VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Nalezena hrozba PUADImanager:win32/Sepdot

https://forum.viry.cz:443/viewtopic.php?t=159415

Stránka 1 z 1

Nalezena hrozba PUADImanager:win32/Sepdot

Napsal: 11 led 2024 11:48
od stajgi
Dobrý den,
vyskočil na mě windows defender s tím, že našel PUADImanager:win32/Sepdot a PUABundler:Win32/FusinCore.
O co se prosím jedná? Chtěl by poprosit o pomoc s odstraněním a celkovou kontrolou logu, zda tu nejsou další problémy.
Přikládám oba logy. Předem děkuji pokud si někdo najde čas na to kouknout a pomoct mi.

FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09.01.2024
Ran by Stajgi (administrator) on DESKTOP-1GRL5TG (Micro-Star International Co., Ltd. MS-7C91) (11-01-2024 11:34:56)
Running from C:\Users\Stajgi\Desktop\FRST64.exe
Loaded Profiles: Stajgi
Platform: Microsoft Windows 10 Pro Version 22H2 19045.3930 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(A225F3B5-240D-4EE9-BCF4-697A07F5E93E -> Micro-Star INT'L CO., LTD.) C:\Program Files\WindowsApps\9426MICRO-STARINTERNATION.MSICenter_2.0.19.0_x64__kzh8wxbdkxb8p\DCv2\DCv2.exe
(C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe ->) (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(C:\Program Files (x86)\MSI\MSI Center\MSI.CentralServer.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Program Files (x86)\MSI\MSI Center\Engine\CC_Engine_x64.exe
(C:\Program Files (x86)\MSI\MSI Center\MSI_Central_Service.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\MSI.CentralServer.exe
(C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe ->) (Razer USA Ltd. -> The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.exe <5>
(C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe
(C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe ->) (Razer USA Ltd. -> ) C:\Program Files (x86)\Razer\Synapse3\UserProcess\Razer Synapse Service Process.exe
(C:\Program Files (x86)\Steam\steam.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(C:\Program Files\Corsair\Corsair iCUE5 Software\clink\Corsair.Service.exe ->) (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files\Corsair\Corsair iCUE5 Software\clink\Corsair.Service.CpuIdRemote64.exe
(C:\Program Files\Corsair\Corsair iCUE5 Software\iCUE.exe ->) (Corsair Memory, Inc. -> ) C:\Program Files\Corsair\Corsair iCUE5 Software\crashpad_handler.exe
(C:\Program Files\Corsair\Corsair iCUE5 Software\iCUE.exe ->) (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files\Corsair\Corsair iCUE5 Software\QmlRenderer.exe <2>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(C:\Users\Stajgi\AppData\Local\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\Stajgi\AppData\Local\PowerToys\PowerToys.AlwaysOnTop.exe
(C:\Users\Stajgi\AppData\Local\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\Stajgi\AppData\Local\PowerToys\PowerToys.Awake.exe
(C:\Users\Stajgi\AppData\Local\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\Stajgi\AppData\Local\PowerToys\PowerToys.ColorPickerUI.exe
(C:\Users\Stajgi\AppData\Local\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\Stajgi\AppData\Local\PowerToys\PowerToys.CropAndLock.exe
(C:\Users\Stajgi\AppData\Local\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\Stajgi\AppData\Local\PowerToys\PowerToys.FancyZones.exe
(C:\Users\Stajgi\AppData\Local\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\Stajgi\AppData\Local\PowerToys\PowerToys.PowerLauncher.exe
(C:\Users\Stajgi\AppData\Local\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\Stajgi\AppData\Local\PowerToys\PowerToys.PowerOCR.exe
(C:\Users\Stajgi\AppData\Local\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\Stajgi\AppData\Local\PowerToys\WinUI3Apps\PowerToys.Peek.UI.exe
(C:\Users\Stajgi\AppData\Local\PowerToys\WinUI3Apps\PowerToys.Peek.UI.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\120.0.2210.121\msedgewebview2.exe <6>
(C:\Users\Stajgi\Downloads\midserver\agent\bin\wrapper-windows-x86-64.exe ->) (ServiceNow Inc. -> N/A) C:\Users\Stajgi\Downloads\midserver\agent\jre\bin\java.exe
(C:\Users\Stajgi\Downloads\midserver2\agent\bin\wrapper-windows-x86-64.exe ->) (ServiceNow Inc. -> N/A) C:\Users\Stajgi\Downloads\midserver2\agent\jre\bin\java.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files\Corsair\Corsair iCUE5 Software\iCUE.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <38>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <6>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE
(explorer.exe ->) (Spotify AB -> Spotify Ltd) C:\Users\Stajgi\AppData\Roaming\Spotify\Spotify.exe <6>
(explorer.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
(explorer.exe ->) (Voyetra Turtle Beach, Inc. -> ROCCAT) C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\ROCCAT_Swarm_Monitor.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleCrashHandler64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe
(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(services.exe ->) (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files\Corsair\Corsair iCUE5 Software\clink\Corsair.Service.exe
(services.exe ->) (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files\Corsair\Corsair iCUE5 Software\CorsairCpuIdService.exe
(services.exe ->) (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files\Corsair\Corsair iCUE5 Software\iCUEDevicePluginHost.exe <3>
(services.exe ->) (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files\Corsair\Corsair iCUE5 Software\iCUEUpdateService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Center\Case\MSI_Case_Service.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\MSI_Central_Service.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Center\Mystic Light\LightKeeperService.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\Mystic Light\Mystic_Light_Service.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Center\Voice Control\VoiceControl_Service.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_4eef80c06561d01a\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Razer USA Ltd. -> Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_9b2689b4e3586127\RtkAudUService64.exe <2>
(services.exe ->) (Tanuki Software Ltd. -> Tanuki Software, Ltd.) C:\Users\Stajgi\Downloads\midserver\agent\bin\wrapper-windows-x86-64.exe
(services.exe ->) (Tanuki Software Ltd. -> Tanuki Software, Ltd.) C:\Users\Stajgi\Downloads\midserver2\agent\bin\wrapper-windows-x86-64.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(services.exe ->) (THX LTD. -> VisiSonics) C:\Windows\System32\VSSrv.exe
(services.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(spoolsv.exe ->) (CANON INC. -> CANON INC.) C:\Windows\System32\CNAB4RPD.EXE
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2342.8.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (Infatica pte ltd -> ) C:\Program Files (x86)\Infatica P2B\infatica-service-app.exe
(svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2101.10.0_x64__8wekyb3d8bbwe\Calculator.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12104.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\Stajgi\AppData\Local\PowerToys\PowerToys.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe <2>
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\MSI.TerminalServer.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\Mystic Light\LEDKeeper2.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Center\Voice Control\VoiceControl_Engine.exe
(svchost.exe ->) (Voyetra Turtle Beach, Inc. -> ROCCAT) C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\ROCCAT_dev_service.exe
(VSSrv.exe ->) (THX LTD. -> VisiSonics) C:\Windows\System32\VSHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_9b2689b4e3586127\RtkAudUService64.exe [1673008 2023-05-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [4096992 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [KeePass 2 PreLoad] => I:\KeePass Password Safe 2\KeePass.exe [3274640 2023-06-03] (Open Source Developer, Dominik Reichl -> Dominik Reichl)
HKLM\...\Run: [Corsair iCUE5 Software] => C:\Program Files\Corsair\Corsair iCUE5 Software\iCUE Launcher.exe [184872 2024-01-07] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [711288 2023-01-09] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-2297311556-3204183425-1584938437-1001\...\Run: [Discord] => C:\Users\Stajgi\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-2297311556-3204183425-1584938437-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4386664 2023-12-08] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-2297311556-3204183425-1584938437-1001\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net.exe [1090168 2023-06-13] (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
HKU\S-1-5-21-2297311556-3204183425-1584938437-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [37137360 2023-06-12] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-2297311556-3204183425-1584938437-1001\...\Run: [Opera GX Browser Assistant] => C:\Users\Stajgi\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe [3291288 2021-02-01] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-2297311556-3204183425-1584938437-1001\...\Run: [Spotify] => C:\Users\Stajgi\AppData\Roaming\Spotify\Spotify.exe [30315848 2023-12-11] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-2297311556-3204183425-1584938437-1001\...\Run: [EADM] => C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALauncher.exe [2658920 2024-01-07] (Electronic Arts, Inc. -> Electronic Arts)
HKU\S-1-5-21-2297311556-3204183425-1584938437-1001\...\Run: [MicrosoftEdgeAutoLaunch_1C655D4ADDADC812B532E8CCBC20683A] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3854376 2024-01-05] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2297311556-3204183425-1584938437-1001\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3572488 2024-01-10] (Razer USA Ltd. -> Razer Inc.)
HKU\S-1-5-21-2297311556-3204183425-1584938437-1001\...\MountPoints2: {4c9d9392-b9a0-11eb-9560-001a7dda7115} - "J:\setup.exe"
HKU\S-1-5-21-2297311556-3204183425-1584938437-1001\...\MountPoints2: {e774f583-7b3c-11eb-9551-001a7dda7115} - "O:\HiSuiteDownLoader.exe"
HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3572488 2024-01-10] (Razer USA Ltd. -> Razer Inc.)
HKLM\...\Print\Monitors\CNAB4 Monitor: C:\Windows\system32\CNAB4LMD.DLL [58880 2012-10-10] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\120.0.6099.216\Installer\chrmstp.exe [2024-01-10] (Google LLC -> Google LLC)
Startup: C:\Users\Stajgi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2023-09-05]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Canon LBP2900 Status Window.lnk [2021-03-20]
ShortcutTarget: Canon LBP2900 Status Window.lnk -> C:\Windows\System32\spool\drivers\x64\3\CNAB4LAD.EXE (CANON INC. -> CANON INC.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ROCCAT Swarm Monitor.lnk [2021-02-04]
ShortcutTarget: ROCCAT Swarm Monitor.lnk -> C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\ROCCAT_Swarm_Monitor.exe (Voyetra Turtle Beach, Inc. -> ROCCAT)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {D4285486-B34A-4828-BC79-9CB718E6DDEA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1566200 2023-09-20] (Adobe Inc. -> Adobe Inc.)
Task: {72286F80-B03F-4201-8EAC-829207160BA5} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [4096992 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {37D7F343-AA3A-48C1-8CD1-D83308BDC3AD} - System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [4434400 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {1A2E30EE-D920-4DDA-AA33-1F1641DC5F18} - System32\Tasks\AMDAutoUpdate => C:\Program Files\AMD\AutoUpdate\AMDAutoUpdate.exe [672064 2023-06-13] (Advanced Micro Devices Inc. -> )
Task: {14E175AE-0ADA-46F4-9B62-642B5BC5B4C7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-02-04] (Google LLC -> Google LLC)
Task: {1ABC8F13-5595-4905-9D63-A4C9C8027583} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-02-04] (Google LLC -> Google LLC)
Task: {8C5E3BB6-4BF1-4042-BE33-65E161D893FE} - System32\Tasks\infatica_p2b => C:\Program Files (x86)\Infatica P2B\infatica-service-app.exe [20072 2021-12-04] (Infatica pte ltd -> )
Task: {DFD58B5F-0BEF-4B6A-9731-43DC7685BD76} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2113024 2023-04-22] () [File not signed]
Task: {F074CC88-0215-40B5-B699-B619E054AC9D} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28425808 2024-01-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {AF58FB76-2680-44DF-AA7D-9626ACA73EE4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28425808 2024-01-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {4CD813D3-AAF8-4174-9214-E55D1A50BE4A} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [305600 2024-01-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {017A6E3E-9D52-4F03-9699-6E9277CFBC58} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [305600 2024-01-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {C05F1508-796A-4E05-A286-C9D7AD76610A} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [170048 2024-01-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {BD483756-1770-40BC-9964-D06CFEF644D5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {92964684-3C86-4665-8AAF-CB7B25D519C4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {56EF3170-E15B-4476-AF0C-9C95AAB105E0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EA52AA49-8DAA-4433-A928-63928F565451} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {20D1806F-F79F-40DF-BD67-ABAE8894F00F} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [604600 2022-02-16] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {5EC36680-9403-4177-ABF4-470E75D8E871} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [712120 2022-02-16] (Mozilla Corporation -> Mozilla Foundation)
Task: {1B2A31CD-AA49-4183-A319-E31A8832AC72} - System32\Tasks\MSI Task Host - Detect_Monitor => C:\Program Files (x86)\MSI\One Dragon Center\MSI.NotifyServer.exe Detect_Monitor (No File)
Task: {D27DCA41-B624-461C-9505-DA2D55C69E75} - System32\Tasks\MSI Task Host - DisplayID => C:\Program Files (x86)\MSI\One Dragon Center\MSI.NotifyServer.exe Detect_DisplayID (No File)
Task: {EDF74BE1-9EC9-4D1A-9EBB-2FFAB37A17E6} - System32\Tasks\MSI Task Host - LEDKeeper2_Host => C:\Program Files (x86)\MSI\MSI Center\Mystic Light\LEDKeeper2.exe [2516576 2023-05-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
Task: {36DE2502-4BAB-4287-849F-5F1413DD349D} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2022-03-15] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {BAE51E70-9F45-4A2C-86D0-08AFE4E24D48} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3342376 2023-01-27] (Nvidia Corporation -> NVIDIA Corporation)
Task: {3A4E5F30-4956-4D4E-A7ED-1187C2E21FC6} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649784 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {905EE91C-10D6-45E2-8E93-A84D703122C4} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5E0AA213-44DC-4B29-934B-5EC022E60DD5} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {77B8172C-2657-4F82-8910-CEA936753DBB} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {249B03B6-B1B7-466E-94DC-9C34D0CC564A} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C4BB4CDF-36D1-4F41-8D3A-DD2FE6FBD90B} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7FE8F69B-4708-4DC3-A05D-E4F349007F88} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {98D31746-69BA-4E0F-BC7C-9FC040EE4CF6} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2297311556-3204183425-1584938437-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File)
Task: {D994A10C-741E-4D3C-B565-AD4405D520DD} - System32\Tasks\Opera GX scheduled assistant Autoupdate 1646245856 => C:\Users\Stajgi\AppData\Local\Programs\Opera GX\launcher.exe [2296224 2024-01-05] (Opera Norway AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Stajgi\AppData\Local\Programs\Opera GX\assistant" $(Arg0)
Task: {D9CF7BA9-A0BF-4945-9964-484CEDC3D7A0} - System32\Tasks\Opera GX scheduled Autoupdate 1643955843 => C:\Users\Stajgi\AppData\Local\Programs\Opera GX\launcher.exe [2296224 2024-01-05] (Opera Norway AS -> Opera Software)
Task: {880B52CA-F009-461A-9BFD-6C32A71B12EF} - System32\Tasks\PowerToys\Autorun for Stajgi => C:\Users\Stajgi\AppData\Local\PowerToys\PowerToys.exe [1234464 2023-10-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {4175B8E7-EAE4-4CBE-B347-7F48E0204820} - System32\Tasks\ROCCAT DEVICE SERVICE => C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\ROCCAT_dev_service.exe [459160 2023-11-14] (Voyetra Turtle Beach, Inc. -> ROCCAT)
Task: {3B7CA1B9-0A10-48A6-B8D1-BA7A1B93B54C} - System32\Tasks\RTSS => C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe /s (No File)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0c0168d8-c9eb-4d41-9ebd-ea3336c548e9}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{22cb41ec-ab08-4d8a-9669-062ae8ec58a2}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Stajgi\AppData\Local\Microsoft\Edge\User Data\Default [2024-01-11]
Edge Extension: (SN Utils - Tools for ServiceNow) - C:\Users\Stajgi\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cpppnajnconeddhhoadibooafkhhalfd [2023-12-23]
Edge Extension: (Dokumenty Google offline) - C:\Users\Stajgi\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-12-04]
Edge Extension: (Edge relevant text changes) - C:\Users\Stajgi\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-12-04]

FireFox:
========
FF DefaultProfile: w8e3nv51.default
FF ProfilePath: C:\Users\Stajgi\AppData\Roaming\Mozilla\Firefox\Profiles\w8e3nv51.default [2022-02-22]
FF ProfilePath: C:\Users\Stajgi\AppData\Roaming\Mozilla\Firefox\Profiles\1dgpfu9l.default-release [2023-08-20]
FF Extension: (SN Utils - Tools for ServiceNow) - C:\Users\Stajgi\AppData\Roaming\Mozilla\Firefox\Profiles\1dgpfu9l.default-release\Extensions\email@arnoudkooi.com.xpi [2022-02-22]
FF Plugin: @java.com/DTPlugin,version=11.361.2 -> C:\Program Files\Java\jre1.8.0_361\bin\dtplugin\npDeployJava1.dll [2023-01-09] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.361.2 -> C:\Program Files\Java\jre1.8.0_361\bin\plugin2\npjp2.dll [2023-01-09] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-12-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-01-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-12-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2297311556-3204183425-1584938437-1001: SkypeForBusinessPlugin-16.2 -> C:\Users\Stajgi\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\npGatewayNpapi.dll [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2297311556-3204183425-1584938437-1001: SkypeForBusinessPlugin64-16.2 -> C:\Users\Stajgi\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\npGatewayNpapi-x64.dll [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Stajgi\AppData\Local\Google\Chrome\User Data\Default [2024-01-11]
CHR Notifications: Default -> hxxps://calendar.google.com; hxxps://demo01.app.staging.levitio.com; hxxps://meet.google.com; hxxps://svatyjiri.app.levitio.com; hxxps://svjiri.app.levitio.com; hxxps://svjiri.app.staging.levitio.com
CHR HomePage: Default -> hxxp://www.google.com/
CHR Session Restore: Default -> is enabled.
CHR Extension: (h264ify) - C:\Users\Stajgi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aleakchihdccplidncghkekgioiakgal [2021-02-04]
CHR Extension: (Dokumenty Google offline) - C:\Users\Stajgi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-10-17]
CHR Extension: (Google Kalendář) - C:\Users\Stajgi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2021-02-04]
CHR Extension: (Kontrola e-mailu Google) - C:\Users\Stajgi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2021-02-04]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Stajgi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-04]
CHR Extension: (Hlídač Shopů) - C:\Users\Stajgi\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlonggbfebcjelncogcnclagkmkikk [2023-11-18]
CHR Profile: C:\Users\Stajgi\AppData\Local\Google\Chrome\User Data\Guest Profile [2023-12-13]
CHR Profile: C:\Users\Stajgi\AppData\Local\Google\Chrome\User Data\Profile 2 [2024-01-10]
CHR Notifications: Profile 2 -> hxxps://calendar.google.com
CHR Extension: (Dokumenty Google offline) - C:\Users\Stajgi\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-06]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Stajgi\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-25]
CHR Profile: C:\Users\Stajgi\AppData\Local\Google\Chrome\User Data\Profile 3 [2024-01-10]
CHR HomePage: Profile 3 -> hxxp://www.google.cz/
CHR StartupUrls: Profile 3 -> "hxxp://www.google.cz/"
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Stajgi\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2024-01-10]
CHR Extension: (Dokumenty Google offline) - C:\Users\Stajgi\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-01-10]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Stajgi\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-09-22]
CHR Profile: C:\Users\Stajgi\AppData\Local\Google\Chrome\User Data\System Profile [2024-01-11]

Opera:
=======
StartMenuInternet: (HKU\S-1-5-21-2297311556-3204183425-1584938437-1001) Opera GXStable - "C:\Users\Stajgi\AppData\Local\Programs\Opera GX\Launcher.exe"

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-09-20] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [4555744 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [15044872 2023-11-21] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13777592 2024-01-10] (Microsoft Corporation -> Microsoft Corporation)
R2 CorsairCpuIdService; C:\Program Files\Corsair\Corsair iCUE5 Software\CorsairCpuIdService.exe [240168 2024-01-07] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
S3 CorsairDeviceListerService; C:\Program Files\Corsair\Corsair iCUE5 Software\CorsairDeviceListerService.exe [152616 2024-01-07] (Corsair Memory, Inc. -> )
R2 CorsairService; C:\Program Files\Corsair\Corsair iCUE5 Software\clink\Corsair.Service.exe [84008 2024-01-07] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
S3 EABackgroundService; C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe [11385960 2024-01-07] (Electronic Arts, Inc. -> Electronic Arts)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [1135648 2022-04-21] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [935344 2023-11-23] (EasyAntiCheat Oy -> Epic Games, Inc.)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [375248 2023-10-17] (Epic Games Inc. -> Epic Games, Inc.)
S3 EQU8_13; C:\ProgramData\EQU8\Diabotical\bin\anticheat.x64.equ8.exe [5537984 2022-04-23] (Int3 Software AB -> Int3 Software AB)
R3 iCUEDevicePluginHost; C:\Program Files\Corsair\Corsair iCUE5 Software\iCUEDevicePluginHost.exe [470056 2024-01-07] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
R3 iCUEUpdateService; C:\Program Files\Corsair\Corsair iCUE5 Software\iCUEUpdateService.exe [366120 2024-01-07] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
R2 LightKeeperService; C:\Program Files (x86)\MSI\MSI Center\Mystic Light\LightKeeperService.exe [92768 2023-05-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 MSI_Case_Service; C:\Program Files (x86)\MSI\MSI Center\Case\MSI_Case_Service.exe [73824 2023-05-24] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 MSI_Center_Service; C:\Program Files (x86)\MSI\MSI Center\MSI_Central_Service.exe [150176 2022-08-04] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
R2 MSI_VoiceControl_Service; C:\Program Files (x86)\MSI\MSI Center\Voice Control\VoiceControl_Service.exe [36880 2023-04-27] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 Mystic_Light_Service; C:\Program Files (x86)\MSI\MSI Center\Mystic Light\Mystic_Light_Service.exe [37616 2022-04-28] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [256264 2023-02-10] (Razer USA Ltd. -> Razer Inc)
R2 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe [297736 2024-01-09] (Razer USA Ltd. -> Razer Inc.)
R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [538424 2023-11-09] (Razer USA Ltd. -> Razer Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [534472 2023-12-17] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 snc_mid_MID server1; C:\Users\Stajgi\Downloads\midserver\agent\bin\wrapper-windows-x86-64.exe [760904 2021-03-01] (Tanuki Software Ltd. -> Tanuki Software, Ltd.)
R2 snc_mid_MID server2; C:\Users\Stajgi\Downloads\midserver2\agent\bin\wrapper-windows-x86-64.exe [760904 2021-03-01] (Tanuki Software Ltd. -> Tanuki Software, Ltd.)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [21067576 2023-11-15] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 VSSrv; C:\Windows\System32\VSSrv.exe [3359600 2023-11-23] (THX LTD. -> VisiSonics)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe [3174840 2023-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe [133592 2023-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_4eef80c06561d01a\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_4eef80c06561d01a\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdgpio3; C:\Windows\System32\drivers\amdgpio3.sys [36928 2022-09-16] (ASMedia Technology Inc. -> Advanced Micro Devices, Inc)
R3 AmdTools64; C:\Windows\System32\drivers\AmdTools64.sys [63392 2020-06-16] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 atvi-brynhildr; C:\ProgramData\Battle.net_components\brynhildr_odin\brynhildr.sys [2336008 2023-02-01] (Activision Publishing Inc -> Activision Blizzard, Inc.)
S3 atvi-randgrid_sr; H:\SteamLibrary\steamapps\common\Call of Duty HQ\randgrid.sys [2786712 2023-09-27] (Activision Publishing Inc -> Activision Blizzard, Inc.)
S3 cpuz157; C:\Windows\temp\cpuz157\cpuz157_x64.sys [43016 2023-11-18] (Microsoft Windows Hardware Compatibility Publisher -> CPUID)
R3 cpuz158; C:\Windows\temp\cpuz158\cpuz158_x64.sys [44576 2024-01-11] (Microsoft Windows Hardware Compatibility Publisher -> CPUID)
R1 CTIIO; C:\Windows\system32\drivers\CtiIo64.sys [32296 2023-06-26] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Innovation Co., LTd.)
R3 DroidCam; C:\Windows\System32\drivers\droidcam.sys [32240 2020-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Dev47Apps)
R3 DroidCamVideo; C:\Windows\System32\drivers\droidcamvideo.sys [33784 2020-10-04] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
S3 dtultrascsibus; C:\Windows\System32\drivers\dtultrascsibus.sys [42256 2021-05-22] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 dtultrausbbus; C:\Windows\System32\drivers\dtultrausbbus.sys [59344 2021-05-22] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 EasyAntiCheatSys; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.sys [13823960 2022-11-19] (EasyAntiCheat Oy -> EasyAntiCheat Oy)
S3 EQU8_HELPER_13; C:\Windows\system32\DRIVERS\EQU8_HELPER_13.sys [38032 2022-04-26] (Int3 Software AB -> )
S3 gdrv3; C:\Windows\System32\drivers\gdrv3.sys [45248 2023-06-26] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
R3 KOBRAKAHN; C:\Windows\System32\drivers\KOBRAKAHN.sys [3859376 2020-07-22] (Microsoft Windows Hardware Compatibility Publisher -> C-MEDIA Inc.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2023-09-12] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R3 NTIOLib_CC_Clock; C:\Program Files (x86)\MSI\MSI Center\Lib\NTIOLib_X64.sys [14288 2017-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R3 NTIOLib_CC_COMM; C:\Program Files (x86)\MSI\MSI Center\Lib\SYS\NTIOLib_X64.sys [28480 2022-04-27] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 NTIOLib_FWUpdate; C:\Program Files (x86)\MSI\MSI Center\Mystic Light\ResetMCU\JT1Toucher\NTIOLib_X64.sys [28496 2022-04-27] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R3 NTIOLib_MysticLight; C:\Program Files (x86)\MSI\MSI Center\Mystic Light\Lib\NTIOLib_X64.sys [14288 2017-07-11] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R3 NvModuleTracker; C:\Windows\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [45656 2022-07-14] (Nvidia Corporation -> NVIDIA Corporation)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2019-11-08] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2019-11-08] (MiniTool Solution Ltd -> )
S3 RzCommon; C:\Windows\System32\drivers\RzCommon.sys [55128 2021-06-10] (Razer USA Ltd. -> Razer Inc)
S3 RzDev_0528; C:\Windows\System32\drivers\RzDev_0528.sys [54112 2021-03-22] (Razer USA Ltd. -> Razer Inc)
R3 VBAudioVACMME; C:\Windows\System32\drivers\vbaudio_cable64_win7.sys [41192 2014-09-02] (Vincent Burel -> Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [55856 2023-12-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [594304 2023-12-08] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105856 2023-12-08] (Microsoft Windows -> Microsoft Corporation)
S1 MSIO; \??\C:\Windows\system32\drivers\MsIo64.sys [X]
S3 SIUSBXP; \??\C:\Windows\system32\drivers\SiUSBXp.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-01-11 11:34 - 2024-01-11 11:35 - 000042463 _____ C:\Users\Stajgi\Desktop\FRST.txt
2024-01-11 11:34 - 2024-01-11 11:35 - 000000000 ____D C:\FRST
2024-01-11 11:32 - 2024-01-11 11:32 - 002388992 _____ (Farbar) C:\Users\Stajgi\Desktop\FRST64.exe
2024-01-10 09:59 - 2024-01-10 10:01 - 000000000 ___HD C:\$WinREAgent
2024-01-10 09:16 - 2024-01-10 09:16 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2024-01-08 08:56 - 2024-01-08 08:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Corsair
2024-01-07 11:20 - 2024-01-07 11:20 - 000000000 ____D C:\Users\Stajgi\AppData\Roaming\Valve Corporation
2024-01-07 11:10 - 2024-01-07 11:10 - 000000000 ____D C:\Users\Stajgi\AppData\Local\EALaunchHelper
2024-01-04 10:39 - 2024-01-04 10:39 - 005154472 _____ C:\Users\Stajgi\Downloads\RazerBlackSharkV2Pro(2023)_0555_FirmwareUpdater_v2.5.3.0_r1.exe
2024-01-04 10:39 - 2024-01-04 10:39 - 000000000 ____D C:\Program Files\Razer
2024-01-04 10:38 - 2024-01-04 10:38 - 000000000 ____D C:\ProgramData\THX
2024-01-04 10:38 - 2023-11-23 08:48 - 010955120 _____ (THX Ltd.) C:\Windows\system32\spatial-config-util.exe
2024-01-04 10:38 - 2023-11-23 08:48 - 007525312 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\THXOutAPO-SSE2-v3.dll
2024-01-04 10:38 - 2023-11-23 08:48 - 003359600 _____ (VisiSonics) C:\Windows\system32\VSSrv.exe
2024-01-04 10:38 - 2023-11-23 08:48 - 001159992 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\THXMicAPO-SSE2-v3.dll
2024-01-04 10:38 - 2023-11-23 08:48 - 000722176 _____ (VisiSonics) C:\Windows\system32\VSHelper.exe
2024-01-04 10:38 - 2023-11-23 08:48 - 000033536 _____ () C:\Windows\system32\VSSrvInit.exe
2024-01-04 10:38 - 2023-06-16 07:33 - 000161920 _____ (Razer Inc) C:\Windows\system32\RazerS3CoinstallerEx.dll
2024-01-04 10:20 - 2024-01-04 10:20 - 009048840 _____ (Razer Inc.) C:\Users\Stajgi\Downloads\RazerSynapseInstaller_V1.15.0.504.exe
2023-12-17 22:16 - 2023-12-17 22:16 - 000000000 ____D C:\Windows\InboxApps
2023-12-17 12:09 - 2023-12-17 12:09 - 000016707 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json
2023-12-14 21:05 - 2023-12-14 21:05 - 000924212 _____ C:\Users\Stajgi\Downloads\Adobe Scan 14. 12. 2023.pdf
2023-12-12 19:23 - 2023-12-12 19:23 - 001247293 _____ C:\Users\Stajgi\Downloads\Adobe Scan 12. 12. 2023.pdf
2023-12-12 18:03 - 2023-12-12 19:22 - 000009047 _____ C:\Users\Stajgi\Downloads\ZDRAVOTNÍ_DATA_VZOR.xlsx

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-01-11 11:34 - 2023-01-06 21:02 - 000000000 ____D C:\Users\Stajgi\AppData\Roaming\Spotify
2024-01-11 11:33 - 2021-12-16 01:53 - 000000000 ____D C:\Windows\SystemTemp
2024-01-11 11:33 - 2021-02-04 11:48 - 000000000 ____D C:\Program Files (x86)\Google
2024-01-11 11:31 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2024-01-11 11:30 - 2020-11-19 00:55 - 000005822 _____ C:\Windows\system32\PerfStringBackup.INI
2024-01-11 11:30 - 2019-12-07 15:43 - 001705586 _____ C:\Windows\system32\perfh005.dat
2024-01-11 11:30 - 2019-12-07 15:43 - 000450338 _____ C:\Windows\system32\perfc005.dat
2024-01-11 11:29 - 2021-02-04 11:57 - 000000000 ____D C:\Program Files (x86)\Steam
2024-01-11 11:27 - 2022-02-22 13:51 - 000000000 ____D C:\Users\Stajgi\AppData\LocalLow\Mozilla
2024-01-11 11:27 - 2021-02-09 23:04 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2024-01-11 11:25 - 2023-01-06 21:02 - 000000000 ____D C:\Users\Stajgi\AppData\Local\Spotify
2024-01-11 11:25 - 2022-08-04 14:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2024-01-11 11:24 - 2023-11-26 10:56 - 000000000 ____D C:\Windows\system32\Tasks\PowerToys
2024-01-11 11:24 - 2023-08-10 23:36 - 000000000 ____D C:\Program Files\TeamViewer
2024-01-11 11:24 - 2021-02-04 11:47 - 000000000 ____D C:\MSI
2024-01-11 11:24 - 2021-02-04 11:34 - 000000000 ____D C:\ProgramData\NVIDIA
2024-01-11 11:24 - 2021-02-04 11:20 - 000000000 ____D C:\Users\Stajgi
2024-01-11 11:24 - 2021-02-04 11:16 - 000008192 ___SH C:\DumpStack.log.tmp
2024-01-11 11:24 - 2020-11-19 00:46 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2024-01-11 11:24 - 2020-11-18 23:46 - 000000000 ____D C:\Windows\system32\SleepStudy
2024-01-11 11:24 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-01-11 02:04 - 2021-02-04 11:56 - 000000000 ____D C:\Users\Stajgi\AppData\Roaming\discord
2024-01-11 01:56 - 2021-02-04 11:56 - 000000000 ____D C:\Users\Stajgi\AppData\Local\Discord
2024-01-10 20:56 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2024-01-10 17:40 - 2021-02-04 21:14 - 000000000 ____D C:\Users\Stajgi\AppData\Local\D3DSCache
2024-01-10 17:38 - 2020-11-18 23:46 - 000504864 _____ C:\Windows\system32\FNTCACHE.DAT
2024-01-10 17:37 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2024-01-10 17:37 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2024-01-10 17:37 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemResources
2024-01-10 17:37 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\setup
2024-01-10 17:37 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellExperiences
2024-01-10 17:37 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\bcastdvr
2024-01-10 17:37 - 2019-12-07 10:03 - 000524288 _____ C:\Windows\system32\config\BBI
2024-01-10 10:04 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp
2024-01-10 10:00 - 2023-10-12 08:53 - 000000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
2024-01-10 09:48 - 2022-02-04 07:24 - 000004226 _____ C:\Windows\system32\Tasks\Opera GX scheduled Autoupdate 1643955843
2024-01-10 09:48 - 2022-02-04 07:24 - 000001447 _____ C:\Users\Stajgi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prohlížeč Opera GX.lnk
2024-01-10 09:47 - 2021-02-20 01:47 - 000000000 ____D C:\Users\Stajgi\AppData\Local\ElevatedDiagnostics
2024-01-10 09:16 - 2022-12-07 15:40 - 000000000 ____D C:\Program Files\Microsoft Office
2024-01-10 09:12 - 2021-02-04 21:10 - 000000000 ____D C:\Windows\system32\MRT
2024-01-10 09:11 - 2021-02-04 21:10 - 189718008 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2024-01-10 09:10 - 2021-02-04 11:48 - 000002253 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-01-10 09:10 - 2021-02-04 11:48 - 000002212 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2024-01-07 19:43 - 2021-02-11 18:10 - 000000000 ____D C:\Users\Stajgi\AppData\LocalLow\Adobe
2024-01-07 19:31 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-01-07 11:10 - 2023-11-22 19:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
2024-01-06 09:45 - 2023-01-16 11:31 - 000002280 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-01-06 09:45 - 2022-10-12 16:10 - 000002079 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-01-06 09:45 - 2022-10-12 16:10 - 000002067 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2024-01-06 09:45 - 2021-02-24 15:59 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2024-01-06 09:45 - 2020-11-19 00:48 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-01-04 10:38 - 2022-08-04 14:41 - 000000000 ____D C:\Program Files (x86)\Razer
2024-01-04 10:38 - 2021-02-04 11:29 - 000000000 ____D C:\ProgramData\Package Cache
2024-01-04 10:28 - 2022-08-04 14:47 - 000000000 ____D C:\Users\Stajgi\AppData\Local\Razer
2024-01-04 10:21 - 2022-08-04 14:42 - 000000000 ____D C:\ProgramData\Razer
2023-12-28 02:34 - 2023-10-10 16:55 - 000000000 ____D C:\Users\Stajgi\AppData\Roaming\Bitwarden
2023-12-20 23:14 - 2021-02-04 11:56 - 000002242 _____ C:\Users\Stajgi\Desktop\Discord.lnk
2023-12-17 22:17 - 2021-02-04 11:21 - 000000000 ____D C:\Users\Stajgi\AppData\Local\Packages
2023-12-17 22:16 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2023-12-17 22:16 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2023-12-17 22:16 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2023-12-17 22:16 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\lv-LV
2023-12-17 22:16 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\lt-LT
2023-12-17 22:16 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\et-EE
2023-12-17 22:16 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\es-MX
2023-12-17 22:16 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2023-12-17 22:16 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2023-12-17 22:16 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\oobe
2023-12-17 22:16 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\lv-LV
2023-12-17 22:16 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\lt-LT
2023-12-17 22:16 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\et-EE
2023-12-17 22:16 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\es-MX
2023-12-17 22:16 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Dism
2023-12-17 22:16 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\Provisioning
2023-12-17 22:16 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2023-12-17 22:16 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\servicing
2023-12-17 12:10 - 2019-12-07 15:47 - 000023040 _____ (Microsoft Corporation) C:\Windows\system32\OEMDefaultAssociations.dll
2023-12-17 12:10 - 2019-12-07 15:47 - 000020827 _____ C:\Windows\system32\OEMDefaultAssociations.xml
2023-12-17 12:09 - 2020-11-19 00:48 - 003016192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll

==================== Files in the root of some directories ========

2022-01-18 09:13 - 2022-01-18 09:13 - 219632512 _____ (SmartBear Software) C:\Users\Stajgi\SoapUI-x64-5.7.0.exe
2021-02-11 10:44 - 2021-02-11 10:44 - 000000000 _____ () C:\Users\Stajgi\AppData\Local\oobelibMkey.log
2021-02-06 22:08 - 2023-06-23 08:39 - 000007648 _____ () C:\Users\Stajgi\AppData\Local\Resmon.ResmonCfg
2023-06-20 19:23 - 2023-06-20 19:23 - 001195688 _____ () C:\Users\Stajgi\AppData\Local\svg~6a84~8f945352~0.tmp
2023-03-23 10:52 - 2024-01-02 14:37 - 000048151 _____ () C:\Users\Stajgi\AppData\Local\thumbnail.log

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================


Addition přidávám jako rar, jelikož byl překročen počet znaků.
Addition.rar
(25.27 KiB) Staženo 27 x

Re: Nalezena hrozba PUADImanager:win32/Sepdot

Napsal: 11 led 2024 12:28
od Rudy
Zdravím!
Spusťte tuto utilitu:¨¨
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

Re: Nalezena hrozba PUADImanager:win32/Sepdot

Napsal: 11 led 2024 12:41
od stajgi
Zde log z AdwCleaneru:
# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2023-07-19.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 01-11-2024
# Duration: 00:00:01
# OS: Windows 10 (Build 19045.3930)
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1420 octets] - [11/01/2024 12:40:26]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Re: Nalezena hrozba PUADImanager:win32/Sepdot

Napsal: 11 led 2024 13:56
od Rudy
Toto je OK. Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [711288 2023-01-09] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-2297311556-3204183425-1584938437-1001\...\MountPoints2: {4c9d9392-b9a0-11eb-9560-001a7dda7115} - "J:\setup.exe"
HKU\S-1-5-21-2297311556-3204183425-1584938437-1001\...\MountPoints2: {e774f583-7b3c-11eb-9551-001a7dda7115} - "O:\HiSuiteDownLoader.exe"
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {14E175AE-0ADA-46F4-9B62-642B5BC5B4C7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-02-04] (Google LLC -> Google LLC)
Task: {1ABC8F13-5595-4905-9D63-A4C9C8027583} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-02-04] (Google LLC -> Google LLC)
Task: {1B2A31CD-AA49-4183-A319-E31A8832AC72} - System32\Tasks\MSI Task Host - Detect_Monitor => C:\Program Files (x86)\MSI\One Dragon Center\MSI.NotifyServer.exe Detect_Monitor (No File)
Task: {D27DCA41-B624-461C-9505-DA2D55C69E75} - System32\Tasks\MSI Task Host - DisplayID => C:\Program Files (x86)\MSI\One Dragon Center\MSI.NotifyServer.exe Detect_DisplayID (No File)
Task: {98D31746-69BA-4E0F-BC7C-9FC040EE4CF6} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2297311556-3204183425-1584938437-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File)
Task: {3B7CA1B9-0A10-48A6-B8D1-BA7A1B93B54C} - System32\Tasks\RTSS => C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe /s (No File)
Task: {3B7CA1B9-0A10-48A6-B8D1-BA7A1B93B54C} - System32\Tasks\RTSS => C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe /s (No File)
C:\Users\Stajgi\AppData\Local\svg~6a84~8f945352~0.tmp
HKU\S-1-5-21-2297311556-3204183425-1584938437-1001\Software\Classes\regfile: <==== ATTENTION
HKU\S-1-5-21-2297311556-3204183425-1584938437-1001\Software\Classes\.reg: => <==== ATTENTION
HKU\S-1-5-21-2297311556-3204183425-1584938437-1001\Software\Classes\.bat: => <==== ATTENTION
HKU\S-1-5-21-2297311556-3204183425-1584938437-1001\Software\Classes\.cmd: => <==== ATTENTION
FirewallRules: [{0462CB30-EB94-4EA2-AC93-3EB87D0EBE97}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{0D069CAB-0A24-47BE-A4E4-E1775DB0DCF3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
C:\Users\Stajgi\Downloads\FileZilla_3.52.2_win64_sponsored-setup.exe
C:\Users\Stajgi\Downloads\aTube_Catcher_v1.652.56.309.9.exe

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: Nalezena hrozba PUADImanager:win32/Sepdot

Napsal: 11 led 2024 16:08
od stajgi
Zde fix log:
Fix result of Farbar Recovery Scan Tool (x64) Version: 11.01.2024
Ran by Stajgi (11-01-2024 15:39:29) Run:1
Running from C:\Users\Stajgi\Desktop
Loaded Profiles: Stajgi
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [711288 2023-01-09] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-2297311556-3204183425-1584938437-1001\...\MountPoints2: {4c9d9392-b9a0-11eb-9560-001a7dda7115} - "J:\setup.exe"
HKU\S-1-5-21-2297311556-3204183425-1584938437-1001\...\MountPoints2: {e774f583-7b3c-11eb-9551-001a7dda7115} - "O:\HiSuiteDownLoader.exe"
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {14E175AE-0ADA-46F4-9B62-642B5BC5B4C7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-02-04] (Google LLC -> Google LLC)
Task: {1ABC8F13-5595-4905-9D63-A4C9C8027583} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-02-04] (Google LLC -> Google LLC)
Task: {1B2A31CD-AA49-4183-A319-E31A8832AC72} - System32\Tasks\MSI Task Host - Detect_Monitor => C:\Program Files (x86)\MSI\One Dragon Center\MSI.NotifyServer.exe Detect_Monitor (No File)
Task: {D27DCA41-B624-461C-9505-DA2D55C69E75} - System32\Tasks\MSI Task Host - DisplayID => C:\Program Files (x86)\MSI\One Dragon Center\MSI.NotifyServer.exe Detect_DisplayID (No File)
Task: {98D31746-69BA-4E0F-BC7C-9FC040EE4CF6} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2297311556-3204183425-1584938437-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File)
Task: {3B7CA1B9-0A10-48A6-B8D1-BA7A1B93B54C} - System32\Tasks\RTSS => C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe /s (No File)
Task: {3B7CA1B9-0A10-48A6-B8D1-BA7A1B93B54C} - System32\Tasks\RTSS => C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe /s (No File)
C:\Users\Stajgi\AppData\Local\svg~6a84~8f945352~0.tmp
HKU\S-1-5-21-2297311556-3204183425-1584938437-1001\Software\Classes\regfile: <==== ATTENTION
HKU\S-1-5-21-2297311556-3204183425-1584938437-1001\Software\Classes\.reg: => <==== ATTENTION
HKU\S-1-5-21-2297311556-3204183425-1584938437-1001\Software\Classes\.bat: => <==== ATTENTION
HKU\S-1-5-21-2297311556-3204183425-1584938437-1001\Software\Classes\.cmd: => <==== ATTENTION
FirewallRules: [{0462CB30-EB94-4EA2-AC93-3EB87D0EBE97}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{0D069CAB-0A24-47BE-A4E4-E1775DB0DCF3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
C:\Users\Stajgi\Downloads\FileZilla_3.52.2_win64_sponsored-setup.exe
C:\Users\Stajgi\Downloads\aTube_Catcher_v1.652.56.309.9.exe

EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
HKU\S-1-5-21-2297311556-3204183425-1584938437-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c9d9392-b9a0-11eb-9560-001a7dda7115} => removed successfully
HKU\S-1-5-21-2297311556-3204183425-1584938437-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e774f583-7b3c-11eb-9551-001a7dda7115} => removed successfully

"C:\Windows\system32\GroupPolicy\Machine" folder move:

C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{14E175AE-0ADA-46F4-9B62-642B5BC5B4C7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{14E175AE-0ADA-46F4-9B62-642B5BC5B4C7}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1ABC8F13-5595-4905-9D63-A4C9C8027583}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1ABC8F13-5595-4905-9D63-A4C9C8027583}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1B2A31CD-AA49-4183-A319-E31A8832AC72}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B2A31CD-AA49-4183-A319-E31A8832AC72}" => removed successfully
C:\Windows\System32\Tasks\MSI Task Host - Detect_Monitor => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MSI Task Host - Detect_Monitor" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D27DCA41-B624-461C-9505-DA2D55C69E75}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D27DCA41-B624-461C-9505-DA2D55C69E75}" => removed successfully
C:\Windows\System32\Tasks\MSI Task Host - DisplayID => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MSI Task Host - DisplayID" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{98D31746-69BA-4E0F-BC7C-9FC040EE4CF6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98D31746-69BA-4E0F-BC7C-9FC040EE4CF6}" => removed successfully
C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2297311556-3204183425-1584938437-500 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OneDrive Standalone Update Task-S-1-5-21-2297311556-3204183425-1584938437-500" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3B7CA1B9-0A10-48A6-B8D1-BA7A1B93B54C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B7CA1B9-0A10-48A6-B8D1-BA7A1B93B54C}" => removed successfully
C:\Windows\System32\Tasks\RTSS => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RTSS" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B7CA1B9-0A10-48A6-B8D1-BA7A1B93B54C}" => not found
"C:\Windows\System32\Tasks\RTSS" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RTSS" => not found
C:\Users\Stajgi\AppData\Local\svg~6a84~8f945352~0.tmp => moved successfully
HKU\S-1-5-21-2297311556-3204183425-1584938437-1001\Software\Classes\regfile => removed successfully
HKU\S-1-5-21-2297311556-3204183425-1584938437-1001\Software\Classes\.reg => removed successfully
HKU\S-1-5-21-2297311556-3204183425-1584938437-1001\Software\Classes\.bat => removed successfully
HKU\S-1-5-21-2297311556-3204183425-1584938437-1001\Software\Classes\.cmd => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0462CB30-EB94-4EA2-AC93-3EB87D0EBE97}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0D069CAB-0A24-47BE-A4E4-E1775DB0DCF3}" => removed successfully
"C:\Users\Stajgi\Downloads\FileZilla_3.52.2_win64_sponsored-setup.exe" => not found
"C:\Users\Stajgi\Downloads\aTube_Catcher_v1.652.56.309.9.exe" => not found

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 1835008 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 838325763 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 1410056853 B
Windows/system/drivers => 30824404 B
Edge => 0 B
Chrome => 2508715391 B
Firefox => 15681091 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 12 B
systemprofile32 => 383006 B
LocalService => 387256 B
NetworkService => 562604 B
Stajgi => 122197464 B

RecycleBin => 0 B
EmptyTemp: => 4.6 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 15:57:40 ====

Re: Nalezena hrozba PUADImanager:win32/Sepdot

Napsal: 11 led 2024 16:47
od Rudy
Smazáno. Nastala nějaká změna?

Re: Nalezena hrozba PUADImanager:win32/Sepdot

Napsal: 11 led 2024 17:05
od stajgi
Windows Defender už nic nehlásí ani neukazuje, takže zdá se, že v pořádku.
Lze říct zda to bylo něco nebezpečného, nebo s čím to mohlo přijít?

Velice děkuji, poslal jsem rovněž příspěvek za ochotu a rychlou pomoc.
Hezký den.

Re: Nalezena hrozba PUADImanager:win32/Sepdot

Napsal: 11 led 2024 17:54
od Rudy
PUADImanager: https://www.zive.cz/poradna/puadimanage ... tanswers=1 . Je to spíše otravný malware. Nemáte zač a za příspěvek děkujeme. :)
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz