1.385.977.0, NIS: 1.385.977.0
Verze modulu: AM: 1.1.20100.6, NIS: 1.1.20100.6
Event[0]:
Date: 2023-08-14 18:30:29
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.391.2288.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.23050.3
Kód chyby: 0x8007045b
Popis chyby: Probíhá vypnutí systému.
Date: 2022-12-25 04:33:48
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.381.1007.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.19900.2
Kód chyby: 0x80080005
Popis chyby: Provádění serveru selhalo
CodeIntegrity:
===============
Date: 2023-08-13 22:10:57
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2023-08-13 22:10:57
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe) attempted to load \Device\HarddiskVolume6\Program Files (x86)\Spybot - Search & Destroy 2\SDLicense.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2023-08-12 00:15:34
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Mozilla Firefox\firefox.exe) attempted to load \Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends Inc. F11 12/31/2020
Motherboard: Gigabyte Technology Co., Ltd. B550 AORUS ELITE V2
Processor: AMD Ryzen 5 3600 6-Core Processor
Percentage of memory in use: 22%
Total physical RAM: 16330.43 MB
Available physical RAM: 12718.47 MB
Total Virtual: 17354.43 MB
Available Virtual: 11884.11 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.16 GB) (Free:74.47 GB) (Model: Samsung SSD 980 500GB) NTFS
Drive d: () (Fixed) (Total:0.1 GB) (Free:0.06 GB) (Model: ST3320620AS) NTFS ==>[system with boot components (obtained from drive)]
Drive e: () (Fixed) (Total:95.61 GB) (Free:3.61 GB) (Model: ST3320620AS) NTFS
Drive f: () (Fixed) (Total:202.39 GB) (Free:68.78 GB) (Model: ST3320620AS) NTFS
\\?\Volume{5731620d-b247-4517-81ae-70e9438d9312}\ () (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS
\\?\Volume{0b11d4b4-6e91-448a-8dad-3e1e86043c70}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 7877BB04)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=95.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=202.4 GB) - (Type=07 NTFS)
==========================================================
Disk: 1 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt =======================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-08-2023
Ran by Petr (administrator) on DESKTOP-PTGKVCQ (Gigabyte Technology Co., Ltd. B550 AORUS ELITE V2) (14-08-2023 18:37:00)
Running from C:\Users\Petr\Downloads\FRST64.exe
Loaded Profiles: Petr
Platform: Microsoft Windows 10 Home Version 21H2 19044.3086 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(C:\Users\Petr\Downloads\adwcleaner.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(explorer.exe ->) (Gaijin Network Ltd -> Gaijin) C:\Users\Petr\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe
(Malwarebytes Inc. -> Malwarebytes) C:\Users\Petr\Downloads\adwcleaner.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <12>
(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_7e5fd280efaa5445\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [1090784 2020-07-19] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [105280 2020-02-23] (Elaborate Bytes AG -> Elaborate Bytes AG)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\Run: [] => [X]
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\Run: [Wargaming.net Game Center] => C:\ProgramData\Wargaming.net\GameCenter\wgc.exe [2148016 2022-11-24] (Wargaming.net Limited -> Wargaming.net)
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\Run: [icq.desktop] => C:\Users\Petr\AppData\Roaming\ICQ\bin\icq.exe [121607136 2022-12-08] (LLC Mail.Ru -> )
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\Run: [Discord] => C:\Users\Petr\AppData\Local\Discord\Update.exe [1512608 2021-09-21] (Discord Inc. -> GitHub)
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\Run: [Microsoft Edge Update] => C:\Users\Petr\AppData\Local\Microsoft\EdgeUpdate\1.3.177.11\MicrosoftEdgeUpdateCore.exe [263648 2023-07-08] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\Run: [MicrosoftEdgeAutoLaunch_88D36A2D9DF9AF2106D8CF7538FE64F2] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4088272 2023-08-10] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\Run: [Gaijin.Net Updater] => C:\Users\Petr\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [3053768 2023-06-16] (Gaijin Network Ltd -> Gaijin)
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --load-extension="C:\Users\Petr\AppData\Roaming\YSPX\v3-21\dist" --new-window --no-default-browser-check --profile-directory=Default --ren (the data entry has 108 more characters). [4088272 2023-08-10] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\MountPoints2: {58bd2585-855b-11ed-90b3-18c04dade4bd} - "G:\setup.exe"
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\MountPoints2: {7441e713-684b-11ec-9007-18c04dade4bd} - "H:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\MountPoints2: {fd5938ec-14b7-11ee-90db-18c04dade4bd} - "H:\HiSuiteDownLoader.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MobileGo Service.lnk [2021-07-30]
ShortcutTarget: MobileGo Service.lnk -> C:\Program Files (x86)\Wondershare\MobileGo\MobileGoService.exe (Wondershare Technology Co.,Ltd -> Wondershare)
Startup: C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Minion.lnk [2023-08-03]
ShortcutTarget: Minion.lnk -> C:\Users\Petr\AppData\Local\Minion\Minion.exe (No File)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {3B624549-91C9-4302-BF7B-AC8675423C5A} - \VSPXService_LG -> No File <==== ATTENTION
Task: {8C039E35-0594-4590-8A43-9FFE23E095F8} - \VSPXService -> No File <==== ATTENTION
Task: {27D57B48-4AAC-4B57-B877-F6ECCECA2448} - System32\Tasks\APTXService => C:\Users\Petr\AppData\Local\WAAC\v2519-1\rhc.exe [1536 2023-03-20] () [File not signed] -> php.exe index.php <==== ATTENTION
Task: {7384436F-8910-4B29-8AC4-6316E2D37989} - System32\Tasks\APTXService_LG => Command(1): rhc.exe -> php.exe include.php <==== ATTENTION
Task: {7384436F-8910-4B29-8AC4-6316E2D37989} - System32\Tasks\APTXService_LG => Command(2): rhc.exe -> php.exe index.php <==== ATTENTION
Task: {D19F368B-010B-4FF4-AFE7-9DB92620711E} - System32\Tasks\BlueStacksHelper_nxt => C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe [275136 2021-07-27] (Bluestack Systems, Inc -> BlueStack Systems, Inc.)
Task: {A07BFDA1-0E66-4A5E-B899-6F7DD0340576} - System32\Tasks\CnfCr0x120 => C:\Users\Petr\AppData\Local\Packages\Conf\v13-17\rnews.exe [7929856 2022-12-06] () [File not signed]
Task: {D09E5A12-C5A1-4E6B-863C-DBB794B26E05} - System32\Tasks\CnfCr0x122 => C:\Users\Petr\AppData\Local\Mozilla\Conf\v13-17\rnews.exe [7929856 2022-12-06] () [File not signed]
Task: {3FDEF3E0-47AF-42B9-9737-C763847AEE9C} - System32\Tasks\CnfCr0x123 => C:\Users\Petr\AppData\Local\Microsoft\Conf\v13-17\rnews.exe [7929856 2022-12-06] () [File not signed]
Task: {C2CCC1CA-6004-4BDC-A440-38620D995BF6} - System32\Tasks\CnfCr0x124 => C:\Users\Petr\AppData\Local\Media\Conf\v13-17\rnews.exe [7929856 2022-12-06] () [File not signed]
Task: {0AD79546-2D28-4C33-B443-2D5630930BC5} - System32\Tasks\CnfCr0x125 => C:\Users\Petr\AppData\Local\Packages\Rnews\v13-17\rnews.exe (No File)
Task: {472F5CBD-7E5B-4308-A035-B317B251E455} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [59856 2023-08-12] (HP Inc. -> HP Inc.)
Task: {C97AE61F-6053-4559-8DAC-38689B4BEA52} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [59856 2023-08-12] (HP Inc. -> HP Inc.)
Task: {599FAC34-DF03-4B7E-B743-6BF5A7F91F7A} - System32\Tasks\kpm_tray.exe => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 10.2\kpm_tray.exe [521416 2022-10-25] (AO Kaspersky Lab -> AO Kaspersky Lab)
Task: {5D186E80-7AAE-4F98-BD72-EAC404F69A6A} - System32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-2572895026-2735717841-2913369703-1002Core => C:\Users\Petr\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [205744 2022-07-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {91DEAA94-F0A1-494D-BC64-5FD6C7FAF8F1} - System32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-2572895026-2735717841-2913369703-1002UA => C:\Users\Petr\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [205744 2022-07-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {FF7F8BEF-465C-42DE-BCAC-590528CF4EF6} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [686496 2023-08-12] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {8A981979-232C-4192-8106-B7A22254DB2C} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [733088 2023-08-12] (Mozilla Corporation -> Mozilla Foundation)
Task: {E045DF61-11E1-46CB-9FEC-C9E45ADD8F49} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2022-03-02] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {A6246505-9C43-4A54-A2E2-79337B3ECB61} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3342376 2022-09-12] (Nvidia Corporation -> NVIDIA Corporation)
Task: {EF7A65A2-C743-47F5-917A-975F014666C4} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649256 2022-09-12] (Nvidia Corporation -> NVIDIA Corporation)
Task: {30ECC605-D859-4F58-9BED-1AE02D831D8E} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [908328 2022-09-12] (Nvidia Corporation -> NVIDIA Corporation)
Task: {912542B7-7EF2-464F-8686-C503331D6C18} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [908328 2022-09-12] (Nvidia Corporation -> NVIDIA Corporation)
Task: {0D0F49E0-3A2C-4B6B-8FC1-DF1B88F34113} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655336 2022-09-12] (Nvidia Corporation -> NVIDIA Corporation)
Task: {350F3170-1DFC-43BC-B5C0-AAB37B6B0CCB} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655336 2022-09-12] (Nvidia Corporation -> NVIDIA Corporation)
Task: {5A5DECA4-E69B-4A4E-A0B2-D4EAFAD914E1} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655336 2022-09-12] (Nvidia Corporation -> NVIDIA Corporation)
Task: {48BC324C-DEF7-4349-AB14-AF4B59D45543} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655336 2022-09-12] (Nvidia Corporation -> NVIDIA Corporation)
Task: {B80CDF19-0F8A-4C49-AF50-05F09C86864E} - System32\Tasks\PxService => C:\Users\Petr\AppData\Local\Packages\Paon\v1-5\paon.exe [13776272 2021-11-03] (PAN Software -> ) [File not signed]
Task: {2765F3AD-50BA-4823-A82C-28CED7B37446} - System32\Tasks\UGNSQGTYKYNEIGRT_run => C:\Users\Petr\AppData\Roaming\CSPX\UGNSQGTYKYNEIGRT.exe [803176 2023-03-24] (Microsoft Corporation) [File not signed]
Task: {73DDD113-A144-47B8-BAF4-3C9D720789AC} - System32\Tasks\WDDiscovery Service => C:\Users\Petr\AppData\Roaming\UPDX\v3-5\WDDiscovery.exe [844664 2013-07-31] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
Task: {513DC482-F4A6-44FF-AD9A-293B8A787EE2} - System32\Tasks\WDSync => C:\Users\Petr\AppData\Roaming\APDX\v3-4\WDSync.exe [157048 2022-11-30] (WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.)
Task: {36D3719B-0AB0-4E78-BC7B-D3F245B5CCE7} - System32\Tasks\WNVIDIA_FACTORY_LG => C:\Users\Petr\AppData\Local\CloudUpgrade\rhc.exe [1536 2023-03-20] () [File not signed] -> php.exe infinity.php <==== ATTENTION
Task: {0D0EB4E6-8B65-413E-9B02-75BFB3D6DA33} - System32\Tasks\wupdatecloud => C:\Users\Petr\AppData\Local\WAAC\wupdater_cloud\rhc.exe [1536 2023-03-06] () [File not signed] -> php.exe index.php <==== ATTENTION
Task: {10154789-2435-4B44-B382-16617D072A38} - System32\Tasks\wupdatecloud_LG => Command(1): rhc.exe -> php.exe include.php <==== ATTENTION
Task: {10154789-2435-4B44-B382-16617D072A38} - System32\Tasks\wupdatecloud_LG => Command(2): rhc.exe -> php.exe index.php <==== ATTENTION
Task: {11F29BDA-2D3E-4D20-912D-CE8F9D5CC1AF} - System32\Tasks\YTPXCheck => C:\Users\Petr\AppData\Local\WAAC\wupdater_cloud\rhc.exe [1536 2023-03-06] () [File not signed] -> php.exe keep_play.php <==== ATTENTION
Task: {FB457702-BDD0-48D2-9C56-D81A66F73C6E} - System32\Tasks\YTPXCheck LG => C:\Users\Petr\AppData\Local\WAAC\wupdater_cloud\rhc.exe [1536 2023-03-06] () [File not signed] -> php.exe keep_play.php <==== ATTENTION
Task: {5366B2FB-F3D9-454F-827B-EF1E8F580F31} - System32\Tasks\zends-et => C:\Users\Petr\AppData\Local\WAAC\wtraff_cloud\rhc.exe [1536 2023-05-07] () [File not signed] -> php.exe index.php <==== ATTENTION
Task: {CE7E32EE-7285-4F49-859A-01E88BAAEB82} - System32\Tasks\zends-et-LG => Command(1): rhc.exe -> php.exe include.php <==== ATTENTION
Task: {CE7E32EE-7285-4F49-859A-01E88BAAEB82} - System32\Tasks\zends-et-LG => Command(2): rhc.exe -> php.exe index.php <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ATTENTION (Restriction - Zones)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{a1cc4f1f-7551-4ece-af50-ec2e1eb0e793}: [DhcpNameServer] 192.168.0.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Petr\AppData\Local\Microsoft\Edge\User Data\Default [2023-08-13]
Edge Extension: (BattleTabs) - C:\Users\Petr\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gipocgejiebilnhkjplhfklahbdndlli [2023-07-14]
Edge Extension: (Edge relevant text changes) - C:\Users\Petr\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-08-12]
Edge Extension: (Sheets) - C:\Users\Petr\AppData\Local\Packages\Paon\v1-5\addon [2021-11-05]
Edge Profile: C:\Users\Petr\AppData\Local\Microsoft\Edge\User Data\Guest Profile [2021-08-13]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
FireFox:
========
FF DefaultProfile: 83onx1sj.default
FF ProfilePath: C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\83onx1sj.default [2022-12-26]
FF ProfilePath: C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\qxhmo9kp.default-release [2023-08-14]
FF Homepage: Mozilla\Firefox\Profiles\qxhmo9kp.default-release -> hxxps://www.google.com/
FF Notifications: Mozilla\Firefox\Profiles\qxhmo9kp.default-release -> hxxps://www.hlavnespravy.sk; hxxps://hypebeast.com; hxxps://www.bestdiscoveries.co; hxxps://www.facebook.com
FF Extension: (Ochrana Kaspersky) - C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\qxhmo9kp.default-release\Extensions\light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com.xpi [2023-06-18]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\qxhmo9kp.default-release\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2022-10-11]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AntiCheatExpert Service; C:\Program Files\AntiCheatExpert\SGuard\x64\SGuardSvc64.exe [2700648 2022-12-22] (HIGH MORALE DEVELOPMENTS LIMITED -> )
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8567960 2020-04-12] (BattlEye Innovations e.K. -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [1135648 2023-05-12] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [935344 2023-06-02] (EasyAntiCheat Oy -> Epic Games, Inc.)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [16029472 2021-11-29] (Epic Games Inc. -> Epic Games, Inc.)
S3 FacSvc_Infestation; C:\Users\Petr\AppData\Roaming\FAC\Infestation\FacSvc.exe [506968 2021-07-23] (Fredaikis AB -> )
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [230352 2023-08-12] (HP Inc. -> HP Inc.)
S3 kpm_service_10.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 10.2\kpm_service.exe [520904 2022-10-25] (AO Kaspersky Lab -> AO Kaspersky Lab)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9278784 2023-08-12] (Malwarebytes Inc. -> Malwarebytes)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7793960 2021-04-15] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2304.8-0\NisSrv.exe [3216064 2023-05-03] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2304.8-0\MsMpEng.exe [133544 2023-05-03] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe [473312 2017-03-20] (Wondershare Technology Co.,Ltd -> Wondershare)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\MobileGo\DriverInstall.exe [101152 2017-06-01] (Wondershare Technology Co.,Ltd -> Wondershare)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_7e5fd280efaa5445\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_7e5fd280efaa5445\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ACE-BASE; C:\Windows\system32\drivers\ACE-BASE.sys [1868832 2022-12-23] (HIGH MORALE DEVELOPMENTS LIMITED -> ANTICHEATEXPERT.COM)
S3 ACE-GAME; C:\Windows\system32\drivers\ACE-GAME.sys [772656 2022-12-23] (HIGH MORALE DEVELOPMENTS LIMITED -> ANTICHEATEXPERT.COM)
R2 BlueStacksDrv_nxt; C:\Program Files\BlueStacks_nxt\BstkDrv_nxt.sys [320728 2021-07-27] (Bluestack Systems, Inc -> Bluestack System Inc.)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [42616 2017-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [158640 2023-08-12] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 GUMHFilters; C:\Program Files (x86)\Glarysoft\Malware Hunter\Native\winxp_x64\GUMHFilter.sys [42976 2021-07-26] (Microsoft Windows Hardware Compatibility Publisher -> Glarysoft Ltd)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223176 2023-08-13] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2023-08-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [199640 2023-08-14] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [77752 2023-08-14] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2023-08-13] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [181984 2023-08-14] (Malwarebytes Inc. -> Malwarebytes)
R3 NvModuleTracker; C:\Windows\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [45656 2022-07-14] (Nvidia Corporation -> NVIDIA Corporation)
R3 VClone; C:\Windows\System32\drivers\VClone.sys [44544 2020-02-22] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [49616 2023-05-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [498944 2023-05-03] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (NGO -> MBB)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [99608 2023-05-03] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-08-14 18:34 - 2023-08-14 18:36 - 000000000 ____D C:\AdwCleaner
2023-08-14 18:34 - 2023-08-14 18:34 - 008791352 _____ (Malwarebytes) C:\Users\Petr\Downloads\adwcleaner.exe
2023-08-14 18:31 - 2023-08-14 18:31 - 000181984 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2023-08-14 18:30 - 2023-08-14 18:30 - 000000085 _____ C:\Windows\wininit.ini
2023-08-13 22:26 - 2023-08-13 22:27 - 000060465 _____ C:\Users\Petr\Downloads\Addition.txt
2023-08-13 22:25 - 2023-08-14 18:37 - 000023773 _____ C:\Users\Petr\Downloads\FRST.txt
2023-08-13 22:25 - 2023-08-13 22:25 - 002385408 _____ (Farbar) C:\Users\Petr\Downloads\FRST64.exe
2023-08-13 21:59 - 2023-08-13 22:01 - 000267974 _____ C:\Windows\ntbtlog.txt
2023-08-13 21:59 - 2023-08-13 21:59 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2023-08-13 21:36 - 2023-08-13 21:46 - 000000000 ____D C:\Users\Petr\AppData\Roaming\QtProject
2023-08-13 21:35 - 2023-08-13 21:35 - 000000000 ____D C:\Users\Petr\AppData\Local\system_backup_gui
2023-08-13 21:35 - 2023-08-13 21:35 - 000000000 ____D C:\Users\Petr\AppData\Local\CornerTips
2023-08-13 21:34 - 2023-08-13 21:47 - 000000000 ____D C:\Program Files (x86)\MiniTool ShadowMaker
2023-08-13 21:34 - 2023-05-08 18:36 - 215450560 _____ (MiniTool Software Limited ) C:\Users\Petr\Downloads\sm_x64.exe
2023-08-13 21:33 - 2023-08-13 21:34 - 002008616 _____ (MiniTool Software Limited) C:\Users\Petr\Downloads\sm-online.exe
2023-08-13 00:30 - 2023-08-13 00:30 - 000112948 _____ C:\Users\Petr\Downloads\lang_rus.rar
2023-08-13 00:30 - 2023-08-13 00:30 - 000000000 ____D C:\Users\Petr\Downloads\lang_rus
2023-08-12 00:15 - 2023-08-14 18:32 - 000000000 ____D C:\Users\Petr\AppData\Local\Malwarebytes
2023-08-12 00:15 - 2023-08-12 00:15 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2023-08-12 00:15 - 2023-08-12 00:15 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2023-08-12 00:14 - 2023-08-12 00:14 - 002606880 _____ (Malwarebytes) C:\Users\Petr\Downloads\MBSetup.exe
2023-08-12 00:14 - 2023-08-12 00:14 - 000000000 ____D C:\ProgramData\Malwarebytes
2023-08-11 21:33 - 2023-08-14 18:36 - 000003838 _____ C:\Windows\system32\Tasks\YTPXCheck
2023-08-11 21:33 - 2023-08-11 21:33 - 000003380 _____ C:\Windows\system32\Tasks\YTPXCheck LG
2023-08-06 17:17 - 2023-08-14 03:14 - 000000000 ____D C:\Users\Petr\AppData\Local\Loop_Hero
2023-08-06 17:15 - 2023-08-06 17:15 - 000000348 _____ C:\Users\Petr\Desktop\Loop Hero.url
2023-08-06 00:34 - 2023-08-06 00:34 - 001590272 _____ C:\Users\Petr\Downloads\Kolín.xls
2023-08-05 22:12 - 2023-08-05 22:12 - 000048980 _____ C:\Users\Petr\Downloads\LibAddonMenu-2.0r34.zip
2023-08-05 22:12 - 2023-08-05 22:12 - 000000000 ____D C:\Users\Petr\Downloads\LibAddonMenu-2.0r34
2023-08-05 22:08 - 2023-08-05 22:08 - 000000000 ____D C:\Users\Petr\Downloads\AdvancedAutoLoot-198
2023-08-05 22:07 - 2023-08-05 22:07 - 000080782 _____ C:\Users\Petr\Downloads\AdvancedAutoLoot-198.zip
2023-08-03 22:10 - 2023-08-03 22:10 - 000000000 _____ C:\Users\Petr\Desktop\Minion bandit UI.txt
2023-08-03 22:05 - 2023-08-11 23:31 - 000000000 ____D C:\Users\Petr\.junique
2023-08-03 22:05 - 2023-08-03 22:05 - 000000000 ____D C:\Users\Petr\AppData\Roaming\gg.minion.Minion
2023-08-03 22:05 - 2023-08-03 22:05 - 000000000 ____D C:\Users\Petr\.oracle_jre_usage
2023-08-03 22:04 - 2023-08-12 13:26 - 000000000 ____D C:\Users\Petr\AppData\Local\Minion
2023-08-03 22:03 - 2023-08-03 22:04 - 052825304 _____ (Good Game Mods LLC ) C:\Users\Petr\Downloads\Minion3.0.5.exe
2023-08-02 17:09 - 2023-08-13 21:38 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-08-01 14:47 - 2023-08-01 14:47 - 000000000 ____D C:\Users\Petr\Downloads\TESO_CZ_v.0.81
2023-08-01 14:46 - 2023-08-01 14:46 - 025954622 _____ C:\Users\Petr\Downloads\TESO_CZ_v.0.81.zip
2023-07-22 21:37 - 2023-07-22 21:37 - 000000000 ____D C:\Users\Petr\AppData\Local\Elder Scrolls Online
2023-07-22 08:08 - 2023-07-22 08:08 - 000000365 _____ C:\Users\Petr\Desktop\The Elder Scrolls Online.url
2023-07-15 20:46 - 2023-07-15 20:46 - 000000000 ____D C:\Windows\LastGood
2023-07-15 20:45 - 2023-06-21 04:50 - 001227248 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2023-07-15 20:45 - 2023-06-21 04:50 - 000848936 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2023-07-15 20:45 - 2023-06-21 04:50 - 000848936 _____ C:\Windows\system32\vulkaninfo.exe
2023-07-15 20:45 - 2023-06-21 04:50 - 000713768 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2023-07-15 20:45 - 2023-06-21 04:50 - 000713768 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2023-07-15 20:45 - 2023-06-21 04:50 - 000653352 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2023-07-15 20:45 - 2023-06-21 04:50 - 000653352 _____ C:\Windows\system32\vulkan-1.dll
2023-07-15 20:45 - 2023-06-21 04:50 - 000636968 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2023-07-15 20:45 - 2023-06-21 04:50 - 000636968 _____ C:\Windows\SysWOW64\vulkan-1.dll
2023-07-15 20:45 - 2023-06-21 04:46 - 000933896 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2023-07-15 20:45 - 2023-06-21 04:46 - 000668688 _____ C:\Windows\system32\nvofapi64.dll
2023-07-15 20:45 - 2023-06-21 04:46 - 000504352 _____ C:\Windows\SysWOW64\nvofapi.dll
2023-07-15 20:45 - 2023-06-21 04:45 - 002167824 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2023-07-15 20:45 - 2023-06-21 04:45 - 001621520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2023-07-15 20:45 - 2023-06-21 04:45 - 001537504 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2023-07-15 20:45 - 2023-06-21 04:45 - 001195024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2023-07-15 20:45 - 2023-06-21 04:45 - 000992272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2023-07-15 20:45 - 2023-06-21 04:45 - 000777200 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
2023-07-15 20:45 - 2023-06-21 04:45 - 000768520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2023-07-15 20:45 - 2023-06-21 04:44 - 014520288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2023-07-15 20:45 - 2023-06-21 04:44 - 012066800 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2023-07-15 20:45 - 2023-06-21 04:44 - 006190088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2023-07-15 20:45 - 2023-06-21 04:44 - 005844496 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2023-07-15 20:45 - 2023-06-21 04:44 - 005550624 _____ (NVIDIA Corporation) C:\Windows\system32\nvcudadebugger.dll
2023-07-15 20:45 - 2023-06-21 04:44 - 000853536 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2023-07-15 20:45 - 2023-06-21 04:44 - 000459760 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2023-07-15 20:45 - 2023-06-21 04:43 - 006736984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2023-07-15 20:45 - 2023-06-21 04:12 - 000107938 _____ C:\Windows\system32\nvinfo.pb
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-08-14 18:37 - 2022-02-09 01:05 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-08-14 18:37 - 2021-10-21 22:16 - 000000000 ____D C:\FRST
2023-08-14 18:36 - 2021-07-11 19:41 - 000000000 ____D C:\ProgramData\NVIDIA
2023-08-14 18:36 - 2021-07-11 17:00 - 001693820 _____ C:\Windows\system32\PerfStringBackup.INI
2023-08-14 18:36 - 2019-12-07 16:41 - 000716932 _____ C:\Windows\system32\perfh005.dat
2023-08-14 18:36 - 2019-12-07 16:41 - 000145110 _____ C:\Windows\system32\perfc005.dat
2023-08-14 18:36 - 2019-12-07 11:13 - 000000000 ____D C:\Windows\INF
2023-08-14 18:31 - 2023-05-08 21:33 - 000003822 _____ C:\Windows\system32\Tasks\zends-et
2023-08-14 18:31 - 2023-05-07 21:34 - 000003842 _____ C:\Windows\system32\Tasks\wupdatecloud
2023-08-14 18:31 - 2022-12-27 02:01 - 000002420 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-08-14 18:31 - 2021-07-11 20:49 - 000918960 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2023-08-14 18:31 - 2020-11-19 01:32 - 000002582 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-08-14 18:31 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-08-14 18:30 - 2023-04-23 19:41 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2023-08-14 18:30 - 2023-04-23 19:41 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2023-08-14 18:30 - 2021-07-11 23:00 - 000008192 ___SH C:\DumpStack.log.tmp
2023-08-14 18:30 - 2020-11-19 01:30 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-08-14 18:30 - 2019-12-07 11:03 - 000524288 _____ C:\Windows\system32\config\BBI
2023-08-14 18:29 - 2023-05-11 20:17 - 000000000 ____D C:\Users\Petr\AppData\Local\Enlisted
2023-08-14 03:11 - 2021-07-13 20:56 - 000000000 ____D C:\Users\Petr\AppData\Local\CrashDumps
2023-08-13 22:07 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\CbsTemp
2023-08-13 22:01 - 2021-12-16 01:22 - 000000000 ____D C:\Windows\SystemTemp
2023-08-13 21:38 - 2021-08-17 11:46 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-08-13 21:35 - 2021-10-21 21:56 - 000004210 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{9FFE6BE3-006E-4DC2-B38E-1CEB36D4519F}
2023-08-13 21:35 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\AppReadiness
2023-08-13 21:32 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-08-12 21:18 - 2020-11-19 00:29 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-08-12 13:26 - 2021-07-11 18:44 - 000000000 ____D C:\Users\Petr
2023-08-12 11:03 - 2021-07-11 21:33 - 000000000 ____D C:\Windows\system32\MRT
2023-08-12 11:02 - 2022-03-10 10:24 - 000000000 ____D C:\Windows\system32\Tasks\HP
2023-08-12 11:02 - 2022-03-10 10:12 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
2023-08-12 11:00 - 2021-07-11 21:33 - 175983240 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2023-08-12 09:26 - 2021-08-17 11:46 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-08-12 00:18 - 2023-03-24 17:20 - 000000000 ____D C:\Users\Petr\Downloads\Glary Malware Hunter Pro 1.145.0.762 Multilingual
2023-08-12 00:15 - 2019-12-07 11:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2023-08-12 00:14 - 2021-08-06 01:48 - 000000000 ____D C:\Program Files\Malwarebytes
2023-08-12 00:11 - 2023-03-24 12:53 - 000000000 ____D C:\DeadByDaylight
2023-08-11 23:30 - 2022-01-02 21:40 - 000000000 ____D C:\Users\Petr\AppData\Roaming\discord
2023-08-11 22:34 - 2022-01-02 21:40 - 000000000 ____D C:\Users\Petr\AppData\Local\Discord
2023-08-11 22:15 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\LiveKernelReports
2023-08-11 21:42 - 2021-12-15 02:28 - 000000000 ____D C:\Orion Launcher
2023-08-11 21:36 - 2021-12-11 00:58 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2572895026-2735717841-2913369703-1002
2023-08-11 21:36 - 2021-07-11 18:47 - 000003378 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2572895026-2735717841-2913369703-1002
2023-08-11 21:36 - 2021-07-11 18:46 - 000000000 ____D C:\Users\Petr\AppData\Local\D3DSCache
2023-08-11 21:36 - 2021-07-11 18:44 - 000002378 _____ C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-08-05 21:17 - 2022-01-02 21:40 - 000002226 _____ C:\Users\Petr\Desktop\Discord.lnk
2023-07-22 16:33 - 2021-07-14 07:29 - 000000000 ____D C:\Program Files (x86)\Steam
2023-07-22 12:30 - 2023-01-05 18:48 - 000000000 ____D C:\poco X3 yaloha 5.1.2023
2023-07-22 08:01 - 2021-07-11 20:06 - 000000000 ____D C:\Games
2023-07-22 07:27 - 2022-12-21 00:29 - 000000000 ____D C:\Users\Petr\AppData\Local\WAAC
2023-07-15 20:46 - 2021-07-11 16:59 - 000000000 ____D C:\Program Files\NVIDIA Corporation
==================== Files in the root of some directories ========
2021-11-05 01:41 - 2021-11-05 01:41 - 014480256 _____ (PAN Software ) C:\Users\Petr\AppData\Local\install.exe
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2023-07-19.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 08-14-2023
# Duration: 00:00:00
# OS: Windows 10 (Build 19044.3086)
# Cleaned: 1
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
Deleted C:\Windows\Reimage.ini
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
No malicious registry entries cleaned.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [1449 octets] - [14/08/2023 18:34:35]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-08-2023
Ran by Petr (14-08-2023 18:37:35)
Running from C:\Users\Petr\Downloads
Microsoft Windows 10 Home Version 21H2 19044.3086 (X64) (2021-07-11 14:56:14)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-2572895026-2735717841-2913369703-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2572895026-2735717841-2913369703-503 - Limited - Disabled)
Guest (S-1-5-21-2572895026-2735717841-2913369703-501 - Limited - Disabled)
Petr (S-1-5-21-2572895026-2735717841-2913369703-1002 - Administrator - Enabled) => C:\Users\Petr
WDAGUtilityAccount (S-1-5-21-2572895026-2735717841-2913369703-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Spybot - Search and Destroy (Disabled - Out of date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Free (Enabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Artix Game Launcher 2.1.2 (HKLM\...\{3BECECC9-207F-4FAE-A1EA-207D7F8B9AB4}) (Version: 2.1.2 - Artix Entertainment, LLC)
BlueStacks 5 (HKLM\...\BlueStacks_nxt) (Version: 5.2.0.1052 - BlueStack Systems, Inc.)
Discord (HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\Discord) (Version: 1.0.9003 - Discord Inc.)
Enlisted Launcher 1.0.3.109 (HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\{5fcad5a5-d0d8-4edf-a5ba-040b397eac31}}_is1) (Version: - Gaijin Network)
Epic Games Launcher (HKLM-x32\...\{A7BBC0A6-3DB0-41CC-BCED-DDFC5D4F3060}) (Version: 1.2.17.0 - Epic Games, Inc.)
Epic Online Services (HKLM-x32\...\{32C68D93-D32F-4B01-8250-61642BFC22F8}) (Version: 2.0.28.0 - Epic Games, Inc.)
FoneLab Data Retriever 1.2.28 (HKLM-x32\...\{84530085-7274-4236-91A8-5DBF484771F7}_is1) (Version: 1.2.28 - FoneLab)
Gorky 17 (HKLM-x32\...\1207658744_is1) (Version: 1.0 - GOG.com)
ICQ (verze 22.10.2.47603) (HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\icq.desktop) (Version: 22.10.2.47603 - Mail.ru LLC)
IrfanView 4.62 (64-bit) (HKLM\...\IrfanView64) (Version: 4.62 - Irfan Skiljan)
Java(TM) SE Development Kit 19.0.2 (64-bit) (HKLM\...\{5E32314F-F4C9-59D1-A229-BC58CEA0D74A}) (Version: 19.0.2.0 - Oracle Corporation)
Kaspersky Password Manager (HKLM-x32\...\{BE877CFF-5461-441D-8A15-299DA7509968}) (Version: 10.2.0.341 - Kaspersky Lab) Hidden
Kaspersky Password Manager (HKLM-x32\...\InstallWIX_{BE877CFF-5461-441D-8A15-299DA7509968}) (Version: 10.2.0.341 - Kaspersky Lab)
Kontrola stavu osobního počítače s Windows (HKLM\...\{D1F15F7A-707A-42BD-BE6B-3380616F796D}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Kontrola stavu osobního počítače s Windows (HKLM\...\{E496AFB7-CB04-46CF-8FBB-5D665BC8811B}) (Version: 3.3.2110.22002 - Microsoft Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\Riot Game league_of_legends.live) (Version: - Riot Games, Inc)
Malware Hunter 1.145.0.762 (HKLM-x32\...\Malware Hunter) (Version: 1.145.0.762 - Glarysoft Ltd)
Malwarebytes version 4.5.34.275 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.34.275 - Malwarebytes)
Microsoft .NET Host - 5.0.17 (x86) (HKLM-x32\...\{54DE7EA9-E391-4BD2-A373-3A72A18EBDB5}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.17 (x86) (HKLM-x32\...\{AF01038B-6523-4EA7-9D9E-4F1E2927D88B}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.17 (x86) (HKLM-x32\...\{59650A2A-3839-46EC-9D9C-6B3B1C743C55}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 115.0.1901.203 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 115.0.1901.203 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\OneDriveSetup.exe) (Version: 23.158.0730.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{BB052C53-34CB-42DE-AF41-66FDFCEEC868}) (Version: 3.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (HKLM-x32\...\{8bdfe669-9705-4184-9368-db9ce581e0e7}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (HKLM-x32\...\{410c0ee1-00bb-41b6-9772-e12c2828b02f}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (HKLM\...\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (HKLM\...\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (HKLM-x32\...\{C2C59CAB-8766-4ABD-A8EF-1151A36C41E5}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (HKLM-x32\...\{73F77E4E-5A17-46E5-A5FC-8A061047725F}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 5.0.17 (x86) (HKLM-x32\...\{098c6ff7-1af1-4c4a-b86f-c60608c98e31}) (Version: 5.0.17.31219 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 5.0.17 (x86) (HKLM-x32\...\{0D02D706-44F2-4957-A448-E7259A0B56B9}) (Version: 40.68.31219 - Microsoft Corporation) Hidden
Mount & Blade II: Bannerlord [1.7.1] (HKLM-x32\...\Mount & Blade II: Bannerlord_is1) (Version: - TaleWorlds Entertainment)
Mozilla Firefox (x64 cs) (HKLM\...\Mozilla Firefox 116.0.2 (x64 cs)) (Version: 116.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 91.0 - Mozilla)
MPC-HC 1.7.13 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.13 - MPC-HC Team)
Niceboy ORYX K600 Mechanical Keyboard v1.6.5 (HKLM-x32\...\{2C0A8508-5710-4207-8ED8-57518B198878}_is1) (Version: - )
NVIDIA FrameView SDK 1.3.8107.31782123 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8107.31782123 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.26.0.131 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.26.0.131 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 536.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 536.23 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 28.0.3 - OBS Project)
Pokémon Trading Card Game Live (HKLM\...\{C63D0335-E4E3-4F4D-A98A-AAF8544FB551}) (Version: 1.6.1.0 - The Pokémon Company International)
qBittorrent (HKLM-x32\...\qBittorrent) (Version: 4.5.0 - The qBittorrent project)
Reborn Full Client 2014-02-28 version 1 (HKLM-x32\...\Reborn Full Client 2014-02-28_is1) (Version: 1 - )
Seal Hunter (HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\Seal Hunter) (Version: - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.5.6 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.259193 - TeamViewer)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 2.6.3.0 - Zenimax Online Studios)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 140.0.10857 - Ubisoft)
UE4 Prerequisites (x64) (HKLM\...\{D7B591D8-1091-4A00-A0B3-5301C45E5D51}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{0d995f46-317b-4b5f-bf3e-9f98bae9d339}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
Uninstall Orion Launcher (HKLM-x32\...\{9759746F-CA20-4A89-AD9B-F82E122D67D5}_is1) (Version: 2.0.0.0 - )
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{C270D21B-2327-49B8-85F7-395133A93C75}) (Version: 8.92.0.0 - Microsoft Corporation)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.2.0 - Elaborate Bytes)
Wargaming.net Game Center (HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\Wargaming.net Game Center) (Version: 22.5.0.733 - Wargaming.net)
WinRAR 6.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH)
Packages:
=========
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe [2023-08-04] (Microsoft Corporation)
File Analyzer Plus -> C:\Program Files\WindowsApps\BitberrySoftware.FileAnalyzerPlus_1.0.7.0_x86__2js97y2b9kjke [2023-02-08] (Bitberry Software)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_148.2.1069.0_x64__v10z8vjag6ke6 [2023-08-12] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-07-13] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-07-13] (Microsoft Corporation) [MS Ad]
Microsoft Midi gm.dls -> C:\Program Files\WindowsApps\Microsoft.Midi.GmDls_1.0.1.0_neutral__8wekyb3d8bbwe [2022-09-05] (Microsoft Platform Extensions)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2023-03-09] (NVIDIA Corp.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-05-15] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.11.217.0_x64__dt26b99r8h8gj [2021-07-11] (Realtek Semiconductor Corp)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.17.8040.0_x64__8wekyb3d8bbwe [2023-08-06] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.217.834.0_x64__zpdnekdrzrea0 [2023-08-04] (Spotify AB) [Startup Task]
Trio Office -> C:\Program Files\WindowsApps\64343GTDocStudio.OfficeDocOpener_3.3.5.0_x86__3h5nez1g3qt2c [2023-06-02] (GT Office PDF Studio)
WPS Office Suite - PDF, Word, Spreadsheet, Slide View & Edit -> C:\Program Files\WindowsApps\ZhuhaiKingsoftOfficeSoftw.WPSOffice2019_11.2.11219.0_x86__924xes6e8q1tw [2023-02-07] (Kingsoft Office Software Corporation Limited)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2572895026-2735717841-2913369703-1002_Classes\CLSID\{2EF7E390-2F7C-4F9A-9B7D-4A87B56B711D}\InprocServer32 -> C:\Users\Petr\AppData\Local\Microsoft\EdgeUpdate\1.3.173.51\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2572895026-2735717841-2913369703-1002_Classes\CLSID\{38971E90-14FD-44F6-AA45-1447B653F873}\InprocServer32 -> C:\Users\Petr\AppData\Local\Microsoft\EdgeUpdate\1.3.173.45\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2572895026-2735717841-2913369703-1002_Classes\CLSID\{5EA43877-C6D8-4885-B77A-C0BB27E94372}\InprocServer32 -> C:\Users\Petr\AppData\Local\Microsoft\EdgeUpdate\1.3.177.11\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2572895026-2735717841-2913369703-1002_Classes\CLSID\{608D599A-DCA6-4A7C-BED7-AFCD8465345A}\InprocServer32 -> C:\Users\Petr\AppData\Local\Microsoft\EdgeUpdate\1.3.175.29\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2572895026-2735717841-2913369703-1002_Classes\CLSID\{64C6EFB9-8F79-4106-B975-067448DC768F}\InprocServer32 -> C:\Users\Petr\AppData\Local\Microsoft\EdgeUpdate\1.3.177.11\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2572895026-2735717841-2913369703-1002_Classes\CLSID\{7C9A348D-C321-47AC-904F-150312A5430F}\InprocServer32 -> C:\Users\Petr\AppData\Local\Microsoft\EdgeUpdate\1.3.175.27\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2572895026-2735717841-2913369703-1002_Classes\CLSID\{81093D63-7825-417B-BFC8-ADC63FA4E53D}\InprocServer32 -> C:\Users\Petr\AppData\Local\Microsoft\EdgeUpdate\1.3.177.11\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2572895026-2735717841-2913369703-1002_Classes\CLSID\{88B20FC8-EBD6-4181-B5F6-50F45BFF722E}\InprocServer32 -> C:\Users\Petr\AppData\Local\Microsoft\EdgeUpdate\1.3.167.21\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2572895026-2735717841-2913369703-1002_Classes\CLSID\{997809F3-33FD-4FD6-A2ED-CEF50F3263B1}\InprocServer32 -> C:\Users\Petr\AppData\Local\Microsoft\EdgeUpdate\1.3.169.31\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2572895026-2735717841-2913369703-1002_Classes\CLSID\{ABF66F82-B04C-4FE4-8272-661539463FE1}\InprocServer32 -> C:\Users\Petr\AppData\Local\Microsoft\EdgeUpdate\1.3.171.37\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2572895026-2735717841-2913369703-1002_Classes\CLSID\{B29F5F83-90DF-479A-BDE7-8A9F4412E394}\InprocServer32 -> C:\Users\Petr\AppData\Local\Microsoft\EdgeUpdate\1.3.171.39\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2572895026-2735717841-2913369703-1002_Classes\CLSID\{BFBE0943-74C5-40E0-9E80-0B808109E95D}\InprocServer32 -> C:\Users\Petr\AppData\Local\Microsoft\EdgeUpdate\1.3.163.19\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2572895026-2735717841-2913369703-1002_Classes\CLSID\{D1CE12B0-2529-4B24-BE8E-189735EA0DC1}\InprocServer32 -> C:\Users\Petr\AppData\Local\Microsoft\EdgeUpdate\1.3.165.21\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2572895026-2735717841-2913369703-1002_Classes\CLSID\{E8791438-3525-48BF-A600-C577AD1674C2}\InprocServer32 -> C:\Users\Petr\AppData\Local\Microsoft\EdgeUpdate\1.3.173.49\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2572895026-2735717841-2913369703-1002_Classes\CLSID\{F1CBF5EB-347F-4E4C-90AC-E43339FC34EC}\InprocServer32 -> C:\Users\Petr\AppData\Local\Microsoft\EdgeUpdate\1.3.173.55\psuser_64.dll => No File
ContextMenuHandlers1: [Glarysoft MalwareHunter] -> {EA847F47-97F1-4D78-AB99-C63CA1C327F0} => C:\Program Files (x86)\Glarysoft\Malware Hunter\x64\MHContextHandlerx64.dll [2021-07-26] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2020-02-23] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Glarysoft MalwareHunter] -> {EA847F47-97F1-4D78-AB99-C63CA1C327F0} => C:\Program Files (x86)\Glarysoft\Malware Hunter\x64\MHContextHandlerx64.dll [2021-07-26] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers2: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers2: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2020-02-23] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-08-12] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_7e5fd280efaa5445\nvshext.dll [2023-06-21] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [Glarysoft MalwareHunter] -> {EA847F47-97F1-4D78-AB99-C63CA1C327F0} => C:\Program Files (x86)\Glarysoft\Malware Hunter\x64\MHContextHandlerx64.dll [2021-07-26] (Glarysoft LTD -> Glarysoft Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-08-12] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Razor\Visit Razor's Website.lnk -> hxxp://www.runuo.com/razor
ShortcutWithArgument: C:\Users\Petr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --load-extension="C:\Users\Petr\AppData\Local\Packages\Paon\v1-5\addon"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --load-extension="C:\Users\Petr\AppData\Local\Packages\Paon\v1-5\addon"
ShortcutWithArgument: C:\Users\Public\Desktop\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --load-extension="C:\Users\Petr\AppData\Local\Packages\Paon\v1-5\addon"
==================== Loaded Modules (Whitelisted) =============
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Petr\Downloads\adwcleaner.exe:MBAM.Zone.Identifier [141]
AlternateDataStreams: C:\Users\Petr\Downloads\FRST64.exe:MBAM.Zone.Identifier [240]
AlternateDataStreams: C:\Users\Petr\Downloads\sm-online.exe:MBAM.Zone.Identifier [115]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\dotnet\
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Pozadí plochy.bmp
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\StartupFolder: => "MobileGo Service.lnk"
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\StartupApproved\StartupFolder: => "Minion.lnk"
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\StartupApproved\Run: => "Microsoft Edge Update"
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\StartupApproved\Run: => "ImageGlass Spider"
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\StartupApproved\Run: => "Wargaming.net Game Center"
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_88D36A2D9DF9AF2106D8CF7538FE64F2"
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\StartupApproved\Run: => "icq.desktop"
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\StartupApproved\Run: => "Discord"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{624E245D-5EBC-4BA9-B180-F5201449E7CE}C:\program files (x86)\seal hunter\seal hunter.exe] => (Allow) C:\program files (x86)\seal hunter\seal hunter.exe (hxxp://sealhunter.se/) [File not signed]
FirewallRules: [UDP Query User{A4818567-05FA-4615-9EB7-BE6FF321D7B3}C:\program files (x86)\seal hunter\seal hunter.exe] => (Allow) C:\program files (x86)\seal hunter\seal hunter.exe (hxxp://sealhunter.se/) [File not signed]
FirewallRules: [{485733CD-8D4C-4EFE-939A-ED5B33FFA779}] => (Allow) C:\Users\Petr\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{2C0767E0-D029-4F52-A37F-D38A70DAEA62}] => (Allow) C:\Users\Petr\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [TCP Query User{37F83282-95C9-4BCC-8CC0-AC78EB4B4494}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{33AA0C75-BFF9-4ED6-852F-05EDEF3F92CC}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{E405B985-C38F-4599-94C7-66F5276C52F0}C:\program files\epic games\remnantfromtheashes\remnant\binaries\win64\remnant-win64-shipping.exe] => (Allow) C:\program files\epic games\remnantfromtheashes\remnant\binaries\win64\remnant-win64-shipping.exe => No File
FirewallRules: [UDP Query User{80D9EB72-9B7B-41E2-944F-1DE39D1CB7F1}C:\program files\epic games\remnantfromtheashes\remnant\binaries\win64\remnant-win64-shipping.exe] => (Allow) C:\program files\epic games\remnantfromtheashes\remnant\binaries\win64\remnant-win64-shipping.exe => No File
FirewallRules: [TCP Query User{28F1C750-4A5A-4ADD-A823-C3A6CCF976FA}C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe] => (Block) C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe (Wondershare Technology Co.,Ltd -> Wondershare)
FirewallRules: [UDP Query User{AA0D8E41-B446-4EAF-8F74-993FEE190748}C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe] => (Block) C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe (Wondershare Technology Co.,Ltd -> Wondershare)
FirewallRules: [TCP Query User{33E28785-8812-453F-B0AB-92AA04A411C5}C:\program files\windowsapps\spotifyab.spotifymusic_1.179.763.0_x86__zpdnekdrzrea0\spotify.exe] => (Block) C:\program files\windowsapps\spotifyab.spotifymusic_1.179.763.0_x86__zpdnekdrzrea0\spotify.exe => No File
FirewallRules: [UDP Query User{9D1031AE-8425-4A8C-800B-005092A92E4D}C:\program files\windowsapps\spotifyab.spotifymusic_1.179.763.0_x86__zpdnekdrzrea0\spotify.exe] => (Block) C:\program files\windowsapps\spotifyab.spotifymusic_1.179.763.0_x86__zpdnekdrzrea0\spotify.exe => No File
FirewallRules: [{1196FCBB-162C-4A5B-8D57-38C66CF50FDC}] => (Allow) C:\Users\Petr\Downloads\Mount & Blade 2 Bannerlord\Setup.exe => No File
FirewallRules: [{D8DD3156-BD20-47B0-A5F3-AF8CB43B8BDD}] => (Allow) C:\Users\Petr\Downloads\Mount & Blade 2 Bannerlord\Setup.exe => No File
FirewallRules: [{161506F7-E854-43F0-8EEA-DC868D4606C0}] => (Allow) C:\Users\Petr\Downloads\Mount & Blade 2 Bannerlord\Setup.exe => No File
FirewallRules: [{E9DB49AA-5FFA-4573-8268-FC4FAF425670}] => (Allow) C:\Users\Petr\Downloads\Mount & Blade 2 Bannerlord\Setup.exe => No File
FirewallRules: [{192B9EAA-7957-4335-A754-5418341F3A48}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{65473C9D-7AC3-4E73-856C-00D1BA30F66D}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{93CA5BFE-A657-459B-A442-471FD4791697}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{059691AC-A557-486E-9660-32C1DF3D3947}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{EC35831F-F196-4A22-99C4-CA754067636A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{C60788E5-DE6A-473F-976C-6414F77FA0B4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{9B0D50C3-7C01-44F0-8A48-0D4496C9D6B7}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{9F910333-45D6-4BEB-A58B-F91E0922EA84}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{27BDA38F-8CA9-4EBD-8E47-945CB50E5D42}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{CEBC72DD-BFBD-4B92-97A7-06CC29804EF5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{39831F52-E711-43FC-BA01-B7ABD60FA70A}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Block) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{1B2B82EE-B2E6-4F01-B628-5F28AA256A59}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Block) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [TCP Query User{07766D9A-7564-4B5C-922A-11F7B2181D40}F:\dark paradise\ultima online 2d\uoam\uoam_orion.exe] => (Allow) F:\dark paradise\ultima online 2d\uoam\uoam_orion.exe () [File not signed]
FirewallRules: [UDP Query User{A5868089-C39C-4C92-B6AC-AB3732AD46B8}F:\dark paradise\ultima online 2d\uoam\uoam_orion.exe] => (Allow) F:\dark paradise\ultima online 2d\uoam\uoam_orion.exe () [File not signed]
FirewallRules: [TCP Query User{A29A478D-AF01-4E6F-A784-409A2A82BBC9}C:\orion launcher\orionuo64.exe] => (Allow) C:\orion launcher\orionuo64.exe (OrionUO Team) [File not signed]
FirewallRules: [UDP Query User{ABC06FDA-0F00-4E8C-A2B3-62DEF8529E82}C:\orion launcher\orionuo64.exe] => (Allow) C:\orion launcher\orionuo64.exe (OrionUO Team) [File not signed]
FirewallRules: [{48A917E1-CBDF-4AF2-BBB1-DE05C4E9607B}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{4EF9A402-E2F9-400F-A0E4-1676318C9232}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{D0CE989E-62A3-4CA3-BA00-0C701763ED0D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rampage Knights\rampage_knights.exe (Rake in Grass) [File not signed]
FirewallRules: [{ACA83D8C-7D23-48BE-9810-A446E46EDBC0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rampage Knights\rampage_knights.exe (Rake in Grass) [File not signed]
FirewallRules: [{69B74A78-D120-45AA-83BE-9A1B683EC546}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{217DAA85-81F9-4F37-B744-ECB15C0C4D51}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{5505D773-0E04-43F4-A654-184A80635FC7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{9AA9652C-0185-44CC-A9AB-47287E8B7EDA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{8FFF4A5C-546F-42C1-88F1-D88C3DF095F2}C:\users\petr\appdata\local\temp\npxdata\browser\msedge\application\msedge_worker_background.exe] => (Block) C:\users\petr\appdata\local\temp\npxdata\browser\msedge\application\msedge_worker_background.exe => No File
FirewallRules: [UDP Query User{6296800D-69DF-4E2B-95E6-F015DE3BBA0E}C:\users\petr\appdata\local\temp\npxdata\browser\msedge\application\msedge_worker_background.exe] => (Block) C:\users\petr\appdata\local\temp\npxdata\browser\msedge\application\msedge_worker_background.exe => No File
FirewallRules: [TCP Query User{3E58FE5F-3015-4E90-B345-15A46C2B8193}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [UDP Query User{D8221B88-A7C5-47A2-9B13-F3C0A48A055B}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{4DF867DE-42A2-4ED9-9B9B-3704867DDA67}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{944700FF-00F4-4048-8B5E-5839F67A586D}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{94D088C6-1113-419C-AB93-A3FFAB294CF1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{4EB4B8A2-FE6F-497E-BD4E-1B8E9E011B27}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{179ABFAC-5A4A-43CD-AB2C-B863E93A9475}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{2CDF209D-8798-49E8-9BAB-71797145A1C7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{3E5726D9-611F-43DB-AE07-D1ED5C50A7FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin64\dontstarve_steam_x64.exe () [File not signed]
FirewallRules: [{96864273-3435-4D00-95B7-BAABDCBE2BBB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin64\dontstarve_steam_x64.exe () [File not signed]
FirewallRules: [{0BCB45C5-D78C-4684-ABDE-C544C1DC5605}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe () [File not signed]
FirewallRules: [{7A70F7D5-5D2B-49DE-A707-474E5971306C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe () [File not signed]
FirewallRules: [TCP Query User{E487096D-FA90-4DA4-83F9-F7F3FBEE0BCD}C:\dyinglight\dyinglightgame.exe] => (Allow) C:\dyinglight\dyinglightgame.exe => No File
FirewallRules: [UDP Query User{A513CB7C-02EE-4DC7-9C11-85FD91724E5A}C:\dyinglight\dyinglightgame.exe] => (Allow) C:\dyinglight\dyinglightgame.exe => No File
FirewallRules: [{FD938F9A-9AEC-45A2-B87D-89EE246C6B57}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Company of Heroes Relaunch\Blitzkrieg Launcher.exe (Wolf) [File not signed]
FirewallRules: [{4A2731C4-8C2E-40EC-80AB-111DFCB68195}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Company of Heroes Relaunch\Blitzkrieg Launcher.exe (Wolf) [File not signed]
FirewallRules: [TCP Query User{DD69DED5-0937-447D-9FF7-F6B0895D7264}C:\program files (x86)\steam\steamapps\common\company of heroes relaunch\reliccoh.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\company of heroes relaunch\reliccoh.exe (The build server will stamp this field) [File not signed]
FirewallRules: [UDP Query User{C725F145-C0E8-45BE-90B7-29A2C700C429}C:\program files (x86)\steam\steamapps\common\company of heroes relaunch\reliccoh.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\company of heroes relaunch\reliccoh.exe (The build server will stamp this field) [File not signed]
FirewallRules: [TCP Query User{2E2D609B-6A2D-492C-A6CA-B15D59C53183}C:\users\petr\appdata\local\enlisted\launcher.exe] => (Allow) C:\users\petr\appdata\local\enlisted\launcher.exe (Gaijin Network Ltd -> Gaijin)
FirewallRules: [UDP Query User{DFDF9D24-BF13-4280-BB42-9882A0758D14}C:\users\petr\appdata\local\enlisted\launcher.exe] => (Allow) C:\users\petr\appdata\local\enlisted\launcher.exe (Gaijin Network Ltd -> Gaijin)
FirewallRules: [TCP Query User{E80D5D60-3523-4F58-8890-F681AADA8B79}C:\users\petr\appdata\local\enlisted\win64\enlisted.exe] => (Allow) C:\users\petr\appdata\local\enlisted\win64\enlisted.exe (Gaijin Network Ltd -> Gaijin Entertainment)
FirewallRules: [UDP Query User{0B3590A4-989A-4905-A08C-96B49A8BF614}C:\users\petr\appdata\local\enlisted\win64\enlisted.exe] => (Allow) C:\users\petr\appdata\local\enlisted\win64\enlisted.exe (Gaijin Network Ltd -> Gaijin Entertainment)
FirewallRules: [TCP Query User{95419A40-7815-45E7-949E-2F19B6067F82}F:\midnightghosthunt\midnightghosthunt\binaries\win64\midnightghosthunt-win64-shipping.exe] => (Allow) F:\midnightghosthunt\midnightghosthunt\binaries\win64\midnightghosthunt-win64-shipping.exe (Vaulted Sky Games) [File not signed]
FirewallRules: [UDP Query User{C6FBC7F3-9F1A-4B0D-B8FB-0C45C9382934}F:\midnightghosthunt\midnightghosthunt\binaries\win64\midnightghosthunt-win64-shipping.exe] => (Allow) F:\midnightghosthunt\midnightghosthunt\binaries\win64\midnightghosthunt-win64-shipping.exe (Vaulted Sky Games) [File not signed]
FirewallRules: [{92976CBA-9F63-4C14-81EE-407A407148B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trackmania\Trackmania.exe (NADEO SAS -> Nadeo)
FirewallRules: [{C6FE319C-9012-494E-8B18-74423C7594C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trackmania\Trackmania.exe (NADEO SAS -> Nadeo)
FirewallRules: [TCP Query User{7DC1D02E-B20B-4BF4-807A-81806AF3433E}F:\payday2\payday2_win32_release.exe] => (Allow) F:\payday2\payday2_win32_release.exe => No File
FirewallRules: [UDP Query User{BBEC616F-95EE-4CBD-8542-22BBD21F3E48}F:\payday2\payday2_win32_release.exe] => (Allow) F:\payday2\payday2_win32_release.exe => No File
FirewallRules: [TCP Query User{EA583445-8FE0-486A-96E7-7FA4815F93DE}C:\users\petr\appdata\local\discord\app-1.0.9013\discord.exe] => (Allow) C:\users\petr\appdata\local\discord\app-1.0.9013\discord.exe => No File
FirewallRules: [UDP Query User{0BA47732-D3F0-44DF-9830-B6560BCE6A1C}C:\users\petr\appdata\local\discord\app-1.0.9013\discord.exe] => (Allow) C:\users\petr\appdata\local\discord\app-1.0.9013\discord.exe => No File
FirewallRules: [TCP Query User{C8842839-5070-40FE-8C3D-3DF2A0E6B654}C:\users\petr\the pokémon company international\pokémon trading card game live\pokemon tcg live.exe] => (Allow) C:\users\petr\the pokémon company international\pokémon trading card game live\pokemon tcg live.exe (The Pokemon Company International, Inc. -> )
FirewallRules: [UDP Query User{16BCB03D-2BB6-4B10-A7E8-C12FDBE32B73}C:\users\petr\the pokémon company international\pokémon trading card game live\pokemon tcg live.exe] => (Allow) C:\users\petr\the pokémon company international\pokémon trading card game live\pokemon tcg live.exe (The Pokemon Company International, Inc. -> )
FirewallRules: [{9E143723-7006-43BE-BE7D-64AF3C1B1E17}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.217.834.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{8C410B74-11B5-4291-94CB-8AA58B68AC70}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.217.834.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{A0D30B31-F355-4B1E-932E-1EF43A5FBA60}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.217.834.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{72643C62-BDB2-456D-950A-42601E7C66FA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.217.834.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{378389A7-C2E7-48E1-8001-9B69BD1C9848}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.217.834.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{C4D2817C-4744-4588-A57B-E8AA01787714}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.217.834.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{25819FE6-3583-4332-BF05-20CA28485532}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.217.834.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{773221E8-0CBC-442F-9C46-61CE1262C553}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.217.834.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{3A7A9E4B-F8DE-439C-B732-2178FFDC86ED}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.217.834.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{3BB2D469-433D-4BAF-819C-8DD1B497F026}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.217.834.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{CAF00978-A6FF-40A2-9FD0-C61E39C2B3F1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.101.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E5609209-8535-4DBE-AE52-20DDD6A44812}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.101.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{09C5FE5C-8FD8-4782-ABBE-B457A5D74084}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.101.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D420BFA2-5AF0-4EAF-9019-26F1633ECD26}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.101.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{29E31CAF-EC28-4672-9CEE-621BE61701F2}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.203\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{29F6AFEA-788F-4984-B89F-2BDD7CD86907}] => (Allow) C:\Program Files (x86)\MiniTool ShadowMaker\AgentService.exe => No File
FirewallRules: [{AD401B6E-CB3C-4820-AA09-CE05D866901B}] => (Allow) C:\Program Files (x86)\MiniTool ShadowMaker\AgentService.exe => No File
==================== Restore Points =========================
12-08-2023 11:52:18 Naplánovaný kontrolní bod
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (08/14/2023 03:11:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: UGNSQGTYKYNEIGRT.exe, verze: 1.1.18500.10, časové razítko: 0x500ea6ce
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000140003be2
ID chybujícího procesu: 0x2094
Čas spuštění chybující aplikace: 0x01d9ce43e4d4982f
Cesta k chybující aplikaci: C:\Users\Petr\AppData\Roaming\CSPX\UGNSQGTYKYNEIGRT.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 14f86276-bdc2-4c5a-9505-b9c5488a2b38
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (08/14/2023 02:11:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: UGNSQGTYKYNEIGRT.exe, verze: 1.1.18500.10, časové razítko: 0x500ea6ce
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000140003be2
ID chybujícího procesu: 0x930
Čas spuštění chybující aplikace: 0x01d9ce3b7e6e7bc9
Cesta k chybující aplikaci: C:\Users\Petr\AppData\Roaming\CSPX\UGNSQGTYKYNEIGRT.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 1a1a0c63-d2fd-4d3d-96ed-bca6d7f4544f
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (08/14/2023 01:11:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: UGNSQGTYKYNEIGRT.exe, verze: 1.1.18500.10, časové razítko: 0x500ea6ce
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000140003be2
ID chybujícího procesu: 0x1670
Čas spuštění chybující aplikace: 0x01d9ce33184b3260
Cesta k chybující aplikaci: C:\Users\Petr\AppData\Roaming\CSPX\UGNSQGTYKYNEIGRT.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: c50bbd9e-b2a6-46ed-af4e-a150bd413cf8
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (08/14/2023 12:11:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: UGNSQGTYKYNEIGRT.exe, verze: 1.1.18500.10, časové razítko: 0x500ea6ce
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000140003be2
ID chybujícího procesu: 0x5c8
Čas spuštění chybující aplikace: 0x01d9ce2ab2214a1d
Cesta k chybující aplikaci: C:\Users\Petr\AppData\Roaming\CSPX\UGNSQGTYKYNEIGRT.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: e51ec675-bc39-4708-b2a6-90a2c90549a6
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (08/13/2023 11:11:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: UGNSQGTYKYNEIGRT.exe, verze: 1.1.18500.10, časové razítko: 0x500ea6ce
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000140003be2
ID chybujícího procesu: 0x2dc8
Čas spuštění chybující aplikace: 0x01d9ce224ad8f593
Cesta k chybující aplikaci: C:\Users\Petr\AppData\Roaming\CSPX\UGNSQGTYKYNEIGRT.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: d7c8e72e-c72f-4295-98eb-2bcc1ef5edcd
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (08/13/2023 09:34:58 PM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: )
Description: Event-ID 2
Error: (08/13/2023 12:26:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: UGNSQGTYKYNEIGRT.exe, verze: 1.1.18500.10, časové razítko: 0x500ea6ce
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000140003be2
ID chybujícího procesu: 0x3978
Čas spuštění chybující aplikace: 0x01d9cd4a915736a6
Cesta k chybující aplikaci: C:\Users\Petr\AppData\Roaming\CSPX\UGNSQGTYKYNEIGRT.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 1ce5fd2d-f377-4f7e-abed-06305451bab9
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (08/12/2023 08:26:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: UGNSQGTYKYNEIGRT.exe, verze: 1.1.18500.10, časové razítko: 0x500ea6ce
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000140003be2
ID chybujícího procesu: 0x2934
Čas spuštění chybující aplikace: 0x01d9cd422b9346bc
Cesta k chybující aplikaci: C:\Users\Petr\AppData\Roaming\CSPX\UGNSQGTYKYNEIGRT.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 6efd1fbc-2c8d-4e34-9b5b-32d0494906b9
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
System errors:
=============
Error: (08/14/2023 06:36:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA LocalSystem Container byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 6000 milisekund: Restartovat službu.
Error: (08/14/2023 06:36:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Wondershare Application Framework Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (08/14/2023 06:36:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Realtek Audio Universal Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.
Error: (08/14/2023 06:36:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba HP Print Scan Doctor Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 5000 milisekund: Restartovat službu.
Error: (08/14/2023 06:36:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA Display Container LS byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 6000 milisekund: Restartovat službu.
Error: (08/14/2023 06:31:01 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Při pokusu o načtení souboru místních hostitelů došlo k chybě.
Error: (08/14/2023 06:30:58 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Při pokusu o načtení souboru místních hostitelů došlo k chybě.
Error: (08/14/2023 06:30:29 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Služba DCOM zjistila chybu 1115 při pokusu o spuštění služby wuauserv s argumenty Není k dispozici za účelem spuštění serveru:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}
Windows Defender:
================
Date: 2023-03-24 16:43:53
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Backdoor:Win32/Sdbot
Závažnost: Vážné
Kategorie: Zadní vrátka
Cesta: file:_C:\Users\Petr\Desktop\Old-Games\Commandos-Behind_Enemy_Lines\comandos.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-PTGKVCQ\Petr
Název procesu: C:\Program Files (x86)\Glarysoft\Malware Hunter\MalwareHunter.exe
Verze bezpečnostních informací: AV: 1.385.977.0, AS: 1.385.977.0, NIS: 1.385.977.0
Verze modulu: AM: 1.1.20100.6, NIS: 1.1.20100.6
Date: 2023-03-24 16:25:23
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/Keygen
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Users\Petr\Downloads\Glary Malware Hunter Pro 1.145.0.762 Multilingual\Patch\Glary.Malware.Hunter.Pro.1.x.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-PTGKVCQ\Petr
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.385.977.0, AS: 1.385.977.0, NIS: 1.385.977.0
Verze modulu: AM: 1.1.20100.6, NIS: 1.1.20100.6
Date: 2023-03-24 16:25:19
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/Keygen
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Users\Petr\Downloads\Glary Malware Hunter Pro 1.145.0.762 Multilingual\Patch\Glary.Malware.Hunter.Pro.1.x.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-PTGKVCQ\Petr
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.385.977.0, AS: 1.385.977.0, NIS: 1.385.977.0
Verze modulu: AM: 1.1.20100.6, NIS: 1.1.20100.6
Date: 2023-03-24 16:25:08
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/Keygen
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Users\Petr\Downloads\Glary Malware Hunter Pro 1.145.0.762 Multilingual\Patch\Patch-Glary.Malware.Hunter.Pro.1.x.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel:
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.385.977.0, AS: 1.385.977.0, NIS: 1.385.977.0
Verze modulu: AM: 1.1.20100.6, NIS: 1.1.20100.6
Date: 2023-03-24 16:23:17
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/Keygen
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Users\Petr\Downloads\Glary Malware Hunter Pro 1.145.0.762 Multilingual\Patch\Patch-Glary.Malware.Hunter.Pro.1.x.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-PTGKVCQ\Petr
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.385.977.0, AS: 1.385.977.0, NIS: 1.385.977.0
Verze modulu: AM: 1.1.20100.6, NIS: 1.1.20100.6
Event[0]:
Date: 2023-08-14 18:30:29
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.391.2288.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.23050.3
Kód chyby: 0x8007045b
Popis chyby: Probíhá vypnutí systému.
Date: 2022-12-25 04:33:48
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.381.1007.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.19900.2
Kód chyby: 0x80080005
Popis chyby: Provádění serveru selhalo
CodeIntegrity:
===============
Date: 2023-08-13 22:10:57
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2023-08-13 22:10:57
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe) attempted to load \Device\HarddiskVolume6\Program Files (x86)\Spybot - Search & Destroy 2\SDLicense.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2023-08-12 00:15:34
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Mozilla Firefox\firefox.exe) attempted to load \Device\HarddiskVolume6\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends Inc. F11 12/31/2020
Motherboard: Gigabyte Technology Co., Ltd. B550 AORUS ELITE V2
Processor: AMD Ryzen 5 3600 6-Core Processor
Percentage of memory in use: 22%
Total physical RAM: 16330.43 MB
Available physical RAM: 12718.47 MB
Total Virtual: 17354.43 MB
Available Virtual: 11884.11 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.16 GB) (Free:74.47 GB) (Model: Samsung SSD 980 500GB) NTFS
Drive d: () (Fixed) (Total:0.1 GB) (Free:0.06 GB) (Model: ST3320620AS) NTFS ==>[system with boot components (obtained from drive)]
Drive e: () (Fixed) (Total:95.61 GB) (Free:3.61 GB) (Model: ST3320620AS) NTFS
Drive f: () (Fixed) (Total:202.39 GB) (Free:68.78 GB) (Model: ST3320620AS) NTFS
\\?\Volume{5731620d-b247-4517-81ae-70e9438d9312}\ () (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS
\\?\Volume{0b11d4b4-6e91-448a-8dad-3e1e86043c70}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 7877BB04)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=95.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=202.4 GB) - (Type=07 NTFS)
==========================================================
Disk: 1 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt =======================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-08-2023
Ran by Petr (administrator) on DESKTOP-PTGKVCQ (Gigabyte Technology Co., Ltd. B550 AORUS ELITE V2) (14-08-2023 18:37:00)
Running from C:\Users\Petr\Downloads\FRST64.exe
Loaded Profiles: Petr
Platform: Microsoft Windows 10 Home Version 21H2 19044.3086 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(C:\Users\Petr\Downloads\adwcleaner.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(explorer.exe ->) (Gaijin Network Ltd -> Gaijin) C:\Users\Petr\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe
(Malwarebytes Inc. -> Malwarebytes) C:\Users\Petr\Downloads\adwcleaner.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <12>
(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_7e5fd280efaa5445\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [1090784 2020-07-19] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [105280 2020-02-23] (Elaborate Bytes AG -> Elaborate Bytes AG)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\Run: [] => [X]
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\Run: [Wargaming.net Game Center] => C:\ProgramData\Wargaming.net\GameCenter\wgc.exe [2148016 2022-11-24] (Wargaming.net Limited -> Wargaming.net)
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\Run: [icq.desktop] => C:\Users\Petr\AppData\Roaming\ICQ\bin\icq.exe [121607136 2022-12-08] (LLC Mail.Ru -> )
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\Run: [Discord] => C:\Users\Petr\AppData\Local\Discord\Update.exe [1512608 2021-09-21] (Discord Inc. -> GitHub)
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\Run: [Microsoft Edge Update] => C:\Users\Petr\AppData\Local\Microsoft\EdgeUpdate\1.3.177.11\MicrosoftEdgeUpdateCore.exe [263648 2023-07-08] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\Run: [MicrosoftEdgeAutoLaunch_88D36A2D9DF9AF2106D8CF7538FE64F2] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4088272 2023-08-10] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\Run: [Gaijin.Net Updater] => C:\Users\Petr\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [3053768 2023-06-16] (Gaijin Network Ltd -> Gaijin)
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --load-extension="C:\Users\Petr\AppData\Roaming\YSPX\v3-21\dist" --new-window --no-default-browser-check --profile-directory=Default --ren (the data entry has 108 more characters). [4088272 2023-08-10] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\MountPoints2: {58bd2585-855b-11ed-90b3-18c04dade4bd} - "G:\setup.exe"
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\MountPoints2: {7441e713-684b-11ec-9007-18c04dade4bd} - "H:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\MountPoints2: {fd5938ec-14b7-11ee-90db-18c04dade4bd} - "H:\HiSuiteDownLoader.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MobileGo Service.lnk [2021-07-30]
ShortcutTarget: MobileGo Service.lnk -> C:\Program Files (x86)\Wondershare\MobileGo\MobileGoService.exe (Wondershare Technology Co.,Ltd -> Wondershare)
Startup: C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Minion.lnk [2023-08-03]
ShortcutTarget: Minion.lnk -> C:\Users\Petr\AppData\Local\Minion\Minion.exe (No File)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {3B624549-91C9-4302-BF7B-AC8675423C5A} - \VSPXService_LG -> No File <==== ATTENTION
Task: {8C039E35-0594-4590-8A43-9FFE23E095F8} - \VSPXService -> No File <==== ATTENTION
Task: {27D57B48-4AAC-4B57-B877-F6ECCECA2448} - System32\Tasks\APTXService => C:\Users\Petr\AppData\Local\WAAC\v2519-1\rhc.exe [1536 2023-03-20] () [File not signed] -> php.exe index.php <==== ATTENTION
Task: {7384436F-8910-4B29-8AC4-6316E2D37989} - System32\Tasks\APTXService_LG => Command(1): rhc.exe -> php.exe include.php <==== ATTENTION
Task: {7384436F-8910-4B29-8AC4-6316E2D37989} - System32\Tasks\APTXService_LG => Command(2): rhc.exe -> php.exe index.php <==== ATTENTION
Task: {D19F368B-010B-4FF4-AFE7-9DB92620711E} - System32\Tasks\BlueStacksHelper_nxt => C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe [275136 2021-07-27] (Bluestack Systems, Inc -> BlueStack Systems, Inc.)
Task: {A07BFDA1-0E66-4A5E-B899-6F7DD0340576} - System32\Tasks\CnfCr0x120 => C:\Users\Petr\AppData\Local\Packages\Conf\v13-17\rnews.exe [7929856 2022-12-06] () [File not signed]
Task: {D09E5A12-C5A1-4E6B-863C-DBB794B26E05} - System32\Tasks\CnfCr0x122 => C:\Users\Petr\AppData\Local\Mozilla\Conf\v13-17\rnews.exe [7929856 2022-12-06] () [File not signed]
Task: {3FDEF3E0-47AF-42B9-9737-C763847AEE9C} - System32\Tasks\CnfCr0x123 => C:\Users\Petr\AppData\Local\Microsoft\Conf\v13-17\rnews.exe [7929856 2022-12-06] () [File not signed]
Task: {C2CCC1CA-6004-4BDC-A440-38620D995BF6} - System32\Tasks\CnfCr0x124 => C:\Users\Petr\AppData\Local\Media\Conf\v13-17\rnews.exe [7929856 2022-12-06] () [File not signed]
Task: {0AD79546-2D28-4C33-B443-2D5630930BC5} - System32\Tasks\CnfCr0x125 => C:\Users\Petr\AppData\Local\Packages\Rnews\v13-17\rnews.exe (No File)
Task: {472F5CBD-7E5B-4308-A035-B317B251E455} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [59856 2023-08-12] (HP Inc. -> HP Inc.)
Task: {C97AE61F-6053-4559-8DAC-38689B4BEA52} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [59856 2023-08-12] (HP Inc. -> HP Inc.)
Task: {599FAC34-DF03-4B7E-B743-6BF5A7F91F7A} - System32\Tasks\kpm_tray.exe => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 10.2\kpm_tray.exe [521416 2022-10-25] (AO Kaspersky Lab -> AO Kaspersky Lab)
Task: {5D186E80-7AAE-4F98-BD72-EAC404F69A6A} - System32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-2572895026-2735717841-2913369703-1002Core => C:\Users\Petr\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [205744 2022-07-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {91DEAA94-F0A1-494D-BC64-5FD6C7FAF8F1} - System32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-2572895026-2735717841-2913369703-1002UA => C:\Users\Petr\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [205744 2022-07-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {FF7F8BEF-465C-42DE-BCAC-590528CF4EF6} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [686496 2023-08-12] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {8A981979-232C-4192-8106-B7A22254DB2C} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [733088 2023-08-12] (Mozilla Corporation -> Mozilla Foundation)
Task: {E045DF61-11E1-46CB-9FEC-C9E45ADD8F49} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2022-03-02] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {A6246505-9C43-4A54-A2E2-79337B3ECB61} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3342376 2022-09-12] (Nvidia Corporation -> NVIDIA Corporation)
Task: {EF7A65A2-C743-47F5-917A-975F014666C4} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649256 2022-09-12] (Nvidia Corporation -> NVIDIA Corporation)
Task: {30ECC605-D859-4F58-9BED-1AE02D831D8E} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [908328 2022-09-12] (Nvidia Corporation -> NVIDIA Corporation)
Task: {912542B7-7EF2-464F-8686-C503331D6C18} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [908328 2022-09-12] (Nvidia Corporation -> NVIDIA Corporation)
Task: {0D0F49E0-3A2C-4B6B-8FC1-DF1B88F34113} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655336 2022-09-12] (Nvidia Corporation -> NVIDIA Corporation)
Task: {350F3170-1DFC-43BC-B5C0-AAB37B6B0CCB} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655336 2022-09-12] (Nvidia Corporation -> NVIDIA Corporation)
Task: {5A5DECA4-E69B-4A4E-A0B2-D4EAFAD914E1} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655336 2022-09-12] (Nvidia Corporation -> NVIDIA Corporation)
Task: {48BC324C-DEF7-4349-AB14-AF4B59D45543} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655336 2022-09-12] (Nvidia Corporation -> NVIDIA Corporation)
Task: {B80CDF19-0F8A-4C49-AF50-05F09C86864E} - System32\Tasks\PxService => C:\Users\Petr\AppData\Local\Packages\Paon\v1-5\paon.exe [13776272 2021-11-03] (PAN Software -> ) [File not signed]
Task: {2765F3AD-50BA-4823-A82C-28CED7B37446} - System32\Tasks\UGNSQGTYKYNEIGRT_run => C:\Users\Petr\AppData\Roaming\CSPX\UGNSQGTYKYNEIGRT.exe [803176 2023-03-24] (Microsoft Corporation) [File not signed]
Task: {73DDD113-A144-47B8-BAF4-3C9D720789AC} - System32\Tasks\WDDiscovery Service => C:\Users\Petr\AppData\Roaming\UPDX\v3-5\WDDiscovery.exe [844664 2013-07-31] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
Task: {513DC482-F4A6-44FF-AD9A-293B8A787EE2} - System32\Tasks\WDSync => C:\Users\Petr\AppData\Roaming\APDX\v3-4\WDSync.exe [157048 2022-11-30] (WESTERN DIGITAL TECHNOLOGIES -> Western Digital Technologies, Inc.)
Task: {36D3719B-0AB0-4E78-BC7B-D3F245B5CCE7} - System32\Tasks\WNVIDIA_FACTORY_LG => C:\Users\Petr\AppData\Local\CloudUpgrade\rhc.exe [1536 2023-03-20] () [File not signed] -> php.exe infinity.php <==== ATTENTION
Task: {0D0EB4E6-8B65-413E-9B02-75BFB3D6DA33} - System32\Tasks\wupdatecloud => C:\Users\Petr\AppData\Local\WAAC\wupdater_cloud\rhc.exe [1536 2023-03-06] () [File not signed] -> php.exe index.php <==== ATTENTION
Task: {10154789-2435-4B44-B382-16617D072A38} - System32\Tasks\wupdatecloud_LG => Command(1): rhc.exe -> php.exe include.php <==== ATTENTION
Task: {10154789-2435-4B44-B382-16617D072A38} - System32\Tasks\wupdatecloud_LG => Command(2): rhc.exe -> php.exe index.php <==== ATTENTION
Task: {11F29BDA-2D3E-4D20-912D-CE8F9D5CC1AF} - System32\Tasks\YTPXCheck => C:\Users\Petr\AppData\Local\WAAC\wupdater_cloud\rhc.exe [1536 2023-03-06] () [File not signed] -> php.exe keep_play.php <==== ATTENTION
Task: {FB457702-BDD0-48D2-9C56-D81A66F73C6E} - System32\Tasks\YTPXCheck LG => C:\Users\Petr\AppData\Local\WAAC\wupdater_cloud\rhc.exe [1536 2023-03-06] () [File not signed] -> php.exe keep_play.php <==== ATTENTION
Task: {5366B2FB-F3D9-454F-827B-EF1E8F580F31} - System32\Tasks\zends-et => C:\Users\Petr\AppData\Local\WAAC\wtraff_cloud\rhc.exe [1536 2023-05-07] () [File not signed] -> php.exe index.php <==== ATTENTION
Task: {CE7E32EE-7285-4F49-859A-01E88BAAEB82} - System32\Tasks\zends-et-LG => Command(1): rhc.exe -> php.exe include.php <==== ATTENTION
Task: {CE7E32EE-7285-4F49-859A-01E88BAAEB82} - System32\Tasks\zends-et-LG => Command(2): rhc.exe -> php.exe index.php <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ATTENTION (Restriction - Zones)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{a1cc4f1f-7551-4ece-af50-ec2e1eb0e793}: [DhcpNameServer] 192.168.0.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Petr\AppData\Local\Microsoft\Edge\User Data\Default [2023-08-13]
Edge Extension: (BattleTabs) - C:\Users\Petr\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gipocgejiebilnhkjplhfklahbdndlli [2023-07-14]
Edge Extension: (Edge relevant text changes) - C:\Users\Petr\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-08-12]
Edge Extension: (Sheets) - C:\Users\Petr\AppData\Local\Packages\Paon\v1-5\addon [2021-11-05]
Edge Profile: C:\Users\Petr\AppData\Local\Microsoft\Edge\User Data\Guest Profile [2021-08-13]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
FireFox:
========
FF DefaultProfile: 83onx1sj.default
FF ProfilePath: C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\83onx1sj.default [2022-12-26]
FF ProfilePath: C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\qxhmo9kp.default-release [2023-08-14]
FF Homepage: Mozilla\Firefox\Profiles\qxhmo9kp.default-release -> hxxps://www.google.com/
FF Notifications: Mozilla\Firefox\Profiles\qxhmo9kp.default-release -> hxxps://www.hlavnespravy.sk; hxxps://hypebeast.com; hxxps://www.bestdiscoveries.co; hxxps://www.facebook.com
FF Extension: (Ochrana Kaspersky) - C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\qxhmo9kp.default-release\Extensions\light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com.xpi [2023-06-18]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\qxhmo9kp.default-release\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2022-10-11]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AntiCheatExpert Service; C:\Program Files\AntiCheatExpert\SGuard\x64\SGuardSvc64.exe [2700648 2022-12-22] (HIGH MORALE DEVELOPMENTS LIMITED -> )
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8567960 2020-04-12] (BattlEye Innovations e.K. -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [1135648 2023-05-12] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [935344 2023-06-02] (EasyAntiCheat Oy -> Epic Games, Inc.)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [16029472 2021-11-29] (Epic Games Inc. -> Epic Games, Inc.)
S3 FacSvc_Infestation; C:\Users\Petr\AppData\Roaming\FAC\Infestation\FacSvc.exe [506968 2021-07-23] (Fredaikis AB -> )
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [230352 2023-08-12] (HP Inc. -> HP Inc.)
S3 kpm_service_10.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 10.2\kpm_service.exe [520904 2022-10-25] (AO Kaspersky Lab -> AO Kaspersky Lab)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9278784 2023-08-12] (Malwarebytes Inc. -> Malwarebytes)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7793960 2021-04-15] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2304.8-0\NisSrv.exe [3216064 2023-05-03] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2304.8-0\MsMpEng.exe [133544 2023-05-03] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe [473312 2017-03-20] (Wondershare Technology Co.,Ltd -> Wondershare)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\MobileGo\DriverInstall.exe [101152 2017-06-01] (Wondershare Technology Co.,Ltd -> Wondershare)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_7e5fd280efaa5445\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_7e5fd280efaa5445\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ACE-BASE; C:\Windows\system32\drivers\ACE-BASE.sys [1868832 2022-12-23] (HIGH MORALE DEVELOPMENTS LIMITED -> ANTICHEATEXPERT.COM)
S3 ACE-GAME; C:\Windows\system32\drivers\ACE-GAME.sys [772656 2022-12-23] (HIGH MORALE DEVELOPMENTS LIMITED -> ANTICHEATEXPERT.COM)
R2 BlueStacksDrv_nxt; C:\Program Files\BlueStacks_nxt\BstkDrv_nxt.sys [320728 2021-07-27] (Bluestack Systems, Inc -> Bluestack System Inc.)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [42616 2017-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [158640 2023-08-12] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 GUMHFilters; C:\Program Files (x86)\Glarysoft\Malware Hunter\Native\winxp_x64\GUMHFilter.sys [42976 2021-07-26] (Microsoft Windows Hardware Compatibility Publisher -> Glarysoft Ltd)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223176 2023-08-13] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2023-08-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [199640 2023-08-14] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [77752 2023-08-14] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2023-08-13] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [181984 2023-08-14] (Malwarebytes Inc. -> Malwarebytes)
R3 NvModuleTracker; C:\Windows\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [45656 2022-07-14] (Nvidia Corporation -> NVIDIA Corporation)
R3 VClone; C:\Windows\System32\drivers\VClone.sys [44544 2020-02-22] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [49616 2023-05-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [498944 2023-05-03] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (NGO -> MBB)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [99608 2023-05-03] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-08-14 18:34 - 2023-08-14 18:36 - 000000000 ____D C:\AdwCleaner
2023-08-14 18:34 - 2023-08-14 18:34 - 008791352 _____ (Malwarebytes) C:\Users\Petr\Downloads\adwcleaner.exe
2023-08-14 18:31 - 2023-08-14 18:31 - 000181984 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2023-08-14 18:30 - 2023-08-14 18:30 - 000000085 _____ C:\Windows\wininit.ini
2023-08-13 22:26 - 2023-08-13 22:27 - 000060465 _____ C:\Users\Petr\Downloads\Addition.txt
2023-08-13 22:25 - 2023-08-14 18:37 - 000023773 _____ C:\Users\Petr\Downloads\FRST.txt
2023-08-13 22:25 - 2023-08-13 22:25 - 002385408 _____ (Farbar) C:\Users\Petr\Downloads\FRST64.exe
2023-08-13 21:59 - 2023-08-13 22:01 - 000267974 _____ C:\Windows\ntbtlog.txt
2023-08-13 21:59 - 2023-08-13 21:59 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2023-08-13 21:36 - 2023-08-13 21:46 - 000000000 ____D C:\Users\Petr\AppData\Roaming\QtProject
2023-08-13 21:35 - 2023-08-13 21:35 - 000000000 ____D C:\Users\Petr\AppData\Local\system_backup_gui
2023-08-13 21:35 - 2023-08-13 21:35 - 000000000 ____D C:\Users\Petr\AppData\Local\CornerTips
2023-08-13 21:34 - 2023-08-13 21:47 - 000000000 ____D C:\Program Files (x86)\MiniTool ShadowMaker
2023-08-13 21:34 - 2023-05-08 18:36 - 215450560 _____ (MiniTool Software Limited ) C:\Users\Petr\Downloads\sm_x64.exe
2023-08-13 21:33 - 2023-08-13 21:34 - 002008616 _____ (MiniTool Software Limited) C:\Users\Petr\Downloads\sm-online.exe
2023-08-13 00:30 - 2023-08-13 00:30 - 000112948 _____ C:\Users\Petr\Downloads\lang_rus.rar
2023-08-13 00:30 - 2023-08-13 00:30 - 000000000 ____D C:\Users\Petr\Downloads\lang_rus
2023-08-12 00:15 - 2023-08-14 18:32 - 000000000 ____D C:\Users\Petr\AppData\Local\Malwarebytes
2023-08-12 00:15 - 2023-08-12 00:15 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2023-08-12 00:15 - 2023-08-12 00:15 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2023-08-12 00:14 - 2023-08-12 00:14 - 002606880 _____ (Malwarebytes) C:\Users\Petr\Downloads\MBSetup.exe
2023-08-12 00:14 - 2023-08-12 00:14 - 000000000 ____D C:\ProgramData\Malwarebytes
2023-08-11 21:33 - 2023-08-14 18:36 - 000003838 _____ C:\Windows\system32\Tasks\YTPXCheck
2023-08-11 21:33 - 2023-08-11 21:33 - 000003380 _____ C:\Windows\system32\Tasks\YTPXCheck LG
2023-08-06 17:17 - 2023-08-14 03:14 - 000000000 ____D C:\Users\Petr\AppData\Local\Loop_Hero
2023-08-06 17:15 - 2023-08-06 17:15 - 000000348 _____ C:\Users\Petr\Desktop\Loop Hero.url
2023-08-06 00:34 - 2023-08-06 00:34 - 001590272 _____ C:\Users\Petr\Downloads\Kolín.xls
2023-08-05 22:12 - 2023-08-05 22:12 - 000048980 _____ C:\Users\Petr\Downloads\LibAddonMenu-2.0r34.zip
2023-08-05 22:12 - 2023-08-05 22:12 - 000000000 ____D C:\Users\Petr\Downloads\LibAddonMenu-2.0r34
2023-08-05 22:08 - 2023-08-05 22:08 - 000000000 ____D C:\Users\Petr\Downloads\AdvancedAutoLoot-198
2023-08-05 22:07 - 2023-08-05 22:07 - 000080782 _____ C:\Users\Petr\Downloads\AdvancedAutoLoot-198.zip
2023-08-03 22:10 - 2023-08-03 22:10 - 000000000 _____ C:\Users\Petr\Desktop\Minion bandit UI.txt
2023-08-03 22:05 - 2023-08-11 23:31 - 000000000 ____D C:\Users\Petr\.junique
2023-08-03 22:05 - 2023-08-03 22:05 - 000000000 ____D C:\Users\Petr\AppData\Roaming\gg.minion.Minion
2023-08-03 22:05 - 2023-08-03 22:05 - 000000000 ____D C:\Users\Petr\.oracle_jre_usage
2023-08-03 22:04 - 2023-08-12 13:26 - 000000000 ____D C:\Users\Petr\AppData\Local\Minion
2023-08-03 22:03 - 2023-08-03 22:04 - 052825304 _____ (Good Game Mods LLC ) C:\Users\Petr\Downloads\Minion3.0.5.exe
2023-08-02 17:09 - 2023-08-13 21:38 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-08-01 14:47 - 2023-08-01 14:47 - 000000000 ____D C:\Users\Petr\Downloads\TESO_CZ_v.0.81
2023-08-01 14:46 - 2023-08-01 14:46 - 025954622 _____ C:\Users\Petr\Downloads\TESO_CZ_v.0.81.zip
2023-07-22 21:37 - 2023-07-22 21:37 - 000000000 ____D C:\Users\Petr\AppData\Local\Elder Scrolls Online
2023-07-22 08:08 - 2023-07-22 08:08 - 000000365 _____ C:\Users\Petr\Desktop\The Elder Scrolls Online.url
2023-07-15 20:46 - 2023-07-15 20:46 - 000000000 ____D C:\Windows\LastGood
2023-07-15 20:45 - 2023-06-21 04:50 - 001227248 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2023-07-15 20:45 - 2023-06-21 04:50 - 000848936 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2023-07-15 20:45 - 2023-06-21 04:50 - 000848936 _____ C:\Windows\system32\vulkaninfo.exe
2023-07-15 20:45 - 2023-06-21 04:50 - 000713768 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2023-07-15 20:45 - 2023-06-21 04:50 - 000713768 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2023-07-15 20:45 - 2023-06-21 04:50 - 000653352 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2023-07-15 20:45 - 2023-06-21 04:50 - 000653352 _____ C:\Windows\system32\vulkan-1.dll
2023-07-15 20:45 - 2023-06-21 04:50 - 000636968 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2023-07-15 20:45 - 2023-06-21 04:50 - 000636968 _____ C:\Windows\SysWOW64\vulkan-1.dll
2023-07-15 20:45 - 2023-06-21 04:46 - 000933896 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2023-07-15 20:45 - 2023-06-21 04:46 - 000668688 _____ C:\Windows\system32\nvofapi64.dll
2023-07-15 20:45 - 2023-06-21 04:46 - 000504352 _____ C:\Windows\SysWOW64\nvofapi.dll
2023-07-15 20:45 - 2023-06-21 04:45 - 002167824 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2023-07-15 20:45 - 2023-06-21 04:45 - 001621520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2023-07-15 20:45 - 2023-06-21 04:45 - 001537504 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2023-07-15 20:45 - 2023-06-21 04:45 - 001195024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2023-07-15 20:45 - 2023-06-21 04:45 - 000992272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2023-07-15 20:45 - 2023-06-21 04:45 - 000777200 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
2023-07-15 20:45 - 2023-06-21 04:45 - 000768520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2023-07-15 20:45 - 2023-06-21 04:44 - 014520288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2023-07-15 20:45 - 2023-06-21 04:44 - 012066800 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2023-07-15 20:45 - 2023-06-21 04:44 - 006190088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2023-07-15 20:45 - 2023-06-21 04:44 - 005844496 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2023-07-15 20:45 - 2023-06-21 04:44 - 005550624 _____ (NVIDIA Corporation) C:\Windows\system32\nvcudadebugger.dll
2023-07-15 20:45 - 2023-06-21 04:44 - 000853536 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2023-07-15 20:45 - 2023-06-21 04:44 - 000459760 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2023-07-15 20:45 - 2023-06-21 04:43 - 006736984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2023-07-15 20:45 - 2023-06-21 04:12 - 000107938 _____ C:\Windows\system32\nvinfo.pb
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-08-14 18:37 - 2022-02-09 01:05 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-08-14 18:37 - 2021-10-21 22:16 - 000000000 ____D C:\FRST
2023-08-14 18:36 - 2021-07-11 19:41 - 000000000 ____D C:\ProgramData\NVIDIA
2023-08-14 18:36 - 2021-07-11 17:00 - 001693820 _____ C:\Windows\system32\PerfStringBackup.INI
2023-08-14 18:36 - 2019-12-07 16:41 - 000716932 _____ C:\Windows\system32\perfh005.dat
2023-08-14 18:36 - 2019-12-07 16:41 - 000145110 _____ C:\Windows\system32\perfc005.dat
2023-08-14 18:36 - 2019-12-07 11:13 - 000000000 ____D C:\Windows\INF
2023-08-14 18:31 - 2023-05-08 21:33 - 000003822 _____ C:\Windows\system32\Tasks\zends-et
2023-08-14 18:31 - 2023-05-07 21:34 - 000003842 _____ C:\Windows\system32\Tasks\wupdatecloud
2023-08-14 18:31 - 2022-12-27 02:01 - 000002420 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-08-14 18:31 - 2021-07-11 20:49 - 000918960 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2023-08-14 18:31 - 2020-11-19 01:32 - 000002582 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-08-14 18:31 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-08-14 18:30 - 2023-04-23 19:41 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2023-08-14 18:30 - 2023-04-23 19:41 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2023-08-14 18:30 - 2021-07-11 23:00 - 000008192 ___SH C:\DumpStack.log.tmp
2023-08-14 18:30 - 2020-11-19 01:30 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-08-14 18:30 - 2019-12-07 11:03 - 000524288 _____ C:\Windows\system32\config\BBI
2023-08-14 18:29 - 2023-05-11 20:17 - 000000000 ____D C:\Users\Petr\AppData\Local\Enlisted
2023-08-14 03:11 - 2021-07-13 20:56 - 000000000 ____D C:\Users\Petr\AppData\Local\CrashDumps
2023-08-13 22:07 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\CbsTemp
2023-08-13 22:01 - 2021-12-16 01:22 - 000000000 ____D C:\Windows\SystemTemp
2023-08-13 21:38 - 2021-08-17 11:46 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-08-13 21:35 - 2021-10-21 21:56 - 000004210 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{9FFE6BE3-006E-4DC2-B38E-1CEB36D4519F}
2023-08-13 21:35 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\AppReadiness
2023-08-13 21:32 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-08-12 21:18 - 2020-11-19 00:29 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-08-12 13:26 - 2021-07-11 18:44 - 000000000 ____D C:\Users\Petr
2023-08-12 11:03 - 2021-07-11 21:33 - 000000000 ____D C:\Windows\system32\MRT
2023-08-12 11:02 - 2022-03-10 10:24 - 000000000 ____D C:\Windows\system32\Tasks\HP
2023-08-12 11:02 - 2022-03-10 10:12 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
2023-08-12 11:00 - 2021-07-11 21:33 - 175983240 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2023-08-12 09:26 - 2021-08-17 11:46 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-08-12 00:18 - 2023-03-24 17:20 - 000000000 ____D C:\Users\Petr\Downloads\Glary Malware Hunter Pro 1.145.0.762 Multilingual
2023-08-12 00:15 - 2019-12-07 11:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2023-08-12 00:14 - 2021-08-06 01:48 - 000000000 ____D C:\Program Files\Malwarebytes
2023-08-12 00:11 - 2023-03-24 12:53 - 000000000 ____D C:\DeadByDaylight
2023-08-11 23:30 - 2022-01-02 21:40 - 000000000 ____D C:\Users\Petr\AppData\Roaming\discord
2023-08-11 22:34 - 2022-01-02 21:40 - 000000000 ____D C:\Users\Petr\AppData\Local\Discord
2023-08-11 22:15 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\LiveKernelReports
2023-08-11 21:42 - 2021-12-15 02:28 - 000000000 ____D C:\Orion Launcher
2023-08-11 21:36 - 2021-12-11 00:58 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2572895026-2735717841-2913369703-1002
2023-08-11 21:36 - 2021-07-11 18:47 - 000003378 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2572895026-2735717841-2913369703-1002
2023-08-11 21:36 - 2021-07-11 18:46 - 000000000 ____D C:\Users\Petr\AppData\Local\D3DSCache
2023-08-11 21:36 - 2021-07-11 18:44 - 000002378 _____ C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-08-05 21:17 - 2022-01-02 21:40 - 000002226 _____ C:\Users\Petr\Desktop\Discord.lnk
2023-07-22 16:33 - 2021-07-14 07:29 - 000000000 ____D C:\Program Files (x86)\Steam
2023-07-22 12:30 - 2023-01-05 18:48 - 000000000 ____D C:\poco X3 yaloha 5.1.2023
2023-07-22 08:01 - 2021-07-11 20:06 - 000000000 ____D C:\Games
2023-07-22 07:27 - 2022-12-21 00:29 - 000000000 ____D C:\Users\Petr\AppData\Local\WAAC
2023-07-15 20:46 - 2021-07-11 16:59 - 000000000 ____D C:\Program Files\NVIDIA Corporation
==================== Files in the root of some directories ========
2021-11-05 01:41 - 2021-11-05 01:41 - 014480256 _____ (PAN Software ) C:\Users\Petr\AppData\Local\install.exe
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Re: popup vbscript - Prosim o kontrolu logu
ahoj,
citat:
Tvorba fixlistu pro FRST
•Spustte poznamkovy blok (Start-spustit-notepad)
•Zkopirujte skript >>
•Ulozte vytvoreny TXT jako fixlist.txt
•Presunte vytvoreny fixlist vedle FRST
Spustte znovu FRST.exe
•Kliknete na Fix
•Probehne oprava a vytvori log Fixlog.txt
Restart PC a dejte mi sem fixlog.txt
citat:
Tvorba fixlistu pro FRST
•Spustte poznamkovy blok (Start-spustit-notepad)
•Zkopirujte skript >>
Kód: Vybrat vše
Start
CloseProcesses:
AV: Spybot - Search and Destroy (Disabled - Out of date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers2: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers2: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
AlternateDataStreams: C:\Users\Petr\Downloads\adwcleaner.exe:MBAM.Zone.Identifier [141]
AlternateDataStreams: C:\Users\Petr\Downloads\FRST64.exe:MBAM.Zone.Identifier [240]
AlternateDataStreams: C:\Users\Petr\Downloads\sm-online.exe:MBAM.Zone.Identifier [115]
FirewallRules: [{485733CD-8D4C-4EFE-939A-ED5B33FFA779}] => (Allow) C:\Users\Petr\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{2C0767E0-D029-4F52-A37F-D38A70DAEA62}] => (Allow) C:\Users\Petr\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [TCP Query User{E487096D-FA90-4DA4-83F9-F7F3FBEE0BCD}C:\dyinglight\dyinglightgame.exe] => (Allow) C:\dyinglight\dyinglightgame.exe => No File
FirewallRules: [UDP Query User{A513CB7C-02EE-4DC7-9C11-85FD91724E5A}C:\dyinglight\dyinglightgame.exe] => (Allow) C:\dyinglight\dyinglightgame.exe => No File
FirewallRules: [TCP Query User{7DC1D02E-B20B-4BF4-807A-81806AF3433E}F:\payday2\payday2_win32_release.exe] => (Allow) F:\payday2\payday2_win32_release.exe => No File
FirewallRules: [UDP Query User{BBEC616F-95EE-4CBD-8542-22BBD21F3E48}F:\payday2\payday2_win32_release.exe] => (Allow) F:\payday2\payday2_win32_release.exe => No File
FirewallRules: [{29F6AFEA-788F-4984-B89F-2BDD7CD86907}] => (Allow) C:\Program Files (x86)\MiniTool ShadowMaker\AgentService.exe => No File
FirewallRules: [{AD401B6E-CB3C-4820-AA09-CE05D866901B}] => (Allow) C:\Program Files (x86)\MiniTool ShadowMaker\AgentService.exe => No File
C:\Users\Petr\AppData\Roaming\CSPX\UGNSQGTYKYNEIGRT.exe
C:\Users\Petr\Desktop\Old-Games\Commandos-Behind_Enemy_Lines\comandos.exe
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\Run: [] => [X]
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\MountPoints2: {58bd2585-855b-11ed-90b3-18c04dade4bd} - "G:\setup.exe"
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\MountPoints2: {7441e713-684b-11ec-9007-18c04dade4bd} - "H:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\MountPoints2: {fd5938ec-14b7-11ee-90db-18c04dade4bd} - "H:\HiSuiteDownLoader.exe"
ShortcutTarget: Minion.lnk -> C:\Users\Petr\AppData\Local\Minion\Minion.exe (No File)
BootExecute: autocheck autochk * sdnclean64.exe
Task: {3B624549-91C9-4302-BF7B-AC8675423C5A} - \VSPXService_LG -> No File <==== ATTENTION
Task: {8C039E35-0594-4590-8A43-9FFE23E095F8} - \VSPXService -> No File <==== ATTENTION
Task: {27D57B48-4AAC-4B57-B877-F6ECCECA2448} - System32\Tasks\APTXService => C:\Users\Petr\AppData\Local\WAAC\v2519-1\rhc.exe [1536 2023-03-20] () [File not signed] -> php.exe index.php <==== ATTENTION
Task: {7384436F-8910-4B29-8AC4-6316E2D37989} - System32\Tasks\APTXService_LG => Command(1): rhc.exe -> php.exe include.php <==== ATTENTION
Task: {7384436F-8910-4B29-8AC4-6316E2D37989} - System32\Tasks\APTXService_LG => Command(2): rhc.exe -> php.exe index.php <==== ATTENTIONTask: {0AD79546-2D28-4C33-B443-2D5630930BC5} - System32\Tasks\CnfCr0x125 => C:\Users\Petr\AppData\Local\Packages\Rnews\v13-17\rnews.exe (No File)
Task: {36D3719B-0AB0-4E78-BC7B-D3F245B5CCE7} - System32\Tasks\WNVIDIA_FACTORY_LG => C:\Users\Petr\AppData\Local\CloudUpgrade\rhc.exe [1536 2023-03-20] () [File not signed] -> php.exe infinity.php <==== ATTENTION
Task: {0D0EB4E6-8B65-413E-9B02-75BFB3D6DA33} - System32\Tasks\wupdatecloud => C:\Users\Petr\AppData\Local\WAAC\wupdater_cloud\rhc.exe [1536 2023-03-06] () [File not signed] -> php.exe index.php <==== ATTENTION
Task: {10154789-2435-4B44-B382-16617D072A38} - System32\Tasks\wupdatecloud_LG => Command(1): rhc.exe -> php.exe include.php <==== ATTENTION
Task: {10154789-2435-4B44-B382-16617D072A38} - System32\Tasks\wupdatecloud_LG => Command(2): rhc.exe -> php.exe index.php <==== ATTENTION
Task: {11F29BDA-2D3E-4D20-912D-CE8F9D5CC1AF} - System32\Tasks\YTPXCheck => C:\Users\Petr\AppData\Local\WAAC\wupdater_cloud\rhc.exe [1536 2023-03-06] () [File not signed] -> php.exe keep_play.php <==== ATTENTION
Task: {FB457702-BDD0-48D2-9C56-D81A66F73C6E} - System32\Tasks\YTPXCheck LG => C:\Users\Petr\AppData\Local\WAAC\wupdater_cloud\rhc.exe [1536 2023-03-06] () [File not signed] -> php.exe keep_play.php <==== ATTENTION
Task: {5366B2FB-F3D9-454F-827B-EF1E8F580F31} - System32\Tasks\zends-et => C:\Users\Petr\AppData\Local\WAAC\wtraff_cloud\rhc.exe [1536 2023-05-07] () [File not signed] -> php.exe index.php <==== ATTENTION
Task: {CE7E32EE-7285-4F49-859A-01E88BAAEB82} - System32\Tasks\zends-et-LG => Command(1): rhc.exe -> php.exe include.php <==== ATTENTION
Task: {CE7E32EE-7285-4F49-859A-01E88BAAEB82} - System32\Tasks\zends-et-LG => Command(2): rhc.exe -> php.exe index.php <==== ATTENTION
2023-08-14 18:30 - 2023-04-23 19:41 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2023-08-14 18:30 - 2023-04-23 19:41 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
EmptyTemp:
Reboot:
End
•Presunte vytvoreny fixlist vedle FRST
Spustte znovu FRST.exe•Kliknete na Fix
•Probehne oprava a vytvori log Fixlog.txt
Restart PC a dejte mi sem fixlog.txtFRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: popup vbscript - Prosim o kontrolu logu
snad sem to udelal spravne :p
Fix result of Farbar Recovery Scan Tool (x64) Version: 12-08-2023
Ran by Petr (15-08-2023 15:14:55) Run:1
Running from C:\Users\Petr\Downloads
Loaded Profiles: Petr
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
AV: Spybot - Search and Destroy (Disabled - Out of date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers2: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers2: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
AlternateDataStreams: C:\Users\Petr\Downloads\adwcleaner.exe:MBAM.Zone.Identifier [141]
AlternateDataStreams: C:\Users\Petr\Downloads\FRST64.exe:MBAM.Zone.Identifier [240]
AlternateDataStreams: C:\Users\Petr\Downloads\sm-online.exe:MBAM.Zone.Identifier [115]
FirewallRules: [{485733CD-8D4C-4EFE-939A-ED5B33FFA779}] => (Allow) C:\Users\Petr\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{2C0767E0-D029-4F52-A37F-D38A70DAEA62}] => (Allow) C:\Users\Petr\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [TCP Query User{E487096D-FA90-4DA4-83F9-F7F3FBEE0BCD}C:\dyinglight\dyinglightgame.exe] => (Allow) C:\dyinglight\dyinglightgame.exe => No File
FirewallRules: [UDP Query User{A513CB7C-02EE-4DC7-9C11-85FD91724E5A}C:\dyinglight\dyinglightgame.exe] => (Allow) C:\dyinglight\dyinglightgame.exe => No File
FirewallRules: [TCP Query User{7DC1D02E-B20B-4BF4-807A-81806AF3433E}F:\payday2\payday2_win32_release.exe] => (Allow) F:\payday2\payday2_win32_release.exe => No File
FirewallRules: [UDP Query User{BBEC616F-95EE-4CBD-8542-22BBD21F3E48}F:\payday2\payday2_win32_release.exe] => (Allow) F:\payday2\payday2_win32_release.exe => No File
FirewallRules: [{29F6AFEA-788F-4984-B89F-2BDD7CD86907}] => (Allow) C:\Program Files (x86)\MiniTool ShadowMaker\AgentService.exe => No File
FirewallRules: [{AD401B6E-CB3C-4820-AA09-CE05D866901B}] => (Allow) C:\Program Files (x86)\MiniTool ShadowMaker\AgentService.exe => No File
C:\Users\Petr\AppData\Roaming\CSPX\UGNSQGTYKYNEIGRT.exe
C:\Users\Petr\Desktop\Old-Games\Commandos-Behind_Enemy_Lines\comandos.exe
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\Run: [] => [X]
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\MountPoints2: {58bd2585-855b-11ed-90b3-18c04dade4bd} - "G:\setup.exe"
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\MountPoints2: {7441e713-684b-11ec-9007-18c04dade4bd} - "H:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\MountPoints2: {fd5938ec-14b7-11ee-90db-18c04dade4bd} - "H:\HiSuiteDownLoader.exe"
ShortcutTarget: Minion.lnk -> C:\Users\Petr\AppData\Local\Minion\Minion.exe (No File)
BootExecute: autocheck autochk * sdnclean64.exe
Task: {3B624549-91C9-4302-BF7B-AC8675423C5A} - \VSPXService_LG -> No File <==== ATTENTION
Task: {8C039E35-0594-4590-8A43-9FFE23E095F8} - \VSPXService -> No File <==== ATTENTION
Task: {27D57B48-4AAC-4B57-B877-F6ECCECA2448} - System32\Tasks\APTXService => C:\Users\Petr\AppData\Local\WAAC\v2519-1\rhc.exe [1536 2023-03-20] () [File not signed] -> php.exe index.php <==== ATTENTION
Task: {7384436F-8910-4B29-8AC4-6316E2D37989} - System32\Tasks\APTXService_LG => Command(1): rhc.exe -> php.exe include.php <==== ATTENTION
Task: {7384436F-8910-4B29-8AC4-6316E2D37989} - System32\Tasks\APTXService_LG => Command(2): rhc.exe -> php.exe index.php <==== ATTENTIONTask: {0AD79546-2D28-4C33-B443-2D5630930BC5} - System32\Tasks\CnfCr0x125 => C:\Users\Petr\AppData\Local\Packages\Rnews\v13-17\rnews.exe (No File)
Task: {36D3719B-0AB0-4E78-BC7B-D3F245B5CCE7} - System32\Tasks\WNVIDIA_FACTORY_LG => C:\Users\Petr\AppData\Local\CloudUpgrade\rhc.exe [1536 2023-03-20] () [File not signed] -> php.exe infinity.php <==== ATTENTION
Task: {0D0EB4E6-8B65-413E-9B02-75BFB3D6DA33} - System32\Tasks\wupdatecloud => C:\Users\Petr\AppData\Local\WAAC\wupdater_cloud\rhc.exe [1536 2023-03-06] () [File not signed] -> php.exe index.php <==== ATTENTION
Task: {10154789-2435-4B44-B382-16617D072A38} - System32\Tasks\wupdatecloud_LG => Command(1): rhc.exe -> php.exe include.php <==== ATTENTION
Task: {10154789-2435-4B44-B382-16617D072A38} - System32\Tasks\wupdatecloud_LG => Command(2): rhc.exe -> php.exe index.php <==== ATTENTION
Task: {11F29BDA-2D3E-4D20-912D-CE8F9D5CC1AF} - System32\Tasks\YTPXCheck => C:\Users\Petr\AppData\Local\WAAC\wupdater_cloud\rhc.exe [1536 2023-03-06] () [File not signed] -> php.exe keep_play.php <==== ATTENTION
Task: {FB457702-BDD0-48D2-9C56-D81A66F73C6E} - System32\Tasks\YTPXCheck LG => C:\Users\Petr\AppData\Local\WAAC\wupdater_cloud\rhc.exe [1536 2023-03-06] () [File not signed] -> php.exe keep_play.php <==== ATTENTION
Task: {5366B2FB-F3D9-454F-827B-EF1E8F580F31} - System32\Tasks\zends-et => C:\Users\Petr\AppData\Local\WAAC\wtraff_cloud\rhc.exe [1536 2023-05-07] () [File not signed] -> php.exe index.php <==== ATTENTION
Task: {CE7E32EE-7285-4F49-859A-01E88BAAEB82} - System32\Tasks\zends-et-LG => Command(1): rhc.exe -> php.exe include.php <==== ATTENTION
Task: {CE7E32EE-7285-4F49-859A-01E88BAAEB82} - System32\Tasks\zends-et-LG => Command(2): rhc.exe -> php.exe index.php <==== ATTENTION
2023-08-14 18:30 - 2023-04-23 19:41 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2023-08-14 18:30 - 2023-04-23 19:41 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
*****************
Processes closed successfully.
"AV: Spybot - Search and Destroy (Disabled - Out of date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}" => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\SDECon32 => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\SDECon64 => removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\SDECon32 => removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\SDECon64 => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\SDECon32 => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\SDECon64 => removed successfully
C:\Users\Petr\Downloads\adwcleaner.exe => ":MBAM.Zone.Identifier" ADS removed successfully
C:\Users\Petr\Downloads\FRST64.exe => ":MBAM.Zone.Identifier" ADS removed successfully
C:\Users\Petr\Downloads\sm-online.exe => ":MBAM.Zone.Identifier" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{485733CD-8D4C-4EFE-939A-ED5B33FFA779}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2C0767E0-D029-4F52-A37F-D38A70DAEA62}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E487096D-FA90-4DA4-83F9-F7F3FBEE0BCD}C:\dyinglight\dyinglightgame.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A513CB7C-02EE-4DC7-9C11-85FD91724E5A}C:\dyinglight\dyinglightgame.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7DC1D02E-B20B-4BF4-807A-81806AF3433E}F:\payday2\payday2_win32_release.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{BBEC616F-95EE-4CBD-8542-22BBD21F3E48}F:\payday2\payday2_win32_release.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{29F6AFEA-788F-4984-B89F-2BDD7CD86907}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AD401B6E-CB3C-4820-AA09-CE05D866901B}" => removed successfully
C:\Users\Petr\AppData\Roaming\CSPX\UGNSQGTYKYNEIGRT.exe => moved successfully
"C:\Users\Petr\Desktop\Old-Games\Commandos-Behind_Enemy_Lines\comandos.exe" => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiSpyware"="0" => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiVirus"="0" => value restored successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
"HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58bd2585-855b-11ed-90b3-18c04dade4bd} => removed successfully
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7441e713-684b-11ec-9007-18c04dade4bd} => removed successfully
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd5938ec-14b7-11ee-90db-18c04dade4bd} => removed successfully
"C:\Users\Petr\AppData\Local\Minion\Minion.exe" => not found
HKLM\System\CurrentControlSet\Control\Session Manager\\"BootExecute"="autocheck autochk *" => value restored successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3B624549-91C9-4302-BF7B-AC8675423C5A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B624549-91C9-4302-BF7B-AC8675423C5A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\VSPXService_LG" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8C039E35-0594-4590-8A43-9FFE23E095F8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C039E35-0594-4590-8A43-9FFE23E095F8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\VSPXService" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{27D57B48-4AAC-4B57-B877-F6ECCECA2448}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{27D57B48-4AAC-4B57-B877-F6ECCECA2448}" => removed successfully
C:\Windows\System32\Tasks\APTXService => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APTXService" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7384436F-8910-4B29-8AC4-6316E2D37989}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7384436F-8910-4B29-8AC4-6316E2D37989}" => removed successfully
C:\Windows\System32\Tasks\APTXService_LG => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APTXService_LG" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7384436F-8910-4B29-8AC4-6316E2D37989}" => not found
"C:\Windows\System32\Tasks\APTXService_LG" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APTXService_LG" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{36D3719B-0AB0-4E78-BC7B-D3F245B5CCE7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36D3719B-0AB0-4E78-BC7B-D3F245B5CCE7}" => removed successfully
C:\Windows\System32\Tasks\WNVIDIA_FACTORY_LG => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WNVIDIA_FACTORY_LG" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D0EB4E6-8B65-413E-9B02-75BFB3D6DA33}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D0EB4E6-8B65-413E-9B02-75BFB3D6DA33}" => removed successfully
C:\Windows\System32\Tasks\wupdatecloud => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\wupdatecloud" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{10154789-2435-4B44-B382-16617D072A38}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10154789-2435-4B44-B382-16617D072A38}" => removed successfully
C:\Windows\System32\Tasks\wupdatecloud_LG => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\wupdatecloud_LG" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10154789-2435-4B44-B382-16617D072A38}" => not found
"C:\Windows\System32\Tasks\wupdatecloud_LG" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\wupdatecloud_LG" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{11F29BDA-2D3E-4D20-912D-CE8F9D5CC1AF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11F29BDA-2D3E-4D20-912D-CE8F9D5CC1AF}" => removed successfully
C:\Windows\System32\Tasks\YTPXCheck => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTPXCheck" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FB457702-BDD0-48D2-9C56-D81A66F73C6E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB457702-BDD0-48D2-9C56-D81A66F73C6E}" => removed successfully
C:\Windows\System32\Tasks\YTPXCheck LG => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTPXCheck LG" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5366B2FB-F3D9-454F-827B-EF1E8F580F31}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5366B2FB-F3D9-454F-827B-EF1E8F580F31}" => removed successfully
C:\Windows\System32\Tasks\zends-et => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\zends-et" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CE7E32EE-7285-4F49-859A-01E88BAAEB82}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE7E32EE-7285-4F49-859A-01E88BAAEB82}" => removed successfully
C:\Windows\System32\Tasks\zends-et-LG => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\zends-et-LG" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE7E32EE-7285-4F49-859A-01E88BAAEB82}" => not found
"C:\Windows\System32\Tasks\zends-et-LG" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\zends-et-LG" => not found
"C:\ProgramData\Spybot - Search & Destroy" folder move:
C:\ProgramData\Spybot - Search & Destroy => moved successfully
"C:\Program Files (x86)\Spybot - Search & Destroy 2" folder move:
C:\Program Files (x86)\Spybot - Search & Destroy 2 => moved successfully
The system needed a reboot.
==== End of Fixlog 15:14:57 ====
Fix result of Farbar Recovery Scan Tool (x64) Version: 12-08-2023
Ran by Petr (15-08-2023 15:14:55) Run:1
Running from C:\Users\Petr\Downloads
Loaded Profiles: Petr
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
AV: Spybot - Search and Destroy (Disabled - Out of date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers2: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers2: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
AlternateDataStreams: C:\Users\Petr\Downloads\adwcleaner.exe:MBAM.Zone.Identifier [141]
AlternateDataStreams: C:\Users\Petr\Downloads\FRST64.exe:MBAM.Zone.Identifier [240]
AlternateDataStreams: C:\Users\Petr\Downloads\sm-online.exe:MBAM.Zone.Identifier [115]
FirewallRules: [{485733CD-8D4C-4EFE-939A-ED5B33FFA779}] => (Allow) C:\Users\Petr\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{2C0767E0-D029-4F52-A37F-D38A70DAEA62}] => (Allow) C:\Users\Petr\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [TCP Query User{E487096D-FA90-4DA4-83F9-F7F3FBEE0BCD}C:\dyinglight\dyinglightgame.exe] => (Allow) C:\dyinglight\dyinglightgame.exe => No File
FirewallRules: [UDP Query User{A513CB7C-02EE-4DC7-9C11-85FD91724E5A}C:\dyinglight\dyinglightgame.exe] => (Allow) C:\dyinglight\dyinglightgame.exe => No File
FirewallRules: [TCP Query User{7DC1D02E-B20B-4BF4-807A-81806AF3433E}F:\payday2\payday2_win32_release.exe] => (Allow) F:\payday2\payday2_win32_release.exe => No File
FirewallRules: [UDP Query User{BBEC616F-95EE-4CBD-8542-22BBD21F3E48}F:\payday2\payday2_win32_release.exe] => (Allow) F:\payday2\payday2_win32_release.exe => No File
FirewallRules: [{29F6AFEA-788F-4984-B89F-2BDD7CD86907}] => (Allow) C:\Program Files (x86)\MiniTool ShadowMaker\AgentService.exe => No File
FirewallRules: [{AD401B6E-CB3C-4820-AA09-CE05D866901B}] => (Allow) C:\Program Files (x86)\MiniTool ShadowMaker\AgentService.exe => No File
C:\Users\Petr\AppData\Roaming\CSPX\UGNSQGTYKYNEIGRT.exe
C:\Users\Petr\Desktop\Old-Games\Commandos-Behind_Enemy_Lines\comandos.exe
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\Run: [] => [X]
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\MountPoints2: {58bd2585-855b-11ed-90b3-18c04dade4bd} - "G:\setup.exe"
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\MountPoints2: {7441e713-684b-11ec-9007-18c04dade4bd} - "H:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\...\MountPoints2: {fd5938ec-14b7-11ee-90db-18c04dade4bd} - "H:\HiSuiteDownLoader.exe"
ShortcutTarget: Minion.lnk -> C:\Users\Petr\AppData\Local\Minion\Minion.exe (No File)
BootExecute: autocheck autochk * sdnclean64.exe
Task: {3B624549-91C9-4302-BF7B-AC8675423C5A} - \VSPXService_LG -> No File <==== ATTENTION
Task: {8C039E35-0594-4590-8A43-9FFE23E095F8} - \VSPXService -> No File <==== ATTENTION
Task: {27D57B48-4AAC-4B57-B877-F6ECCECA2448} - System32\Tasks\APTXService => C:\Users\Petr\AppData\Local\WAAC\v2519-1\rhc.exe [1536 2023-03-20] () [File not signed] -> php.exe index.php <==== ATTENTION
Task: {7384436F-8910-4B29-8AC4-6316E2D37989} - System32\Tasks\APTXService_LG => Command(1): rhc.exe -> php.exe include.php <==== ATTENTION
Task: {7384436F-8910-4B29-8AC4-6316E2D37989} - System32\Tasks\APTXService_LG => Command(2): rhc.exe -> php.exe index.php <==== ATTENTIONTask: {0AD79546-2D28-4C33-B443-2D5630930BC5} - System32\Tasks\CnfCr0x125 => C:\Users\Petr\AppData\Local\Packages\Rnews\v13-17\rnews.exe (No File)
Task: {36D3719B-0AB0-4E78-BC7B-D3F245B5CCE7} - System32\Tasks\WNVIDIA_FACTORY_LG => C:\Users\Petr\AppData\Local\CloudUpgrade\rhc.exe [1536 2023-03-20] () [File not signed] -> php.exe infinity.php <==== ATTENTION
Task: {0D0EB4E6-8B65-413E-9B02-75BFB3D6DA33} - System32\Tasks\wupdatecloud => C:\Users\Petr\AppData\Local\WAAC\wupdater_cloud\rhc.exe [1536 2023-03-06] () [File not signed] -> php.exe index.php <==== ATTENTION
Task: {10154789-2435-4B44-B382-16617D072A38} - System32\Tasks\wupdatecloud_LG => Command(1): rhc.exe -> php.exe include.php <==== ATTENTION
Task: {10154789-2435-4B44-B382-16617D072A38} - System32\Tasks\wupdatecloud_LG => Command(2): rhc.exe -> php.exe index.php <==== ATTENTION
Task: {11F29BDA-2D3E-4D20-912D-CE8F9D5CC1AF} - System32\Tasks\YTPXCheck => C:\Users\Petr\AppData\Local\WAAC\wupdater_cloud\rhc.exe [1536 2023-03-06] () [File not signed] -> php.exe keep_play.php <==== ATTENTION
Task: {FB457702-BDD0-48D2-9C56-D81A66F73C6E} - System32\Tasks\YTPXCheck LG => C:\Users\Petr\AppData\Local\WAAC\wupdater_cloud\rhc.exe [1536 2023-03-06] () [File not signed] -> php.exe keep_play.php <==== ATTENTION
Task: {5366B2FB-F3D9-454F-827B-EF1E8F580F31} - System32\Tasks\zends-et => C:\Users\Petr\AppData\Local\WAAC\wtraff_cloud\rhc.exe [1536 2023-05-07] () [File not signed] -> php.exe index.php <==== ATTENTION
Task: {CE7E32EE-7285-4F49-859A-01E88BAAEB82} - System32\Tasks\zends-et-LG => Command(1): rhc.exe -> php.exe include.php <==== ATTENTION
Task: {CE7E32EE-7285-4F49-859A-01E88BAAEB82} - System32\Tasks\zends-et-LG => Command(2): rhc.exe -> php.exe index.php <==== ATTENTION
2023-08-14 18:30 - 2023-04-23 19:41 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2023-08-14 18:30 - 2023-04-23 19:41 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
*****************
Processes closed successfully.
"AV: Spybot - Search and Destroy (Disabled - Out of date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}" => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\SDECon32 => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\SDECon64 => removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\SDECon32 => removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\SDECon64 => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\SDECon32 => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\SDECon64 => removed successfully
C:\Users\Petr\Downloads\adwcleaner.exe => ":MBAM.Zone.Identifier" ADS removed successfully
C:\Users\Petr\Downloads\FRST64.exe => ":MBAM.Zone.Identifier" ADS removed successfully
C:\Users\Petr\Downloads\sm-online.exe => ":MBAM.Zone.Identifier" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{485733CD-8D4C-4EFE-939A-ED5B33FFA779}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2C0767E0-D029-4F52-A37F-D38A70DAEA62}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E487096D-FA90-4DA4-83F9-F7F3FBEE0BCD}C:\dyinglight\dyinglightgame.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A513CB7C-02EE-4DC7-9C11-85FD91724E5A}C:\dyinglight\dyinglightgame.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7DC1D02E-B20B-4BF4-807A-81806AF3433E}F:\payday2\payday2_win32_release.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{BBEC616F-95EE-4CBD-8542-22BBD21F3E48}F:\payday2\payday2_win32_release.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{29F6AFEA-788F-4984-B89F-2BDD7CD86907}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AD401B6E-CB3C-4820-AA09-CE05D866901B}" => removed successfully
C:\Users\Petr\AppData\Roaming\CSPX\UGNSQGTYKYNEIGRT.exe => moved successfully
"C:\Users\Petr\Desktop\Old-Games\Commandos-Behind_Enemy_Lines\comandos.exe" => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiSpyware"="0" => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiVirus"="0" => value restored successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
"HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58bd2585-855b-11ed-90b3-18c04dade4bd} => removed successfully
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7441e713-684b-11ec-9007-18c04dade4bd} => removed successfully
HKU\S-1-5-21-2572895026-2735717841-2913369703-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd5938ec-14b7-11ee-90db-18c04dade4bd} => removed successfully
"C:\Users\Petr\AppData\Local\Minion\Minion.exe" => not found
HKLM\System\CurrentControlSet\Control\Session Manager\\"BootExecute"="autocheck autochk *" => value restored successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3B624549-91C9-4302-BF7B-AC8675423C5A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B624549-91C9-4302-BF7B-AC8675423C5A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\VSPXService_LG" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8C039E35-0594-4590-8A43-9FFE23E095F8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C039E35-0594-4590-8A43-9FFE23E095F8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\VSPXService" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{27D57B48-4AAC-4B57-B877-F6ECCECA2448}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{27D57B48-4AAC-4B57-B877-F6ECCECA2448}" => removed successfully
C:\Windows\System32\Tasks\APTXService => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APTXService" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7384436F-8910-4B29-8AC4-6316E2D37989}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7384436F-8910-4B29-8AC4-6316E2D37989}" => removed successfully
C:\Windows\System32\Tasks\APTXService_LG => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APTXService_LG" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7384436F-8910-4B29-8AC4-6316E2D37989}" => not found
"C:\Windows\System32\Tasks\APTXService_LG" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APTXService_LG" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{36D3719B-0AB0-4E78-BC7B-D3F245B5CCE7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36D3719B-0AB0-4E78-BC7B-D3F245B5CCE7}" => removed successfully
C:\Windows\System32\Tasks\WNVIDIA_FACTORY_LG => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WNVIDIA_FACTORY_LG" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D0EB4E6-8B65-413E-9B02-75BFB3D6DA33}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D0EB4E6-8B65-413E-9B02-75BFB3D6DA33}" => removed successfully
C:\Windows\System32\Tasks\wupdatecloud => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\wupdatecloud" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{10154789-2435-4B44-B382-16617D072A38}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10154789-2435-4B44-B382-16617D072A38}" => removed successfully
C:\Windows\System32\Tasks\wupdatecloud_LG => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\wupdatecloud_LG" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10154789-2435-4B44-B382-16617D072A38}" => not found
"C:\Windows\System32\Tasks\wupdatecloud_LG" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\wupdatecloud_LG" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{11F29BDA-2D3E-4D20-912D-CE8F9D5CC1AF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11F29BDA-2D3E-4D20-912D-CE8F9D5CC1AF}" => removed successfully
C:\Windows\System32\Tasks\YTPXCheck => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTPXCheck" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FB457702-BDD0-48D2-9C56-D81A66F73C6E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB457702-BDD0-48D2-9C56-D81A66F73C6E}" => removed successfully
C:\Windows\System32\Tasks\YTPXCheck LG => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTPXCheck LG" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5366B2FB-F3D9-454F-827B-EF1E8F580F31}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5366B2FB-F3D9-454F-827B-EF1E8F580F31}" => removed successfully
C:\Windows\System32\Tasks\zends-et => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\zends-et" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CE7E32EE-7285-4F49-859A-01E88BAAEB82}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE7E32EE-7285-4F49-859A-01E88BAAEB82}" => removed successfully
C:\Windows\System32\Tasks\zends-et-LG => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\zends-et-LG" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE7E32EE-7285-4F49-859A-01E88BAAEB82}" => not found
"C:\Windows\System32\Tasks\zends-et-LG" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\zends-et-LG" => not found
"C:\ProgramData\Spybot - Search & Destroy" folder move:
C:\ProgramData\Spybot - Search & Destroy => moved successfully
"C:\Program Files (x86)\Spybot - Search & Destroy 2" folder move:
C:\Program Files (x86)\Spybot - Search & Destroy 2 => moved successfully
The system needed a reboot.
==== End of Fixlog 15:14:57 ====
Re: popup vbscript - Prosim o kontrolu logu
Do fixlistu si sice neskopiroval posledne 3 riadky, nic mimoriadne sa nedeje 
Malo by byt cisto
Malo by byt cisto
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: popup vbscript - Prosim o kontrolu logu
Prave jsem prijel ze zahrady a koukam ze tu zadne vyskocene okno neni diky moc , muzu se zeptat co to konkretne bylo? Nebyl to nejaky miner nebo tak neco?
Re: popup vbscript - Prosim o kontrolu logu
Bolo tam viacero “podivnosti” - pravdepodne si to zbieral dlhsi cas 
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Přispějete na provoz fóra?