VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

vbsedit script launcher

https://forum.viry.cz:443/viewtopic.php?t=159378

Stránka 1 z 1

vbsedit script launcher

Napsal: 09 pro 2023 09:49
od Dabol
Dobry den, poprosim kontrolu logu, vybehuje mi taketo okno.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-12-2023
Ran by Feri (administrator) on DESKTOP-L0K8E8M (ASUSTeK COMPUTER INC. G751JT) (09-12-2023 09:42:58)
Running from C:\Users\Feri\Desktop\FRST64.exe
Loaded Profiles: Feri
Platform: Microsoft Windows 10 Home Version 22H2 19045.3693 (X64) Language: Slovenčina (Slovensko)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <5>
(C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe ->) (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(C:\Program Files (x86)\EaseUS\ENS\ensserver.exe ->) (CHENGDU YIWO Tech Development Co., Ltd. -> ) C:\Program Files (x86)\EaseUS\ENS\AliyunWrapExe.exe
(C:\Program Files\AVAST Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(C:\Program Files\Elantech\ETDCtrl.exe ->) (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(C:\Program Files\Google\Drive File Stream\84.0.11.0\GoogleDriveFS.exe ->) (Google LLC -> ) C:\Program Files\Google\Drive File Stream\84.0.11.0\crashpad_handler.exe
(C:\Program Files\NordVPN\nordvpn-service.exe ->) (nordvpn s.a. -> The OpenVPN Project) C:\Program Files\NordVPN\7.15.6.0\Resources\Binaries\64bit\openvpn-nordvpn.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(explorer.exe ->) () [File not signed] C:\Users\Feri\AppData\Local\SmartGenius\resources\KeyboardDriver\SmartHID.exe
(explorer.exe ->) (AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(explorer.exe ->) (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(explorer.exe ->) (Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\84.0.11.0\GoogleDriveFS.exe <7>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5>
(explorer.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(explorer.exe ->) (nordvpn s.a. -> nordvpn S.A.) C:\Program Files\NordVPN\NordVPN.exe
(explorer.exe ->) (VLC Mobile Remote) [File not signed] C:\Program Files (x86)\VMR Connect\VMRHub.exe
(CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.0\bin\TrayPopupE\TrayTipAgentE.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <13>
(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(services.exe ->) (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(services.exe ->) (AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(services.exe ->) (CHENGDU YIWO Tech Development Co., Ltd. -> ) C:\Program Files (x86)\EaseUS\ENS\ensserver.exe
(services.exe ->) (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (nordvpn s.a. -> nordvpn S.A.) C:\Program Files\NordUpdater\NordUpdateService.exe
(services.exe ->) (nordvpn s.a. -> nordvpn S.A.) C:\Program Files\NordVPN\nordvpn-service.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_62bfdd1a54e22985\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Samsung Electronics Co., Ltd. -> Clonix & CottonCandy) C:\Program Files (x86)\Samsung\Samsung Magician\MigrationService\MigrationService.exe
(services.exe ->) (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagicianSVC.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2307.4.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(svchost.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(svchost.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Microsoft Windows Hardware Compatibility Publisher -> Pixart Imaging Inc)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3348712 2015-07-22] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [366488 2023-12-03] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [SmartGenius] => C:\Users\Feri\AppData\Local\SmartGenius\SmartGenius.exe [93723136 2019-10-26] (KYE SYSTEMS CORP. -> GitHub, Inc.)
HKLM\...\Run: [RunSmartForeFile] => C:\Users\Feri\AppData\Local\SmartGenius\resources\KeyboardDriver\SmartHIDStart.exe [524288 2019-10-16] () [File not signed]
HKLM\...\Run: [RunSmartHIDFile] => C:\Users\Feri\AppData\Local\SmartGenius\resources\KeyboardDriver\SmartHID.exe [815616 2019-10-16] () [File not signed]
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [4096992 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [5314096 2020-03-05] (Adobe Inc. -> Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-17] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [EaseUS Cleanup] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.0\bin\CleanUpUI.exe [1227456 2016-04-26] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU Yiwo Tech Development Co., Ltd.) [File not signed]
HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.0\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\84.0.11.0\GoogleDriveFS.exe [58391840 2023-12-04] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\84.0.11.0\GoogleDriveFS.exe [58391840 2023-12-04] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-1483115711-3560660982-2862343009-1001\...\Run: [VMR Connect] => C:\Program Files (x86)\VMR Connect\VMRHub.exe [221696 2023-02-03] (VLC Mobile Remote) [File not signed]
HKU\S-1-5-21-1483115711-3560660982-2862343009-1001\...\Run: [f.lux] => C:\Users\Feri\AppData\Local\FluxSoftware\Flux\flux.exe [1511824 2021-02-04] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-1483115711-3560660982-2862343009-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [365760 2020-04-10] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-1483115711-3560660982-2862343009-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [44529568 2023-11-21] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-1483115711-3560660982-2862343009-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\84.0.11.0\GoogleDriveFS.exe [58391840 2023-12-04] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-1483115711-3560660982-2862343009-1001\...\Run: [Disig Web Signer] => C:\Program Files (x86)\Disig\Web Signer\WebSignerTray.exe [254080 2021-02-04] (Disig a.s. -> Disig a.s.)
HKU\S-1-5-21-1483115711-3560660982-2862343009-1001\...\Run: [NordVPN] => C:\Program Files\NordVPN\NordVPN.exe [263256 2023-09-25] (nordvpn s.a. -> nordvpn S.A.)
HKU\S-1-5-21-1483115711-3560660982-2862343009-1001\...\Run: [MicrosoftEdgeAutoLaunch_936114D59439CCB60ADDCBF126B10BD5] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3788736 2023-12-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1483115711-3560660982-2862343009-1001\...\Run: [DQCIKCDACO] => C:\ProgramData\certlm.exe [498784 2023-12-09] (Adersoft -> Adersoft) <==== ATTENTION
HKU\S-1-5-21-1483115711-3560660982-2862343009-1001\...\MountPoints2: {0a4bdaee-6174-11ea-9d83-0862665357d3} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1483115711-3560660982-2862343009-1001\...\MountPoints2: {586e074b-fd09-11eb-9edc-0862665357d3} - "H:\HiSuiteDownLoader.exe"
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\84.0.11.0\GoogleDriveFS.exe [58391840 2023-12-04] (Google LLC -> Google, Inc.)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [65488 2020-03-05] (Adobe Inc. -> Adobe Systems Inc)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\119.0.6045.200\Installer\chrmstp.exe [2023-12-01] (Google LLC -> Google LLC)
Startup: C:\Users\Feri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\certlm.exe [2023-12-09] (Adersoft -> Adersoft)
Startup: C:\Users\Feri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\s.m3u - odkaz.lnk [2020-03-28]
ShortcutTarget: s.m3u - odkaz.lnk -> C:\Users\Feri\Desktop\s.m3u () [File not signed]
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {6DFC4A2F-A7BB-458C-BB68-568FD0F6BE97} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1566200 2023-09-20] (Adobe Inc. -> Adobe Inc.)
Task: {6ADB278B-FACB-4200-92A0-75C94B358BC8} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [4096992 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {F0B8E88C-C1D6-42B4-A250-EDE1CCFD1D33} - System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [4434400 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {94F54B93-9836-4EB0-B005-65B6AC17881C} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122008 2015-09-22] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {35E585C5-F06E-4414-90AE-23085F52808A} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122008 2015-09-22] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {FF791470-753F-4F9B-9DE3-5B755815DAF0} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [5043608 2023-12-03] (Avast Software s.r.o. -> AVAST Software)
Task: {D738D04C-3AE8-4DDF-A122-C379BF48FDD6} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2144664 2023-08-02] (Avast Software s.r.o. -> Avast Software)
Task: {829B4C91-4674-44FD-AAFD-EFD3FC7333D9} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2023-11-21] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {87898A05-5AD1-4A06-AA57-C64F345B3F57} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4703648 2023-11-21] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "59501efd-8594-4d70-8bbf-e8783ed2a29e" --version "6.18.10838" --silent
Task: {1F747F7A-22BF-4A60-A20A-A8E36721D8F3} - System32\Tasks\CCleanerSkipUAC - Feri => C:\Program Files\CCleaner\CCleaner.exe [37546912 2023-11-21] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {61BBB357-49CF-4897-8128-C12BC579B156} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-10-02] (Google Inc -> Google LLC)
Task: {6C387EDD-31C7-4A40-91C2-2B77DC97D2BA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-10-02] (Google Inc -> Google LLC)
Task: {2A74DC91-FFAB-445A-A27C-32E747AEEA77} - System32\Tasks\Meta\Messenger-WSP-Helper-S-1-5-21-1483115711-3560660982-2862343009-1001 => C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_2000.24.217.0_x64__8xx8rvfyw5nnt\app\MessengerHelper.exe [2265336 2023-12-01] (6E08453F-9BA7-4311-999C-D22FBA2FB1B8 -> Meta Platforms, Inc.)
Task: {D80985D2-2080-42C0-A2E7-9C716474950C} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28175336 2023-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {332E6DA7-FD5A-4EE9-ADEB-348A57D9A91B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28175336 2023-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {18D90D19-8F31-4D47-AB54-38E59E8B01F2} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [306624 2023-12-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {5D57A5C5-11C6-41AB-977E-742F0E38F3E8} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [306624 2023-12-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {5F79CCE9-77F6-4E97-BA66-3F5F66781656} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [169144 2023-12-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {546C50F8-E200-422C-BDC0-87C67A55C10F} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Refresh Group Policy Cache => {07369A67-07A6-4608-ABEA-379491CB7C46} C:\Windows\System32\UpdatePolicy.dll [251904 2023-11-15] (Microsoft Windows -> Microsoft Corporation)
Task: {A094AA8C-FC9A-48DD-B5A4-96AA56796AF4} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [674208 2023-11-30] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {B4704E0F-D55F-455B-8B2C-E85CBDE6CB2F} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [35232 2023-11-30] (Mozilla Corporation -> Mozilla Foundation)
Task: {FAD1BF8C-F33D-48B8-AC94-30E3D0255557} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2022-03-15] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {98F67499-2E30-4C4E-85B7-A15156882249} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3342376 2023-01-27] (Nvidia Corporation -> NVIDIA Corporation)
Task: {A83FFF7F-F7B2-429D-8BB1-777D0A1685AC} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649784 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3F74182A-2E62-4F83-A70E-CD0CF13E89E5} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {FBE56435-4994-4064-A8CD-E3BBBC4C7390} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {154EB26B-D525-4ED6-BFEC-C0C94AEC0C66} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6B7D4CB7-2DB8-4098-8F4B-913F7DE4D984} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B4BAAD94-55C1-4CAD-B89E-8CD4EE9EC067} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {79541E09-41B0-4F48-9646-A0B99C5D2767} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {937A4CB9-7D93-4BB8-A149-B46A38F54228} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1404656 2015-08-06] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {88E22AAA-0389-406C-871F-9406755106E4} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1404656 2015-08-06] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {69342EFD-5087-4034-BC42-406FB5C73AE9} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8520448 2015-08-06] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {E306D228-BE81-4399-8C68-8140E4C78D22} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [133905984 2023-03-10] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
Task: {A761E7ED-2151-43AB-92FA-616BDA6427A1} - System32\Tasks\Skype => C:\ProgramData\certlm.exe [498784 2023-12-09] (Adersoft -> Adersoft) <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 103.86.96.100 103.86.99.100
Tcpip\..\Interfaces\{6f55f6e8-747d-428b-abce-26cdf3d59c4c}: [DhcpNameServer] 103.86.96.100 103.86.99.100
Tcpip\..\Interfaces\{828f0c3a-62ae-4d8f-be48-e78a0a7c3f20}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\Feri\AppData\Local\Microsoft\Edge\User Data\Default [2023-12-09]
Edge Extension: (Dokumenty Google v režime offline) - C:\Users\Feri\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-10-07]
Edge Extension: (Edge relevant text changes) - C:\Users\Feri\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-10-07]

FireFox:
========
FF DefaultProfile: dnbb8nse.default
FF ProfilePath: C:\Users\Feri\AppData\Roaming\Mozilla\Firefox\Profiles\dnbb8nse.default [2019-09-21]
FF ProfilePath: C:\Users\Feri\AppData\Roaming\Mozilla\Firefox\Profiles\f7f9mbcn.default-release [2023-12-09]
FF Homepage: Mozilla\Firefox\Profiles\f7f9mbcn.default-release -> moz-extension://cb123bd1-5cb6-422c-9548-a17752b9e8ba/dial.html
FF HomepageOverride: Mozilla\Firefox\Profiles\f7f9mbcn.default-release -> Enabled: admin@fastaddons.com_GroupSpeedDial
FF NewTabOverride: Mozilla\Firefox\Profiles\f7f9mbcn.default-release -> Enabled: admin@fastaddons.com_GroupSpeedDial
FF NewTabOverride: Mozilla\Firefox\Profiles\f7f9mbcn.default-release -> Disabled: nordvpnproxy@nordvpn.com
FF NewTabOverride: Mozilla\Firefox\Profiles\f7f9mbcn.default-release -> Enabled: uBlock0@raymondhill.net
FF Extension: (Group Speed Dial) - C:\Users\Feri\AppData\Roaming\Mozilla\Firefox\Profiles\f7f9mbcn.default-release\Extensions\admin@fastaddons.com_GroupSpeedDial.xpi [2023-12-04]
FF Extension: (NordVPN - A VPN Proxy Extension for Firefox) - C:\Users\Feri\AppData\Roaming\Mozilla\Firefox\Profiles\f7f9mbcn.default-release\Extensions\nordvpnproxy@nordvpn.com.xpi [2023-11-30]
FF Extension: (Správca preberania (S3)) - C:\Users\Feri\AppData\Roaming\Mozilla\Firefox\Profiles\f7f9mbcn.default-release\Extensions\s3download@statusbar.xpi [2019-09-21]
FF Extension: (uBlock Origin) - C:\Users\Feri\AppData\Roaming\Mozilla\Firefox\Profiles\f7f9mbcn.default-release\Extensions\uBlock0@raymondhill.net.xpi [2023-11-28]
FF Extension: (Skip silence) - C:\Users\Feri\AppData\Roaming\Mozilla\Firefox\Profiles\f7f9mbcn.default-release\Extensions\{89595993-7775-4bd4-af57-44e57302d5ce}.xpi [2023-06-27]
FF Extension: (Video DownloadHelper) - C:\Users\Feri\AppData\Roaming\Mozilla\Firefox\Profiles\f7f9mbcn.default-release\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2023-08-27]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\Feri\AppData\Roaming\Mozilla\Firefox\Profiles\f7f9mbcn.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2023-06-21]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2020-03-05]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF HKU\S-1-5-21-1483115711-3560660982-2862343009-1001\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\Feri\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-12-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-07] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-07] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-07] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-07] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-07] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.19 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-07] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-07] (VideoLAN -> VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-01-23] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2020-10-24] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-10-24] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-12-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2020-03-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-01-23] (Adobe Systems Incorporated -> Adobe Systems)

Chrome:
=======
CHR Profile: C:\Users\Feri\AppData\Local\Google\Chrome\User Data\Default [2023-10-07]
CHR Extension: (Adobe Acrobat: nástroje na upravovanie, prevádzanie a podpisovanie súborov PDF) - C:\Users\Feri\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-10-07]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\Feri\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-10-07]
CHR Extension: (AdBlock - najlepší blokovač reklám) - C:\Users\Feri\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2023-10-07]
CHR Extension: (Spúšťač aplikácie pre Disk (od Googlu)) - C:\Users\Feri\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2023-10-07]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Feri\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-11-24]
CHR HKU\S-1-5-21-1483115711-3560660982-2862343009-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKU\S-1-5-21-1483115711-3560660982-2862343009-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-09-20] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [4555744 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [9003928 2023-12-03] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [735640 2023-12-03] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [1140120 2023-12-03] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [56912 2021-06-03] (Avast Software s.r.o. -> AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13233744 2023-11-14] (Microsoft Corporation -> Microsoft Corporation)
R2 CMigrationService; C:\Program Files (x86)\Samsung\Samsung Magician\MigrationService\MigrationService.exe [761408 2023-03-10] (Samsung Electronics Co., Ltd. -> Clonix & CottonCandy)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4507328 2020-04-10] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R2 EaseUS UPDATE SERVICE; C:\Program Files (x86)\EaseUS\ENS\ensserver.exe [26512 2022-11-16] (CHENGDU YIWO Tech Development Co., Ltd. -> )
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934352 2023-08-02] (Epic Games Inc. -> Epic Games, Inc.)
R2 NordUpdaterService; C:\Program Files\NordUpdater\NordUpdateService.exe [297848 2022-11-21] (nordvpn s.a. -> nordvpn S.A.)
R2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [263256 2023-09-25] (nordvpn s.a. -> nordvpn S.A.)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1271280 2023-10-31] (Rockstar Games, Inc. -> Rockstar Games)
R2 SamsungMagicianSVC; C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagicianSVC.exe [381504 2023-03-10] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_62bfdd1a54e22985\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_62bfdd1a54e22985\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [31528 2023-12-03] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [240688 2023-12-03] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [393904 2023-12-03] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [297984 2023-12-03] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [96072 2023-12-03] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [26616 2023-12-03] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [39752 2023-12-03] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [276856 2023-12-03] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [105352 2023-12-03] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [80528 2023-12-03] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [952856 2023-12-03] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [710144 2023-12-03] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [213296 2023-12-03] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [319672 2023-12-03] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 ATKWMIACPIIO; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [20096 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek Computer Inc.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2020-04-10] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [59360 2020-04-10] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [18016 2016-01-20] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10848 2016-01-20] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
R3 gFilterMouUsb; C:\WINDOWS\System32\drivers\gFilterMouUsb.sys [30576 2019-10-16] (KYE SYSTEMS CORP. -> KYE Systems Corp.)
R3 gKbdfltr; C:\WINDOWS\System32\drivers\gKbdfltr.sys [29576 2019-10-16] (KYE SYSTEMS CORP. -> )
R1 googledrivefs31357; C:\WINDOWS\System32\DriverStore\FileRepository\googledrivefs31357.inf_amd64_a8bf31a168cf7d00\googledrivefs31357.sys [384712 2023-10-30] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [32696 2020-11-19] (ASUSTek Computer Inc. -> ASUS)
R3 ioFakDrv; C:\WINDOWS\System32\drivers\ioFakDrv.sys [35928 2019-10-16] (KYE Systems Corp -> KYE System Corp.)
R3 ioFakMap; C:\WINDOWS\System32\drivers\ioFakMap.sys [24664 2019-10-16] (KYE Systems Corp -> KYE System Corp.)
R2 NDivert; C:\Program Files\NordVPN\7.15.6.0\Drivers\NDivert.sys [131472 2023-05-24] (nordvpn s.a. -> Nordvpn S.A.)
R1 nordlwf; C:\WINDOWS\system32\DRIVERS\nordlwf.sys [44928 2022-02-22] (nordvpn s.a. -> TEFINCOM S.A.)
R3 NvModuleTracker; C:\WINDOWS\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [45656 2022-07-14] (Nvidia Corporation -> NVIDIA Corporation)
R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [49744 2022-06-29] (nordvpn s.a. -> The OpenVPN Project)
R3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2012-12-19] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 uvhid; C:\WINDOWS\System32\drivers\uvhid.sys [28128 2019-08-04] (Unified Intents AB -> Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 wintun; C:\WINDOWS\System32\drivers\wintun.sys [29592 2022-09-30] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S3 WireGuard; C:\WINDOWS\System32\drivers\wireguard.sys [489368 2023-03-19] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

Error Reading file: "C:\Users\Public\Microsoft Edge.exe"
Error Reading file: "C:\ProgramData\start_ergo.bat"
Error Reading file: "C:\ProgramData\readme_zh.md"
Error Reading file: "C:\ProgramData\readme.md"
Error Reading file: "C:\ProgramData\nbminer.exe"
Error Reading file: "C:\ProgramData\info.exe"
2023-12-09 09:42 - 2023-12-09 09:43 - 000039008 _____ C:\Users\Feri\Desktop\FRST.txt
2023-12-09 09:41 - 2023-12-09 09:41 - 002384896 _____ (Farbar) C:\Users\Feri\Desktop\FRST64.exe
2023-12-09 09:35 - 2023-12-09 09:35 - 008791352 _____ (Malwarebytes) C:\Users\Feri\Downloads\AdwCleaner.exe
2023-12-09 08:45 - 2023-12-09 09:35 - 000000000 ____D C:\Users\Feri\Desktop\videaniko
2023-12-09 08:41 - 2023-12-09 08:41 - 000001412 _____ C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2023-12-09 08:41 - 2023-12-09 08:41 - 000001379 _____ C:\Users\Public\Desktop\Free YouTube Download.lnk
2023-12-09 08:41 - 2023-12-09 08:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2023-12-09 08:40 - 2023-12-09 09:35 - 000000000 ____D C:\Users\Feri\AppData\Roaming\DVDVideoSoft
2023-12-09 08:40 - 2023-12-09 08:41 - 000000000 ____D C:\Program Files (x86)\FreeCodecPack
2023-12-09 08:40 - 2023-12-09 08:41 - 000000000 ____D C:\Program Files (x86)\DVDVideoSoft
2023-12-09 08:36 - 2023-12-09 08:36 - 000498784 _____ (Adersoft) C:\ProgramData\certlm.exe
2023-12-09 08:36 - 2023-12-09 08:36 - 000003520 _____ C:\WINDOWS\system32\Tasks\Skype
2023-12-09 08:36 - 2021-08-23 01:34 - 000000122 _____ C:\ProgramData\S.bat
2023-12-09 08:36 - 2021-08-20 13:37 - 000000078 _____ C:\ProgramData\nbminer.exe.sha256
2023-12-09 08:36 - 2021-06-11 15:12 - 000000120 _____ C:\ProgramData\start_etc.bat
2023-12-09 08:36 - 2020-11-26 16:16 - 000000142 _____ C:\ProgramData\start_beam.bat
2023-12-09 08:36 - 2020-11-26 16:16 - 000000116 _____ C:\ProgramData\start_eth.bat
2023-12-09 08:36 - 2020-11-26 16:16 - 000000115 _____ C:\ProgramData\start_conflux.bat
2023-12-09 08:36 - 2020-05-13 03:56 - 000000106 _____ C:\ProgramData\start_rvn.bat
2023-12-09 08:36 - 2020-04-20 07:33 - 000000077 _____ C:\ProgramData\driver_uninstall.bat
2023-12-09 08:36 - 2020-04-20 07:33 - 000000075 _____ C:\ProgramData\driver_install.bat
2023-12-09 08:36 - 2019-11-07 12:51 - 000000204 _____ C:\ProgramData\start_sero.bat
2023-12-09 08:36 - 2019-11-07 12:51 - 000000148 _____ C:\ProgramData\modify_tdr_delay.reg
2023-12-09 08:36 - 2019-11-07 12:51 - 000000127 _____ C:\ProgramData\start_ae.bat
2023-12-09 08:36 - 2019-11-07 12:51 - 000000107 _____ C:\ProgramData\open_web_monitor.url
2023-12-09 08:36 - 2019-11-07 12:51 - 000000022 _____ C:\ProgramData\start_config.bat
2023-12-09 08:35 - 2023-12-09 08:35 - 000000000 ____D C:\Users\Feri\AppData\Roaming\Key
2023-12-09 08:35 - 2023-12-09 08:35 - 000000000 ____D C:\ProgramData\Test9
2023-12-09 08:35 - 2023-12-09 08:35 - 000000000 ____D C:\ProgramData\Test8
2023-12-09 08:35 - 2023-12-09 08:35 - 000000000 ____D C:\ProgramData\Test7
2023-12-09 08:35 - 2023-12-09 08:35 - 000000000 ____D C:\ProgramData\Test6
2023-12-09 08:35 - 2023-12-09 08:35 - 000000000 ____D C:\ProgramData\Test5
2023-12-09 08:35 - 2023-12-09 08:35 - 000000000 ____D C:\ProgramData\Test4
2023-12-09 08:35 - 2023-12-09 08:35 - 000000000 ____D C:\ProgramData\Test3
2023-12-09 08:35 - 2023-12-09 08:35 - 000000000 ____D C:\ProgramData\Test2
2023-12-09 08:35 - 2023-12-09 08:35 - 000000000 ____D C:\ProgramData\Test17
2023-12-09 08:35 - 2023-12-09 08:35 - 000000000 ____D C:\ProgramData\Test16
2023-12-09 08:35 - 2023-12-09 08:35 - 000000000 ____D C:\ProgramData\Test15
2023-12-09 08:35 - 2023-12-09 08:35 - 000000000 ____D C:\ProgramData\Test14
2023-12-09 08:35 - 2023-12-09 08:35 - 000000000 ____D C:\ProgramData\Test13
2023-12-09 08:35 - 2023-12-09 08:35 - 000000000 ____D C:\ProgramData\Test12
2023-12-09 08:35 - 2023-12-09 08:35 - 000000000 ____D C:\ProgramData\Test11
2023-12-09 08:35 - 2023-12-09 08:35 - 000000000 ____D C:\ProgramData\Test10
2023-12-09 08:35 - 2023-12-09 08:35 - 000000000 ____D C:\ProgramData\Test1
2023-12-09 08:35 - 2023-12-09 08:35 - 000000000 ____D C:\ProgramData\player9
2023-12-09 08:35 - 2023-12-09 08:35 - 000000000 ____D C:\ProgramData\player8
2023-12-09 08:35 - 2023-12-09 08:35 - 000000000 ____D C:\ProgramData\player7
2023-12-09 08:35 - 2023-12-09 08:35 - 000000000 ____D C:\ProgramData\player6
2023-12-09 08:35 - 2023-12-09 08:35 - 000000000 ____D C:\ProgramData\player5
2023-12-09 08:35 - 2023-12-09 08:35 - 000000000 ____D C:\ProgramData\player4
2023-12-09 08:35 - 2023-12-09 08:35 - 000000000 ____D C:\ProgramData\player3
2023-12-09 08:35 - 2023-12-09 08:35 - 000000000 ____D C:\ProgramData\player2
2023-12-09 08:35 - 2023-12-09 08:35 - 000000000 ____D C:\ProgramData\player17
2023-12-09 08:35 - 2023-12-09 08:35 - 000000000 ____D C:\ProgramData\player16
2023-12-09 08:35 - 2023-12-09 08:35 - 000000000 ____D C:\ProgramData\player15
2023-12-09 08:35 - 2023-12-09 08:35 - 000000000 ____D C:\ProgramData\player14
2023-12-09 08:35 - 2023-12-09 08:35 - 000000000 ____D C:\ProgramData\player13
2023-12-09 08:35 - 2023-12-09 08:35 - 000000000 ____D C:\ProgramData\player12
2023-12-09 08:35 - 2023-12-09 08:35 - 000000000 ____D C:\ProgramData\player11
2023-12-09 08:35 - 2023-12-09 08:35 - 000000000 ____D C:\ProgramData\player10
2023-12-09 08:35 - 2023-12-09 08:35 - 000000000 ____D C:\ProgramData\player1
2023-12-09 08:35 - 2023-12-09 08:35 - 000000000 ____D C:\ProgramData\player
2023-12-09 08:32 - 2023-12-09 08:32 - 000012183 _____ C:\Users\Feri\Downloads\[SkT]Free_YouTube_Download_Premium_4.3.90.317_(x86).torrent
2023-12-09 08:30 - 2023-12-09 08:30 - 000019003 _____ C:\Users\Feri\Downloads\[SkT]YouTube_By_Click_2.3.2_[Full].torrent
2023-12-06 17:11 - 2023-12-06 17:11 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2023-12-03 09:28 - 2023-12-03 09:28 - 000313240 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2023-11-30 16:20 - 2023-12-09 09:37 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-11-22 17:27 - 2023-11-22 17:27 - 000015177 _____ C:\Users\Feri\Downloads\[SkT][Jackerman]_Mother's_Warmth_Chapter_2_(ENG).torrent
2023-11-18 15:42 - 2023-11-18 15:42 - 000020139 _____ C:\Users\Feri\Downloads\[SkT]ONEMANSHOW The Movie (CZ)(2023)(1080p)(WEB-DL) = CSFD 50%.torrent
2023-11-15 06:08 - 2023-11-15 06:08 - 000000000 ___HD C:\$WinREAgent
2023-11-10 17:58 - 2023-11-10 17:58 - 000023017 _____ C:\Users\Feri\Downloads\[SkT]Zabiják _ The Killer (2023)(CZ_EN)[WebRip][1080p] = CSFD 76%.torrent
2023-11-10 17:53 - 2023-11-10 17:53 - 000244792 _____ C:\Users\Feri\Downloads\[SkT]Loki S02E06 (CZ_SK_EN)[WEB-DL][1080p] = CSFD 80%.torrent
2023-11-09 18:55 - 2023-11-09 18:55 - 000012629 _____ C:\Users\Feri\Downloads\[SkT] Oppenheimer (2023)(CZ)[1080p] = CSFD 86%.torrent
2023-11-09 06:35 - 2023-11-09 06:35 - 000112484 _____ C:\Users\Feri\Downloads\[SkT]Letuska _ The Flight Attendant - 2. serie (CZ_EN)[Webrip][1080p] = CSFD 67%.torrent

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-12-09 09:44 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2023-12-09 09:43 - 2020-03-28 14:13 - 000000000 ____D C:\FRST
2023-12-09 09:40 - 2022-02-08 17:39 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-12-09 09:39 - 2021-12-15 18:25 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-12-09 09:39 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-12-09 09:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-12-09 09:39 - 2019-10-02 17:43 - 000000000 ____D C:\Program Files (x86)\Google
2023-12-09 09:38 - 2022-11-09 19:31 - 000003382 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2023-12-09 09:38 - 2022-11-09 19:31 - 000000666 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2023-12-09 09:38 - 2020-11-01 08:46 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2023-12-09 09:38 - 2020-05-21 19:27 - 000000000 ____D C:\Program Files\CCleaner
2023-12-09 09:38 - 2019-09-21 11:06 - 000000000 ____D C:\Users\Feri\AppData\Local\CrashDumps
2023-12-09 09:37 - 2022-09-30 22:08 - 000000000 ____D C:\Users\Feri\AppData\Local\NordVPN
2023-12-09 09:37 - 2020-11-01 08:46 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-12-09 09:37 - 2020-11-01 08:40 - 000008192 ___SH C:\DumpStack.log.tmp
2023-12-09 09:37 - 2020-04-12 16:50 - 000000000 ___RD C:\Users\Feri\Disk Google
2023-12-09 09:37 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-12-09 09:37 - 2019-09-21 11:01 - 000000000 ____D C:\ProgramData\AVAST Software
2023-12-09 09:37 - 2019-09-21 10:54 - 000000000 ____D C:\Users\Feri\AppData\Roaming\vlc
2023-12-09 09:37 - 2019-09-21 10:35 - 000000000 ____D C:\ProgramData\NVIDIA
2023-12-09 09:37 - 2019-09-21 10:32 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-12-09 09:36 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2023-12-09 09:13 - 2021-06-07 05:21 - 000000000 ____D C:\Users\Feri\AppData\Local\Avast Software
2023-12-09 09:05 - 2019-09-21 10:25 - 000000000 ___SD C:\Users\Feri\AppData\Roaming\Microsoft\Credentials
2023-12-09 08:57 - 2019-09-21 11:05 - 000000000 ____D C:\Users\Feri\AppData\Roaming\uTorrent
2023-12-09 08:35 - 2022-06-25 08:58 - 000000000 ____D C:\Users\Feri\AppData\Roaming\ByClick
2023-12-09 08:29 - 2020-11-01 08:40 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-12-09 08:05 - 2020-05-10 14:10 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2023-12-09 08:04 - 2020-06-10 05:31 - 000002444 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-12-08 20:52 - 2022-09-30 22:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordSec
2023-12-08 20:52 - 2022-09-30 22:08 - 000000000 ____D C:\Program Files\NordVPN
2023-12-07 05:52 - 2020-11-01 08:46 - 000003752 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2023-12-07 05:52 - 2020-11-01 08:46 - 000003628 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2023-12-06 17:13 - 2020-02-24 19:53 - 000000000 ____D C:\Program Files\Microsoft Office
2023-12-06 17:13 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2023-12-05 19:05 - 2023-08-02 15:40 - 000003530 _____ C:\WINDOWS\system32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0
2023-12-05 19:05 - 2020-11-01 08:46 - 000003506 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2023-12-04 05:56 - 2021-09-03 18:34 - 000002173 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2023-12-04 05:56 - 2021-09-03 18:34 - 000002008 _____ C:\Users\Default\Desktop\Google Slides.lnk
2023-12-04 05:56 - 2021-09-03 18:34 - 000002008 _____ C:\Users\Default\Desktop\Google Sheets.lnk
2023-12-04 05:56 - 2021-09-03 18:34 - 000001996 _____ C:\Users\Default\Desktop\Google Docs.lnk
2023-12-03 09:28 - 2022-10-12 14:55 - 000026616 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2023-12-03 09:28 - 2020-11-01 08:46 - 000003990 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2023-12-03 09:28 - 2020-10-23 17:06 - 000276856 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2023-12-03 09:28 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2023-12-03 09:28 - 2019-09-21 11:02 - 000952856 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2023-12-03 09:28 - 2019-09-21 11:02 - 000710144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2023-12-03 09:28 - 2019-09-21 11:02 - 000393904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2023-12-03 09:28 - 2019-09-21 11:02 - 000319672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2023-12-03 09:28 - 2019-09-21 11:02 - 000297984 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2023-12-03 09:28 - 2019-09-21 11:02 - 000240688 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2023-12-03 09:28 - 2019-09-21 11:02 - 000105352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2023-12-03 09:28 - 2019-09-21 11:02 - 000096072 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2023-12-03 09:28 - 2019-09-21 11:02 - 000080528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2023-12-03 09:28 - 2019-09-21 11:02 - 000039752 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2023-12-03 09:28 - 2019-09-21 11:02 - 000031528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2023-12-02 09:08 - 2019-09-21 12:20 - 000000000 ____D C:\Users\Feri\AppData\Local\D3DSCache
2023-12-02 08:20 - 2020-03-14 13:47 - 000000000 ____D C:\Users\Feri\AppData\Roaming\Microsoft\Excel
2023-12-01 05:58 - 2019-10-02 17:43 - 000002313 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-11-30 16:51 - 2019-09-21 10:32 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-11-15 06:32 - 2020-11-01 08:50 - 000904218 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-11-15 06:32 - 2020-02-27 17:25 - 000065100 _____ C:\WINDOWS\system32\perfh01B.dat
2023-11-15 06:32 - 2020-02-27 17:25 - 000016828 _____ C:\WINDOWS\system32\perfc01B.dat
2023-11-15 06:28 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-11-15 06:25 - 2020-11-01 08:40 - 000310528 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-11-15 06:23 - 2019-12-07 15:39 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2023-11-15 06:23 - 2019-12-07 15:39 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2023-11-15 06:23 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2023-11-15 06:23 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2023-11-15 06:23 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2023-11-15 06:23 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2023-11-15 06:23 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2023-11-15 06:23 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2023-11-15 06:23 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2023-11-15 06:23 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2023-11-15 06:23 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2023-11-15 06:23 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2023-11-15 06:23 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2023-11-15 06:23 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2023-11-15 06:23 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2023-11-15 06:23 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2023-11-15 06:23 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2023-11-15 06:23 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2023-11-15 06:23 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2023-11-15 06:23 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2023-11-15 06:23 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2023-11-15 06:23 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2023-11-15 06:23 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2023-11-15 06:23 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2023-11-15 06:23 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2023-11-15 06:23 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2023-11-15 06:23 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2023-11-15 06:23 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2023-11-15 06:23 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-11-15 06:23 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2023-11-15 06:23 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2023-11-15 06:23 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2023-11-15 06:23 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2023-11-15 06:23 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2023-11-15 06:23 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2023-11-15 06:23 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Com
2023-11-15 06:23 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2023-11-15 06:23 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2023-11-15 06:23 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2023-11-15 06:23 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2023-11-15 06:23 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning
2023-11-15 06:23 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\IME
2023-11-15 06:23 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-11-15 06:23 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2023-11-15 06:23 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System
2023-11-15 06:23 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2023-11-15 06:23 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2023-11-15 06:21 - 2019-12-07 15:39 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2023-11-15 06:21 - 2019-12-07 10:15 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2023-11-15 06:21 - 2019-12-07 10:14 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2023-11-15 06:21 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-11-15 06:14 - 2020-11-01 08:43 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-11-15 06:07 - 2019-09-21 12:46 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-11-15 06:04 - 2019-09-21 12:46 - 182871392 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-11-10 17:42 - 2020-02-24 19:57 - 000000000 ____D C:\Users\Feri\AppData\Roaming\Microsoft\Word
2023-11-10 06:05 - 2020-08-21 14:41 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools

==================== Files in the root of some directories ========

2020-08-12 17:58 - 2020-08-12 17:58 - 000000000 ____D () C:\ProgramData\BatteryOptimizer.exe
2023-12-09 08:36 - 2023-12-09 08:36 - 000498784 _____ (Adersoft) C:\ProgramData\certlm.exe
2023-12-09 08:36 - 2020-04-20 07:33 - 000000075 _____ () C:\ProgramData\driver_install.bat
2023-12-09 08:36 - 2020-04-20 07:33 - 000000077 _____ () C:\ProgramData\driver_uninstall.bat
2023-12-09 08:36 - 2019-11-07 12:51 - 000000148 _____ () C:\ProgramData\modify_tdr_delay.reg
2023-12-09 08:36 - 2021-08-23 01:34 - 000000122 _____ () C:\ProgramData\S.bat
2023-12-09 08:36 - 2019-11-07 12:51 - 000000127 _____ () C:\ProgramData\start_ae.bat
2023-12-09 08:36 - 2020-11-26 16:16 - 000000142 _____ () C:\ProgramData\start_beam.bat
2023-12-09 08:36 - 2019-11-07 12:51 - 000000022 _____ () C:\ProgramData\start_config.bat
2023-12-09 08:36 - 2020-11-26 16:16 - 000000115 _____ () C:\ProgramData\start_conflux.bat
2023-12-09 08:36 - 2021-06-11 15:12 - 000000120 _____ () C:\ProgramData\start_etc.bat
2023-12-09 08:36 - 2020-11-26 16:16 - 000000116 _____ () C:\ProgramData\start_eth.bat
2023-12-09 08:36 - 2020-05-13 03:56 - 000000106 _____ () C:\ProgramData\start_rvn.bat
2023-12-09 08:36 - 2019-11-07 12:51 - 000000204 _____ () C:\ProgramData\start_sero.bat
2020-04-10 07:36 - 2002-08-29 18:33 - 000319488 ____R () C:\Users\Feri\AppData\Roaming\MafiaSetup.exe
2020-05-10 20:02 - 2020-05-10 20:02 - 000000000 _____ () C:\Users\Feri\AppData\Local\oobelibMkey.log
2019-12-16 20:55 - 2022-12-02 06:28 - 000007603 _____ () C:\Users\Feri\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Re: vbsedit script launcher

Napsal: 09 pro 2023 09:50
od Dabol
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-12-2023
Ran by Feri (09-12-2023 09:46:01)
Running from C:\Users\Feri\Desktop
Microsoft Windows 10 Home Version 22H2 19045.3693 (X64) (2020-11-01 07:46:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1483115711-3560660982-2862343009-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1483115711-3560660982-2862343009-503 - Limited - Disabled)
Feri (S-1-5-21-1483115711-3560660982-2862343009-1001 - Administrator - Enabled) => C:\Users\Feri
Guest (S-1-5-21-1483115711-3560660982-2862343009-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1483115711-3560660982-2862343009-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 20.006.20042 - Adobe Systems Incorporated)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 8.4.0.63 - Adobe Inc.)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601053}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Aiseesoft Data Recovery 1.6.8 (HKLM-x32\...\{E67DD0BA-233F-4EA9-B010-9B0A3D58F690}_is1) (Version: 1.6.8 - Aiseesoft Studio)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0050 - ASUS)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 23.11.6090 - Avast Software)
Balík softvéru eID (HKLM-x32\...\{b0b6d0ff-6512-432a-b667-742f673bbc68}) (Version: 1.0.0.0 - Ministerstvo vnútra Slovenskej republiky) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 6.18 - Piriform)
Core Temp 1.16 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.16 - ALCPU)
Counter-Strike 1.6 (HKU\S-1-5-21-1483115711-3560660982-2862343009-1001\...\Counter-Strike 1.6) (Version: - )
CPUID CPU-Z 1.94 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.94 - CPUID, Inc.)
CrystalDiskInfo 8.4.2 (HKLM\...\CrystalDiskInfo_is1) (Version: 8.4.2 - Crystal Dew World)
CrystalDiskMark 7.0.0h (HKLM\...\CrystalDiskMark7_is1) (Version: 7.0.0h - Crystal Dew World)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.12.0.1184 - Disc Soft Ltd)
Disig Web Signer (HKLM-x32\...\{41C0F02D-2389-4AB5-975C-C2363E7C554C}) (Version: 2.0.7 - Disig)
Duplicate Cleaner Pro 4.1.2 (HKLM-x32\...\Duplicate Cleaner Pro) (Version: 4.1.2 - DigitalVolcano Software Ltd)
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS)
EaseUS Partition Master 11.0 Trial Edition (HKLM-x32\...\EaseUS Partition Master Trial Edition_is1) (Version: - EaseUS)
eID Klient (HKLM-x32\...\{76B43494-AB68-4271-92BA-033B0DBAFD59}) (Version: 4.6.0 - MV SR)
ELAN Touchpad 11.5.20.3_X64_WHQL (HKLM\...\Elantech) (Version: 11.5.20.3 - ELAN Microelectronic Corp.)
Epic Games Launcher (HKLM-x32\...\{DCE27B29-200D-491A-BBC5-98ECEFEC0843}) (Version: 1.1.257.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{57A956AB-4BCC-45C6-9B40-957E4E125568}) (Version: 2.0.44.0 - Epic Games, Inc.)
f.lux (HKU\S-1-5-21-1483115711-3560660982-2862343009-1001\...\Flux) (Version: - f.lux Software LLC)
FIFA 19 (HKLM-x32\...\{3391E07D-8484-4124-817E-FCBDA859FD62}) (Version: 1.0.58.64628 - Electronic Arts)
Fraps (HKLM-x32\...\Fraps) (Version: - )
Free YouTube Download (HKLM-x32\...\Free YouTube Download_is1) (Version: 4.3.90.417 - Digital Wave Ltd)
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 84.0.11.0 - Google LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 119.0.6045.200 - Google LLC)
iMazing Converter 2.0.9.0 (HKLM\...\{907AAA47-68DC-4FB3-A50E-E69A8994D2B0}_is1) (Version: 2.0.9.0 - DigiDNA)
Java 8 Update 271 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 1.6.5073.106 - Waves Audio Ltd.) Hidden
MediaHuman YouTube to MP3 Converter 3.9.9.86 (HKLM-x32\...\MediaHuman YouTube to MP3 Converter_is1) (Version: 3.9.9.86 - MediaHuman)
Microsoft .NET Host - 6.0.19 (x64) (HKLM\...\{66CBA69D-480E-4879-8498-3279A1C548BB}) (Version: 48.79.63142 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.19 (x64) (HKLM\...\{72A2E084-E9B7-4E0A-BDF2-6E5A429E40F3}) (Version: 48.79.63142 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.19 (x64) (HKLM\...\{3CC763AD-93B3-41EF-ABF8-CFE63A1DC3A6}) (Version: 48.79.63142 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 120.0.2210.61 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 119.0.2151.97 - Microsoft Corporation)
Microsoft Office Standard 2019 - sk-sk (HKLM\...\Standard2019Retail - sk-sk) (Version: 16.0.17029.20068 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-1483115711-3560660982-2862343009-1001\...\Teams) (Version: 1.4.00.2781 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30139 (HKLM-x32\...\{2c673fb6-3e65-4751-965d-33d30b68a8a6}) (Version: 14.29.30139.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.29.30139 (HKLM\...\{7F4A9F52-173F-4B0D-B1EA-269C32EDA827}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.29.30139 (HKLM\...\{A6D3F752-BF11-4D7C-B19C-F6F96A35CF50}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.23.27820 (HKLM-x32\...\{86BE78D9-65A1-4E69-86F8-C1F5281F8553}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.23.27820 (HKLM-x32\...\{00AC3934-26B4-406E-807C-1692AC7329EC}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.19 (x64) (HKLM\...\{FCBEAAD5-3ADE-4A2C-B176-2C2346ED007F}) (Version: 48.79.63137 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.19 (x64) (HKLM-x32\...\{9a14ddc6-3a4a-420b-a304-ae5cf6579d20}) (Version: 6.0.19.32618 - Microsoft Corporation)
Mozilla Firefox (x64 sk) (HKLM\...\Mozilla Firefox 120.0.1 (x64 sk)) (Version: 120.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 69.0.1 - Mozilla)
NordUpdater (HKLM\...\{6E35DB82-3D19-4DD6-B8CB-F082815FDE18}_is1) (Version: 1.4.0.132 - Nord Security)
NordVPN (HKLM\...\{19465C24-3D5D-4327-B99F-3CC0A1D38151}_is1) (Version: 7.15.6.0 - Nord Security)
NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
NVIDIA FrameView SDK 1.3.8513.32290073 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8513.32290073 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.27.0.112 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.27.0.112 - NVIDIA Corporation)
NVIDIA Grafický ovládač 545.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 545.92 - NVIDIA Corporation)
NVIDIA Ovládač zvuku HD 1.3.40.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.40.14 - NVIDIA Corporation)
NVIDIA Softvér systému s podporou technológie PhysX 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.17029.20000 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17029.20068 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7576 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.80.1666 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.2.2.2 - Rockstar Games)
RuneScape Launcher 2.2.6 (HKLM\...\RuneScape Launcher_is1) (Version: 2.2.6 - Jagex Ltd)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 7.3.0.1100 - Samsung Electronics)
SmartGenius (HKLM\...\{F96B1114-82A6-4348-8A84-8FD4E9D99F3B}_is1) (Version: 1.7.0.1 - KYE Systems Corp.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Topaz Gigapixel AI (HKU\S-1-5-21-1483115711-3560660982-2862343009-1001\...\{f1ad3029-e22f-4200-ab32-96e64d699996}) (Version: 4.0.3t - Topaz Labs, LLC)
Trezor Suite 23.11.5 (HKU\S-1-5-21-1483115711-3560660982-2862343009-1001\...\978be57b-9286-5cd7-a60b-54c81352a986) (Version: 23.11.5 - SatoshiLabs)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{7B63012A-4AC6-40C6-B6AF-B24A84359DD5}) (Version: 8.93.0.0 - Microsoft Corporation)
VdhCoApp 1.6.3 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.19 - VideoLAN)
VMR Connect version 1.3.8.0 (HKLM-x32\...\{A3135D26-0857-4E51-A491-B4CEDF9B1A2C}_is1) (Version: 1.3.8.0 - VLC Mobile Remote)
WinDirStat 1.1.2 (HKU\S-1-5-21-1483115711-3560660982-2862343009-1001\...\WinDirStat) (Version: - )
Windows Kontrola stavu počítača (HKLM\...\{8D6B9DC1-A437-41E0-8DF1-9F37748394AE}) (Version: 3.6.2204.08001 - Microsoft Corporation)

Packages:
=========
Doplnok mediálneho nástroja pre Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2023-05-19] (Microsoft Corporation)
Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_2000.24.217.0_x64__8xx8rvfyw5nnt [2023-12-01] (Meta) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-06-08] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-06-08] (Microsoft Corporation) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2023-10-28] (NVIDIA Corp.)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.18.11020.0_x64__8wekyb3d8bbwe [2023-11-07] (Microsoft Studios) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1483115711-3560660982-2862343009-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Feri\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1483115711-3560660982-2862343009-1001_Classes\CLSID\{1a46400f-4c81-802a-c2c1-1e9a687a9340}\localserver32 -> "C:\Program Files\HandBrake\HandBrake.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-1483115711-3560660982-2862343009-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Feri\AppData\Local\Microsoft\OneDrive\20.064.0329.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1483115711-3560660982-2862343009-1001_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> "C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-1483115711-3560660982-2862343009-1001_Classes\CLSID\{4e6f7264-5650-4e00-0000-000000000000}\localserver32 -> C:\Program Files\NordVPN\NordVPN.exe (nordvpn s.a. -> nordvpn S.A.)
CustomCLSID: HKU\S-1-5-21-1483115711-3560660982-2862343009-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Feri\AppData\Local\Microsoft\OneDrive\20.064.0329.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1483115711-3560660982-2862343009-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Feri\AppData\Local\Microsoft\OneDrive\20.064.0329.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1483115711-3560660982-2862343009-1001_Classes\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\localserver32 -> C:\Users\Feri\AppData\Local\Microsoft\OneDrive\20.064.0329.0008\FileCoAuth.exe => No File
CustomCLSID: HKU\S-1-5-21-1483115711-3560660982-2862343009-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Feri\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1483115711-3560660982-2862343009-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\Feri\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Feri\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Feri\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Feri\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\84.0.11.0\drivefsext.dll [2023-12-04] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\84.0.11.0\drivefsext.dll [2023-12-04] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\84.0.11.0\drivefsext.dll [2023-12-04] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\84.0.11.0\drivefsext.dll [2023-12-04] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2023-12-03] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2023-12-03] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2020-03-05] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2023-12-03] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\84.0.11.0\drivefsext.dll [2023-12-04] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Feri\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2020-04-10] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Feri\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2023-12-03] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2020-04-10] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Feri\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\84.0.11.0\drivefsext.dll [2023-12-04] (Google LLC -> Google, Inc.)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Feri\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\84.0.11.0\drivefsext.dll [2023-12-04] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_62bfdd1a54e22985\nvshext.dll [2023-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2020-03-05] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2023-12-03] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [Fast Explorer] -> {693BE9C0-BEC3-11D2-B4C1-C33BBD3AD64B} => -> No File

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\system32\frapsv64.dll [105984 2019-08-30] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [94208 2019-08-30] (Beepa P/L) [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Feri\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) =============

2015-03-17 00:34 - 2015-03-17 00:34 - 000010240 _____ () [File not signed] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\locale\sk_sk\acrotray.sky
2023-06-20 15:49 - 2014-02-13 14:27 - 000113166 _____ () [File not signed] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.0\bin\TrayPopupE\zlib1.dll
2020-03-05 23:11 - 2020-03-05 23:11 - 000021504 _____ (Adobe Systems Inc.) [File not signed] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\locale\sk_sk\Acrobat Elements\ContextMenuShim64.sky
2023-06-20 15:49 - 2014-02-13 14:27 - 000275528 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.0\bin\TrayPopupE\libcurl.dll
2023-06-20 15:49 - 2014-02-13 14:27 - 000222792 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.0\bin\TrayPopupE\traynet.dll
2023-06-20 15:49 - 2014-02-13 14:27 - 000249928 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.0\bin\TrayPopupE\uexper.dll
2023-09-05 16:08 - 2022-10-08 08:43 - 000021672 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\ENS\fsclog.dll
2019-09-21 11:11 - 2019-02-21 17:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-03-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-03-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-12-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\ssv.dll [2020-10-24] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-03-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\jp2ssv.dll [2020-10-24] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-03-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-03-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-03-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-12-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-12-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-12-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-12-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-12-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-12-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-12-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-12-06] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 05:49 - 2023-09-05 16:09 - 000002895 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 www.youtubedownloadersite.com
109.94.209.70 fitgirlrepacks.in # Fake FitGirl site
109.94.209.70 www.fitgirlrepacks.in # Fake FitGirl site
109.94.209.70 fitgirlrepacks.co # Fake FitGirl site
109.94.209.70 fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70 fitgirl-repacks.to # Fake FitGirl site
109.94.209.70 fitgirl-repack.com # Fake FitGirl site
109.94.209.70 fitgirl-repacks.website # Fake FitGirl site
109.94.209.70 fitgirlrepack.games # Fake FitGirl site
109.94.209.70 www.fitgirlrepacks.co # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.to # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.com # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.website # Fake FitGirl site
109.94.209.70 ww9.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 www.fitgirlrepack.games # Fake FitGirl site
109.94.209.70 *.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirl-repack.net # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.net # Fake FitGirl site
109.94.209.70 fitgirlpack.site # Fake FitGirl site
109.94.209.70 www.fitgirlpack.site # Fake FitGirl site
127.0.0.1 easeus.com
127.0.0.1 www.easeus.com
127.0.0.1 activation.easeus.com
127.0.0.1 easeus.com.cn
127.0.0.1 www.easeus.com.cn
127.0.0.1 track.easeus.com
127.0.0.1 track.easeus.com.cn
127.0.0.1 api.easeus.com

2023-10-06 18:57 - 2023-10-06 19:01 - 000000568 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\eID_klient\;C:\Program Files\dotnet\
HKU\S-1-5-21-1483115711-3560660982-2862343009-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Feri\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\Tapeta programu Windows Photo Viewer.jpg
DNS Servers: 103.86.96.100 - 103.86.99.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.

Network Binding:
=============
Wi-Fi: NordVPN LightWeight Firewall -> NordLwf (enabled)
Ethernet 2: NordVPN LightWeight Firewall -> NordLwf (enabled)
Ethernet: NordVPN LightWeight Firewall -> NordLwf (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "Web Signer.lnk"
HKLM\...\StartupApproved\Run: => "SmartGenius"
HKLM\...\StartupApproved\Run32: => "EaseUS Cleanup"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-1483115711-3560660982-2862343009-1001\...\StartupApproved\Run: => "DU Meter"
HKU\S-1-5-21-1483115711-3560660982-2862343009-1001\...\StartupApproved\Run: => "f.lux"
HKU\S-1-5-21-1483115711-3560660982-2862343009-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-1483115711-3560660982-2862343009-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-1483115711-3560660982-2862343009-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-1483115711-3560660982-2862343009-1001\...\StartupApproved\Run: => "AceStream"
HKU\S-1-5-21-1483115711-3560660982-2862343009-1001\...\StartupApproved\Run: => "Disig Web Signer"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{94FEC361-46D4-415F-91A1-A728C51C3D22}] => (Allow) C:\Hry\Red Dead Redemption 2\RDR2.exe => No File
FirewallRules: [{1ECC196C-B8AB-4B73-8E55-C7731B4DCC92}] => (Allow) C:\Hry\Red Dead Redemption 2\RDR2.exe => No File
FirewallRules: [UDP Query User{EC8D9275-82A1-45B8-867E-C88497932CE6}C:\hry\vietnam\rs2v\binaries\win64\risingstorm2.exe] => (Allow) C:\hry\vietnam\rs2v\binaries\win64\risingstorm2.exe => No File
FirewallRules: [TCP Query User{2794CAF6-9074-4691-8F8A-90A41F3F142D}C:\hry\vietnam\rs2v\binaries\win64\risingstorm2.exe] => (Allow) C:\hry\vietnam\rs2v\binaries\win64\risingstorm2.exe => No File
FirewallRules: [UDP Query User{1B2E9050-29C5-45AF-A5E9-1C3415FCC7FB}C:\hry\cod mw2 remastered\mw2cr.exe] => (Allow) C:\hry\cod mw2 remastered\mw2cr.exe => No File
FirewallRules: [TCP Query User{505789AF-99B1-4328-AFBF-340D693A191E}C:\hry\cod mw2 remastered\mw2cr.exe] => (Allow) C:\hry\cod mw2 remastered\mw2cr.exe => No File
FirewallRules: [UDP Query User{B4C914BE-B76C-4C57-B631-82E77ADF9090}D:\hry\workers and resources soviet republic v0.8.0.22\sovietrepublic\soviet64.exe] => (Block) D:\hry\workers and resources soviet republic v0.8.0.22\sovietrepublic\soviet64.exe => No File
FirewallRules: [TCP Query User{6DD22269-18E2-458D-A045-93284F5C31DB}D:\hry\workers and resources soviet republic v0.8.0.22\sovietrepublic\soviet64.exe] => (Block) D:\hry\workers and resources soviet republic v0.8.0.22\sovietrepublic\soviet64.exe => No File
FirewallRules: [UDP Query User{AD2D55D7-DE99-4245-B207-245565FC9845}D:\hry\workers and resources soviet republic v0.8.0.22\sovietrepublic\soviet64.exe] => (Allow) D:\hry\workers and resources soviet republic v0.8.0.22\sovietrepublic\soviet64.exe => No File
FirewallRules: [TCP Query User{CAB409EF-F662-42A0-8B1E-45630A5DA413}D:\hry\workers and resources soviet republic v0.8.0.22\sovietrepublic\soviet64.exe] => (Allow) D:\hry\workers and resources soviet republic v0.8.0.22\sovietrepublic\soviet64.exe => No File
FirewallRules: [UDP Query User{FF8B2D03-7B6E-42FD-A0EA-36AA26EE47BB}D:\hry\workers and resources soviet republic v0.8.0.22\sovietrepublic\setupapplication soviet.exe] => (Allow) D:\hry\workers and resources soviet republic v0.8.0.22\sovietrepublic\setupapplication soviet.exe => No File
FirewallRules: [TCP Query User{F9F52D5A-A036-4A99-934B-10C140130463}D:\hry\workers and resources soviet republic v0.8.0.22\sovietrepublic\setupapplication soviet.exe] => (Allow) D:\hry\workers and resources soviet republic v0.8.0.22\sovietrepublic\setupapplication soviet.exe => No File
FirewallRules: [{19B09567-4111-4A17-8320-8E6EF79AE580}] => (Allow) C:\Hry\fodbal\FIFASetup\fifaconfig.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{8DCE4C37-12DB-4626-AEA1-293232273F07}] => (Allow) C:\Hry\fodbal\FIFASetup\fifaconfig.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{432982ED-3F84-46DA-9BE5-3EE6DFC87B01}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{E4F9A55E-E744-498E-B9F2-D81746D86590}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{5EC0A924-431B-45A0-BA6A-EDE5FB0DCE1E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{9C45BD53-1D49-4E81-95B2-06BD31D0D76C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [UDP Query User{5A69E16E-8AA5-4321-B8A6-56D43629C434}C:\hry\need for speed heat\needforspeedheat.exe] => (Allow) C:\hry\need for speed heat\needforspeedheat.exe => No File
FirewallRules: [TCP Query User{F4F5CFD3-D1DD-47E5-A191-5D5B4E8A20E4}C:\hry\need for speed heat\needforspeedheat.exe] => (Allow) C:\hry\need for speed heat\needforspeedheat.exe => No File
FirewallRules: [{E0C35C9B-9D71-4D71-9564-0A5FB0593198}] => (Allow) C:\Users\Feri\AppData\Roaming\uTorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{15D308FA-612A-4595-8007-509D230A12A7}] => (Allow) C:\Users\Feri\AppData\Roaming\uTorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [UDP Query User{3D94D393-D7CC-451F-BDC7-C1C94716D7E2}C:\users\feri\appdata\local\smartgenius\smartgenius.exe] => (Allow) C:\users\feri\appdata\local\smartgenius\smartgenius.exe (KYE SYSTEMS CORP. -> GitHub, Inc.)
FirewallRules: [TCP Query User{FAF9511E-5A79-49B4-93B7-6BD114FA8251}C:\users\feri\appdata\local\smartgenius\smartgenius.exe] => (Allow) C:\users\feri\appdata\local\smartgenius\smartgenius.exe (KYE SYSTEMS CORP. -> GitHub, Inc.)
FirewallRules: [{CD4AEF92-4370-4CD6-AD56-21E6CE42C6A6}] => (Allow) C:\Users\Feri\AppData\Local\SmartGenius\SmartGenius.exe (KYE SYSTEMS CORP. -> GitHub, Inc.)
FirewallRules: [{07A38292-2090-4D87-8467-4DD609EAB4C0}] => (Allow) C:\Users\Feri\AppData\Local\SmartGenius\SmartGenius.exe (KYE SYSTEMS CORP. -> GitHub, Inc.)
FirewallRules: [{1A0A2371-1244-4AEC-BDC5-04B24D2B4F2E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{28F351CD-3B77-4091-BB2A-B7803716BE6D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{FF804CA0-FF51-43ED-8479-FA029A87E737}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{39995ECD-3405-4700-92B6-D72C34C633DE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{F522DDDD-C1C9-4EB1-A08A-AF175C34E72E}] => (Allow) C:\Program Files (x86)\ASUS\ROG Game First III\gameFirst3.exe => No File
FirewallRules: [{1369486E-D612-4AFB-81B0-91D750FDE3DB}] => (Allow) C:\Program Files (x86)\ASUS\ROG Game First III\gameFirst3.exe => No File
FirewallRules: [{B1A348D4-E370-4D27-BE07-4AB9035BD03A}] => (Allow) C:\Windows\SysWOW64\ftp.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{0F5FCDCD-B0D1-45BF-B4F1-6C6AD0CAECF0}] => (Allow) C:\Windows\SysWOW64\ftp.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{C4BCE7FA-5B62-4335-94A5-261C493DC086}] => (Allow) C:\Windows\system32\ftp.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{08511044-97C9-46C6-AE9F-CE7E93878FFC}] => (Allow) C:\Windows\system32\ftp.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{9596C61D-6EF5-4EE1-AEFD-95AF0FD3F500}C:\program files (x86)\vmr connect\vmrhub.exe] => (Allow) C:\program files (x86)\vmr connect\vmrhub.exe (VLC Mobile Remote) [File not signed]
FirewallRules: [TCP Query User{CF5066BF-0C10-4E50-BF1A-806D04E0B1AA}C:\program files (x86)\vmr connect\vmrhub.exe] => (Allow) C:\program files (x86)\vmr connect\vmrhub.exe (VLC Mobile Remote) [File not signed]
FirewallRules: [UDP Query User{6B16B9B6-0C30-4662-9AD5-04CCCFAB7C96}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{843C4034-A2E4-4AE5-80CC-0E2CA773928D}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{9CA9CBC5-20CE-42CE-A5FD-4DBBB80B88DB}C:\users\feri\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\feri\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [TCP Query User{215DC84A-6E1C-44A0-8F5C-B64234EC9310}C:\users\feri\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\feri\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [UDP Query User{4EC6AF5F-A3E9-4D3C-B190-C5632F217ECF}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{2C3958AE-21FD-4353-A9E2-43C86AC62FF2}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{FAACC12F-8162-445B-8F62-635C42CE5C3F}C:\program files (x86)\vmr connect\vmrhub.exe] => (Allow) C:\program files (x86)\vmr connect\vmrhub.exe (VLC Mobile Remote) [File not signed]
FirewallRules: [TCP Query User{8B89AD24-1A68-4EBB-930A-5C688DF2113B}C:\program files (x86)\vmr connect\vmrhub.exe] => (Allow) C:\program files (x86)\vmr connect\vmrhub.exe (VLC Mobile Remote) [File not signed]
FirewallRules: [{5EC7CB21-D495-4FC3-B67F-E1657E624507}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{BB489703-DA89-4CC9-8709-4C86D7FF32A7}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{05DABAAC-4D68-449A-B5D6-8BD4FD3F3B84}C:\users\feri\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\feri\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{9F251785-4353-48F5-82A5-819F29560C79}C:\users\feri\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\feri\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{A1D1965D-0A1B-41B6-95F2-DF6404514E2F}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{FB8815C3-BF91-4DAC-AFBA-4A61DEA7DE68}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{254F1CD3-3389-4604-9722-0A2637ADFB5E}C:\users\feri\desktop\phoenixminer_5.5c_windows_amd_nvidia (password-phoenix)\phoenixminer.exe] => (Allow) C:\users\feri\desktop\phoenixminer_5.5c_windows_amd_nvidia (password-phoenix)\phoenixminer.exe => No File
FirewallRules: [UDP Query User{9EBA3B70-9781-48B2-AE5D-B28FA2D7A980}C:\users\feri\desktop\phoenixminer_5.5c_windows_amd_nvidia (password-phoenix)\phoenixminer.exe] => (Allow) C:\users\feri\desktop\phoenixminer_5.5c_windows_amd_nvidia (password-phoenix)\phoenixminer.exe => No File
FirewallRules: [{B00E72DA-BA0B-4C35-8CEB-A35E9989823C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed]
FirewallRules: [{3A8DC4EF-2015-4532-90CF-8D753AD99642}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed]
FirewallRules: [{48F001B5-857C-4E97-B6B6-183689834A02}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{F5FAC7F5-E122-4893-8C15-D5D33E3C5D72}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [TCP Query User{F98BB397-BC06-41C6-84C0-95CD4972062F}C:\users\feri\appdata\local\programs\trezor suite\trezor suite.exe] => (Allow) C:\users\feri\appdata\local\programs\trezor suite\trezor suite.exe (SatoshiLabs, s.r.o. -> SatoshiLabs)
FirewallRules: [UDP Query User{74735BDD-26BB-46D1-B911-3410652C44C0}C:\users\feri\appdata\local\programs\trezor suite\trezor suite.exe] => (Allow) C:\users\feri\appdata\local\programs\trezor suite\trezor suite.exe (SatoshiLabs, s.r.o. -> SatoshiLabs)
FirewallRules: [{60EA7E6B-BB5D-4567-AC9A-B349FC8310FF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{8240B196-0761-4C16-B0E6-1E9F0AA2DF70}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{5FC541BE-DA29-408B-83EC-A2B417362D3B}C:\hry\counter-strike 1.6\hl.exe] => (Block) C:\hry\counter-strike 1.6\hl.exe (Valve) [File not signed]
FirewallRules: [UDP Query User{CB7D7A39-D3C0-4D6F-B44A-18792060A77C}C:\hry\counter-strike 1.6\hl.exe] => (Block) C:\hry\counter-strike 1.6\hl.exe (Valve) [File not signed]
FirewallRules: [{5835D5B2-37CD-43D6-93AE-387426552E86}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{2C29A0F3-C2AC-441B-863D-91691BEBD79F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{D0CCC31B-4DAC-4AD2-9C35-93B2E6BE15F6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{D95E9C87-A755-4CBE-BE1C-CD9E26EB5897}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{CDC80CF2-4A58-4010-9290-955C1F568712}C:\hry\gta\gtav\gta5.exe] => (Allow) C:\hry\gta\gtav\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [UDP Query User{3973F811-40D8-49CF-99D3-FF5CDC536C69}C:\hry\gta\gtav\gta5.exe] => (Allow) C:\hry\gta\gtav\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{7F44C6B2-BAD5-4FB8-89BB-B933474E32DF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.109.3209.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A8949C0C-AB2F-4FCB-BE3C-304422279F3A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.109.3209.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{66252154-ED52-42EB-A882-F613F2CF2E17}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.109.3209.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9A967F39-ADB8-4693-9768-D9BCC3940B0A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.109.3209.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A53428D6-9028-4EE8-BC76-2203E8E411F6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{70444A6F-6BE1-4900-8431-E7DFB5C3ABB4}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\119.0.2151.97\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1A201F9D-4C7D-457C-B5AA-12C6C0733322}] => (Allow) C:\Program Files\NordVPN\nordvpn-service.exe (nordvpn s.a. -> nordvpn S.A.)
FirewallRules: [{988C42FC-F3B5-4F82-9C5B-6FB7A4721402}] => (Allow) C:\Program Files\NordVPN\nordvpn-service.exe (nordvpn s.a. -> nordvpn S.A.)

==================== Restore Points =========================

23-11-2023 06:06:10 Scheduled Checkpoint
02-12-2023 10:23:06 Scheduled Checkpoint
09-12-2023 08:35:57 Installed YouTube By Click

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (12/09/2023 09:38:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: CCleaner64.exe, verzia: 6.18.0.10838, časová značka: 0x655ca909
Názov chybujúceho modulu: ntdll.dll, verzia: 10.0.19041.3636, časová značka: 0x9b64aa6f
Kód výnimky: 0xc00000fd
Odstup chyby: 0x000000000001b455
Identifikácia chybujúceho procesu: 0x4140
Čas spustenia chybujúcej aplikácie: 0x01da2a7b124b51b7
Cesta chybujúcej aplikácie: C:\Program Files\CCleaner\CCleaner64.exe
Cesta chybujúceho modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
Identifikácia hlásenia: 2437304d-8a11-497f-8476-ceb3922de1d7
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (12/09/2023 09:38:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: explorer.exe, verzia: 10.0.19041.3693, časová značka: 0x46b74d3d
Názov chybujúceho modulu: unknown, verzia: 0.0.0.0, časová značka: 0x00000000
Kód výnimky: 0xc0000005
Odstup chyby: 0x704181f0
Identifikácia chybujúceho procesu: 0x2b48
Čas spustenia chybujúcej aplikácie: 0x01da2a7b124431de
Cesta chybujúcej aplikácie: C:\WINDOWS\SysWOW64\explorer.exe
Cesta chybujúceho modulu: unknown
Identifikácia hlásenia: 86ed2acc-3d84-408b-8ec9-82869ef0a6e1
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (12/09/2023 08:57:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: utorrent.exe, verzia: 2.2.1.25534, časová značka: 0x4e4594ce
Názov chybujúceho modulu: GDI32.dll, verzia: 10.0.19041.3636, časová značka: 0x0719f324
Kód výnimky: 0xc000041d
Odstup chyby: 0x00005f67
Identifikácia chybujúceho procesu: 0x31b0
Čas spustenia chybujúcej aplikácie: 0x01da1784a0d417c2
Cesta chybujúcej aplikácie: C:\Users\Feri\AppData\Roaming\uTorrent\utorrent.exe
Cesta chybujúceho modulu: C:\WINDOWS\System32\GDI32.dll
Identifikácia hlásenia: b0d2546d-f7f0-4859-8e55-f4cab04cd0bd
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (12/09/2023 08:05:41 AM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: )
Description: Event-ID 2

Error: (12/08/2023 05:53:51 AM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: )
Description: Event-ID 2

Error: (12/07/2023 05:53:51 AM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: )
Description: Event-ID 2

Error: (12/06/2023 05:11:08 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: DESKTOP-L0K8E8M)
Description: Application or service 'Microsoft Office SDX Helper' could not be shut down.

Error: (12/06/2023 05:53:51 AM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: )
Description: Event-ID 2


System errors:
=============
Error: (12/09/2023 08:42:58 AM) (Source: NetBT) (EventID: 4311) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "%2" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the
Globally Unique Interface Identifier (GUID) if NetBT was unable to
map from GUID to MAC address. If neither the MAC address nor the GUID were
available, the string represents a cluster device name.

Error: (12/09/2023 08:42:58 AM) (Source: NetBT) (EventID: 4311) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "%2" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the
Globally Unique Interface Identifier (GUID) if NetBT was unable to
map from GUID to MAC address. If neither the MAC address nor the GUID were
available, the string represents a cluster device name.

Error: (12/08/2023 09:04:53 PM) (Source: nvlddmkm) (EventID: 0) (User: )
Description: Event-ID 0

Error: (12/08/2023 09:04:53 PM) (Source: nvlddmkm) (EventID: 0) (User: )
Description: Event-ID 0

Error: (12/08/2023 07:15:40 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Zlyhanie inštalácie: Systému Windows sa nepodarilo nainštalovať nasledujúcu aktualizáciu. Vyskytla sa chyba 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.

Error: (12/08/2023 07:15:39 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Zlyhanie inštalácie: Systému Windows sa nepodarilo nainštalovať nasledujúcu aktualizáciu. Vyskytla sa chyba 0x80073d02: 9WZDNCRFHVQM-MICROSOFT.WINDOWSCOMMUNICATIONSAPPS.

Error: (12/07/2023 06:04:01 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Zlyhanie inštalácie: Systému Windows sa nepodarilo nainštalovať nasledujúcu aktualizáciu. Vyskytla sa chyba 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.

Error: (12/07/2023 06:04:00 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Zlyhanie inštalácie: Systému Windows sa nepodarilo nainštalovať nasledujúcu aktualizáciu. Vyskytla sa chyba 0x80073d02: 9WZDNCRFHVQM-MICROSOFT.WINDOWSCOMMUNICATIONSAPPS.


CodeIntegrity:
===============
Date: 2023-12-09 09:41:08
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2023-12-09 09:38:22
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. G751JT.213 06/11/2019
Motherboard: ASUSTeK COMPUTER INC. G751JT
Processor: Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
Percentage of memory in use: 22%
Total physical RAM: 24525.18 MB
Available physical RAM: 19051.87 MB
Total Virtual: 49101.18 MB
Available Virtual: 42410.68 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.13 GB) (Free:145.41 GB) (Model: Samsung SSD 850 EVO 500GB) NTFS
Drive d: () (Fixed) (Total:1863.01 GB) (Free:417.36 GB) (Model: ST2000LM015-2E8174) NTFS
Drive f: (Google Drive) (Fixed) (Total:15 GB) (Free:8.1 GB) (Model: Samsung SSD 850 EVO 500GB) FAT32

\\?\Volume{f8a56701-9974-4030-b900-5491edd738e9}\ () (Fixed) (Total:0.52 GB) (Free:0.07 GB) NTFS
\\?\Volume{9431cf6c-c059-431e-8e56-44690cf110d1}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0F0A4E13)

Partition: GPT.

==========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 0F4FCE9E)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Re: vbsedit script launcher

Napsal: 09 pro 2023 11:06
od Rudy
Zdravím!
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

Re: vbsedit script launcher

Napsal: 09 pro 2023 12:40
od Dabol
to uz som skusal aj predtym bohuzial nic nenaslo

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2023-07-19.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 12-09-2023
# Duration: 00:00:09
# OS: Windows 10 (Build 19045.3693)
# Scanned: 32098
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.


AdwCleaner[S00].txt - [2059 octets] - [28/03/2020 15:42:02]
AdwCleaner[S01].txt - [1804 octets] - [28/03/2020 15:44:19]
AdwCleaner[S02].txt - [2410 octets] - [10/06/2020 20:17:44]
AdwCleaner[C02].txt - [2505 octets] - [10/06/2020 20:18:42]
AdwCleaner[S03].txt - [1650 octets] - [10/06/2020 20:20:58]
AdwCleaner[S04].txt - [1711 octets] - [16/01/2021 09:41:16]
AdwCleaner[S05].txt - [1772 octets] - [30/01/2021 20:41:03]
AdwCleaner[S06].txt - [1833 octets] - [09/05/2021 09:47:59]
AdwCleaner[S07].txt - [4998 octets] - [24/11/2021 20:07:17]
AdwCleaner[C07].txt - [4626 octets] - [24/11/2021 20:07:59]
AdwCleaner[S08].txt - [2016 octets] - [24/11/2021 20:08:16]
AdwCleaner[S09].txt - [2377 octets] - [24/11/2021 20:29:35]
AdwCleaner[C09].txt - [2473 octets] - [24/11/2021 20:29:49]
AdwCleaner[S10].txt - [2199 octets] - [11/01/2022 06:34:34]
AdwCleaner[S11].txt - [2260 octets] - [25/06/2022 10:39:49]
AdwCleaner[S12].txt - [2321 octets] - [09/09/2022 19:35:09]
AdwCleaner[S13].txt - [2396 octets] - [14/05/2023 15:15:36]
AdwCleaner[S14].txt - [2457 octets] - [24/06/2023 11:06:12]
AdwCleaner[S15].txt - [2518 octets] - [09/12/2023 09:35:50]
AdwCleaner[S16].txt - [2579 octets] - [09/12/2023 09:39:38]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S17].txt ##########

Re: vbsedit script launcher

Napsal: 09 pro 2023 13:36
od Dabol
ospravedlnujem sa za moju aktivitu ale prehnal som to avastom nieco tam presunulo do karanteny, cez safe mode som nasiel a vymazal ten subor, pretoze to upzoroznenie mi nabehovalo kazdu minutu, tak zasielam nove logy z frst

Re: vbsedit script launcher

Napsal: 09 pro 2023 15:05
od Rudy
MBAM je OK. Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-17] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-1483115711-3560660982-2862343009-1001\...\Run: [DQCIKCDACO] => "C:\ProgramData\certlm.exe" (No File) <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKU\S-1-5-21-1483115711-3560660982-2862343009-1001\...\MountPoints2: {0a4bdaee-6174-11ea-9d83-0862665357d3} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1483115711-3560660982-2862343009-1001\...\MountPoints2: {586e074b-fd09-11eb-9edc-0862665357d3} - "H:\HiSuiteDownLoader.exe"
Task: {61BBB357-49CF-4897-8128-C12BC579B156} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-10-02] (Google Inc -> Google LLC)
Task: {6C387EDD-31C7-4A40-91C2-2B77DC97D2BA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-10-02] (Google Inc -> Google LLC)
Task: {A761E7ED-2151-43AB-92FA-616BDA6427A1} - System32\Tasks\Skype => C:\ProgramData\certlm.exe (No File) <==== ATTENTION
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
C:\ProgramData\S.bat
C:\ProgramData\nbminer.exe.sha256
C:\ProgramData\start_etc.bat
C:\ProgramData\start_beam.bat
C:\ProgramData\start_eth.bat
C:\ProgramData\start_rvn.bat
C:\ProgramData\driver_uninstall.bat
C:\ProgramData\driver_install.bat
C:\ProgramData\start_sero.bat
C:\ProgramData\modify_tdr_delay.reg
C:\ProgramData\start_ae.bat
C:\ProgramData\open_web_monitor.url
C:\ProgramData\start_config.bat
C:\ProgramData\driver_install.bat
C:\ProgramData\driver_uninstall.bat
C:\ProgramData\S.bat
C:\ProgramData\start_ae.bat
C:\ProgramData\start_beam.bat
C:\ProgramData\start_config.bat
C:\ProgramData\start_conflux.bat
C:\ProgramData\start_etc.bat
C:\ProgramData\start_eth.bat
C:\ProgramData\start_rvn.bat
C:\ProgramData\start_sero.bat
CustomCLSID: HKU\S-1-5-21-1483115711-3560660982-2862343009-1001_Classes\CLSID\{1a46400f-4c81-802a-c2c1-1e9a687a9340}\localserver32 -> "C:\Program Files\HandBrake\HandBrake.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-1483115711-3560660982-2862343009-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Feri\AppData\Local\Microsoft\OneDrive\20.064.0329.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1483115711-3560660982-2862343009-1001_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> "C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-1483115711-3560660982-2862343009-1001_Classes\CLSID\{4e6f7264-5650-4e00-0000-000000000000}\localserver32 -> C:\Program Files\NordVPN\NordVPN.exe (nordvpn s.a. -> nordvpn S.A.)
CustomCLSID: HKU\S-1-5-21-1483115711-3560660982-2862343009-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Feri\AppData\Local\Microsoft\OneDrive\20.064.0329.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1483115711-3560660982-2862343009-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Feri\AppData\Local\Microsoft\OneDrive\20.064.0329.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1483115711-3560660982-2862343009-1001_Classes\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\localserver32 -> C:\Users\Feri\AppData\Local\Microsoft\OneDrive\20.064.0329.0008\FileCoAuth.exe => No File
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Feri\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Feri\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Feri\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Feri\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Feri\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Feri\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers6: [Fast Explorer] -> {693BE9C0-BEC3-11D2-B4C1-C33BBD3AD64B} => -> No File
FirewallRules: [{94FEC361-46D4-415F-91A1-A728C51C3D22}] => (Allow) C:\Hry\Red Dead Redemption 2\RDR2.exe => No File
FirewallRules: [{1ECC196C-B8AB-4B73-8E55-C7731B4DCC92}] => (Allow) C:\Hry\Red Dead Redemption 2\RDR2.exe => No File
FirewallRules: [UDP Query User{EC8D9275-82A1-45B8-867E-C88497932CE6}C:\hry\vietnam\rs2v\binaries\win64\risingstorm2.exe] => (Allow) C:\hry\vietnam\rs2v\binaries\win64\risingstorm2.exe => No File
FirewallRules: [TCP Query User{2794CAF6-9074-4691-8F8A-90A41F3F142D}C:\hry\vietnam\rs2v\binaries\win64\risingstorm2.exe] => (Allow) C:\hry\vietnam\rs2v\binaries\win64\risingstorm2.exe => No File
FirewallRules: [UDP Query User{1B2E9050-29C5-45AF-A5E9-1C3415FCC7FB}C:\hry\cod mw2 remastered\mw2cr.exe] => (Allow) C:\hry\cod mw2 remastered\mw2cr.exe => No File
FirewallRules: [TCP Query User{505789AF-99B1-4328-AFBF-340D693A191E}C:\hry\cod mw2 remastered\mw2cr.exe] => (Allow) C:\hry\cod mw2 remastered\mw2cr.exe => No File
FirewallRules: [UDP Query User{B4C914BE-B76C-4C57-B631-82E77ADF9090}D:\hry\workers and resources soviet republic v0.8.0.22\sovietrepublic\soviet64.exe] => (Block) D:\hry\workers and resources soviet republic v0.8.0.22\sovietrepublic\soviet64.exe => No File
FirewallRules: [TCP Query User{6DD22269-18E2-458D-A045-93284F5C31DB}D:\hry\workers and resources soviet republic v0.8.0.22\sovietrepublic\soviet64.exe] => (Block) D:\hry\workers and resources soviet republic v0.8.0.22\sovietrepublic\soviet64.exe => No File
FirewallRules: [UDP Query User{AD2D55D7-DE99-4245-B207-245565FC9845}D:\hry\workers and resources soviet republic v0.8.0.22\sovietrepublic\soviet64.exe] => (Allow) D:\hry\workers and resources soviet republic v0.8.0.22\sovietrepublic\soviet64.exe => No File
FirewallRules: [TCP Query User{CAB409EF-F662-42A0-8B1E-45630A5DA413}D:\hry\workers and resources soviet republic v0.8.0.22\sovietrepublic\soviet64.exe] => (Allow) D:\hry\workers and resources soviet republic v0.8.0.22\sovietrepublic\soviet64.exe => No File
FirewallRules: [UDP Query User{FF8B2D03-7B6E-42FD-A0EA-36AA26EE47BB}D:\hry\workers and resources soviet republic v0.8.0.22\sovietrepublic\setupapplication soviet.exe] => (Allow) D:\hry\workers and resources soviet republic v0.8.0.22\sovietrepublic\setupapplication soviet.exe => No File
FirewallRules: [TCP Query User{F9F52D5A-A036-4A99-934B-10C140130463}D:\hry\workers and resources soviet republic v0.8.0.22\sovietrepublic\setupapplication soviet.exe] => (Allow) D:\hry\workers and resources soviet republic v0.8.0.22\sovietrepublic\setupapplication soviet.exe => No File
FirewallRules: [UDP Query User{5A69E16E-8AA5-4321-B8A6-56D43629C434}C:\hry\need for speed heat\needforspeedheat.exe] => (Allow) C:\hry\need for speed heat\needforspeedheat.exe => No File
FirewallRules: [TCP Query User{F4F5CFD3-D1DD-47E5-A191-5D5B4E8A20E4}C:\hry\need for speed heat\needforspeedheat.exe] => (Allow) C:\hry\need for speed heat\needforspeedheat.exe => No File
FirewallRules: [{1A0A2371-1244-4AEC-BDC5-04B24D2B4F2E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{28F351CD-3B77-4091-BB2A-B7803716BE6D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{F522DDDD-C1C9-4EB1-A08A-AF175C34E72E}] => (Allow) C:\Program Files (x86)\ASUS\ROG Game First III\gameFirst3.exe => No File
FirewallRules: [{1369486E-D612-4AFB-81B0-91D750FDE3DB}] => (Allow) C:\Program Files (x86)\ASUS\ROG Game First III\gameFirst3.exe => No File
FirewallRules: [TCP Query User{254F1CD3-3389-4604-9722-0A2637ADFB5E}C:\users\feri\desktop\phoenixminer_5.5c_windows_amd_nvidia (password-phoenix)\phoenixminer.exe] => (Allow) C:\users\feri\desktop\phoenixminer_5.5c_windows_amd_nvidia (password-phoenix)\phoenixminer.exe => No File
FirewallRules: [UDP Query User{9EBA3B70-9781-48B2-AE5D-B28FA2D7A980}C:\users\feri\desktop\phoenixminer_5.5c_windows_amd_nvidia (password-phoenix)\phoenixminer.exe] => (Allow) C:\users\feri\desktop\phoenixminer_5.5c_windows_amd_nvidia (password-phoenix)\phoenixminer.exe => No File

EmptyTemp:
Hosts:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: vbsedit script launcher

Napsal: 09 pro 2023 15:21
od Dabol
pri spustani frst64 mi to avast vyhlasil ako potencionalnu hrozbu, cistenie trvalo pomerne dlho, obcas program nereagoval



Fix result of Farbar Recovery Scan Tool (x64) Version: 09-12-2023
Ran by Feri (09-12-2023 15:11:17) Run:1
Running from C:\Users\Feri\Desktop
Loaded Profiles: Feri
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-17] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-1483115711-3560660982-2862343009-1001\...\Run: [DQCIKCDACO] => "C:\ProgramData\certlm.exe" (No File) <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKU\S-1-5-21-1483115711-3560660982-2862343009-1001\...\MountPoints2: {0a4bdaee-6174-11ea-9d83-0862665357d3} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1483115711-3560660982-2862343009-1001\...\MountPoints2: {586e074b-fd09-11eb-9edc-0862665357d3} - "H:\HiSuiteDownLoader.exe"
Task: {61BBB357-49CF-4897-8128-C12BC579B156} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-10-02] (Google Inc -> Google LLC)
Task: {6C387EDD-31C7-4A40-91C2-2B77DC97D2BA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-10-02] (Google Inc -> Google LLC)
Task: {A761E7ED-2151-43AB-92FA-616BDA6427A1} - System32\Tasks\Skype => C:\ProgramData\certlm.exe (No File) <==== ATTENTION
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
C:\ProgramData\S.bat
C:\ProgramData\nbminer.exe.sha256
C:\ProgramData\start_etc.bat
C:\ProgramData\start_beam.bat
C:\ProgramData\start_eth.bat
C:\ProgramData\start_rvn.bat
C:\ProgramData\driver_uninstall.bat
C:\ProgramData\driver_install.bat
C:\ProgramData\start_sero.bat
C:\ProgramData\modify_tdr_delay.reg
C:\ProgramData\start_ae.bat
C:\ProgramData\open_web_monitor.url
C:\ProgramData\start_config.bat
C:\ProgramData\driver_install.bat
C:\ProgramData\driver_uninstall.bat
C:\ProgramData\S.bat
C:\ProgramData\start_ae.bat
C:\ProgramData\start_beam.bat
C:\ProgramData\start_config.bat
C:\ProgramData\start_conflux.bat
C:\ProgramData\start_etc.bat
C:\ProgramData\start_eth.bat
C:\ProgramData\start_rvn.bat
C:\ProgramData\start_sero.bat
CustomCLSID: HKU\S-1-5-21-1483115711-3560660982-2862343009-1001_Classes\CLSID\{1a46400f-4c81-802a-c2c1-1e9a687a9340}\localserver32 -> "C:\Program Files\HandBrake\HandBrake.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-1483115711-3560660982-2862343009-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Feri\AppData\Local\Microsoft\OneDrive\20.064.0329.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1483115711-3560660982-2862343009-1001_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> "C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-1483115711-3560660982-2862343009-1001_Classes\CLSID\{4e6f7264-5650-4e00-0000-000000000000}\localserver32 -> C:\Program Files\NordVPN\NordVPN.exe (nordvpn s.a. -> nordvpn S.A.)
CustomCLSID: HKU\S-1-5-21-1483115711-3560660982-2862343009-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Feri\AppData\Local\Microsoft\OneDrive\20.064.0329.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1483115711-3560660982-2862343009-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Feri\AppData\Local\Microsoft\OneDrive\20.064.0329.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1483115711-3560660982-2862343009-1001_Classes\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\localserver32 -> C:\Users\Feri\AppData\Local\Microsoft\OneDrive\20.064.0329.0008\FileCoAuth.exe => No File
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Feri\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Feri\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Feri\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Feri\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Feri\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Feri\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers6: [Fast Explorer] -> {693BE9C0-BEC3-11D2-B4C1-C33BBD3AD64B} => -> No File
FirewallRules: [{94FEC361-46D4-415F-91A1-A728C51C3D22}] => (Allow) C:\Hry\Red Dead Redemption 2\RDR2.exe => No File
FirewallRules: [{1ECC196C-B8AB-4B73-8E55-C7731B4DCC92}] => (Allow) C:\Hry\Red Dead Redemption 2\RDR2.exe => No File
FirewallRules: [UDP Query User{EC8D9275-82A1-45B8-867E-C88497932CE6}C:\hry\vietnam\rs2v\binaries\win64\risingstorm2.exe] => (Allow) C:\hry\vietnam\rs2v\binaries\win64\risingstorm2.exe => No File
FirewallRules: [TCP Query User{2794CAF6-9074-4691-8F8A-90A41F3F142D}C:\hry\vietnam\rs2v\binaries\win64\risingstorm2.exe] => (Allow) C:\hry\vietnam\rs2v\binaries\win64\risingstorm2.exe => No File
FirewallRules: [UDP Query User{1B2E9050-29C5-45AF-A5E9-1C3415FCC7FB}C:\hry\cod mw2 remastered\mw2cr.exe] => (Allow) C:\hry\cod mw2 remastered\mw2cr.exe => No File
FirewallRules: [TCP Query User{505789AF-99B1-4328-AFBF-340D693A191E}C:\hry\cod mw2 remastered\mw2cr.exe] => (Allow) C:\hry\cod mw2 remastered\mw2cr.exe => No File
FirewallRules: [UDP Query User{B4C914BE-B76C-4C57-B631-82E77ADF9090}D:\hry\workers and resources soviet republic v0.8.0.22\sovietrepublic\soviet64.exe] => (Block) D:\hry\workers and resources soviet republic v0.8.0.22\sovietrepublic\soviet64.exe => No File
FirewallRules: [TCP Query User{6DD22269-18E2-458D-A045-93284F5C31DB}D:\hry\workers and resources soviet republic v0.8.0.22\sovietrepublic\soviet64.exe] => (Block) D:\hry\workers and resources soviet republic v0.8.0.22\sovietrepublic\soviet64.exe => No File
FirewallRules: [UDP Query User{AD2D55D7-DE99-4245-B207-245565FC9845}D:\hry\workers and resources soviet republic v0.8.0.22\sovietrepublic\soviet64.exe] => (Allow) D:\hry\workers and resources soviet republic v0.8.0.22\sovietrepublic\soviet64.exe => No File
FirewallRules: [TCP Query User{CAB409EF-F662-42A0-8B1E-45630A5DA413}D:\hry\workers and resources soviet republic v0.8.0.22\sovietrepublic\soviet64.exe] => (Allow) D:\hry\workers and resources soviet republic v0.8.0.22\sovietrepublic\soviet64.exe => No File
FirewallRules: [UDP Query User{FF8B2D03-7B6E-42FD-A0EA-36AA26EE47BB}D:\hry\workers and resources soviet republic v0.8.0.22\sovietrepublic\setupapplication soviet.exe] => (Allow) D:\hry\workers and resources soviet republic v0.8.0.22\sovietrepublic\setupapplication soviet.exe => No File
FirewallRules: [TCP Query User{F9F52D5A-A036-4A99-934B-10C140130463}D:\hry\workers and resources soviet republic v0.8.0.22\sovietrepublic\setupapplication soviet.exe] => (Allow) D:\hry\workers and resources soviet republic v0.8.0.22\sovietrepublic\setupapplication soviet.exe => No File
FirewallRules: [UDP Query User{5A69E16E-8AA5-4321-B8A6-56D43629C434}C:\hry\need for speed heat\needforspeedheat.exe] => (Allow) C:\hry\need for speed heat\needforspeedheat.exe => No File
FirewallRules: [TCP Query User{F4F5CFD3-D1DD-47E5-A191-5D5B4E8A20E4}C:\hry\need for speed heat\needforspeedheat.exe] => (Allow) C:\hry\need for speed heat\needforspeedheat.exe => No File
FirewallRules: [{1A0A2371-1244-4AEC-BDC5-04B24D2B4F2E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{28F351CD-3B77-4091-BB2A-B7803716BE6D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{F522DDDD-C1C9-4EB1-A08A-AF175C34E72E}] => (Allow) C:\Program Files (x86)\ASUS\ROG Game First III\gameFirst3.exe => No File
FirewallRules: [{1369486E-D612-4AFB-81B0-91D750FDE3DB}] => (Allow) C:\Program Files (x86)\ASUS\ROG Game First III\gameFirst3.exe => No File
FirewallRules: [TCP Query User{254F1CD3-3389-4604-9722-0A2637ADFB5E}C:\users\feri\desktop\phoenixminer_5.5c_windows_amd_nvidia (password-phoenix)\phoenixminer.exe] => (Allow) C:\users\feri\desktop\phoenixminer_5.5c_windows_amd_nvidia (password-phoenix)\phoenixminer.exe => No File
FirewallRules: [UDP Query User{9EBA3B70-9781-48B2-AE5D-B28FA2D7A980}C:\users\feri\desktop\phoenixminer_5.5c_windows_amd_nvidia (password-phoenix)\phoenixminer.exe] => (Allow) C:\users\feri\desktop\phoenixminer_5.5c_windows_amd_nvidia (password-phoenix)\phoenixminer.exe => No File

EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiSpyware"="0" => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiVirus"="0" => value restored successfully
"HKU\S-1-5-21-1483115711-3560660982-2862343009-1001\Software\Microsoft\Windows\CurrentVersion\Run\\DQCIKCDACO" => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
HKU\S-1-5-21-1483115711-3560660982-2862343009-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a4bdaee-6174-11ea-9d83-0862665357d3} => removed successfully
HKU\S-1-5-21-1483115711-3560660982-2862343009-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{586e074b-fd09-11eb-9edc-0862665357d3} => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{61BBB357-49CF-4897-8128-C12BC579B156}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61BBB357-49CF-4897-8128-C12BC579B156}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6C387EDD-31C7-4A40-91C2-2B77DC97D2BA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C387EDD-31C7-4A40-91C2-2B77DC97D2BA}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A761E7ED-2151-43AB-92FA-616BDA6427A1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A761E7ED-2151-43AB-92FA-616BDA6427A1}" => removed successfully
C:\WINDOWS\System32\Tasks\Skype => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Skype" => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
C:\ProgramData\S.bat => moved successfully
C:\ProgramData\nbminer.exe.sha256 => moved successfully
C:\ProgramData\start_etc.bat => moved successfully
C:\ProgramData\start_beam.bat => moved successfully
C:\ProgramData\start_eth.bat => moved successfully
C:\ProgramData\start_rvn.bat => moved successfully
C:\ProgramData\driver_uninstall.bat => moved successfully
C:\ProgramData\driver_install.bat => moved successfully
C:\ProgramData\start_sero.bat => moved successfully
C:\ProgramData\modify_tdr_delay.reg => moved successfully
C:\ProgramData\start_ae.bat => moved successfully
C:\ProgramData\open_web_monitor.url => moved successfully
C:\ProgramData\start_config.bat => moved successfully
"C:\ProgramData\driver_install.bat" => not found
"C:\ProgramData\driver_uninstall.bat" => not found
"C:\ProgramData\S.bat" => not found
"C:\ProgramData\start_ae.bat" => not found
"C:\ProgramData\start_beam.bat" => not found
"C:\ProgramData\start_config.bat" => not found
C:\ProgramData\start_conflux.bat => moved successfully
"C:\ProgramData\start_etc.bat" => not found
"C:\ProgramData\start_eth.bat" => not found
"C:\ProgramData\start_rvn.bat" => not found
"C:\ProgramData\start_sero.bat" => not found
HKU\S-1-5-21-1483115711-3560660982-2862343009-1001_Classes\CLSID\{1a46400f-4c81-802a-c2c1-1e9a687a9340} => removed successfully
HKU\S-1-5-21-1483115711-3560660982-2862343009-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => removed successfully
HKU\S-1-5-21-1483115711-3560660982-2862343009-1001_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145} => removed successfully
HKU\S-1-5-21-1483115711-3560660982-2862343009-1001_Classes\CLSID\{4e6f7264-5650-4e00-0000-000000000000} => removed successfully
HKU\S-1-5-21-1483115711-3560660982-2862343009-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => removed successfully
HKU\S-1-5-21-1483115711-3560660982-2862343009-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => removed successfully
HKU\S-1-5-21-1483115711-3560660982-2862343009-1001_Classes\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => subkey with invalid name -> removed successfully
HKLM\Software\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => subkey with invalid name -> removed successfully
HKLM\Software\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Fast Explorer => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{94FEC361-46D4-415F-91A1-A728C51C3D22}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1ECC196C-B8AB-4B73-8E55-C7731B4DCC92}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{EC8D9275-82A1-45B8-867E-C88497932CE6}C:\hry\vietnam\rs2v\binaries\win64\risingstorm2.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2794CAF6-9074-4691-8F8A-90A41F3F142D}C:\hry\vietnam\rs2v\binaries\win64\risingstorm2.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{1B2E9050-29C5-45AF-A5E9-1C3415FCC7FB}C:\hry\cod mw2 remastered\mw2cr.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{505789AF-99B1-4328-AFBF-340D693A191E}C:\hry\cod mw2 remastered\mw2cr.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B4C914BE-B76C-4C57-B631-82E77ADF9090}D:\hry\workers and resources soviet republic v0.8.0.22\sovietrepublic\soviet64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6DD22269-18E2-458D-A045-93284F5C31DB}D:\hry\workers and resources soviet republic v0.8.0.22\sovietrepublic\soviet64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{AD2D55D7-DE99-4245-B207-245565FC9845}D:\hry\workers and resources soviet republic v0.8.0.22\sovietrepublic\soviet64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{CAB409EF-F662-42A0-8B1E-45630A5DA413}D:\hry\workers and resources soviet republic v0.8.0.22\sovietrepublic\soviet64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{FF8B2D03-7B6E-42FD-A0EA-36AA26EE47BB}D:\hry\workers and resources soviet republic v0.8.0.22\sovietrepublic\setupapplication soviet.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F9F52D5A-A036-4A99-934B-10C140130463}D:\hry\workers and resources soviet republic v0.8.0.22\sovietrepublic\setupapplication soviet.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{5A69E16E-8AA5-4321-B8A6-56D43629C434}C:\hry\need for speed heat\needforspeedheat.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F4F5CFD3-D1DD-47E5-A191-5D5B4E8A20E4}C:\hry\need for speed heat\needforspeedheat.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1A0A2371-1244-4AEC-BDC5-04B24D2B4F2E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{28F351CD-3B77-4091-BB2A-B7803716BE6D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F522DDDD-C1C9-4EB1-A08A-AF175C34E72E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1369486E-D612-4AFB-81B0-91D750FDE3DB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{254F1CD3-3389-4604-9722-0A2637ADFB5E}C:\users\feri\desktop\phoenixminer_5.5c_windows_amd_nvidia (password-phoenix)\phoenixminer.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{9EBA3B70-9781-48B2-AE5D-B28FA2D7A980}C:\users\feri\desktop\phoenixminer_5.5c_windows_amd_nvidia (password-phoenix)\phoenixminer.exe" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 1572864 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 1357498696 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 57537779 B
Windows/system/drivers => 16921343 B
Edge => 1415233 B
Chrome => 281078819 B
Firefox => 44570702 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 844906 B
NetworkService => 851128 B
Feri => 68352195 B

RecycleBin => 0 B
EmptyTemp: => 1.7 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 15:18:41 ====

Re: vbsedit script launcher

Napsal: 09 pro 2023 15:57
od Rudy
Pravda, FRST se několika AV nelíbí, není to ale malware, nelíbí se proto, že právě dokáže mazat téměř cokli a v rukou laika je nebezpečný. AV se po dobu práce musí vypnout.. Bylo smazáno. Nastala nějaká změna?

Re: vbsedit script launcher

Napsal: 09 pro 2023 15:59
od Dabol
po restarte vyzera vsetko v poriadku.

len mam otazka: co je sakra toto?

127.0.0.1 www.youtubedownloadersite.com
109.94.209.70 fitgirlrepacks.in # Fake FitGirl site
109.94.209.70 www.fitgirlrepacks.in # Fake FitGirl site
109.94.209.70 fitgirlrepacks.co # Fake FitGirl site
109.94.209.70 fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70 fitgirl-repacks.to # Fake FitGirl site
109.94.209.70 fitgirl-repack.com # Fake FitGirl site
109.94.209.70 fitgirl-repacks.website # Fake FitGirl site
109.94.209.70 fitgirlrepack.games # Fake FitGirl site
109.94.209.70 www.fitgirlrepacks.co # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.to # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.com # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.website # Fake FitGirl site
109.94.209.70 ww9.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 www.fitgirlrepack.games # Fake FitGirl site
109.94.209.70 *.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirl-repack.net # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.net # Fake FitGirl site
109.94.209.70 fitgirlpack.site # Fake FitGirl site
109.94.209.70 www.fitgirlpack.site # Fake FitGirl site

Re: vbsedit script launcher

Napsal: 09 pro 2023 16:53
od Rudy
To jste měl uloženo v souboru Hosts. Hosts byl resertován na default. Jde o IP a weby pornostránek.

Re: vbsedit script launcher

Napsal: 09 pro 2023 16:58
od Dabol
uff, tak teda dakujem za pomoc, pre istotu este prikladam logy, a ked bude vsetko v pohode tak mozte zamknut.

Re: vbsedit script launcher

Napsal: 09 pro 2023 18:00
od Rudy
Logy jsou OK. Nemáte zač! :)
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz