Prosim o kontrolu logu

[JanPavel]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-10-2025
Ran by Athlon (administrator) on ATHLON-PC (08-10-2025 21:23:29)
Running from C:\ Down\FRST64(1).exe
Loaded Profiles: Athlon
Platform: Microsoft Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(atiesrxx.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveCrashHandler.exe
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveCrashHandler64.exe
(C:\Program Files (x86)\Total Commader 7.56a - FULL (Created Xnuke)\TOTALCMD.EXE ->) (Nullsoft) [File not signed] C:\Program Files (x86)\Winamp\winamp.exe
(explorer.exe ->) () [File not signed] C:\Program Files\qBittorrent\qbittorrent.exe
(explorer.exe ->) (Ghisler Software GmbH -> Ghisler Software GmbH) C:\Program Files (x86)\Total Commader 7.56a - FULL (Created Xnuke)\TOTALCMD.EXE
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <16>
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler64.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <53>
(services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe
(services.exe ->) (Famatech Corp. -> Famatech Corp.) C:\Program Files (x86)\Radmin VPN\RvControlSvc.exe
(services.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13260944 2022-08-01] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKU\S-1-5-21-1612216774-2786075622-449432659-1000\...\Policies\Explorer: [DisallowRun] 0
HKU\S-1-5-21-1612216774-2786075622-449432659-1000\...\MountPoints2: O - O:\LaunchU3.exe -a
HKU\S-1-5-21-1612216774-2786075622-449432659-1000\...\MountPoints2: {2207cfa1-da98-11ef-8ede-a65292a6b6b9} - G:\RTK_NIC_DRIVER_INSTALLER.sfx.exe
HKU\S-1-5-21-1612216774-2786075622-449432659-1000\...\MountPoints2: {37063b62-32bb-11e8-8724-7085c2064f38} - O:\LaunchU3.exe -a
HKLM\...\Windows x64\Print Processors\GTEG_IPPR: C:\Windows\System32\spool\prtprocs\x64\GTEG_IPPR.dll [77312 2015-08-04] (Microsoft Windows Hardware Compatibility Publisher -> Monotype Imaging Inc.)
HKLM\...\Windows x64\Print Processors\HP2030PrintProc: C:\Windows\System32\spool\prtprocs\x64\HP2030PP.DLL [65024 2012-12-04] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Windows x64\Print Processors\hpcpp093: C:\Windows\System32\spool\prtprocs\x64\hpcpp093.DLL [300032 2010-04-15] (Hewlett-Packard Corporation) [File not signed]
HKLM\...\Windows x64\Print Processors\hpcpp250: C:\Windows\System32\spool\prtprocs\x64\hpcpp250.dll [850024 2020-08-20] (HP Inc. -> HP Inc.)
HKLM\...\Windows x64\Print Processors\hpzppwn7: C:\Windows\System32\spool\prtprocs\x64\hpzppwn7.dll [101376 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Windows x64\Print Processors\ricp5Kpp: C:\Windows\System32\spool\prtprocs\x64\ricp5Kpp.dll [2077184 2012-12-12] (RICOH COMPANY, LTD) [File not signed]
HKLM\...\Print\Monitors\FPR11:: C:\Windows\system32\fpmon11-x64.dll [285096 2023-02-07] (FinePrint Software, LLC -> FinePrint Software, LLC)
HKLM\...\Print\Monitors\FPR9:: C:\Windows\system32\fpmon9.dll [720064 2017-01-29] (FinePrint Software, LLC -> FinePrint Software, LLC)
HKLM\...\Print\Monitors\GTEG PJL Monitor: C:\Windows\system32\GTEG_LMON.dll [73728 2015-08-04] (Microsoft Windows Hardware Compatibility Publisher -> Teco Image Systems Co., Ltd.)
HKLM\...\Print\Monitors\HP Universal Print Monitor: C:\Windows\system32\HPMPW082.DLL [127592 2020-08-20] (HP Inc. -> HP Inc.)
HKLM\...\Print\Monitors\HP2030LM: C:\Windows\system32\HP2030LM.DLL [246784 2012-12-04] (Microsoft Windows Hardware Compatibility Publisher -> Marvell Semiconductor India Private Limited.)
HKLM\...\Print\Monitors\HPMLM225: C:\Windows\system32\hpmlm225.dll [315496 2020-08-20] (HP Inc. -> HP Inc.)
HKLM\...\Print\Monitors\ricp5Klm: C:\Windows\system32\ricp5Klm.dll [27136 2010-12-07] (RICOH CO.,Ltd.) [File not signed]
HKLM\...\Print\Monitors\Wondershare PDFelement Monitor: C:\Windows\system32\PEPrinterMonitor.dll [285232 2022-11-08] (Wondershare Technology Co.,Ltd -> Wondershare Software)
HKLM\Software\Microsoft\Active Setup\Installed Components: [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] -> "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\109.0.5414.120\Installer\chrmstp.exe [2023-01-26] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\109.1.47.186\Installer\chrmstp.exe [2023-01-30] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] -> "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] ->
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {C11055B2-7437-4151-A33E-894B7545CF48} - System32\Tasks\{4BB71A29-3DEA-4326-80B6-B69C5918B899} => J:\ Personal\ MTG\MTG Encyclopedia\ MTG CD\SETUP.EXE (No File)
Task: {0AE4197C-405C-46BC-8F28-C7907BEEE779} - System32\Tasks\{71979838-1D6F-4853-A603-D54B3137F2A8} => C:\Windows\System32\pcalua.exe [9728 2019-02-10] (Microsoft Windows -> Microsoft Corporation) -> -a "C:\ Down\17405_03.exe" -d "C:\ Down"
Task: {E9543F2E-CB58-49F0-AEC9-E6F02B6AD234} - System32\Tasks\{A00EB554-3098-4012-A8F9-6B48BF4AD1A5} => C:\Windows\System32\pcalua.exe [9728 2019-02-10] (Microsoft Windows -> Microsoft Corporation) -> -a "J:\ Personal\ MTG\MTG Encyclopedia\ MTG CD\SETUP.EXE" -d "j:\ Personal\ MTG\MTG Encyclopedia\ MTG CD\"
Task: {90D3F28D-C58E-4175-BB45-CB3421DA29EF} - System32\Tasks\{A09B6756-B2E9-425E-9486-5BD0A722987F} => C:\Windows\System32\pcalua.exe [9728 2019-02-10] (Microsoft Windows -> Microsoft Corporation) -> -a "C:\ Down\sp54508.exe" -d "C:\ Down"
Task: {93D4B4A4-EF55-47EC-8E6A-0BC13D3FD437} - System32\Tasks\{F56D20E0-22A3-4615-B5D4-530A5CFE6D58} => J:\ Personal\ MTG\MTG Encyclopedia\ MTG CD\SETUP.EXE (No File)
Task: {64328E78-43A4-437C-AF9A-6272EAC0B94E} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_414_Plugin.exe -check plugin (No File)
Task: {9C9714E0-039A-45E1-AD9D-29D090B454AE} - System32\Tasks\AMDInstallUEP => C:\Program Files\AMD\InstallUEP\AMDInstallUEP.exe (No File)
Task: {4486EE25-4A0F-4E9F-A1DF-E77893A0AB29} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157544 2020-07-18] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {8A2904F2-6C62-46EA-97BE-13D8E6C0C7BB} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157544 2020-07-18] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {52DB6C24-143F-4FC5-AADC-CF8E08F271D7} - System32\Tasks\CCleanerCrashReporting => N:\ LOST PARTITION\Software\ Virus Vault\cc\x64\CCleanerBugReport.exe [5074848 2024-04-10] (PIRIFORM SOFTWARE LIMITED -> Gen Digital Inc. All rights reserved.) -> --product 90 --send dumps|report --path "N:\ LOST PARTITION\Software\ Virus Vault\cc\LOG" --programpath "N:\ LOST PARTITION\Software\ Virus Vault\cc" --guid "" --version "6.23.11010" --silent
Task: {AEDDAC32-FC14-4A61-A6A8-4635AF81D5CC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-08-25] (Google Inc -> Google Inc.)
Task: {569984A5-1028-4E2D-B4DF-D7D447A9B1F4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-08-25] (Google Inc -> Google Inc.)
Task: {AAC63616-D70B-4654-B655-2A179FB1AA8B} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [688256 2025-09-16] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {6ADA6719-7F34-4547-A6DE-328238D97AD6} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-08-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {6189DE3E-1541-40FB-926A-BA4061039634} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [69304 2020-08-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CCleanerCrashReporting.job => N:\ LOST PARTITION\Software\ Virus Vault\cc\x64\CCleanerBugReport.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 194.228.41.65
Tcpip\..\Interfaces\{BF23E955-31D7-402A-BED9-EAEBEB8ACD49}: [DhcpNameServer] 192.168.0.1 194.228.41.65
HKLM\System\...\Parameters\PersistentRoutes: [0.0.0.0,0.0.0.0,26.0.0.1,9256]

FireFox:
========
FF DefaultProfile: gbguvz8e.default-1634472223835
FF ProfilePath: C:\Users\Athlon\AppData\Roaming\Mozilla\Firefox\Profiles\gbguvz8e.default-1634472223835 [2025-10-08]
FF DownloadDir: C:\ Down
FF Notifications: Mozilla\Firefox\Profiles\gbguvz8e.default-1634472223835 -> hxxps://www.ufreegames.com; hxxps://smallseotools.com; hxxps://mail.aerohosting.cz; hxxps://kizi.com; hxxps://www.urlaubstracker.de; hxxps://www.wired.com
FF Extension: (SetupVPN - Lifetime Free VPN) - C:\Users\Athlon\AppData\Roaming\Mozilla\Firefox\Profiles\gbguvz8e.default-1634472223835\Extensions\@setupvpncom.xpi [2024-06-26]
FF Extension: (h264ify) - C:\Users\Athlon\AppData\Roaming\Mozilla\Firefox\Profiles\gbguvz8e.default-1634472223835\Extensions\jid1-TSgSxBhncsPBWQ@jetpack.xpi [2022-05-01]
FF Extension: (Save as PDF) - C:\Users\Athlon\AppData\Roaming\Mozilla\Firefox\Profiles\gbguvz8e.default-1634472223835\Extensions\save-as-pdf-ff@pdfcrowd.com.xpi [2022-01-26]
FF Extension: (Session Boss) - C:\Users\Athlon\AppData\Roaming\Mozilla\Firefox\Profiles\gbguvz8e.default-1634472223835\Extensions\sessionboss@william.wong.xpi [2024-09-03]
FF Extension: (Google Translator for Firefox) - C:\Users\Athlon\AppData\Roaming\Mozilla\Firefox\Profiles\gbguvz8e.default-1634472223835\Extensions\translator@zoli.bod.xpi [2024-04-26]
FF Extension: (MetaMask) - C:\Users\Athlon\AppData\Roaming\Mozilla\Firefox\Profiles\gbguvz8e.default-1634472223835\Extensions\webextension@metamask.io.xpi [2025-09-29]
FF Extension: (Save Working Session) - C:\Users\Athlon\AppData\Roaming\Mozilla\Firefox\Profiles\gbguvz8e.default-1634472223835\Extensions\{54dad4a6-bfe8-4170-9c69-0f5be34cb99b}.xpi [2022-10-09]
FF Extension: (No Name) - C:\Users\Athlon\AppData\Roaming\Mozilla\Firefox\Profiles\gbguvz8e.default-1634472223835\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2025-10-02]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_433.dll [2020-09-13] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-12-31] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-12-31] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_433.dll [2020-09-13] (Adobe Inc. -> )
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [No File]

Chrome:
=======
CHR Profile: C:\Users\Athlon\AppData\Local\Google\Chrome\User Data\Default [2025-10-08]
CHR Notifications: Default -> hxxps://www.facebook.com
CHR Extension: (Image Downloader) - C:\Users\Athlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj [2025-05-29]
CHR Extension: (Lamden Vault - Browser Extension) - C:\Users\Athlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhfffofbcgbjjojdnpcfompojdjjhdim [2025-07-24]
CHR Extension: (Dokumenty Google offline) - C:\Users\Athlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-06-02]
CHR Extension: (AdBlock - nejlepší blokátor reklam) - C:\Users\Athlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2024-04-12]
CHR Extension: (Hashpack) - C:\Users\Athlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjagmgiddbbciopjhllkdnddhcglnemk [2025-10-08]
CHR Extension: (PDF Editor for Chrome:Edit, Fill, Sign, Print) - C:\Users\Athlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphandlahdpffmccakmbngmbjnjiiahp [2024-12-11]
CHR Extension: (polkadot{.js} extension) - C:\Users\Athlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mopnmbcafieddcagagdcbnhejhlodfdd [2025-07-31]
CHR Extension: (MetaMask) - C:\Users\Athlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2025-07-01]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Athlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-31]
CHR Profile: C:\Users\Athlon\AppData\Local\Google\Chrome\User Data\System Profile [2024-05-06]
CHR HKLM-x32\...\Chrome\Extension: [pkijdmeepjhpenmighhaodgfoogncnlk] - C:\Program Files (x86)\Offline Explorer Enterprise\mpoe.crx <not found>

Brave:
=======
BRA Profile: C:\Users\Athlon\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2025-05-30]
BRA Extension: (MetaMask) - C:\Users\Athlon\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2025-05-30]
BRA Extension: (Brave NTP background images) - C:\Users\Athlon\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2025-05-30]
BRA Extension: (Wallet Data Files Updater) - C:\Users\Athlon\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2025-05-30]
BRA Extension: (Brave Ad Block Updater (EasyList Cookie (plaintext))) - C:\Users\Athlon\AppData\Local\BraveSoftware\Brave-Browser\User Data\cdbbhgbmjhfnhnmgeddbliobbofkgdhe [2025-05-30]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\Athlon\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2022-05-22]
BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\Athlon\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2020-07-23]
BRA Extension: (Brave NTP sponsored images) - C:\Users\Athlon\AppData\Local\BraveSoftware\Brave-Browser\User Data\efkihffiamafhbhefjaljejgdpkelpal [2025-05-30]
BRA Extension: (Brave Ad Block Updater (Regional Catalog)) - C:\Users\Athlon\AppData\Local\BraveSoftware\Brave-Browser\User Data\gkboaolpopklhgplhaaiboijnklogmbc [2025-05-30]
BRA Extension: (Brave NTP Super Referrer mapping table) - C:\Users\Athlon\AppData\Local\BraveSoftware\Brave-Browser\User Data\heplpbhjcbmiibdlchlanmdenffpiibo [2020-07-23]
BRA Extension: (Brave Ads Resources) - C:\Users\Athlon\AppData\Local\BraveSoftware\Brave-Browser\User Data\iejekkikpddbbockoldagmfcdbffomfc [2025-05-30]
BRA Extension: (Brave Ad Block Updater (Brave Ad Block Updater (plaintext))) - C:\Users\Athlon\AppData\Local\BraveSoftware\Brave-Browser\User Data\iodkpdagapdfkphljnddpjlldadblomo [2025-05-30]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\Athlon\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2022-03-20]
BRA Extension: (Brave Ad Block Updater (Resources)) - C:\Users\Athlon\AppData\Local\BraveSoftware\Brave-Browser\User Data\mfddibmblmbccpadfndgakiopmmhebop [2025-05-30]
BRA Extension: (Crypto Wallets) - C:\Users\Athlon\AppData\Local\BraveSoftware\Brave-Browser\User Data\odbfpeeihdkbihmopkbjmoonfanlbfcl [2021-10-19]
BRA Extension: (Brave Ad Block Updater (EasyList Czech and Slovak (plaintext))) - C:\Users\Athlon\AppData\Local\BraveSoftware\Brave-Browser\User Data\oegebjahecghlckbhkmojgnpcgdeajdi [2025-05-30]
BRA Extension: (Brave Ad Block Updater (CZE, SVK: EasyList Czech and Slovak)) - C:\Users\Athlon\AppData\Local\BraveSoftware\Brave-Browser\User Data\omkkefoeihpbpebhhbhmjekpnegokpbj [2022-05-22]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\Athlon\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2023-11-10]
StartMenuInternet: Brave - C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiRansom6.6; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Ransomware Tool for Home 6.6\kl_service.exe [349696 2024-02-29] (AO Kaspersky Lab -> AO Kaspersky Lab)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157544 2020-07-18] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157544 2020-07-18] (Brave Software, Inc. -> BraveSoftware Inc.)
S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-08-25] (Google Inc -> Google Inc.)
S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-08-25] (Google Inc -> Google Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9608720 2025-09-29] (Malwarebytes Inc -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [2788304 2025-09-29] (Malwarebytes Inc. -> Malwarebytes)
S4 MEmuSVC; C:\Program Files\Microvirt\MEmu\MemuService.exe [85304 2019-09-12] (Shanghai Microvirt Software Technology Co., Ltd. -> )
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2019-02-01] (HP Inc.) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2019-02-01] (HP Inc.) [File not signed]
R2 RvControlSvc; C:\Program Files (x86)\Radmin VPN\RvControlSvc.exe [1179712 2023-07-10] (Famatech Corp. -> Famatech Corp.)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [19285304 2024-06-13] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AIDA64Driver; C:\Program Files (x86)\_Aida New\kerneld.v64 [34648 2017-11-26] (FinalWire -> )
U5 amdkmdap; C:\Windows\System32\Drivers\amdkmdap.sys [611512 2020-08-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 AsrVDrive; C:\Windows\System32\DRIVERS\AsrVDrive.sys [23048 2015-02-03] (ASROCK Incorporation -> ASRock Inc.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [159296 2025-09-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 HPEWSFXBULK; C:\Windows\System32\drivers\hpfx64bulk.sys [29096 2020-08-21] (Hewlett-Packard Company -> Hewlett Packard)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
R1 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [78560 2024-02-29] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [78560 2024-02-29] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klflt; C:\Windows\System32\DRIVERS\klflt.sys [78560 2024-02-29] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klgse; C:\Windows\System32\DRIVERS\klgse.sys [78560 2025-09-29] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [176864 2025-09-29] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [176864 2024-02-29] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [78560 2024-02-29] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [78560 2024-02-29] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 mbamchameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [234072 2025-10-08] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\Drivers\farflt.sys [210512 2025-10-08] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\Drivers\mbam.sys [80984 2025-10-08] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [244800 2025-09-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R1 MEmuDrv; C:\Windows\System32\DRIVERS\MEmuDrv.sys [309904 2021-01-04] (Shanghai Microvirt Software Technology Co., Ltd. -> Maiwei Corporation)
R3 MEmuNetFlt; C:\Windows\System32\DRIVERS\MEmuNetFlt.sys [176432 2020-09-30] (Shanghai Microvirt Software Technology Co., Ltd. -> Maiwei Corporation)
S3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Microsoft Windows -> Realtek Semiconductor Corporation)
R3 RvNetMP60; C:\Windows\System32\DRIVERS\RvNetMP60.sys [69048 2023-07-10] (Famatech Corp. -> Famatech Corp.)
R2 speedfan; C:\Windows\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
R3 trufos; C:\Windows\System32\drivers\trufos.sys [641736 2023-10-30] (Bitdefender SRL -> Bitdefender)
R3 kldlfmgr; C:\Windows\System32\Drivers\kldlfmgr.sys [24800 2024-02-29] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 kldlfwpk; C:\Windows\System32\Drivers\kldlfwpk.sys [24800 2024-02-29] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 Kldlimpc; C:\Windows\System32\Drivers\Kldlimpc.sys [2524896 2024-02-29] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 kldlksec; C:\Windows\System32\Drivers\kldlksec.sys [24800 2024-02-29] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 kldlksl; C:\Windows\System32\Drivers\kldlksl.sys [24800 2024-02-29] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 kldlndis; C:\Windows\System32\Drivers\kldlndis.sys [24800 2024-02-29] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 kldlnio; C:\Windows\System32\Drivers\kldlnio.sys [24800 2024-02-29] (Kaspersky Lab JSC -> AO Kaspersky Lab)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

Error Reading file: "C:\ProgramData\Desktop\Xilisoft Video Converter Ultimate.lnk"
Error Reading file: "C:\ProgramData\Desktop\UltraISO.lnk"
Error Reading file: "C:\ProgramData\Desktop\TeamViewer.lnk"
Error Reading file: "C:\ProgramData\Desktop\Star Defender 4.lnk"
Error Reading file: "C:\ProgramData\Desktop\Star Defender 2.lnk"
Error Reading file: "C:\ProgramData\Desktop\SoulseekQt.lnk"
Error Reading file: "C:\ProgramData\Desktop\Skype.lnk"
Error Reading file: "C:\ProgramData\Desktop\SD Card Formatter.lnk"
Error Reading file: "C:\ProgramData\Desktop\Recuva.lnk"
Error Reading file: "C:\ProgramData\Desktop\Radmin VPN.lnk"
Error Reading file: "C:\ProgramData\Desktop\Play UltraStar Deluxe.lnk"
Error Reading file: "C:\ProgramData\Desktop\Partition Assistant Pro.lnk"
Error Reading file: "C:\ProgramData\Desktop\MozBackup.lnk"
Error Reading file: "C:\ProgramData\Desktop\Malwarebytes.lnk"
Error Reading file: "C:\ProgramData\Desktop\Kaspersky Anti-Ransomware Tool for Home 6.6.lnk"
Error Reading file: "C:\ProgramData\Desktop\ImgBurn.lnk"
Error Reading file: "C:\ProgramData\Desktop\HP Print and Scan Doctor.lnk"
Error Reading file: "C:\ProgramData\Desktop\HDD Regenerator.lnk"
Error Reading file: "C:\ProgramData\Desktop\DOSBox 0.74-3.lnk"
Error Reading file: "C:\ProgramData\Desktop\desktop.ini"
2025-10-08 20:18 - 2025-10-08 20:19 - 000000000 ____D C:\Dosbox
2025-10-08 20:13 - 2025-10-08 20:15 - 000000000 ____D C:\Users\Athlon\AppData\Local\DOSBox
2025-10-08 20:12 - 2025-10-08 20:23 - 000000000 ____D C:\Program Files (x86)\DOSBox-0.74-3
2025-10-08 20:12 - 2025-10-08 20:12 - 000001906 _____ C:\Users\Public\Desktop\DOSBox 0.74-3.lnk
2025-10-08 20:12 - 2025-10-08 20:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74-3
2025-10-08 13:11 - 2025-10-08 13:11 - 000016845 _____ C:\Users\Athlon\Downloads\etikety (1).pdf
2025-09-30 09:19 - 2025-09-30 09:23 - 000051473 _____ C:\Users\Athlon\Downloads\Addition.txt
2025-09-30 09:18 - 2025-09-30 09:19 - 000031524 _____ C:\Users\Athlon\Downloads\FRST.txt
2025-09-29 23:45 - 2025-09-29 23:45 - 000176864 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2025-09-29 23:45 - 2025-09-29 23:45 - 000078560 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klgse.sys
2025-09-29 23:43 - 2025-09-29 23:43 - 000002358 _____ C:\Users\Public\Desktop\Kaspersky Anti-Ransomware Tool for Home 6.6.lnk
2025-09-29 23:43 - 2025-09-29 23:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Ransomware Tool for Home
2025-09-29 23:43 - 2025-09-29 23:43 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2025-09-29 23:43 - 2025-09-29 23:43 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2025-09-29 23:43 - 2024-02-29 07:34 - 002524896 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\kldlimpc.sys
2025-09-29 23:43 - 2024-02-29 07:34 - 002522336 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\kldl.sys
2025-09-29 23:43 - 2024-02-29 07:34 - 000176864 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2025-09-29 23:43 - 2024-02-29 07:34 - 000078560 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2025-09-29 23:43 - 2024-02-29 07:34 - 000024800 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\kldlnio.sys
2025-09-29 23:43 - 2024-02-29 07:34 - 000024800 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\kldlndis.sys
2025-09-29 23:43 - 2024-02-29 07:34 - 000024800 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\kldlksl.sys
2025-09-29 23:43 - 2024-02-29 07:34 - 000024800 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\kldlksec.sys
2025-09-29 23:43 - 2024-02-29 07:34 - 000024800 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\kldlhidp.sys
2025-09-29 23:43 - 2024-02-29 07:34 - 000024800 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\kldlfwpk.sys
2025-09-29 23:43 - 2024-02-29 07:34 - 000024800 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\kldlfmgr.sys
2025-09-29 20:12 - 2025-10-08 21:16 - 000000000 ____D C:\Windows\system32\AMD
2025-09-29 20:06 - 2025-09-29 20:06 - 015250216 _____ C:\Users\Athlon\Downloads\MB-SupportTool.exe
2025-09-29 20:06 - 2025-09-29 20:06 - 002442752 _____ (Farbar) C:\Users\Athlon\Downloads\FRSTEnglish.exe
2025-09-29 20:04 - 2025-09-30 00:03 - 000000000 ____D C:\Users\Athlon\AppData\Local\Malwarebytes
2025-09-29 20:04 - 2025-09-29 23:53 - 000002028 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2025-09-29 20:04 - 2025-09-29 23:53 - 000002016 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2025-09-29 09:53 - 2025-09-29 09:53 - 000000027 __RSH C:\Recycled
2025-09-16 16:31 - 2025-09-29 08:56 - 000000000 ____D C:\Program Files\Mozilla Firefox

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2025-10-08 21:23 - 2025-04-10 01:45 - 000000000 ____D C:\FRST
2025-10-08 21:23 - 2017-09-16 20:12 - 000000000 ____D C:\ Down
2025-10-08 21:15 - 2020-12-17 13:41 - 000000000 ____D C:\Users\Athlon\AppData\Local\CrashDumps
2025-10-08 21:15 - 2009-07-14 04:34 - 000000915 _____ C:\Windows\win.ini
2025-10-08 21:11 - 2017-08-02 03:11 - 000000000 ____D C:\Users\Athlon\AppData\Roaming\qBittorrent
2025-10-08 21:07 - 2025-04-14 14:58 - 000006128 _____ C:\Windows\system32\PerfStringBackup.TMP
2025-10-08 21:07 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2025-10-08 21:03 - 2025-07-10 22:22 - 000000000 ____D C:\Users\Athlon\AppData\Roaming\vlc
2025-10-08 21:00 - 2017-08-25 02:48 - 000000000 ____D C:\Program Files (x86)\Google
2025-10-08 19:18 - 2017-08-03 02:05 - 000000000 ____D C:\Program Files (x86)\yBook
2025-10-08 19:16 - 2017-08-02 21:57 - 000000000 ____D C:\Users\Athlon\AppData\Roaming\Microsoft\Proof
2025-10-08 18:48 - 2022-02-13 21:10 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2025-10-08 18:47 - 2009-07-14 06:45 - 000025216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2025-10-08 18:47 - 2009-07-14 06:45 - 000025216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2025-10-08 18:39 - 2025-04-11 00:31 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2025-10-08 18:39 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2025-10-08 18:38 - 2024-10-25 17:16 - 000016557 _____ C:\Users\Athlon\Desktop\sold.txt
2025-10-08 18:38 - 2017-09-19 01:13 - 000102739 _____ C:\Users\Athlon\Desktop\COINZ.txt
2025-10-08 18:38 - 2017-08-02 02:50 - 000000095 _____ C:\Windows\winamp.ini
2025-10-08 14:24 - 2024-05-06 14:24 - 000000740 _____ C:\Windows\Tasks\CCleanerCrashReporting.job
2025-10-06 03:23 - 2023-11-07 18:33 - 000003540 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA{385051B4-1AA2-40B3-98F4-D78D2F18554B}
2025-10-06 03:23 - 2023-11-07 18:33 - 000003410 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore{F33B043E-D75B-47B8-94C1-2DB760DE286D}
2025-10-04 02:32 - 2017-08-02 18:09 - 000000000 ____D C:\Users\Athlon\AppData\Roaming\Microsoft\Excel
2025-09-29 23:51 - 2023-03-27 09:36 - 000000000 ____D C:\ProgramData\Malwarebytes
2025-09-29 23:51 - 2023-03-27 09:36 - 000000000 ____D C:\Program Files\Malwarebytes
2025-09-29 20:44 - 2017-11-07 01:58 - 000000054 _____ C:\Windows\Lic.xxx
2025-09-29 20:15 - 2017-09-21 11:30 - 000000000 ____D C:\TEMP
2025-09-29 20:13 - 2020-11-27 19:40 - 000000000 ____D C:\Users\Athlon\AppData\Roaming\windows
2025-09-29 20:13 - 2020-11-27 19:40 - 000000000 ____D C:\Users\Athlon\AppData\Roaming\system32
2025-09-29 19:57 - 2009-07-14 06:57 - 000001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2025-09-29 19:56 - 2017-08-02 00:57 - 000000000 ____D C:\Users\Athlon
2025-09-29 19:56 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\SysWOW64\Dism
2025-09-29 19:56 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\Dism
2025-09-29 12:24 - 2020-11-28 18:39 - 000000000 ____D C:\Users\Athlon\AppData\Local\NPE
2025-09-29 12:23 - 2024-09-25 00:45 - 000000000 ____D C:\Program Files\stinger
2025-09-29 09:48 - 2020-11-28 18:29 - 000000000 ____D C:\Users\Athlon\Doctor Web
2025-09-29 09:39 - 2024-03-05 11:12 - 000000000 ____D C:\Program Files (x86)\FontViewOK
2025-09-29 09:39 - 2017-12-02 10:23 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2025-09-29 09:19 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\NDF
2025-09-29 08:58 - 2017-08-02 02:47 - 000000000 ____D C:\Program Files (x86)\ACD
2025-09-29 08:56 - 2017-08-02 02:43 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2025-09-29 08:48 - 2018-01-05 10:09 - 000000000 ____D C:\Users\Athlon\AppData\Roaming\Telegram Desktop
2025-09-28 23:30 - 2019-04-27 22:20 - 000000000 ____D C:\Program Files\qBittorrent

==================== Files in the root of some directories ========

2015-03-26 13:48 - 2015-03-26 13:48 - 002174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2025-04-09 17:04 - 2025-04-09 17:04 - 000032088 _____ () C:\Users\Athlon\AppData\Roaming\z0z0z0z0z0.txt
2017-10-23 22:57 - 2017-10-23 22:59 - 000728064 _____ () C:\Users\Athlon\AppData\Local\file__0.localstorage
2017-08-07 07:41 - 2023-11-24 01:54 - 000007673 _____ () C:\Users\Athlon\AppData\Local\Resmon.ResmonCfg
2022-08-08 02:01 - 2022-08-08 02:01 - 001714544 _____ () C:\Users\Athlon\AppData\Local\usbdrvtemp.7zz
2025-04-15 19:25 - 2025-04-15 19:25 - 000000000 _____ () C:\Users\Athlon\AppData\Local\{C558FD61-710E-4169-88C1-FB6676E498C3}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2024-07-05 12:13
==================== End of FRST.txt ========================





Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2025
Ran by Athlon (08-10-2025 21:24:52)
Running from C:\ Down
Microsoft Windows 7 Professional Service Pack 1 (X64) (2017-08-01 22:57:00)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1612216774-2786075622-449432659-500 - Administrator - Disabled)
Athlon (S-1-5-21-1612216774-2786075622-449432659-1000 - Administrator - Enabled) => C:\Users\Athlon
Guest (S-1-5-21-1612216774-2786075622-449432659-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{50229C72-539F-4E65-BEB5-F0491C5074B7}) (Version: 22.2.1 - HP Inc.) Hidden
64 Bit HP CIO Components Installer (HKLM\...\{C788B026-20BD-4E96-B698-533F1D6C5013}) (Version: 7.2.4 - Hewlett-Packard) Hidden
ACDSee (HKLM-x32\...\ACDSee) (Version: - )
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.433 - Adobe)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 20.8.2 - Advanced Micro Devices, Inc.)
AOMEI Partition Assistant Pro Edition 5.1 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-5498165BF300}_is1) (Version: - Aomei Technology Co., Ltd.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.10.1.0 - Asmedia Technology)
ASRock 3TB+ Unlocker v1.1.1 (HKLM\...\ASRock 3TB+ Unlocker_is1) (Version: 1.1.1 - ASRock Inc.)
Bitcloud-Qt version VERSION-2.0.2.0 (HKLM-x32\...\Bitcloud-Qt_is1) (Version: VERSION-2.0.2.0 - )
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 109.1.47.186 - Autoři prohlížeče Brave)
CanoScan LiDE 110 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_cnq2414) (Version: - )
CCleaner (remove only) (HKLM-x32\...\CCleaner) (Version: - )
CDex - Digital Audio CD Extractor and Converter (HKLM-x32\...\CDex) (Version: 1.99.1.2018 - CDex.mu)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Crochet Charts (HKLM-x32\...\Crochet Charts) (Version: 1.2 - Stitch Works Software)
Exodus (HKU\S-1-5-21-1612216774-2786075622-449432659-1000\...\exodus) (Version: 23.10.24 - Exodus Movement Inc)
FinePrint (HKLM\...\FinePrint) (Version: 9.05 - FinePrint Software, LLC)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.1.0.5096 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 109.0.5414.120 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.101.0 - Google LLC) Hidden
HD Tune Pro 5.75 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software)
HDD Regenerator (HKLM-x32\...\{2445981B-A23B-4A0E-AD15-3D391BDAEC3E}) (Version: 1.71.0012 - Abstradrome)
HijackThis 2.0.0 (HKLM-x32\...\HijackThis) (Version: 2.0.0 - TrendMicro)
ICQ (HKLM-x32\...\ICQ) (Version: - )
Idena 0.24.1 (HKU\S-1-5-21-1612216774-2786075622-449432659-1000\...\d884ecdf-fae5-56b1-94ba-844a4869e3c9) (Version: 0.24.1 - )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 8 Update 151 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Kaspersky Anti-Ransomware Tool for Home (HKLM-x32\...\{664CBA08-ADCA-432A-BA99-55F0AB94011A}) (Version: 6.6.0.369 - Kaspersky)
LAV Filters 0.79.2 (HKLM-x32\...\lavfilters_is1) (Version: 0.79.2 - Hendrik Leppkes)
LIMBO (HKLM-x32\...\1724299977_is1) (Version: 3.0.0.1a - GOG.com)
Magic Encyclopedia (HKLM-x32\...\Magic Encyclopedia) (Version: - )
Malwarebytes version 5.4.0.213 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.4.0.213 - Malwarebytes)
MEmu (HKLM-x32\...\MEmu) (Version: 9.1.8.0 - Microvirt Software Technology Co., Ltd.)
Microsoft .NET Framework 4.7.2 (CSY) (HKLM\...\{F4C44834-E4FA-3DA9-B999-A30EC54E95B0}) (Version: 4.7.03062 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.7.2 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft .NET Framework 4.8 (HKLM\...\{16735AF7-1D8D-3681-94A5-C578A61EC832}) (Version: 4.8.03761 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 109.0.1518.140 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110405-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (HKLM-x32\...\{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}) (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (HKLM-x32\...\{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}) (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29325 (HKLM-x32\...\{d7a6435f-ac9a-4af6-8fdc-ca130d13fac9}) (Version: 14.28.29325.2 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (HKLM-x32\...\{8bdfe669-9705-4184-9368-db9ce581e0e7}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.28.29325 (HKLM-x32\...\{B40FC85D-2B12-46E0-B950-E5B27E348793}) (Version: 14.28.29325 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.28.29325 (HKLM-x32\...\{EE2E15BB-54C8-4DB0-B1F3-026E3C166991}) (Version: 14.28.29325 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (HKLM\...\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (HKLM\...\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual J# 2.0 Redistributable Package (HKLM-x32\...\Microsoft Visual J# 2.0 Redistributable Package) (Version: - Microsoft Corporation)
MiniTool MovieMaker (HKLM\...\{MT-39B9213B-B182-41FB-B149-CD1016372F9C}_is1) (Version: 7.1.1 - MiniTool Software Limited)
Movavi Screen Recorder (HKU\S-1-5-21-1612216774-2786075622-449432659-1000\...\Movavi Screen Recorder) (Version: 24.5.0 - Movavi)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox ESR (x64 cs) (HKLM\...\Mozilla Firefox 115.28.0 ESR (x64 cs)) (Version: 115.28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 102.3.2 - Mozilla)
Mozilla Thunderbird (x64 cs) (HKLM\...\Mozilla Thunderbird 102.3.2 (x64 cs)) (Version: 102.3.2 - Mozilla)
MSI to EXE Compiler 3.1.0.0 (HKLM-x32\...\MSI to EXE Compiler_is1) (Version: 3.1.0.0 - AbyssMedia.com)
multibootusb (remove only) (HKLM-x32\...\multibootusb) (Version: - )
Neon 2.21.3 (HKU\S-1-5-21-1612216774-2786075622-449432659-1000\...\211a501f-25dd-501b-8c98-509ac17aedfa) (Version: 2.21.3 - Ethan Fast)
Octgn v3.4.394.0 (HKLM-x32\...\{1CF4E958-E0CE-44A6-951C-661F92E3DF3B}) (Version: 3.4.394.0 - OCTGN)
qBittorrent 4.1.5 (HKLM-x32\...\qBittorrent) (Version: 4.1.5 - The qBittorrent project)
Radmin VPN 1.4.1 (HKLM-x32\...\{0783EC7D-0C7E-40DF-B0CF-8F16AA495D84}) (Version: 1.4.4642.1 - Famatech)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.89.716.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6782 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Revo Uninstaller Pro 3.1.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.8 - VS Revo Group, Ltd.)
Sada Compatibility Pack pro systém Office 2007 (HKLM-x32\...\{90120000-0020-0405-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
SD Card Formatter (HKLM-x32\...\{A61131DC-B92D-4AD8-A925-E2D6D5FE217C}) (Version: 5.0.1 - SD Association)
Skype verze 8.65 (HKLM-x32\...\Skype_is1) (Version: 8.65 - Skype Technologies S.A.)
SoulseekQt verze 2024.2.1 (HKLM\...\{8A4E1646-488C-4E5B-AC31-F784400E8D2D}_is1) (Version: 2024.2.1 - Soulseek LLC)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Star Defender 2 (HKLM-x32\...\Star Defender 2) (Version: - )
Star Defender 4 (HKLM-x32\...\Star Defender 4) (Version: - )
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.55.3 - TeamViewer)
Telegram Desktop (HKU\S-1-5-21-1612216774-2786075622-449432659-1000\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 6.1.3 - Telegram FZ-LLC)
TokenPocket 1.3.5 (HKU\S-1-5-21-1612216774-2786075622-449432659-1000\...\{c35a8398-ebed-5613-9fb1-7eee84c218b0}) (Version: 1.3.5 - TokenPocket)
Total Commader 7.56a - FULL (Created Xnuke) (HKU\S-1-5-21-1612216774-2786075622-449432659-1000\...\Total Commader 7.56a - FULL (Created Xnuke)) (Version: - )
Trust WB-3400T Webcam (HKLM-x32\...\InstallShield_{8C4E80CC-DA6B-4D34-A85D-D9C20B6EBA45}) (Version: 1.0.0.19 - Název společnosti:)
UltraISO Premium V9.71 (HKLM-x32\...\UltraISO_is1) (Version: - )
UltraStar Deluxe (HKLM-x32\...\UltraStar Deluxe) (Version: 2017.8.0 Stable - USDX Team)
UltraStar-Creator (HKLM-x32\...\UltraStar-Creator) (Version: 1.2.0 - UltraStar-Creator Community)
UltraStar-Manager (HKLM-x32\...\UltraStar-Manager) (Version: 1.8.4 - UltraStar-Manager Community)
Unreal Tournament 1999 GOTY MULTi5 - ElAmigos version 1.0 (HKLM-x32\...\{46D12D6A-583F-4222-BC41-93D5F0C154A4}_is1) (Version: 1.0 - Epic Games)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.21 - VideoLAN)
Winamp (remove only) (HKLM-x32\...\Winamp) (Version: - )
WinRAR 6.02 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.02.0 - win.rar GmbH)
Xilisoft Video Converter Ultimate (HKLM-x32\...\Xilisoft Video Converter Ultimate) (Version: 7.8.7.20150209 - Xilisoft)
yBook (HKLM-x32\...\yBook_is1) (Version: - Spacejock Software)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [PDFelement.ContextMenu] -> {ea6c980d-7823-3752-88ac-d43b3a873d20} => C:\Program Files\Common Files\Wondershare\PDFelement9\Shell Extensions\PEShellContextMenu4.exe [2022-11-18] (Wondershare Technology Group Co.,Ltd -> Wondershare)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2015-10-08] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-09-29] (Malwarebytes Inc -> Malwarebytes)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers4: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2015-10-08] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2020-08-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-09-29] (Malwarebytes Inc -> Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\Revo Uninstaller Pro\RUExt.dll [2016-12-15] (VS Revo Group -> VS Revo Group)
ContextMenuHandlers6: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2015-10-08] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32-x32: [vidc.XVID] => [X]
HKLM\...\Drivers32-x32: [VIDC.VP80] => [X]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Athlon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\6ddfdda7e648aa1f\MetaMask.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=nkbihfbeogaeaoehlefnkodbefgpgknn

==================== Loaded Modules (Whitelisted) =============

2003-06-01 10:14 - 2003-06-01 10:14 - 000058368 _____ () [File not signed] C:\Program Files (x86)\Winamp\Plugins\in_cdda.dll
2017-08-02 02:50 - 2003-03-31 19:14 - 000031232 _____ () [File not signed] C:\Program Files (x86)\Winamp\Plugins\in_flac.dll
2003-06-17 20:02 - 2003-06-17 20:02 - 000101888 _____ () [File not signed] C:\Program Files (x86)\Winamp\Plugins\in_midi.dll
2003-03-23 10:42 - 2003-03-23 10:42 - 000130560 _____ () [File not signed] C:\Program Files (x86)\Winamp\Plugins\in_mod.dll
2003-06-03 05:26 - 2003-06-03 05:26 - 000274944 _____ () [File not signed] C:\Program Files (x86)\Winamp\Plugins\in_mp3.dll
2017-08-02 02:50 - 2004-06-12 16:55 - 000012288 _____ () [File not signed] C:\Program Files (x86)\Winamp\Plugins\in_mp4.dll
2017-08-02 02:50 - 2005-09-05 07:27 - 000077824 _____ () [File not signed] C:\Program Files (x86)\Winamp\Plugins\in_mpc.dll
2003-06-15 23:13 - 2003-06-15 23:13 - 000226816 _____ () [File not signed] C:\Program Files (x86)\Winamp\Plugins\in_vorbis.dll
2002-09-01 02:10 - 2002-09-01 02:10 - 000031232 _____ () [File not signed] C:\Program Files (x86)\Winamp\Plugins\in_wave.dll
2003-04-15 23:06 - 2003-04-15 23:06 - 000054272 _____ () [File not signed] C:\Program Files (x86)\Winamp\Plugins\in_wm.dll
2017-08-02 02:51 - 2006-12-03 12:00 - 000201216 _____ () [File not signed] C:\Program Files (x86)\Winamp\Plugins\in_wv.dll
2001-12-30 17:08 - 2001-12-30 17:08 - 000015360 _____ () [File not signed] C:\Program Files (x86)\Winamp\Plugins\out_disk.dll
2002-10-18 00:42 - 2002-10-18 00:42 - 000040960 _____ () [File not signed] C:\Program Files (x86)\Winamp\Plugins\out_ds.dll
2002-10-07 01:00 - 2002-10-07 01:00 - 000013824 _____ () [File not signed] C:\Program Files (x86)\Winamp\Plugins\out_wave.dll
2001-03-04 23:52 - 2001-03-04 23:52 - 000007680 _____ () [File not signed] C:\Program Files (x86)\Winamp\Plugins\out_wm.dll
2002-07-21 08:46 - 2002-07-21 08:46 - 000084480 _____ () [File not signed] C:\Program Files (x86)\Winamp\Plugins\read_file.dll
2020-07-27 11:22 - 2020-07-27 11:22 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2020-07-27 11:22 - 2020-07-27 11:22 - 003567616 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2019-06-13 10:36 - 2010-04-15 18:37 - 000300032 _____ (Hewlett-Packard Corporation) [File not signed] C:\Windows\system32\spool\PRTPROCS\x64\hpcpp093.DLL
2019-02-02 00:42 - 2019-02-02 00:42 - 000050688 _____ (HP Inc.) [File not signed] c:\windows\system32\hpzinw12.dll
2019-02-02 00:42 - 2019-02-02 00:42 - 000066048 _____ (HP Inc.) [File not signed] c:\windows\system32\hpzipm12.dll
2017-08-02 02:50 - 2004-06-01 22:38 - 000368640 _____ (Matthew T. Ashland) [File not signed] C:\Program Files (x86)\Winamp\Plugins\in_APE.dll
2010-12-07 10:24 - 2010-12-07 10:24 - 000027136 _____ (RICOH CO.,Ltd.) [File not signed] C:\Windows\System32\ricp5Klm.dll
2024-04-03 13:44 - 2012-12-12 10:05 - 002077184 _____ (RICOH COMPANY, LTD) [File not signed] C:\Windows\system32\spool\PRTPROCS\x64\ricp5Kpp.dll
2020-07-27 11:22 - 2020-07-27 11:22 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qgif.dll
2020-07-27 11:22 - 2020-07-27 11:22 - 000039424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qicns.dll
2020-07-27 11:22 - 2020-07-27 11:22 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qico.dll
2020-07-27 11:22 - 2020-07-27 11:22 - 000413696 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qjpeg.dll
2020-07-27 11:22 - 2020-07-27 11:22 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qsvg.dll
2020-07-27 11:22 - 2020-07-27 11:22 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qtga.dll
2020-07-27 11:22 - 2020-07-27 11:22 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwbmp.dll
2020-07-27 11:22 - 2020-07-27 11:22 - 000519168 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwebp.dll
2020-07-27 11:22 - 2020-07-27 11:22 - 001431040 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\platforms\qwindows.dll
2020-07-27 11:22 - 2020-07-27 11:22 - 001180672 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\sqldrivers\qsqlite.dll
2020-07-27 11:22 - 2020-07-27 11:22 - 000135680 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\styles\qwindowsvistastyle.dll
2020-08-11 09:57 - 2020-08-11 09:57 - 006010880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2020-07-27 11:22 - 2020-07-27 11:22 - 006345216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2020-07-27 11:22 - 2020-07-27 11:22 - 001078272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2020-07-27 11:22 - 2020-07-27 11:22 - 000313856 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2020-07-27 11:22 - 2020-07-27 11:22 - 004000256 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2020-07-27 11:22 - 2020-07-27 11:22 - 003802624 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2020-07-27 11:22 - 2020-07-27 11:22 - 000171008 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickControls2.dll
2020-07-27 11:22 - 2020-07-27 11:22 - 001083904 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickTemplates2.dll
2020-07-27 11:22 - 2020-07-27 11:22 - 000205312 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Sql.dll
2020-07-27 11:22 - 2020-07-27 11:22 - 000329728 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2020-07-27 11:22 - 2020-07-27 11:22 - 000376320 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2020-07-27 11:22 - 2020-07-27 11:22 - 092323328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2020-07-27 11:22 - 2020-07-27 11:22 - 000113152 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2020-07-27 11:22 - 2020-07-27 11:22 - 005560832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2020-07-27 11:22 - 2020-07-27 11:22 - 000463360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2020-07-27 11:22 - 2020-07-27 11:22 - 000188416 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2020-07-27 11:22 - 2020-07-27 11:22 - 002888704 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2020-07-27 11:22 - 2020-07-27 11:22 - 000053760 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2020-07-27 11:22 - 2020-07-27 11:22 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2020-07-27 11:22 - 2020-07-27 11:22 - 000017408 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2020-07-27 11:22 - 2020-07-27 11:22 - 000287232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls.2\qtquickcontrols2plugin.dll
2020-07-27 11:22 - 2020-07-27 11:22 - 000329216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2020-07-27 11:22 - 2020-07-27 11:22 - 000136192 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2020-07-27 11:22 - 2020-07-27 11:22 - 000089088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2020-07-27 11:22 - 2020-07-27 11:22 - 000312320 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Templates.2\qtquicktemplates2plugin.dll
2020-07-27 11:22 - 2020-07-27 11:22 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2020-08-11 09:57 - 2020-08-11 09:57 - 000085504 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtWebEngine\qtwebengineplugin.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:1AAB2E68 [175]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 9) (Whitelisted) =============

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-12-31] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-12-31] (Oracle America, Inc. -> Oracle Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2025-04-10 02:31 - 2025-04-10 02:31 - 000000736 ____N C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Network ===========================

(Currently there is no automatic fix for this section.)

DNS Servers: 192.168.0.1 - 194.228.41.65
MpsSvc => Firewall Service is not running.
bfe => Firewall Service is not running.

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1612216774-2786075622-449432659-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\ACD Wallpaper.bmp
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)


==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: AMD Crash Defender Service => 2
MSCONFIG\Services: BFE => 2
MSCONFIG\startupreg: 737944d09cccf760440837f88b40a02f => C:\Users\Athlon\AppData\Local\Temp\Microsoft\svchost.exe
MSCONFIG\startupreg: Mirabilis ICQ => C:\Program Files (x86)\ICQ\NDetect.exe
MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe"
MSCONFIG\startupreg: PlaysTV => "C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe" --startup
MSCONFIG\startupreg: RadminVPN => "C:\Program Files (x86)\Radmin VPN\RvRvpnGui.exe" /minimized
MSCONFIG\startupreg: Raptr => "C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe" --startup
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{7F64C378-BA62-49C1-B591-5ACDDDC9B9D5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{ECECA792-011A-4A0A-AC9C-89D84EA047C4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{8C88B5D9-23DB-4C25-B1C2-67E9ADAFD043}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{ED76D75B-DE63-488E-A189-96EF6B4E2BD1}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{1D5FE656-12B6-4994-8C24-C4D72B4DB805}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe => No File
FirewallRules: [{D7D01673-79C2-491C-966C-E0557AF9FC27}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe => No File
FirewallRules: [{FBB31F44-761B-4E01-8E3B-6D8EDE79A550}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe => No File
FirewallRules: [{EFFC17DC-0074-4F2B-AE42-085CD60550AF}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe => No File
FirewallRules: [{7F784705-2BE0-406B-82DE-E9292B59146B}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe => No File
FirewallRules: [{219B2D76-32A8-40FE-9104-80732002A747}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe => No File
FirewallRules: [TCP Query User{2B4A51F2-E1DF-46FF-8518-BFCBEF080079}M:\ crypto\litecoin\litecoin-qt.exe] => (Allow) M:\ crypto\litecoin\litecoin-qt.exe => No File
FirewallRules: [UDP Query User{61FCFD60-D3FD-4DFD-BA39-F3CAACC55BBF}M:\ crypto\litecoin\litecoin-qt.exe] => (Allow) M:\ crypto\litecoin\litecoin-qt.exe => No File
FirewallRules: [TCP Query User{873203B8-66C3-4499-AB98-1EDD6A7AF650}C:\program files (x86)\icq\icq.exe] => (Allow) C:\program files (x86)\icq\icq.exe (ICQ Inc.) [File not signed]
FirewallRules: [UDP Query User{2F046823-02C5-4B40-A5B5-EE7734D78FCF}C:\program files (x86)\icq\icq.exe] => (Allow) C:\program files (x86)\icq\icq.exe (ICQ Inc.) [File not signed]
FirewallRules: [TCP Query User{F1D97891-7457-4FA7-BCF5-F36F18F37C97}M:\ crypto\litcoin new\litecoin-qt.exe] => (Allow) M:\ crypto\litcoin new\litecoin-qt.exe => No File
FirewallRules: [UDP Query User{F7293260-C24C-4642-9A73-CDACE4F4406F}M:\ crypto\litcoin new\litecoin-qt.exe] => (Allow) M:\ crypto\litcoin new\litecoin-qt.exe => No File
FirewallRules: [TCP Query User{DD6F2ACE-DE18-48A5-995F-22B779957D67}C:\program files (x86)\icq\icq.exe] => (Allow) C:\program files (x86)\icq\icq.exe (ICQ Inc.) [File not signed]
FirewallRules: [UDP Query User{8BEFDDF4-28D4-4094-9339-604B93642824}C:\program files (x86)\icq\icq.exe] => (Allow) C:\program files (x86)\icq\icq.exe (ICQ Inc.) [File not signed]
FirewallRules: [{539FA643-091A-4058-AB51-566678B0CAF4}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe => No File
FirewallRules: [{D207C059-0453-4D16-BBE2-F9485FAA353E}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe => No File
FirewallRules: [{FEF1E78C-9D25-4F3F-9691-70EB11CFF84E}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe => No File
FirewallRules: [{1C6841E9-B39A-47F6-B9B4-772B73C06A81}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe => No File
FirewallRules: [TCP Query User{C1AE486F-7E10-4652-8178-EC9445FD719F}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{539510C1-21D9-447F-8977-54DEBEC7B335}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{E5A9D031-48BD-4315-B91B-F584583A3AF7}C:\users\athlon\appdata\roaming\ethereum wallet\binaries\geth\unpacked\geth.exe] => (Allow) C:\users\athlon\appdata\roaming\ethereum wallet\binaries\geth\unpacked\geth.exe => No File
FirewallRules: [UDP Query User{C62E01C1-13DD-4ECD-8387-8FEEF1567969}C:\users\athlon\appdata\roaming\ethereum wallet\binaries\geth\unpacked\geth.exe] => (Allow) C:\users\athlon\appdata\roaming\ethereum wallet\binaries\geth\unpacked\geth.exe => No File
FirewallRules: [TCP Query User{619ACB7A-DC7D-4382-B3CB-30BD94EFDFE8}M:\ crypto\xp bootstrap\xp-qt.exe] => (Allow) M:\ crypto\xp bootstrap\xp-qt.exe => No File
FirewallRules: [UDP Query User{FAE08329-0A4D-43C0-AD13-BA8BBCAE9EE0}M:\ crypto\xp bootstrap\xp-qt.exe] => (Allow) M:\ crypto\xp bootstrap\xp-qt.exe => No File
FirewallRules: [TCP Query User{575DCD15-3A97-432A-99E0-A5EE0A4F2AB3}C:\ down\manageengine_oputils_64bit.exe] => (Allow) C:\ down\manageengine_oputils_64bit.exe => No File
FirewallRules: [UDP Query User{12652A14-DBC9-4333-847B-B5488F9B6B2A}C:\ down\manageengine_oputils_64bit.exe] => (Allow) C:\ down\manageengine_oputils_64bit.exe => No File
FirewallRules: [{FB0E422A-3202-425B-930B-0BE51C7D5FC7}] => (Block) C:\ down\manageengine_oputils_64bit.exe => No File
FirewallRules: [{48ED3793-CC50-4C7F-B6E9-2920C027B119}] => (Block) C:\ down\manageengine_oputils_64bit.exe => No File
FirewallRules: [{8A07135E-1910-4F2D-AC69-E605870E7D1B}] => (Allow) M:\ crypto\xp bootstrap\xp-qt.exe => No File
FirewallRules: [{DBF90BAD-C446-4E2A-9BBA-924E66A8B37B}] => (Allow) M:\ crypto\xp bootstrap\xp-qt.exe => No File
FirewallRules: [TCP Query User{87965B81-1BAC-422A-A616-D862095D2018}M:\ crypto\litcoin new\litecoin-qt.exe] => (Allow) M:\ crypto\litcoin new\litecoin-qt.exe => No File
FirewallRules: [UDP Query User{2EAE5DD9-53FC-468E-8BCE-A411814A05B2}M:\ crypto\litcoin new\litecoin-qt.exe] => (Allow) M:\ crypto\litcoin new\litecoin-qt.exe => No File
FirewallRules: [TCP Query User{A464109A-0B55-4A31-BE41-0A474DE25E4B}M:\ crypto\litecoin\litecoin-qt.exe] => (Allow) M:\ crypto\litecoin\litecoin-qt.exe => No File
FirewallRules: [UDP Query User{18A8EEFC-D358-442B-BD0B-8D013705EA7A}M:\ crypto\litecoin\litecoin-qt.exe] => (Allow) M:\ crypto\litecoin\litecoin-qt.exe => No File
FirewallRules: [TCP Query User{1751D983-7958-45BD-BA63-A93931C4ECA3}C:\program files (x86)\fibaro finder\fibarofinder.exe] => (Allow) C:\program files (x86)\fibaro finder\fibarofinder.exe => No File
FirewallRules: [UDP Query User{6CE6A9F4-A8C1-429E-9494-60193291B0BF}C:\program files (x86)\fibaro finder\fibarofinder.exe] => (Allow) C:\program files (x86)\fibaro finder\fibarofinder.exe => No File
FirewallRules: [{4D5C8BBC-DA39-498E-AB9F-B3557719305A}] => (Block) C:\program files (x86)\fibaro finder\fibarofinder.exe => No File
FirewallRules: [{29758607-DE73-476A-8FC9-32FC34B214C0}] => (Block) C:\program files (x86)\fibaro finder\fibarofinder.exe => No File
FirewallRules: [{C82704E7-AAF9-44C2-9D60-10601C3D9CE4}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{96FC0D50-B5A6-49CF-86EF-363F9CE43E3F}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{24F77172-F082-422D-9E45-9D87D83754A9}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{334F2D7F-5A29-4759-8647-75E91F73EA6D}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DFAE355F-CB51-4831-A848-71D630940619}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{3E8E02AA-B091-4587-8386-0F8F31A9F923}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{3910E5E7-8443-4872-ADBE-120A8EADDE1A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{6651C78C-E216-47E6-A5E8-3B2B405604E6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [TCP Query User{5D56B061-99CA-4F1B-A745-2B8D1E100C4A}C:\users\athlon\appdata\roaming\idena\node\idena-go.exe] => (Allow) C:\users\athlon\appdata\roaming\idena\node\idena-go.exe => No File
FirewallRules: [UDP Query User{454FE77B-1067-4F17-8EAC-1C784207B540}C:\users\athlon\appdata\roaming\idena\node\idena-go.exe] => (Allow) C:\users\athlon\appdata\roaming\idena\node\idena-go.exe => No File
FirewallRules: [{BA042FF6-ECBC-479E-8D36-8BBCC845E30F}] => (Allow) E:\ Maxthon\MaxthonPortable\Maxthon.exe => No File
FirewallRules: [{A6532FEB-D6B6-4395-9CE0-4BC121125354}] => (Allow) E:\ Maxthon\MaxthonPortable\Maxthon.exe => No File
FirewallRules: [TCP Query User{B14DED1C-F0C3-45E9-821C-2D92C58BA27C}F:\games installed\unreal tournament\system\unrealtournament.exe] => (Block) F:\games installed\unreal tournament\system\unrealtournament.exe => No File
FirewallRules: [UDP Query User{1C150473-38A1-43CF-B0B0-A06CA43BDBAE}F:\games installed\unreal tournament\system\unrealtournament.exe] => (Block) F:\games installed\unreal tournament\system\unrealtournament.exe => No File
FirewallRules: [TCP Query User{A492559C-0FDD-45C7-9E08-780B70FCDE0A}J:\personal\mtg\mtg encyclopedia installed\online\magicop.exe] => (Block) J:\personal\mtg\mtg encyclopedia installed\online\magicop.exe => No File
FirewallRules: [UDP Query User{6663E43A-B8B6-4312-9A66-5F8B1781881D}J:\personal\mtg\mtg encyclopedia installed\online\magicop.exe] => (Block) J:\personal\mtg\mtg encyclopedia installed\online\magicop.exe => No File
FirewallRules: [TCP Query User{EDC9760D-78E2-485C-94C2-1B1C6823B58B}C:\program files (x86)\wizards of the coast\magic the gathering\online\magicop.exe] => (Block) C:\program files (x86)\wizards of the coast\magic the gathering\online\magicop.exe (Wizards of the Coast) [File not signed]
FirewallRules: [UDP Query User{23663558-EABB-4E32-8003-70F3827A2491}C:\program files (x86)\wizards of the coast\magic the gathering\online\magicop.exe] => (Block) C:\program files (x86)\wizards of the coast\magic the gathering\online\magicop.exe (Wizards of the Coast) [File not signed]
FirewallRules: [TCP Query User{52011554-F9D4-4BB5-A3EF-2F95EE5FDEFD}F:\games installed\wolfenstein - enemy territory\etded.exe] => (Allow) F:\games installed\wolfenstein - enemy territory\etded.exe => No File
FirewallRules: [UDP Query User{D3B7BAB6-DA92-4244-830C-48A70697CBD8}F:\games installed\wolfenstein - enemy territory\etded.exe] => (Allow) F:\games installed\wolfenstein - enemy territory\etded.exe => No File
FirewallRules: [TCP Query User{0389031F-EB8D-4536-A9F5-F0D1155FA876}F:\games installed\wolfenstein - enemy territory\et.exe] => (Allow) F:\games installed\wolfenstein - enemy territory\et.exe => No File
FirewallRules: [UDP Query User{44311DE6-0403-4F05-8867-1453B346E41C}F:\games installed\wolfenstein - enemy territory\et.exe] => (Allow) F:\games installed\wolfenstein - enemy territory\et.exe => No File
FirewallRules: [{5F6D3874-4E4A-4BA9-92C4-88FD69248459}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe => No File
FirewallRules: [{070FFEAF-A9E8-4C61-A777-52CE2DF5E641}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\LDrvSvc.dll => No File
FirewallRules: [{36C59DE9-047B-4F68-B2BF-C0E75E118F4D}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\download\MiniThunderPlatform.exe => No File
FirewallRules: [{7FFBA391-2B09-41EF-8043-CDFFECE476BD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{94ED4ED5-33C9-428C-99A2-09E8D1D130CC}] => (Allow) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{9AC7DCC5-17CF-4AC2-895E-CF368C0A2EF2}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{368ABF43-C07E-4799-B6B6-F18BF5BDEEAE}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D2496B50-110F-47D7-8CFE-AAF61B87ECAA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{C8CF9E0C-7B50-436D-B1FB-83BB7B5F7C6F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{228F770B-73DE-431B-9C2D-7B54EDFADC15}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{526BF611-7291-4237-9F4B-9955D81BF68A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [TCP Query User{C6B2DF13-B77C-40CC-AF39-061A2FBD2279}C:\users\athlon\appdata\local\programs\tokenpocket\tokenpocket.exe] => (Allow) C:\users\athlon\appdata\local\programs\tokenpocket\tokenpocket.exe => No File
FirewallRules: [UDP Query User{782902AD-9226-43AE-99D2-A291DDCBA863}C:\users\athlon\appdata\local\programs\tokenpocket\tokenpocket.exe] => (Allow) C:\users\athlon\appdata\local\programs\tokenpocket\tokenpocket.exe => No File
FirewallRules: [TCP Query User{51BD270E-09A2-4886-96F1-D13968C7597F}W:\gamez installed new\unreal tournament 1999\system\unrealtournament.exe] => (Allow) W:\gamez installed new\unreal tournament 1999\system\unrealtournament.exe () [File not signed]
FirewallRules: [UDP Query User{9B053C3D-0B87-4CCD-8B19-2889673CD2B2}W:\gamez installed new\unreal tournament 1999\system\unrealtournament.exe] => (Allow) W:\gamez installed new\unreal tournament 1999\system\unrealtournament.exe () [File not signed]
FirewallRules: [{3095002B-B6AA-42C6-A4E1-A7BAAE8FB7A0}] => (Allow) C:\Program Files (x86)\Radmin VPN\RvControlSvc.exe (Famatech Corp. -> Famatech Corp.)

==================== Restore Points =========================


==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (10/08/2025 09:14:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Antivirus_Removal_Tool.exe, verze: 1.0.6.5, časové razítko: 0xee130206
Název chybujícího modulu: KERNELBASE.dll, verze: 6.1.7601.24384, časové razítko: 0x5c6e248c
Kód výjimky: 0xe0434352
Posun chyby: 0x000000000000be0d
ID chybujícího procesu: 0x2620
Čas spuštění chybující aplikace: 0x01dc3887c62ebd53
Cesta k chybující aplikaci: N:\ LOST PARTITION\Software\ Virus Vault\ new\new\Antivirus_Removal_Tool.exe
Cesta k chybujícímu modulu: C:\Windows\system32\KERNELBASE.dll
ID zprávy: 0f71d24c-a47b-11f0-b750-7085c2064f38

Error: (10/08/2025 09:14:50 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: Antivirus_Removal_Tool.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: kód výjimky e0434352, adresa výjimky 000007FEFD87BE0D
Zásobník:

Error: (10/08/2025 09:07:03 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Nelze číst řetězce čítačů výkonu definované pro ID jazyka 009. První hodnota DWORD v datové oblasti obsahuje kód chyby Win32.

Error: (10/08/2025 09:07:03 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Nelze číst řetězce čítačů výkonu definované pro ID jazyka 005. První hodnota DWORD v datové oblasti obsahuje kód chyby Win32.

Error: (10/08/2025 09:07:03 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Nelze číst řetězce čítačů výkonu definované pro ID jazyka 009. První hodnota DWORD v datové oblasti obsahuje kód chyby Win32.

Error: (10/08/2025 09:07:03 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Nelze číst řetězce čítačů výkonu definované pro ID jazyka 005. První hodnota DWORD v datové oblasti obsahuje kód chyby Win32.

Error: (10/08/2025 07:20:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: ACDSee.exe, verze: 3.0.0.0, časové razítko: 0x384e60fb
Název chybujícího modulu: ACDSee.exe, verze: 3.0.0.0, časové razítko: 0x384e60fb
Kód výjimky: 0xc0000005
Posun chyby: 0x000667d1
ID chybujícího procesu: 0x3140
Čas spuštění chybující aplikace: 0x01dc3877d092bef5
Cesta k chybující aplikaci: C:\PROGRA~2\ACD\ACDSee\ACDSee.exe
Cesta k chybujícímu modulu: C:\PROGRA~2\ACD\ACDSee\ACDSee.exe
ID zprávy: 0e5c09aa-a46b-11f0-b750-7085c2064f38

Error: (10/08/2025 07:20:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: ACDSee.exe, verze: 3.0.0.0, časové razítko: 0x384e60fb
Název chybujícího modulu: ACDSee.exe, verze: 3.0.0.0, časové razítko: 0x384e60fb
Kód výjimky: 0xc0000005
Posun chyby: 0x000667d1
ID chybujícího procesu: 0x3374
Čas spuštění chybující aplikace: 0x01dc3877cc940b1b
Cesta k chybující aplikaci: C:\PROGRA~2\ACD\ACDSee\ACDSee.exe
Cesta k chybujícímu modulu: C:\PROGRA~2\ACD\ACDSee\ACDSee.exe
ID zprávy: 0a6014fa-a46b-11f0-b750-7085c2064f38


System errors:
=============
Error: (10/08/2025 09:27:46 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Server {BB6DF56B-CACE-11DC-9992-0019B93A3A84} se v daném časovém limitu neregistroval u služby DCOM.

Error: (10/08/2025 07:58:42 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 40.

Error: (10/08/2025 07:58:42 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.

Error: (10/08/2025 07:20:42 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 40.

Error: (10/08/2025 07:20:42 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.

Error: (10/08/2025 07:20:41 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 40.

Error: (10/08/2025 07:20:41 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.

Error: (10/08/2025 07:20:39 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 40.


Windows Defender:
================Event[0]:

Date: 2020-09-01 20:49:59.531
Description:
Prohledávání Windows Defender zjistilo chybu při pokusu o načtení podpisů a pokusí se o obnovení sady podpisů, jejichž správnost je potvrzena.
Podpisy, které se měly načíst:Aktuální
Kód chyby:0x8050a005
Popis chyby:V programu nelze najít soubory definic, které pomáhají rozpoznat nežádoucí software. Zkontrolujte aktualizace definičních souborů a opakujte akci. Informace o instalaci aktualizací naleznete v nápovědě a podpoře.
Verze podpisu:1.305.259.0
Verze modulu:1.1.16500.1

==================== Memory info ===========================

BIOS: American Megatrends Inc. P2.00 01/13/2016
Motherboard: ASRock FM2A88X Pro3+
Processor: AMD A10-7870K Radeon R7, 12 Compute Cores 4C+8G
Percentage of memory in use: 45%
Total physical RAM: 32705.9 MB
Available physical RAM: 17867.96 MB
Total Virtual: 50704.04 MB
Available Virtual: 32137.79 MB

==================== Drives ================================

Drive a: (Behemoth) (Fixed) (Total:2929.69 GB) (Free:11.69 GB) (Model: WDC WD80 04FRYZ-01VAEB0 SATA Disk Device) NTFS
Drive c: (SSD_WIN7) (Fixed) (Total:44.27 GB) (Free:3.1 GB) (Model: KINGSTON SV300S37A120G SATA Disk Device) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (SSD_EXT) (Fixed) (Total:67.52 GB) (Free:27.78 GB) (Model: KINGSTON SV300S37A120G SATA Disk Device) NTFS
Drive f: (OFFICE11) (CDROM) (Total:0.35 GB) (Free:0 GB) CDFS
Drive k: (3TB_Omega) (Fixed) (Total:746.39 GB) (Free:378.75 GB) (Model: ASRock 3TB+ Unlocker SCSI Disk Device) NTFS
Drive l: (3TB_Alfa) (Fixed) (Total:683.59 GB) (Free:106.55 GB) (Model: WDC WD30EFRX-68EUZN0 ATA Device) NTFS
Drive m: (3TB_Beta) (Fixed) (Total:683.59 GB) (Free:51.12 GB) (Model: WDC WD30EFRX-68EUZN0 ATA Device) NTFS
Drive n: (3TB_Gamma) (Fixed) (Total:680.81 GB) (Free:25.62 GB) (Model: WDC WD30EFRX-68EUZN0 ATA Device) NTFS
Drive w: (Asgard) (Fixed) (Total:1953.12 GB) (Free:1021.06 GB) (Model: WDC WD80 04FRYZ-01VAEB0 SATA Disk Device) NTFS
Drive x: (Odin) (Fixed) (Total:2569.1 GB) (Free:1804.34 GB) NTFS


==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 2794.5 GB) (Disk ID: 000DA78F)
Partition 1: (Not Active) - (Size=683.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=683.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=680.8 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: ECAB2391)
Partition 1: (Active) - (Size=44.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=67.5 GB) - (Type=05)

==========================================================
Disk: 2 (Size: 7452 GB) (Disk ID: 04F3E55E)

Partition: GPT.

==========================================================
Disk: 3 (Protective MBR) (Size: 746.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

[JaRon]

Ahoj,
1. po stranke AV tam nevidim nejaky zavazny problem, doporucujem prescanovat s Adwcleanerom
- log sem
2. je to starsi system win7, spust ako spravca v prikazovom riadku - cmd - zadaj tam
sfc /scannow
3. otestuj pouzivane disky prikazom chkdsk
v pripade chyb daj opravit s parametrom /r