Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Spyware, Keyloger nebo něco?

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
kubikula421
Návštěvník
Návštěvník
Příspěvky: 64
Registrován: 02 dub 2007 22:49

Spyware, Keyloger nebo něco?

#1 Příspěvek od kubikula421 »

Ahoj, dobrý den,

chtěl bych Vás poprosit o kontrolu logu. Už asi na minimálně 2 herní službě (steam, blizzard) řeším, že můj učet byl hacknut. Hesla sice nebyla kdovíjak silná, ale ani ne úplně slabá.

Děkuji

Logfile of random's system information tool 1.10 (written by random/random)
Run by Ku at 2020-11-14 02:42:54
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 270 GB (57%) free of 477 GB
Total RAM: 16345 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:42:55, on 14.11.2020
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18347)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files (x86)\DreamCalc DC5G\dreamcalc.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIUILauncher.exe
C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIsvc32.exe
C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\ProgramData\Wargaming.net\GameCenter\wgc.exe
C:\ProgramData\Wargaming.net\GameCenter\WargamingErrorMonitor.exe
C:\ProgramData\Wargaming.net\GameCenter\dlls\wgc_renderer.exe
C:\ProgramData\Wargaming.net\GameCenter\dlls\wgc_renderer.exe
C:\ProgramData\Wargaming.net\GameCenter\dlls\wgc_renderer.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\trend micro\Ku.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kosmonautix.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocná služba pro přihlášení k účtu Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee WebAdvisor - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IseUI] C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DreamCalc DC5G] "C:\Program Files (x86)\DreamCalc DC5G\dreamcalc.exe" /min
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Lingea Update Center.lnk = C:\Program Files (x86)\Common Files\Lingea Shared\luc.exe
O4 - Global Startup: Killer Network Manager.lnk = C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\Program Files (x86)\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: McAfee WebAdvisor - {48A61126-9A19-4C50-A214-FF08CB94995C} - C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll
O9 - Extra 'Tools' menuitem: McAfee WebAdvisor - {48A61126-9A19-4C50-A214-FF08CB94995C} - C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.webcompanion.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Inc. - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Avast Tools (avast! Tools) - AVAST Software - C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files (x86)\Dassault Systemes\B20\intel_a\code\bin\CATSysDemon.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ElsterFormular Update Service (ElfoService) - Unknown owner - C:\Program Files (x86)\ElsterFormular Update Service\bin\elfoService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google LLC - C:\Program Files (x86)\Google\Chrome\Application\86.0.4240.198\elevation_service.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: isesrv - COMODO - C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Killer Service V2 - Rivet Networks - C:\Program Files\Killer Networking\Network Manager\KillerService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee WebAdvisor - McAfee, LLC - C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11772 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
winlogon.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe -first
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe" /runassvc
"C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe" /runassvc
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Dassault Systemes\B20\intel_a\code\bin\CATSysDemon.exe" -service
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe" -service
"C:\Program Files\Killer Networking\Network Manager\KillerService.exe"
"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"
"C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000
"C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2364
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\AVAST Software\Avast\aswEngSrv.exe" /pipename="7D834CC4-503D-6668-D8F2-8D5E58769410" /binpath="C:\Program Files\AVAST Software\Avast"
"C:\Program Files\AVAST Software\Avast\aswidsagent.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe" -f "C:\ProgramData\NVIDIA\NvContainerUser%d.log" -d "C:\Program Files (x86)\NVIDIA Corporation\NvContainer\plugins\User" -r -l 3 -p 30000 -c
"C:\Windows\system32\Dwm.exe"
"C:\Program Files\McAfee\WebAdvisor\UIHost.exe"
taskeng.exe {116DF518-A4D8-443C-88FA-FDE2F514F25A}
C:\Windows\Explorer.EXE
"taskhost.exe"
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
AvastUI.exe /nogui
"C:\Program Files (x86)\DreamCalc DC5G\dreamcalc.exe" /min
"C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe" -minimize
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIUILauncher.exe" /noUI
"C:\Program Files\Nahimic\NahimicMSI\UserInterface\x64\NahimicMSIsvc64.exe" /start all
"C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIsvc32.exe" /start all
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe" /AUTOHIDE
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe" index.js
\??\C:\Windows\system32\conhost.exe "-55476076217948120-18474857281693304599509124842-7134397754509151-1776786232
"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto -critical
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" --type=gpu-process --field-trial-handle=6776,5073985533238779082,16327801070313829146,131072 --enable-features=CastMediaRouteProvider --disable-features=OutOfBlinkCors --no-sandbox --disable-gpu-driver-bug-workarounds --log-file="C:\Users\Ku\AppData\Roaming\Avast Software\Avast\log\cef_log.txt" --log-severity=error --user-agent="Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.3.3626.1895 Safari/537.36 Avastium (20.8.2432)" --lang=en-US --proxy-auto-detect --disable-webaudio --force-wave-audio --disable-software-rasterizer --no-sandbox --blacklist-accelerated-compositing --disable-accelerated-2d-canvas --disable-accelerated-compositing --disable-accelerated-layers --disable-accelerated-video-decode --blacklist-webgl --disable-bundled-ppapi-flash --disable-flash-3d --enable-aggressive-domstorage-flushing --enable-media-stream --allow-file-access-from-files=1 --pack_loading_disabled=1 --gpu-preferences=MAAAAAAAAADgAABwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --log-file="C:\Users\Ku\AppData\Roaming\Avast Software\Avast\log\cef_log.txt" --mojo-platform-channel-handle=6832 /prefetch:2
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=6776,5073985533238779082,16327801070313829146,131072 --enable-features=CastMediaRouteProvider --disable-features=OutOfBlinkCors --lang=en-US --service-sandbox-type=network --no-sandbox --force-wave-audio --log-file="C:\Users\Ku\AppData\Roaming\Avast Software\Avast\log\cef_log.txt" --log-severity=error --user-agent="Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.3.3626.1895 Safari/537.36 Avastium (20.8.2432)" --lang=en-US --proxy-auto-detect --disable-webaudio --force-wave-audio --disable-software-rasterizer --no-sandbox --blacklist-accelerated-compositing --disable-accelerated-2d-canvas --disable-accelerated-compositing --disable-accelerated-layers --disable-accelerated-video-decode --blacklist-webgl --disable-bundled-ppapi-flash --disable-flash-3d --enable-aggressive-domstorage-flushing --enable-media-stream --allow-file-access-from-files=1 --pack_loading_disabled=1 --log-file="C:\Users\Ku\AppData\Roaming\Avast Software\Avast\log\cef_log.txt" --mojo-platform-channel-handle=4668 /prefetch:8
"C:\ProgramData\Wargaming.net\GameCenter\wgc.exe" --session-id 39DD00A3C8FFDB8A03A30B0C97C18580 --event-sequence-number 18 --start-up-time 2020-11-14T02:19:11 --wgc-api-versions-used --skipJobCheck --log INFO
"C:\ProgramData\Wargaming.net\GameCenter\WargamingErrorMonitor.exe" --pipe "parent_pid_996u87hn3j5-n3j7-nj37-j37n-u7s5n982jf3h" --superuserid "WGC" --self_crash_handling_folder "C:\ProgramData\Wargaming.net\GameCenter\cat " --self_crash_handling_receiver_url "http://cat.wargaming.net " Logs " "
"C:\ProgramData\Wargaming.net\GameCenter\dlls\wgc_renderer.exe" --type=gpu-process --field-trial-handle=1532,16504258195452542475,16165089587187332986,131072 --disable-features=MimeHandlerViewInCrossProcessFrame --no-sandbox --log-file="C:\ProgramData\Wargaming.net\GameCenter\logs\cef_20201114_021927_081.log" --log-severity=info --product-version="Chrome/78.0.3904.87 WGC/20.07.00.2519" --lang=en-US --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --log-file="C:\ProgramData\Wargaming.net\GameCenter\logs\cef_20201114_021927_081.log" --service-request-channel-token=15607926844137481127 --mojo-platform-channel-handle=1552 /prefetch:2
"C:\ProgramData\Wargaming.net\GameCenter\dlls\wgc_renderer.exe" --type=utility --field-trial-handle=1532,16504258195452542475,16165089587187332986,131072 --disable-features=MimeHandlerViewInCrossProcessFrame --lang=en-US --service-sandbox-type=network --no-sandbox --log-file="C:\ProgramData\Wargaming.net\GameCenter\logs\cef_20201114_021927_081.log" --log-severity=info --product-version="Chrome/78.0.3904.87 WGC/20.07.00.2519" --lang=en-US --log-file="C:\ProgramData\Wargaming.net\GameCenter\logs\cef_20201114_021927_081.log" --service-request-channel-token=2346468784177733811 --mojo-platform-channel-handle=2168 /prefetch:8
"C:\ProgramData\Wargaming.net\GameCenter\dlls\wgc_renderer.exe" --type=renderer --no-sandbox --force-device-scale-factor=1 --log-file="C:\ProgramData\Wargaming.net\GameCenter\logs\cef_20201114_021927_081.log" --field-trial-handle=1532,16504258195452542475,16165089587187332986,131072 --disable-features=MimeHandlerViewInCrossProcessFrame --lang=en-US --log-file="C:\ProgramData\Wargaming.net\GameCenter\logs\cef_20201114_021927_081.log" --log-severity=info --product-version="Chrome/78.0.3904.87 WGC/20.07.00.2519" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=10249768783107969619 --renderer-client-id=4 --mojo-platform-channel-handle=2228 /prefetch:1
"C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE" /n /dde
C:\Windows\splwow64.exe 8192
"C:\Program Files (x86)\Steam\Steam.exe"
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=cs_CZ" "-cachedir=C:\Users\Ku\AppData\Local\Steam\htmlcache" "-steampid=7360" "-buildid=1586022601" "-steamid=0" "-steamuniverse=Public" "-clientui=C:\Program Files (x86)\Steam\clientui" --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --enable-media-stream --enable-smooth-scrolling --enable-direct-write --disablehighdpi --force-device-scale-factor=1 --device-scale-factor=1 "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt"
"C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\Steam\dumps" "--metrics-dir=C:\Users\Ku\AppData\Local\CEF\User Data" --url=http://crash.steampowered.com/submit --annotation=platform=win64 --annotation=product=cefwebhelper --annotation=version=1586022601 --initial-client-data=0x19c,0x1a0,0x1a4,0x194,0x1a8,0x7fed730bed0,0x7fed730bee0,0x7fed730bef0
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=gpu-process --field-trial-handle=1204,13816287296576980407,12580394283203152138,131072 --disable-features=CalculateNativeWinOcclusion,MimeHandlerViewInCrossProcessFrame --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --lang=cs-CZ --force-device-scale-factor=1 --disablehighdpi --buildid=1586022601 --steamid=0 --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --service-request-channel-token=14400229200232380036 --mojo-platform-channel-handle=1228 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=utility --field-trial-handle=1204,13816287296576980407,12580394283203152138,131072 --disable-features=CalculateNativeWinOcclusion,MimeHandlerViewInCrossProcessFrame --lang=cs --service-sandbox-type=network --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --lang=cs-CZ --force-device-scale-factor=1 --disablehighdpi --buildid=1586022601 --steamid=0 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --service-request-channel-token=3761978043126723182 --mojo-platform-channel-handle=1572 /prefetch:8
"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" --type=renderer --force-device-scale-factor=1 --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --field-trial-handle=1204,13816287296576980407,12580394283203152138,131072 --disable-features=CalculateNativeWinOcclusion,MimeHandlerViewInCrossProcessFrame --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --lang=cs --log-file="C:\Program Files (x86)\Steam\logs\cef_log.txt" --product-version="Valve Steam Client" --force-device-scale-factor=1 --disablehighdpi --buildid=1586022601 --steamid=0 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=15085012702589420759 --renderer-client-id=4 --mojo-platform-channel-handle=1724 /prefetch:1
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="8092.0.547652855\1799664615" -parentBuildID 20201108180448 -prefsHandle 1208 -prefMapHandle 1200 -prefsLen 1 -prefMapSize 238701 -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" - 8092 "\\.\pipe\gecko-crash-server-pipe.8092" 1280 gpu
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="8092.6.1702452296\1822125686" -childID 1 -isForBrowser -prefsHandle 1980 -prefMapHandle 1976 -prefsLen 194 -prefMapSize 238701 -parentBuildID 20201108180448 -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" - 8092 "\\.\pipe\gecko-crash-server-pipe.8092" 1992 tab
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="8092.13.969103863\402435227" -childID 2 -isForBrowser -prefsHandle 3588 -prefMapHandle 3584 -prefsLen 6515 -prefMapSize 238701 -parentBuildID 20201108180448 -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" - 8092 "\\.\pipe\gecko-crash-server-pipe.8092" 3600 tab
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="8092.20.1504634420\133851970" -childID 3 -isForBrowser -prefsHandle 4112 -prefMapHandle 4076 -prefsLen 7313 -prefMapSize 238701 -parentBuildID 20201108180448 -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" - 8092 "\\.\pipe\gecko-crash-server-pipe.8092" 4128 tab
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="8092.27.184593886\1255512224" -childID 4 -isForBrowser -prefsHandle 1532 -prefMapHandle 1528 -prefsLen 7573 -prefMapSize 238701 -parentBuildID 20201108180448 -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" - 8092 "\\.\pipe\gecko-crash-server-pipe.8092" 996 tab
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="8092.34.176419818\1786820353" -parentBuildID 20201108180448 -prefsHandle 8476 -prefMapHandle 8448 -prefsLen 7617 -prefMapSize 238701 -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" - 8092 "\\.\pipe\gecko-crash-server-pipe.8092" 8444 rdd
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="8092.38.1787609510\1168802124" -childID 5 -isForBrowser -prefsHandle 8248 -prefMapHandle 8188 -prefsLen 7617 -prefMapSize 238701 -parentBuildID 20201108180448 -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" - 8092 "\\.\pipe\gecko-crash-server-pipe.8092" 8152 tab
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="8092.45.404376937\749748421" -childID 6 -isForBrowser -prefsHandle 7772 -prefMapHandle 7548 -prefsLen 7617 -prefMapSize 238701 -parentBuildID 20201108180448 -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" - 8092 "\\.\pipe\gecko-crash-server-pipe.8092" 7768 tab
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="8092.52.753506197\1075672234" -childID 7 -isForBrowser -prefsHandle 1836 -prefMapHandle 8472 -prefsLen 7617 -prefMapSize 238701 -parentBuildID 20201108180448 -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" - 8092 "\\.\pipe\gecko-crash-server-pipe.8092" 7592 tab
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="8092.59.1057287860\1625643612" -childID 8 -isForBrowser -prefsHandle 7396 -prefMapHandle 1840 -prefsLen 7617 -prefMapSize 238701 -parentBuildID 20201108180448 -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" - 8092 "\\.\pipe\gecko-crash-server-pipe.8092" 7376 tab
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="8092.66.2066114102\1262562074" -childID 9 -isForBrowser -prefsHandle 7224 -prefMapHandle 960 -prefsLen 7617 -prefMapSize 238701 -parentBuildID 20201108180448 -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" - 8092 "\\.\pipe\gecko-crash-server-pipe.8092" 7204 tab
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="8092.73.74218951\1360635999" -childID 10 -isForBrowser -prefsHandle 7960 -prefMapHandle 7808 -prefsLen 7617 -prefMapSize 238701 -parentBuildID 20201108180448 -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" - 8092 "\\.\pipe\gecko-crash-server-pipe.8092" 7504 tab
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 524 528 536 65536 532

C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\Ku\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\Ku\AppData\Roaming\Mozilla\Firefox\Profiles\ow9upyt0.default-1589498915936

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.261.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_261\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.261.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_261\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_261\bin\ssv.dll [2020-09-30 736424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 529664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee WebAdvisor - C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2020-11-13 1407720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_261\bin\jp2ssv.dll [2020-09-30 350888]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení k účtu Microsoft - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee WebAdvisor - C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2020-11-13 1103184]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2015-06-12 8484056]
"NahimicMSIUILauncher"=C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIUILauncher.exe [2015-06-18 532448]
""= []
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2020-10-24 109664]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"DreamCalc DC5G"=C:\Program Files (x86)\DreamCalc DC5G\dreamcalc.exe [2017-03-15 4476040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -automount []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Smart Cleaning]
C:\Program Files\CCleaner\CCleaner64.exe [2020-03-19 22245560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite Automount]
C:\Program Files\DAEMON Tools Lite\DTAgent.exe [2019-03-27 735336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Family Tree Builder Update]
C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe [2018-06-14 17537200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShadowPlay]
C:\Windows\system32\nvspcap64.dll [2017-09-19 1923008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe [2018-03-13 27831240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files (x86)\Steam\steam.exe [2020-04-04 3371296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wargaming.net Game Center]
C:\ProgramData\Wargaming.net\GameCenter\wgc.exe [2020-11-14 2481016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\World of Tanks]
C:\Games\World_of_Tanks\WargamingGameUpdater.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SolidWorks Nástroj pro stahování na pozadí.lnk]
C:\Program Files (x86)\Common Files\MANAER~1\BACKGR~1\SLDBGD~1.EXE [2017-03-18 2740264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Start GeekBuddy.lnk]
C:\Program Files\COMODO\GEEKBU~1\launcher.exe []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2015-06-15 296216]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"IseUI"=C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [2017-07-05 3632848]
""= []
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2020-06-18 710776]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Killer Network Manager.lnk - C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe

C:\Users\Ku\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Lingea Update Center.lnk - C:\Program Files (x86)\Common Files\Lingea Shared\luc.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2020-11-13 18:02:25 ----D---- C:\ProgramData\tmp
2020-11-13 18:02:25 ----D---- C:\ProgramData\hps
2020-11-13 17:59:49 ----D---- C:\Program Files\Fotolab
2020-10-28 16:56:30 ----D---- C:\Program Files (x86)\Mozilla Firefox
2020-10-24 11:33:06 ----A---- C:\Windows\system32\aswBoot.exe
2020-10-24 11:33:05 ----A---- C:\Windows\system32\drivers\aswStm.sys
2020-10-24 11:33:05 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys

======List of files/folders modified in the last 1 month======

2020-11-14 02:42:55 ----D---- C:\Program Files\trend micro
2020-11-14 02:37:11 ----D---- C:\Windows\Temp
2020-11-14 02:25:10 ----D---- C:\Windows\Prefetch
2020-11-14 02:25:04 ----D---- C:\Program Files (x86)\Steam
2020-11-14 02:17:02 ----D---- C:\ProgramData\AVAST Software
2020-11-14 02:12:25 ----D---- C:\Windows\System32
2020-11-14 02:12:25 ----D---- C:\Windows\inf
2020-11-14 02:12:25 ----A---- C:\Windows\system32\PerfStringBackup.INI
2020-11-14 02:09:06 ----D---- C:\ProgramData\NVIDIA
2020-11-14 02:07:02 ----AD---- C:\ProgramData\TEMP
2020-11-13 18:02:25 ----HD---- C:\ProgramData
2020-11-13 17:59:49 ----RD---- C:\Program Files
2020-11-12 12:47:30 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2020-11-11 15:55:38 ----D---- C:\Windows\system32\Tasks
2020-11-08 14:49:48 ----D---- C:\Windows\system32\catroot2
2020-11-04 15:03:27 ----SHD---- C:\Windows\Installer
2020-11-04 15:03:18 ----D---- C:\Windows\SysWOW64
2020-11-01 12:08:27 ----D---- C:\Users\Ku\AppData\Roaming\uTorrent
2020-10-28 20:06:11 ----RD---- C:\Program Files (x86)
2020-10-24 18:13:38 ----D---- C:\Windows\system32\drivers
2020-10-20 07:34:24 ----D---- C:\Windows\system32\Macromed
2020-10-20 07:34:20 ----D---- C:\Windows\SYSWOW64\Macromed

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswArDisk;aswArDisk; C:\Windows\system32\drivers\aswArDisk.sys [2020-10-24 37152]
R0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidsh.sys [2020-10-24 195664]
R0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbuniv.sys [2020-10-24 60496]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2020-10-24 84856]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2020-10-24 326928]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2015-05-19 213848]
R0 secnvme;secnvme; C:\Windows\system32\DRIVERS\secnvme.sys [2020-01-20 90648]
R0 secnvmeF;secnvmeF; C:\Windows\system32\DRIVERS\secnvmeF.sys [2020-01-20 30456]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2019-03-27 393880]
R0 stornvme;Ovladač Microsoft Standard NVM Express ; C:\Windows\system32\DRIVERS\stornvme.sys [2015-05-19 50616]
R1 aswArPot;aswArPot; C:\Windows\system32\drivers\aswArPot.sys [2020-10-24 206408]
R1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriver.sys [2020-10-24 236112]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2020-10-24 42784]
R1 aswNetHub;aswNetHub; C:\Windows\system32\drivers\aswNetHub.sys [2020-10-24 518664]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2020-10-24 109280]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2020-10-24 851608]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2020-10-24 470912]
R1 BfLwf;Killer Bandwidth Control; C:\Windows\system32\DRIVERS\bflwfx64.sys [2015-06-22 117808]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2015-05-19 516096]
R1 isedrv;Internet Security Essentials; C:\Windows\system32\drivers\isedrv.sys [2017-07-05 50856]
R1 LUMDriver;LUMDriver; \??\C:\Windows\system32\drivers\LUMDriver.sys [2008-01-02 24848]
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [2016-07-12 920168]
R1 VBoxNetAdp;VirtualBox NDIS 6.0 Miniport Service; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [2016-07-12 121824]
R1 VBoxNetLwf;VirtualBox NDIS6 Bridged Networking Service; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [2016-07-12 195424]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2016-07-12 148744]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys [2015-05-19 59392]
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys [2015-05-19 360688]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2015-05-19 60416]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2020-10-24 175720]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2020-10-24 217336]
R3 asmthub3;ASMedia USB3 Hub Service; C:\Windows\system32\DRIVERS\asmthub3.sys [2015-01-05 139480]
R3 asmtxhci;ASMEDIA XHCI Service; C:\Windows\system32\DRIVERS\asmtxhci.sys [2015-01-05 430808]
R3 aswNetNd6;Avast Firewall NDIS6 Helper; C:\Windows\system32\DRIVERS\aswNetNd6.sys [2020-04-20 38152]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus; C:\Windows\system32\DRIVERS\dtlitescsibus.sys [2019-03-27 42256]
R3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus; C:\Windows\system32\DRIVERS\dtliteusbbus.sys [2019-03-27 59360]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2015-06-15 4493528]
R3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2015-06-26 403752]
R3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2015-06-30 814376]
R3 KillerEth;NDIS Miniport Driver for Killer e2400 PCI-E Ehternet Controller; C:\Windows\system32\DRIVERS\e24w7x64.sys [2015-04-01 125488]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [2015-06-12 177952]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2017-03-25 217528]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2017-09-19 48064]
R3 nvvhci;NVVHCI Enumerator Service; C:\Windows\system32\DRIVERS\nvvhci.sys [2017-09-19 57792]
R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2015-05-19 166400]
R3 vpcbus;Služba hostitelské sběrnice programu Virtual PC; C:\Windows\system32\DRIVERS\vpchbus.sys [2015-05-19 194944]
R3 vpcusb;Služba konektoru virtualizace rozhraní USB; C:\Windows\system32\DRIVERS\vpcusb.sys [2015-05-19 95232]
S3 athur;Wireless Network Adapter Service; C:\Windows\system32\DRIVERS\athurx.sys [2010-01-05 1847296]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 145920]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2010-11-21 19968]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 43008]
S3 MSICDSetup;MSICDSetup; \??\D:\Drivers Files\CDriver64.sys []
S3 NTIOLib_1_0_C;NTIOLib_1_0_C; \??\D:\Drivers Files\NTIOLib_X64.sys []
S3 NvStreamKms;NVIDIA KMS; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2017-09-19 30144]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 Tpm;Čip TPM; C:\Windows\system32\drivers\tpm.sys [2016-02-06 147904]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2020-09-06 169544]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2020-10-24 360408]
R2 avast! Tools;Avast Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [2020-10-24 2748520]
R2 BBDemon;Backbone Service; C:\Program Files (x86)\Dassault Systemes\B20\intel_a\code\bin\CATSysDemon.exe [2009-09-26 36864]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2015-05-19 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2015-05-19 27136]
R2 isesrv;isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [2017-07-05 133840]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2015-06-24 223008]
R2 Killer Service V2;Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [2015-07-07 413696]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2015-06-24 411936]
R2 McAfee WebAdvisor;McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [2020-11-13 956760]
R2 NvContainerLocalSystem;NVIDIA LocalSystem Container; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-09-19 512960]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2017-03-25 464440]
R2 NvTelemetryContainer;NVIDIA Telemetry Container; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [2017-09-19 449984]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [2020-10-24 8450976]
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2020-04-04 1781536]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2015-05-19 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2019-03-28 132792]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2019-03-28 158912]
S2 gupdate;Služba Aktualizace Google (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-10 153168]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2015-05-19 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2019-03-28 54912]
S3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2019-03-27 4131944]
S3 ElfoService;ElsterFormular Update Service; C:\Program Files (x86)\ElsterFormular Update Service\bin\elfoService.exe [2020-07-27 1113864]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2017-03-18 1044816]
S3 GoogleChromeElevationService;Google Chrome Elevation Service; C:\Program Files (x86)\Google\Chrome\Application\86.0.4240.198\elevation_service.exe [2020-11-11 1406448]
S3 gupdatem;Služba Aktualizace Google (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-10 153168]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2016-05-20 114688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2015-05-22 881152]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2020-11-11 243408]
S3 NvContainerNetworkService;NVIDIA NetworkService Container; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-09-19 512960]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2015-05-19 27136]
S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [2017-03-18 79360]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2015-05-19 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2015-05-18 1255736]
S3 WiaRpc;@%SystemRoot%\system32\wiarpc.dll,-2; C:\Windows\system32\svchost.exe [2015-05-19 27136]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2019-03-28 136256]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2019-03-28 136256]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2019-03-28 136256]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:
Kontaktovat uživatele Diallix

Re: Spyware, Keyloger nebo něco?

#2 Příspěvek od Diallix »

Dobry den.

:arrow: Stiahnite si na plochu nastroj AdwCleaner, link. na stiahnutie tu: https://toolslib.net/downloads/finish/1/
Pred spustenim nastroja povypinajte vsetke beziace okna programov, to su vsetke beziace programy pod desktopom.
Kliknite pravym tlacidlom mysi na program -> spustit ako Administrator.
Pokracujte kliknutim na tlacidlo Prehladaj teraz (Scan now) a pockajte, kym sa system doskenuje.
Po skene nechajte oznacene vsetky chlieviky, pripadne najdene hrozieby a pokracujte v dolnom pravom rohu tlacidlom Vycistit Teraz (Clean and Repair).
Po restartovani PC sa spusti nastroj AdwCleaner, kliknite na Zobrazit soubor protokolu.
Spusti sa log, jeho obsah skopirujte sem.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Nahoru
kubikula421
Návštěvník
Návštěvník
Příspěvky: 64
Registrován: 02 dub 2007 22:49

Re: Spyware, Keyloger nebo něco?

#3 Příspěvek od kubikula421 »

# -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build: 10-08-2020
# Database: 2020-09-29.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 11-14-2020
# Duration: 00:00:01
# OS: Windows 7 Professional
# Cleaned: 27
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Windows\Installer\{503CA94E-0834-4CEE-AD92-BA17AF4E809A}
Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Local\LavasoftTcpService

***** [ Files ] *****

Deleted C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
Deleted C:\Windows\System32\LavasoftTcpService64.dll
Deleted C:\Windows\System32\LavasoftTcpServiceOff.ini

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKLM\SOFTWARE\Classes\AppID\LavasoftTcpService.exe
Deleted HKLM\Software\Classes\AppID\{2CE0F1DC-C504-4B7B-A385-D94A2531DFFB}
Deleted HKLM\Software\Classes\Installer\Features\E49AC3054380EEC4DA29AB71FAE408A9
Deleted HKLM\Software\Classes\Installer\Products\E49AC3054380EEC4DA29AB71FAE408A9
Deleted HKLM\Software\Classes\Installer\UpgradeCodes\04A063A0BBEACF54EAEF493C49D9E3F6
Deleted HKLM\Software\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
Deleted HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\AlcoholAutomount
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\04A063A0BBEACF54EAEF493C49D9E3F6
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E61B1AB66C44604797AC56F6BC3B0FF
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37A47D4566095BF44A2CA19FBDFA04A9
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5B90A3D3F68EADC47B40D2D572B76E62
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\638EEBF8065E4B845AD5CAB77949D6CC
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\884DF2290FDFBE9408D20E763774932B
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F60B79E6444F2DE4EAC868B34B7EDADA
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FE90F95E2F75E9143B28CD4FD9C91A78
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E49AC3054380EEC4DA29AB71FAE408A9
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted HKLM\Software\Wow6432Node\\Classes\AppID\LavasoftTcpService.exe
Deleted HKLM\Software\Wow6432Node\\Classes\AppID\{2CE0F1DC-C504-4B7B-A385-D94A2531DFFB}
Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\geekbuddyrsp

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [4468 octets] - [14/11/2020 21:27:00]
AdwCleaner[S01].txt - [4529 octets] - [14/11/2020 21:31:21]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
Nahoru
Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:
Kontaktovat uživatele Diallix

Re: Spyware, Keyloger nebo něco?

#4 Příspěvek od Diallix »

Poprosim nove logy FRST + ADDITION.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Nahoru
kubikula421
Návštěvník
Návštěvník
Příspěvky: 64
Registrován: 02 dub 2007 22:49

Re: Spyware, Keyloger nebo něco?

#5 Příspěvek od kubikula421 »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-11-2020
Ran by Ku (administrator) on KU-PC (MSI MS-7976) (15-11-2020 10:44:14)
Running from C:\Users\Ku\Downloads
Loaded Profiles: Ku
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSISvc32.exe
() [File not signed] C:\Program Files\Nahimic\NahimicMSI\UserInterface\x64\NahimicMSISvc64.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <3>
(A-Volute -> ) C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIUILauncher.exe
(Big Angry Dog Ltd -> Big Angry Dog Ltd) C:\Program Files (x86)\DreamCalc DC5G\dreamcalc.exe
(Comodo Security Solutions, Inc. -> COMODO) C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe
(Comodo Security Solutions, Inc. -> COMODO) C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe
(Dassault Systemes) [File not signed] C:\Program Files (x86)\Dassault Systemes\B20\intel_a\code\bin\CATSysDemon.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <9>
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Rivet Networks) [File not signed] C:\Program Files\Killer Networking\Network Manager\KillerService.exe
(Rivet Networks) [File not signed] C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe
(Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <9>
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8484056 2015-06-12] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [NahimicMSIUILauncher] => C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIUILauncher.exe [532448 2015-06-18] (A-Volute -> )
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [109664 2020-10-24] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [296216 2015-06-15] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [3632848 2017-07-05] (Comodo Security Solutions, Inc. -> COMODO)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [710776 2020-06-18] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\...\Run: [] => [X]
HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\...\Run: [DreamCalc DC5G] => C:\Program Files (x86)\DreamCalc DC5G\dreamcalc.exe [4476040 2017-03-15] (Big Angry Dog Ltd -> Big Angry Dog Ltd)
HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\...\MountPoints2: E - E:\RunGame.exe
HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\...\MountPoints2: G - "G:\Diablo III Setup.exe"
HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\...\MountPoints2: H - H:\autorun\autorun.exe
HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\...\MountPoints2: {87815fb9-509d-11e9-b432-d8cb8a997724} - E:\RunGame.exe
HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\...\MountPoints2: {87815fc2-509d-11e9-b432-d8cb8a997724} - G:\RunGame.exe
HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\...\MountPoints2: {87815fc7-509d-11e9-b432-d8cb8a997724} - H:\RunGame.exe
HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\...\MountPoints2: {e409463e-9112-11e5-8f30-d8cb8a997724} - L:\setup.exe
HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\...\MountPoints2: {f1de4444-8d0b-11e5-bd0e-d8cb8a997724} - H:\autorun\autorun.exe
HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\...\MountPoints2: {f1de4468-8d0b-11e5-bd0e-d8cb8a997724} - G:\setup.exe
HKLM\...\Windows x64\Print Processors\hpzppWN7: C:\Windows\System32\spool\prtprocs\x64\hpzppWN7.dll [101376 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\Bullzip PDF Print Monitor: C:\Program Files\Common Files\Bullzip\PDF Printer\Ports\BULLZIP\bzpdf.dll [218112 2016-03-07] (Bullzip) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\86.0.4240.198\Installer\chrmstp.exe [2020-11-11] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2015-11-16]
ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks) [File not signed]
Startup: C:\Users\Ku\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lingea Update Center.lnk [2015-11-17]
ShortcutTarget: Lingea Update Center.lnk -> C:\Program Files (x86)\Common Files\Lingea Shared\luc.exe (Lingea s.r.o. -> Lingea)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {11706D02-6BB5-4D41-9111-9A5301BFB078} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [667856 2020-11-11] (Mozilla Corporation -> Mozilla Foundation)
Task: {16D9F178-6750-479F-A6AD-5668865A8E72} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [651200 2017-09-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1CF7A1AA-14B4-40BA-9C71-B604BA58C7D1} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [3047944 2020-10-12] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
Task: {2D82AE9D-114A-4E7C-A800-F488CF65F76E} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1741416 2020-09-19] (Avast Software s.r.o. -> Avast Software)
Task: {3C6E594B-CA71-4CE8-B419-398F6053708C} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [651200 2017-09-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3D5A9401-3241-43DD-935A-8773D1B5DD52} - System32\Tasks\NahimicMSIsvc32Run => C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIsvc32.exe [813568 2015-06-18] () [File not signed]
Task: {4501AEE2-9812-44C1-B0BA-4F25D544B9AB} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [1540544 2017-09-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {46D86316-7786-4A61-92B9-60F9478111BC} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4496488 2020-10-24] (Avast Software s.r.o. -> AVAST Software)
Task: {4BADB7C8-879C-4AD3-82B0-4065E8F76591} - System32\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} => C:\ProgramData\cisD42F.exe <==== ATTENTION
Task: {57D3192D-AB16-4D45-ACAA-C5810AFE3C2B} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-09-19] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {607AE904-E4B6-4A3A-A54C-D012F58E7BE8} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [722880 2017-09-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {718E0588-9FC6-4889-8724-1C69219DB118} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [947136 2017-09-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7263AADB-8C62-4582-97C2-A2E609D8F383} - System32\Tasks\NahimicMSIUILauncherRun => C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIUILauncher.exe [532448 2015-06-18] (A-Volute -> )
Task: {76D0E47F-E711-4AC3-A33E-A9D9E1298B61} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [436160 2017-09-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {83A0D5E6-6EB0-4D80-9F0D-5B406C9050A0} - System32\Tasks\{89A4BC6B-63CE-451E-88FD-15B2C7D82C2E} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\EA GAMES\Need for Speed Underground 2\EAUninstall.exe"
Task: {8D5973EB-70E6-4FF2-AFB9-50D9C367519E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1341008 2020-09-06] (Adobe Inc. -> Adobe Inc.)
Task: {91E32F54-B043-4989-9351-CF73FEF5222F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18227896 2020-03-19] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {95760064-96FC-4822-833A-3FF836060FA7} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [722880 2017-09-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {99FB7C65-F54E-444B-82D2-DFDB580BC486} - System32\Tasks\NahimicMSIsvc64Run => C:\Program Files\Nahimic\NahimicMSI\UserInterface\x64\NahimicMSIsvc64.exe [272384 2015-06-18] () [File not signed]
Task: {AF9AB662-4285-4E84-AE27-ED5278A3D926} - System32\Tasks\{69CBF674-488A-4C6A-9333-7E5609E93A67} => C:\Windows\system32\pcalua.exe -a "V:\soft\CAD\SolidWorks\SolidWorks-2014\SolidWorks 2014\SW2014_sp0_x64_SSQ\setup.exe" -d "V:\soft\CAD\SolidWorks\SolidWorks-2014\SolidWorks 2014\SW2014_sp0_x64_SSQ"
Task: {CBD59276-B34F-4EE3-A049-46EB81F7BCEF} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {D227A992-E5B3-4A7C-A30C-70EFB3098C76} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-03-19] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {F7EF0B15-E1F5-48D9-A211-D21C51DDAF10} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-01-10] (Google Inc -> Google Inc.)
Task: {F85F8F22-1CA0-486B-ADF8-4C6DF9868207} - System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe [65432 2020-09-30] (Microsoft Corporation -> Microsoft)
Task: {F8CCFCB2-626F-413E-BBFF-5A1D592E974B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-01-10] (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Tcpip\Parameters: [DhcpNameServer] 10.2.255.1 10.2.255.2
Tcpip\..\Interfaces\{424F1AE3-AA58-47DA-AEDC-9015472F8229}: [DhcpNameServer] 10.2.255.1 10.2.255.2
Tcpip\..\Interfaces\{CCB81BDC-62EB-4307-909D-0642C1B614E4}: [DhcpNameServer] 10.2.255.1 10.2.255.2

FireFox:
========
FF DefaultProfile: ow9upyt0.default-1589498915936
FF ProfilePath: C:\Users\Ku\AppData\Roaming\Mozilla\Firefox\Profiles\ow9upyt0.default-1589498915936 [2020-11-15]
FF Plugin: @java.com/DTPlugin,version=11.261.2 -> C:\Program Files\Java\jre1.8.0_261\bin\dtplugin\npDeployJava1.dll [2020-09-30] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.261.2 -> C:\Program Files\Java\jre1.8.0_261\bin\plugin2\npjp2.dll [2020-09-30] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-03-25] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-03-25] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-10-22] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Ku\AppData\Local\Google\Chrome\User Data\Default [2020-10-27]
CHR Extension: (Prezentace) - C:\Users\Ku\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-10]
CHR Extension: (Dokumenty) - C:\Users\Ku\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-10]
CHR Extension: (Disk Google) - C:\Users\Ku\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-10]
CHR Extension: (YouTube) - C:\Users\Ku\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-10]
CHR Extension: (Tabulky) - C:\Users\Ku\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-10]
CHR Extension: (Avira Browser Safety) - C:\Users\Ku\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2020-06-12]
CHR Extension: (Dokumenty Google offline) - C:\Users\Ku\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-06-12]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Ku\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-01-09]
CHR Extension: (Gmail) - C:\Users\Ku\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-01-09]
CHR Extension: (Chrome Media Router) - C:\Users\Ku\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-06-12]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169544 2020-09-06] (Adobe Inc. -> Adobe Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [8450976 2020-10-24] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [360408 2020-10-24] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [2748520 2020-10-24] (Avast Software s.r.o. -> AVAST Software)
R2 BBDemon; C:\Program Files (x86)\Dassault Systemes\B20\intel_a\code\bin\CATSysDemon.exe [36864 2009-09-26] (Dassault Systemes) [File not signed]
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4131944 2019-03-27] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 ElfoService; C:\Program Files (x86)\ElsterFormular Update Service\bin\elfoService.exe [1113864 2020-07-27] (Bayerisches Landesamt fuer Steuern -> )
R2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [133840 2017-07-05] (Comodo Security Solutions, Inc. -> COMODO)
R2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [413696 2015-07-07] (Rivet Networks) [File not signed]
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [956760 2020-11-13] (McAfee, LLC -> McAfee, LLC)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2017-03-18] (SolidWorks) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-05-19] (Microsoft Windows -> Microsoft Corporation)
R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2292480 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin"

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37152 2020-10-24] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [206408 2020-10-24] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [236112 2020-10-24] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [195664 2020-10-24] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [60496 2020-10-24] (Avast Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42784 2020-10-24] (Avast Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [175720 2020-10-24] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [518664 2020-10-24] (Avast Software s.r.o. -> AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [38152 2020-04-20] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [109280 2020-10-24] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84856 2020-10-24] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [851608 2020-10-24] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [470912 2020-10-24] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [217336 2020-10-24] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [326928 2020-10-24] (Avast Software s.r.o. -> AVAST Software)
S3 athur; C:\Windows\System32\DRIVERS\athurx.sys [1847296 2010-01-05] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [117808 2015-06-22] (Rivet Networks LLC -> Rivet Networks, LLC.)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [42256 2019-03-27] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [59360 2019-03-27] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R1 isedrv; C:\Windows\system32\drivers\isedrv.sys [50856 2017-07-05] (Comodo Security Solutions, Inc. -> COMODO)
R1 LUMDriver; C:\Windows\system32\drivers\LUMDriver.sys [24848 2008-01-02] (IBM Polska Sp. z o.o. -> IBM)
R0 secnvme; C:\Windows\System32\DRIVERS\secnvme.sys [90648 2020-01-20] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd)
R0 secnvmeF; C:\Windows\System32\DRIVERS\secnvmeF.sys [30456 2020-01-20] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [393880 2019-03-27] (Disc Soft Ltd -> Duplex Secure Ltd.)
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [121824 2016-07-12] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [195424 2016-07-12] (Oracle Corporation -> Oracle Corporation)
S3 MSICDSetup; \??\D:\Drivers Files\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\Drivers Files\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-11-15 10:44 - 2020-11-15 10:44 - 000026108 _____ C:\Users\Ku\Downloads\FRST.txt
2020-11-15 10:44 - 2020-11-15 10:44 - 000000000 ____D C:\FRST
2020-11-15 10:43 - 2020-11-15 10:43 - 002298368 _____ (Farbar) C:\Users\Ku\Downloads\FRST64.exe
2020-11-15 10:42 - 2020-11-15 10:42 - 002012160 _____ (Farbar) C:\Users\Ku\Downloads\FRST.exe
2020-11-14 21:29 - 2020-11-14 21:32 - 000000674 _____ C:\Users\Ku\Desktop\Nový textový dokument (11).txt
2020-11-14 21:25 - 2020-11-14 21:26 - 008447152 _____ (Malwarebytes) C:\Users\Ku\Downloads\adwcleaner_8.0.8.exe
2020-11-14 14:25 - 2020-11-14 14:25 - 000000219 _____ C:\Users\Ku\Desktop\Counter-Strike Global Offensive.url
2020-11-14 02:42 - 2020-11-14 02:42 - 001222144 _____ C:\Users\Ku\Downloads\RSITx64.exe
2020-11-13 18:02 - 2020-11-13 18:24 - 000000000 ____D C:\ProgramData\tmp
2020-11-13 18:02 - 2020-11-13 18:02 - 000001094 _____ C:\Users\Public\Desktop\CEWE FOTOLAB fotosvet.lnk
2020-11-13 18:02 - 2020-11-13 18:02 - 000001094 _____ C:\ProgramData\Desktop\CEWE FOTOLAB fotosvet.lnk
2020-11-13 18:02 - 2020-11-13 18:02 - 000001074 _____ C:\Users\Public\Desktop\CEWE fotoimporter.lnk
2020-11-13 18:02 - 2020-11-13 18:02 - 000001074 _____ C:\ProgramData\Desktop\CEWE fotoimporter.lnk
2020-11-13 18:02 - 2020-11-13 18:02 - 000001064 _____ C:\Users\Public\Desktop\CEWE prezentace.lnk
2020-11-13 18:02 - 2020-11-13 18:02 - 000001064 _____ C:\ProgramData\Desktop\CEWE prezentace.lnk
2020-11-13 18:02 - 2020-11-13 18:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CEWE FOTOLAB fotosvet
2020-11-13 18:02 - 2020-11-13 18:02 - 000000000 ____D C:\ProgramData\hps
2020-11-13 17:59 - 2020-11-13 17:59 - 000000000 ____D C:\Program Files\Fotolab
2020-11-13 17:58 - 2020-11-13 17:58 - 001673864 _____ C:\Users\Ku\Desktop\setup_CEWE_FOTOLAB_fotosvet.exe
2020-11-13 17:47 - 2020-11-13 18:11 - 000000000 ____D C:\Users\Ku\Desktop\fotky 2020
2020-11-11 15:55 - 2020-11-11 15:55 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2020-11-10 10:09 - 2020-11-10 10:09 - 000009798 _____ C:\Users\Ku\Desktop\Nový List aplikace Microsoft Office Excel (2).xlsx
2020-11-10 10:09 - 2020-11-10 10:09 - 000000165 ____H C:\Users\Ku\Desktop\~$Nový List aplikace Microsoft Office Excel (2).xlsx
2020-11-09 15:32 - 2020-11-13 09:20 - 000000000 ____D C:\Users\Ku\Desktop\Mluvnik
2020-11-04 21:31 - 2020-11-04 21:31 - 006516640 _____ (Wargaming.net ) C:\Users\Ku\Downloads\world_of_tanks_install_eu_c6urikdyeimn.exe
2020-11-01 17:26 - 2020-11-01 17:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician
2020-11-01 13:29 - 2020-11-01 13:30 - 000000082 _____ C:\Users\Ku\Desktop\Nový textový dokument (10).txt
2020-10-30 16:12 - 2020-11-02 21:29 - 000000484 _____ C:\Users\Ku\Desktop\odkazy.txt
2020-10-28 16:56 - 2020-11-12 12:47 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2020-10-27 18:34 - 2020-10-27 18:36 - 026942421 _____ C:\Users\Ku\Downloads\HUDEBNI TEORIE a noty housle.zip
2020-10-24 11:33 - 2020-10-24 11:33 - 000339552 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2020-10-24 11:33 - 2020-10-24 11:33 - 000217336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2020-10-24 11:33 - 2020-10-24 11:33 - 000175720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2020-10-23 09:22 - 2020-10-23 09:22 - 000000000 _____ C:\Users\Ku\Desktop\Nový textový dokument (8).txt
2020-10-16 20:10 - 2020-11-10 14:04 - 000000100 _____ C:\Users\Ku\Desktop\gmail.txt

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-11-15 10:40 - 2016-02-11 19:00 - 000000000 ____D C:\Program Files (x86)\Steam
2020-11-15 10:39 - 2020-04-02 20:18 - 000003260 _____ C:\Windows\system32\Tasks\SamsungMagician
2020-11-15 10:39 - 2020-03-28 14:26 - 000003138 _____ C:\Windows\system32\Tasks\{89A4BC6B-63CE-451E-88FD-15B2C7D82C2E}
2020-11-15 10:39 - 2019-02-06 20:44 - 000004128 _____ C:\Windows\system32\Tasks\CCleaner Update
2020-11-15 10:39 - 2019-02-06 20:44 - 000002796 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC
2020-11-15 10:39 - 2019-01-08 21:07 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
2020-11-15 10:39 - 2018-01-10 23:48 - 000003386 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-11-15 10:39 - 2018-01-10 23:48 - 000003258 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2020-11-15 10:39 - 2017-09-23 11:23 - 000003814 _____ C:\Windows\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-11-15 10:39 - 2017-07-17 21:18 - 000003290 _____ C:\Windows\system32\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}
2020-11-15 10:39 - 2017-03-25 13:04 - 000004146 _____ C:\Windows\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-11-15 10:39 - 2017-03-25 13:04 - 000003852 _____ C:\Windows\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-11-15 10:39 - 2017-03-25 13:03 - 000003738 _____ C:\Windows\system32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-11-15 10:39 - 2017-03-25 13:03 - 000003738 _____ C:\Windows\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-11-15 10:39 - 2017-03-25 13:03 - 000003730 _____ C:\Windows\system32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-11-15 10:39 - 2017-03-25 13:03 - 000003554 _____ C:\Windows\system32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-11-15 10:39 - 2017-03-25 13:03 - 000003494 _____ C:\Windows\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-11-15 10:39 - 2017-03-19 10:35 - 000003310 _____ C:\Windows\system32\Tasks\{69CBF674-488A-4C6A-9333-7E5609E93A67}
2020-11-15 10:39 - 2015-11-17 13:44 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2020-11-15 10:39 - 2015-11-16 19:13 - 000003138 _____ C:\Windows\system32\Tasks\NahimicMSIsvc64Run
2020-11-15 10:39 - 2015-11-16 19:13 - 000003130 _____ C:\Windows\system32\Tasks\NahimicMSIsvc32Run
2020-11-15 10:39 - 2015-11-16 19:08 - 000003140 _____ C:\Windows\system32\Tasks\NahimicMSIUILauncherRun
2020-11-15 10:39 - 2015-11-16 00:24 - 000003524 _____ C:\Windows\system32\Tasks\CreateChoiceProcessTask
2020-11-15 10:07 - 2009-07-14 05:45 - 000032480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-11-15 10:07 - 2009-07-14 05:45 - 000032480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-11-15 10:06 - 2019-01-08 21:05 - 000000000 ____D C:\ProgramData\AVAST Software
2020-11-15 10:03 - 2016-11-18 22:07 - 000000000 ____D C:\Users\Ku\AppData\LocalLow\Mozilla
2020-11-15 10:03 - 2011-04-12 09:34 - 000807980 _____ C:\Windows\system32\perfh005.dat
2020-11-15 10:03 - 2011-04-12 09:34 - 000187564 _____ C:\Windows\system32\perfc005.dat
2020-11-15 10:03 - 2009-07-14 06:13 - 001769414 _____ C:\Windows\system32\PerfStringBackup.INI
2020-11-15 10:03 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2020-11-15 09:58 - 2015-11-16 19:56 - 000000000 ____D C:\ProgramData\NVIDIA
2020-11-15 09:56 - 2020-04-06 13:49 - 000000000 ____D C:\ProgramData\TEMP
2020-11-15 09:56 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-11-14 21:30 - 2015-11-17 12:38 - 000000000 ____D C:\Users\Ku\Documents\Lexicon
2020-11-14 21:27 - 2016-02-14 12:05 - 000000000 ____D C:\AdwCleaner
2020-11-14 14:25 - 2016-02-11 19:31 - 000000000 ____D C:\Users\Ku\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2020-11-14 02:42 - 2016-02-14 12:41 - 000000000 ____D C:\Program Files\trend micro
2020-11-14 02:37 - 2019-01-08 21:07 - 000000000 ____D C:\Users\Ku\AppData\Local\AVAST Software
2020-11-14 02:17 - 2016-08-12 23:04 - 000000000 ____D C:\Users\Ku\.VirtualBox
2020-11-12 12:47 - 2015-11-16 20:39 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-11-11 21:50 - 2018-01-10 23:48 - 000002234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-11-11 21:50 - 2018-01-10 23:48 - 000002193 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-11-11 21:50 - 2018-01-10 23:48 - 000002193 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-11-11 16:00 - 2015-11-17 11:30 - 000208932 _____ C:\Users\Ku\Desktop\platby.xlsx
2020-11-10 22:04 - 2016-07-27 13:30 - 000000000 ____D C:\Users\Ku\AppData\Local\CrashDumps
2020-11-10 21:36 - 2019-01-08 21:07 - 000004168 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2020-11-04 15:03 - 2018-09-22 12:54 - 000002069 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-11-01 17:26 - 2020-04-02 20:18 - 000001234 _____ C:\Users\Public\Desktop\Samsung Magician.lnk
2020-11-01 17:26 - 2020-04-02 20:18 - 000001234 _____ C:\ProgramData\Desktop\Samsung Magician.lnk
2020-11-01 17:26 - 2015-11-16 00:25 - 000001409 _____ C:\Users\Ku\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2020-11-01 12:08 - 2016-02-20 19:37 - 000000000 ____D C:\Users\Ku\AppData\Roaming\uTorrent
2020-10-30 16:06 - 2020-09-27 22:50 - 000043514 _____ C:\Users\Ku\Desktop\Nový textový dokument (8).html
2020-10-24 11:33 - 2020-04-20 18:37 - 000518664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetHub.sys
2020-10-24 11:33 - 2019-01-15 05:52 - 000236112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2020-10-24 11:33 - 2019-01-08 21:06 - 000851608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2020-10-24 11:33 - 2019-01-08 21:06 - 000470912 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2020-10-24 11:33 - 2019-01-08 21:06 - 000326928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2020-10-24 11:33 - 2019-01-08 21:06 - 000206408 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2020-10-24 11:33 - 2019-01-08 21:06 - 000195664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2020-10-24 11:33 - 2019-01-08 21:06 - 000109280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2020-10-24 11:33 - 2019-01-08 21:06 - 000084856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2020-10-24 11:33 - 2019-01-08 21:06 - 000060496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2020-10-24 11:33 - 2019-01-08 21:06 - 000042784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2020-10-24 11:33 - 2019-01-08 21:06 - 000037152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2020-10-23 09:17 - 2020-04-02 19:49 - 000000000 ____D C:\Users\Ku\Desktop\fleska
2020-10-20 07:34 - 2015-11-19 19:53 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2020-10-20 07:34 - 2015-11-19 19:53 - 000000000 ____D C:\Windows\system32\Macromed

==================== Files in the root of some directories ========

2020-04-06 13:50 - 2020-04-06 15:46 - 000001925 _____ () C:\Users\Ku\AppData\Roaming\DreamCalc DC5G.dat
2018-09-15 11:43 - 2018-09-15 11:43 - 000003584 _____ () C:\Users\Ku\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-02-25 12:46 - 2016-02-25 12:46 - 000000000 _____ () C:\Users\Ku\AppData\Local\Driver_LOM_8171Present.flag
2017-10-03 11:30 - 2017-10-03 11:30 - 000007887 _____ () C:\Users\Ku\AppData\Local\recently-used.xbel

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-11-13 07:46
==================== End of FRST.txt ========================
Nahoru
kubikula421
Návštěvník
Návštěvník
Příspěvky: 64
Registrován: 02 dub 2007 22:49

Re: Spyware, Keyloger nebo něco?

#6 Příspěvek od kubikula421 »

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-11-2020
Ran by Ku (15-11-2020 10:45:07)
Running from C:\Users\Ku\Downloads
Windows 7 Professional Service Pack 1 (X64) (2015-11-15 23:24:44)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2212251401-2950746402-1092012157-500 - Administrator - Disabled)
Guest (S-1-5-21-2212251401-2950746402-1092012157-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2212251401-2950746402-1092012157-1003 - Limited - Enabled)
Ku (S-1-5-21-2212251401-2950746402-1092012157-1000 - Administrator - Enabled) => C:\Users\Ku

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {5078598A-1FA2-C888-AA5F-A9C66537DB12}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1.25534 - emc, uTorrent.CZ)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 20.013.20064 - Adobe Systems Incorporated)
Aktualizace NVIDIA 28.0.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 28.0.0.0 - NVIDIA Corporation) Hidden
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 378.92 - NVIDIA Corporation) Hidden
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.23.0 - Asmedia Technology)
aTube Catcher verze 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
AudioFXSetup (HKLM\...\{7FE496DB-01A3-4A73-A629-E7F0BB3ABA95}) (Version: 1.2.101 - Nahimic) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 20.8.2432 - Avast Software)
Blizzard App (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bullzip PDF Printer 10.24.0.2543 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.24.0.2543 - Bullzip)
Call of Duty Modern Warfare (HKLM-x32\...\Call of Duty Modern Warfare) (Version: - Blizzard Entertainment)
CCleaner (HKLM\...\CCleaner) (Version: 5.65 - Piriform)
CEWE FOTOLAB fotosvet (HKLM-x32\...\CEWE FOTOLAB fotosvet) (Version: 7.0.3 - CEWE Stiftung u Co. KGaA)
Cyklotrasy 2.32 (HKLM-x32\...\Cyklotrasy 2.32) (Version: - )
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.10.0.0797 - Disc Soft Ltd)
Dassault Systemes Software B20 (HKLM\...\Dassault Systemes B20_0) (Version: - )
Dassault Systemes Software Prerequisites x86-x64 (HKLM\...\{CF1EB598-B424-436A-B15F-B763846BA970}) (Version: 8.1.3 - Dassault Systemes)
Data Lifeguard Diagnostic version 1.36 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation)
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Discord (HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\...\Discord) (Version: 0.0.305 - Discord Inc.)
Domácí učitel němčiny 2 (odstranění) (HKLM-x32\...\DUN2) (Version: - )
Doplněk Microsoft Save as PDF or XPS pro aplikace sady Microsoft Office 2007 (HKLM-x32\...\{90120000-00B2-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation)
DreamCalc DCG5.0.4 (Graphing Edition) (HKLM-x32\...\DreamCalcDC5G_is1) (Version: DCG5.0.4 - Big Angry Dog Ltd)
ElsterFormular (HKLM-x32\...\{C75F51E9-3DDE-42EC-9D00-97E7C4F9CEF8}) (Version: 21.3 - Thüringer Landesfinanzdirektion)
Fallout 2 (HKLM-x32\...\Fallout 2) (Version: - )
FormatFactory 4.1.0.0 (HKLM-x32\...\FormatFactory) (Version: 4.1.0.0 - Free Time)
Fotogalerie (HKLM-x32\...\{F37D360D-9308-4BB1-8515-DC6B637B9486}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
GIMP 2.8.22 (HKLM\...\GIMP-2_is1) (Version: 2.8.22 - The GIMP Team)
Google Earth Pro (HKLM\...\{FB8010D4-05F4-420D-8DFC-2F911A6DD100}) (Version: 7.3.3.7786 - Google)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 86.0.4240.198 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.31 - Google LLC) Hidden
HD Tune Pro 5.70 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software)
CheckDevicesConfigurator (HKLM\...\{CCBC0A4A-0F73-435D-A6A6-029C5A159B4E}) (Version: 1.2.101 - Nahimic) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 4.0.0.36 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{98f335cd-0a32-4b3f-b74c-ef9480e834f0}) (Version: 10.0.27 - Intel(R) Corporation) Hidden
Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.2.422025.92 - Comodo)
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.42 - Irfan Skiljan)
Java 8 Update 261 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180261F0}) (Version: 8.0.2610.12 - Oracle Corporation)
Killer Bandwidth Control Filter Driver (HKLM\...\{4604F4AF-8588-4E17-9FC9-3AC730A24EFB}) (Version: 1.1.54.1095 - Rivet Networks) Hidden
Killer E240x Drivers (HKLM\...\{B1A8F37B-E363-416C-BA58-F2C1E3100E04}) (Version: 1.1.54.1095 - Rivet Networks) Hidden
Killer Network Manager (HKLM\...\{D53C1985-5ABF-4AE6-B2AB-F1F326829173}) (Version: 1.1.54.1095 - Rivet Networks) Hidden
Killer Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.54.1095 - Rivet Networks)
LauncherSetup (HKLM\...\{DC0808E8-8034-4EF8-9D66-F8D9E7A836C4}) (Version: 1.2.101 - Nahimic) Hidden
Lingea Lexicon 5 (HKLM-x32\...\Lexicon5) (Version: - )
Microsoft .NET Framework 4.8 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{A1C962E2-2426-49C6-A38B-9A07E40D607C}) (Version: 3.2.217.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 2.7.3066.826 - Microsoft Corporation)
MKVToolNix 25.0.0 (64-bit) (HKLM-x32\...\MKVToolNix) (Version: 25.0.0 - Moritz Bunkus)
Movie Maker (HKLM-x32\...\{3D2CF65C-B544-4308-B996-700D3E5F6C4C}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 82.0.3 (x64 cs) (HKLM\...\Mozilla Firefox 82.0.3 (x64 cs)) (Version: 82.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 82.0.3.7617 - Mozilla)
MSI Afterburner 4.1.1 (HKLM-x32\...\Afterburner) (Version: 4.1.1 - MSI Co., LTD)
MyHeritage Family Tree Builder (HKLM-x32\...\Family Tree Builder) (Version: 8.0.0.8463 - MyHeritage.com)
Nahimic for MSI (HKLM-x32\...\{5bb2e2ff-ac88-46bf-8220-36fb66134c12}) (Version: 1.2.1 - Nahimic)
NahimicSettingsConfigurator (HKLM\...\{894323EE-7C53-4035-99D6-823C5C9EF207}) (Version: 1.2.101 - Nahimic) Hidden
NVIDIA GeForce Experience 3.9.0.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.9.0.97 - NVIDIA Corporation)
NVIDIA Ovladač 3D Vision 378.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.92 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.34.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.23 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 378.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.92 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Oracle VM VirtualBox 5.1.0 (HKLM\...\{0C801AA7-A02E-4DCF-BD09-0EACB11D9863}) (Version: 5.1.0 - Oracle Corporation)
Ovládací panel NVIDIA 378.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 378.92 - NVIDIA Corporation) Hidden
PotPlayer-64 bit (HKLM\...\PotPlayer64) (Version: - Kakao Corp.)
ProductDaemonSetup (HKLM\...\{99BE7D86-070E-42B5-BC73-8CBED385994D}) (Version: 1.2.101 - Nahimic) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7534 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Samsung Data Migration (HKLM-x32\...\{3B304604-0BF5-488E-AB95-F2F2E31206F3}) (Version: 3.1 - Samsung)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 6.2.1.260 - Samsung Electronics)
Samsung NVM Express Driver (HKLM-x32\...\{ff94c273-58d5-40b5-b03a-9bd41d5cff1e}) (Version: 3.3.0.2003 - Samsung Electronics)
Samsung NVM Express Driver 3.3.0.2003 (HKLM\...\{89D55DD5-FE94-497B-B5E5-91915D52DBF2}) (Version: 3.3.0.2003 - Samsung Electronics Co., Ltd) Hidden
SeaTools for Windows 1.4.0.4 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.4 - Seagate Technology)
Skype™ 7.41 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.41.101 - Skype Technologies S.A.)
Smart View (HKLM-x32\...\{1800D8A5-F7B2-4C20-868E-1CF55CBBDF21}) (Version: 1.0.0.0 - Samsung )
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.4 - TeamSpeak Systems GmbH)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.52a - Ghisler Software GmbH)
TP-LINK Wireless Client Utility (HKLM-x32\...\{3BD98AAF-61B5-46E0-A6C8-593C242C7C48}) (Version: 7.0 - TP-LINK)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 30.0 - Ubisoft)
VBA (3821b) (HKLM-x32\...\{BD8A0C60-1AEB-11D6-B8E1-00025521AE60}) (Version: 6.01.00.1234 - Microsoft Corporation) Hidden
Visual Studio Enterprise 2019 (HKLM-x32\...\8eb94ba6) (Version: 16.7.30523.141 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
vs_filehandler_amd64 (HKLM-x32\...\{804E218D-A59D-48B9-AD2A-13BF6F1C9DA0}) (Version: 16.7.30309 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{3A735826-F946-4348-8DE2-0B9FF750F77D}) (Version: 16.7.30309 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{EF1AD9BC-8273-4B78-ACB6-A35DF4CE4447}) (Version: 16.7.30309 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{760FF3F5-A7F3-4079-92DD-9AEB0344D13E}) (Version: 16.7.30310 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{DA2B1838-3B2E-4220-8B2E-796F4624D463}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_vswebprotocolselectormsi (HKLM-x32\...\{178ED1EA-BAFA-489D-873D-F5FB72EA69B9}) (Version: 16.7.30309 - Microsoft Corporation) Hidden
vs_vswebprotocolselectormsires (HKLM-x32\...\{29892590-BC5E-41EB-A3F0-CF2C53B3AD57}) (Version: 16.7.30309 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Wargaming.net Game Center (HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\...\Wargaming.net Game Center) (Version: 20.7.0.2519 - Wargaming.net)
WebAdvisor od společnosti McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.167 - McAfee, LLC)
Winamp (HKLM-x32\...\Winamp) (Version: 5.8 - Winamp SA)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.70 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)
World of Tanks EU (2) (HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\...\WOT.EU.PRODUCTION(2)) (Version: - Wargaming.net)
World of Tanks EU (HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\...\WOT.EU.PRODUCTION) (Version: - Wargaming.net)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-10-24] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-10-24] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2015-03-11] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2019-03-27] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-10-24] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2019-03-27] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-03-17] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-10-24] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2015-03-11] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\system32\frapsv64.dll [105984 2015-09-05] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [94208 2015-09-05] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [VIDC.FMVC] => C:\Windows\SysWOW64\fmcodec.dll [77824 2008-08-18] (Fox Magic Software) [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) =============

2017-08-30 10:46 - 2016-03-07 20:25 - 000218112 _____ (Bullzip) [File not signed] C:\Program Files\Common Files\Bullzip\PDF Printer\Ports\BULLZIP\bzpdf.dll
2015-11-16 19:06 - 2015-06-15 09:00 - 000074752 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll
2020-07-13 14:55 - 2020-07-13 14:55 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll
2020-07-13 14:55 - 2020-07-13 14:55 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll
2020-07-13 14:55 - 2020-07-13 14:55 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll
2020-07-13 14:55 - 2020-07-13 14:55 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll
2020-07-13 14:55 - 2020-07-13 14:55 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll
2020-07-13 14:55 - 2020-07-13 14:55 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll
2020-07-13 14:55 - 2020-07-13 14:55 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll
2020-07-13 14:55 - 2020-07-13 14:55 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll
2020-07-13 14:55 - 2020-07-13 14:55 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll
2020-07-13 14:55 - 2020-07-13 14:55 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll
2020-07-13 14:55 - 2020-07-13 14:55 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll
2020-07-13 14:55 - 2020-07-13 14:55 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\ucrtbase.DLL
2020-07-13 14:55 - 2020-07-13 14:55 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\VCRUNTIME140.dll
2020-11-14 20:38 - 2020-11-14 20:38 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20111404\avast.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll
2020-11-14 20:38 - 2020-11-14 20:38 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20111404\avast.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll
2020-11-14 20:38 - 2020-11-14 20:38 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20111404\avast.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll
2020-11-14 20:38 - 2020-11-14 20:38 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20111404\avast.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll
2020-11-14 20:38 - 2020-11-14 20:38 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20111404\avast.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll
2020-11-14 20:38 - 2020-11-14 20:38 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20111404\avast.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll
2020-11-14 20:38 - 2020-11-14 20:38 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20111404\avast.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll
2020-11-14 20:38 - 2020-11-14 20:38 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20111404\avast.local_vc142.crt\api-ms-win-crt-environment-l1-1-0.dll
2020-11-14 20:38 - 2020-11-14 20:38 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20111404\avast.local_vc142.crt\api-ms-win-crt-filesystem-l1-1-0.dll
2020-11-14 20:38 - 2020-11-14 20:38 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20111404\avast.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll
2020-11-14 20:38 - 2020-11-14 20:38 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20111404\avast.local_vc142.crt\api-ms-win-crt-locale-l1-1-0.dll
2020-11-14 20:38 - 2020-11-14 20:38 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20111404\avast.local_vc142.crt\api-ms-win-crt-math-l1-1-0.dll
2020-11-14 20:38 - 2020-11-14 20:38 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20111404\avast.local_vc142.crt\api-ms-win-crt-multibyte-l1-1-0.dll
2020-11-14 20:38 - 2020-11-14 20:38 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20111404\avast.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll
2020-11-14 20:38 - 2020-11-14 20:38 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20111404\avast.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll
2020-11-14 20:38 - 2020-11-14 20:38 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20111404\avast.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll
2020-11-14 20:38 - 2020-11-14 20:38 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20111404\avast.local_vc142.crt\api-ms-win-crt-time-l1-1-0.dll
2020-11-14 20:38 - 2020-11-14 20:38 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20111404\avast.local_vc142.crt\api-ms-win-crt-utility-l1-1-0.dll
2020-11-14 20:38 - 2020-11-14 20:38 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20111404\avast.local_vc142.crt\MSVCP140.dll
2020-11-14 20:38 - 2020-11-14 20:38 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20111404\avast.local_vc142.crt\ucrtbase.DLL
2020-11-14 20:38 - 2020-11-14 20:38 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20111404\avast.local_vc142.crt\VCRUNTIME140.dll
2020-11-14 20:38 - 2020-11-14 20:38 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20111404\avast.local_vc142.crt\VCRUNTIME140_1.dll
2017-03-25 13:29 - 2017-03-25 13:29 - 000754352 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI.dll
2017-03-25 13:29 - 2017-03-25 13:29 - 000867968 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll
2017-03-25 13:30 - 2017-03-25 13:29 - 000339072 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\_nvstapisvr64.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\system32\nvapi64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nvcompiler.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nvcuda.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nvcuvid.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nvd3dumx.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nvdispco6437892.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nvdispgenco6437892.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nvfatbinaryLoader.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\NvFBC64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nvhdagenco6420103.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nvhdap64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\NvIFR64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nvinitx.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nvoglshim64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nvoglv64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nvopencl.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nvptxJitCompiler.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nvumdshimx.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nvwgf2umx.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\OpenCL.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\vulkaninfo-1-1-0-39-1.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\vulkaninfo.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\nvapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\nvcompiler.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\nvcuda.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\nvcuvid.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\nvd3dum.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\nvfatbinaryLoader.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\NvFBC.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\NvIFR.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\nvinit.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\nvoglshim32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\nvoglv32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\nvopencl.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\nvptxJitCompiler.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\nvStreaming.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\nvumdshim.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\nvwgf2um.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\OpenCL.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\vulkaninfo-1-1-0-39-1.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\vulkaninfo.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\nvhda64v.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\nvlddmkm.sys:$CmdTcID [130]
AlternateDataStreams: C:\ProgramData\TEMP:E369BDA7 [119]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 11) (Whitelisted) ==========

HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.kosmonautix.cz/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2212251401-2950746402-1092012157-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_261\bin\ssv.dll [2020-09-30] (Oracle America, Inc. -> Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2020-11-13] (McAfee, LLC -> McAfee, LLC)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_261\bin\jp2ssv.dll [2020-09-30] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Pomocná služba pro přihlášení k účtu Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2020-11-13] (McAfee, LLC -> McAfee, LLC)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\...\localhost -> localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Skype\Phone\
HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ku\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.2.255.1 - 10.2.255.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SolidWorks Nástroj pro stahování na pozadí.lnk => C:\Windows\pss\SolidWorks Nástroj pro stahování na pozadí.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Start GeekBuddy.lnk => C:\Windows\pss\Start GeekBuddy.lnk.CommonStartup
MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DAEMON Tools Lite Automount => "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
MSCONFIG\startupreg: Family Tree Builder Update => C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe
MSCONFIG\startupreg: ShadowPlay => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: Wargaming.net Game Center => "C:\ProgramData\Wargaming.net\GameCenter\wgc.exe" --background ''
MSCONFIG\startupreg: World of Tanks => "C:\Games\World_of_Tanks\WargamingGameUpdater.exe"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) C:\Windows\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) C:\Windows\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) C:\Windows\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{6C81DC09-4BB0-47D3-B8E4-A5FA19B2BA0D}C:\program files (x86)\dassault systemes\b20\intel_a\code\bin\cnext.exe] => (Allow) C:\program files (x86)\dassault systemes\b20\intel_a\code\bin\cnext.exe (Dassault Systemes) [File not signed]
FirewallRules: [UDP Query User{C3AF8705-7AC3-42F7-8A3B-FA19D903554C}C:\program files (x86)\dassault systemes\b20\intel_a\code\bin\cnext.exe] => (Allow) C:\program files (x86)\dassault systemes\b20\intel_a\code\bin\cnext.exe (Dassault Systemes) [File not signed]
FirewallRules: [TCP Query User{1D799C92-768E-4688-969B-91F249AED2C1}C:\users\ku\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\ku\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [UDP Query User{AF3CC367-58B7-4AD4-8FDE-E5E9454D4D22}C:\users\ku\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\ku\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{6EDD6782-F42B-4E90-BDD8-F1F42ADABD2B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{4BFB0EBF-8251-4827-A954-377F6D988407}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{07E42DE1-F622-49FC-9269-AEDA63047C4F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{A444965E-4F4D-42F5-B7DC-A4B5A442DE5B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{66CD8B47-F0FA-4172-8F18-E9FCB47B88CF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6C406EA8-F036-40F7-BD13-CA9528F4DDF2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{D575F950-F400-4951-A350-C44E82F8472C}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{8E151704-633D-4B4C-A048-E52F251A8F2A}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{DC0E2AD9-1CDA-4AEB-9001-B3ECD7A65396}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B2EA4188-5DA1-4B8A-9F8D-DA29283D60E5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{26C29BE8-05AE-4DD4-8E2C-1340074C06E9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{77272689-A777-4A7F-9F3E-62A426834D3A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{D730AA05-A1E6-4BA8-9074-0F1E0A1F2A98}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{46018A88-7FDA-4ABA-8984-7978B6F28225}] => (Allow) LPort=2869
FirewallRules: [{AF101DCF-8A82-4E2B-82CD-D182BE132227}] => (Allow) LPort=1900
FirewallRules: [{A5630B2C-E5F0-45D2-83BB-CF49493685B5}] => (Allow) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe (TeamSpeak Systems GmbH -> TeamSpeak Systems GmbH)
FirewallRules: [{46C1B184-DF8F-45D6-B9D9-BE2310142F04}] => (Allow) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe (TeamSpeak Systems GmbH -> TeamSpeak Systems GmbH)
FirewallRules: [{C8823303-3976-46B0-A670-35BE8AADF7F2}] => (Allow) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe (TeamSpeak Systems GmbH -> TeamSpeak Systems GmbH)
FirewallRules: [{FDEBED53-116B-450C-B5B4-FE15F6294920}] => (Allow) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe (TeamSpeak Systems GmbH -> TeamSpeak Systems GmbH)
FirewallRules: [{490F8879-765B-470D-8F36-98B932086DF6}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe (Free Time Co., Ltd. -> Free Time Co., Ltd.) [File not signed]
FirewallRules: [{81D0EA73-A7C6-467D-9792-9B8CE108904B}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe (Free Time Co., Ltd. -> Free Time Co., Ltd.)
FirewallRules: [{8AAA59A4-55D0-41D4-B5D2-1B32B9699C72}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe (Free Time Co., Ltd. -> Free Time Co., Ltd.) [File not signed]
FirewallRules: [{A556499F-C4C7-4352-B57E-A74FA8DE9C58}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe (Free Time Co., Ltd. -> Free Time Co., Ltd.)
FirewallRules: [{2072B291-AF1F-4764-9846-7220940FE46C}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Package\PTInstOnline.exe (Free Time Co., Ltd. -> Free Time)
FirewallRules: [TCP Query User{8C7021F8-FD1B-4821-A7B4-A493466ECB3C}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{D3DD3307-6E99-4F0A-B516-A1A517546B3D}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{995C7FFA-F36A-4AA7-A0E5-B0AE2740521F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{ABEB4066-D228-4C15-AB39-0D733D431E4E}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe (Free Time Co., Ltd. -> Free Time Co., Ltd.)
FirewallRules: [{5F246CAD-76DF-449A-BA87-2771701BA3E0}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe (Free Time Co., Ltd. -> Free Time Co., Ltd.) [File not signed]
FirewallRules: [TCP Query User{41789BC9-C35D-4525-B536-ABBEF7ED7AF0}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{D883EC65-9F63-4222-B861-8B8208774D8E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9BE26B3B-493B-478D-B50B-14E55E20DF3D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{347A6063-1DF6-4699-9D0B-1FA780618AAD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C65FB148-DB25-4C95-AA6A-83D5C975190F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C259A1DD-E590-4B1F-8280-38D6EE33C1F3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{43EF993E-8C6C-4600-85D4-8E8DA4CD100A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{D409C3FC-BD80-4F9A-8B07-6818396AFFB3}C:\users\ku\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\ku\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [UDP Query User{15F45F7B-925F-4EBE-8D18-D77F6E471F30}C:\users\ku\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\ku\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [TCP Query User{123640DC-25E6-4D32-A6D9-6C6B0B4B299B}C:\program files (x86)\smart view\smart view.exe] => (Allow) C:\program files (x86)\smart view\smart view.exe () [File not signed]
FirewallRules: [UDP Query User{66425B3A-F68B-46D1-8CD0-64E94886EDDE}C:\program files (x86)\smart view\smart view.exe] => (Allow) C:\program files (x86)\smart view\smart view.exe () [File not signed]
FirewallRules: [TCP Query User{E4990DE9-68E0-4A30-A56B-015F931F8520}C:\program files (x86)\smart view\smart view.exe] => (Allow) C:\program files (x86)\smart view\smart view.exe () [File not signed]
FirewallRules: [UDP Query User{0BF90029-3572-4D2E-8F98-B4B3C509859B}C:\program files (x86)\smart view\smart view.exe] => (Allow) C:\program files (x86)\smart view\smart view.exe () [File not signed]
FirewallRules: [TCP Query User{A7AE40CC-776C-44B5-BC15-3C89FC84218B}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{302EC845-E915-41A3-BF32-84AC86701B3D}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{E186FE1C-3C82-4BDA-A76E-2A6674CD7720}C:\program files (x86)\dassault systemes\b20\intel_a\code\bin\cnext.exe] => (Block) C:\program files (x86)\dassault systemes\b20\intel_a\code\bin\cnext.exe (Dassault Systemes) [File not signed]
FirewallRules: [UDP Query User{1C73EF79-3A34-4BAC-8632-702BB1D86186}C:\program files (x86)\dassault systemes\b20\intel_a\code\bin\cnext.exe] => (Block) C:\program files (x86)\dassault systemes\b20\intel_a\code\bin\cnext.exe (Dassault Systemes) [File not signed]
FirewallRules: [TCP Query User{62EDEF6B-0D65-43C4-A624-AFE292865B57}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{91031148-97A7-475B-9EE9-99364FAE423A}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{64C84D8F-A65E-4512-9EC3-DACFF475D3E5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{B97F1313-0C7C-4433-939F-01ECBA753D6E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{E74BA1CF-98E3-4C68-9017-16F5523AB894}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{5731865E-A066-4A00-A398-56D6A7616EDB}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{CE41FAC9-B0FD-4CA4-ACF5-94DABAB6581D}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{E18774E4-CAF4-4DCE-9309-4B1EEE899B93}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{169BF202-5837-418F-8CA8-92AD2CF9BBF0}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [TCP Query User{BDC57182-D728-430E-9D01-12994DACEDCD}C:\programdata\wargaming.net\gamecenter\dlls\wgc_renderer.exe] => (Block) C:\programdata\wargaming.net\gamecenter\dlls\wgc_renderer.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{9081A066-E711-423A-BC0C-DD885377406C}C:\programdata\wargaming.net\gamecenter\dlls\wgc_renderer.exe] => (Block) C:\programdata\wargaming.net\gamecenter\dlls\wgc_renderer.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [TCP Query User{08593755-7B0C-418F-B0CC-B2CCB3945A2D}D:\hry\starcraft ii\versions\base78285\sc2_x64.exe] => (Allow) D:\hry\starcraft ii\versions\base78285\sc2_x64.exe => No File
FirewallRules: [UDP Query User{E16FD9F4-222B-4599-9FE7-47DE3F73E254}D:\hry\starcraft ii\versions\base78285\sc2_x64.exe] => (Allow) D:\hry\starcraft ii\versions\base78285\sc2_x64.exe => No File
FirewallRules: [{BD100B31-4F16-47D4-A891-AA550AC72EFB}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Winamp SA -> Winamp SA)
FirewallRules: [{C4CECE67-052A-4A84-A62B-A80BFD0C3453}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Winamp SA -> Winamp SA)
FirewallRules: [TCP Query User{90EBCCB4-1C28-4734-9932-83BA9E211834}D:\hry\starcraft ii\versions\base81433\sc2_x64.exe] => (Allow) D:\hry\starcraft ii\versions\base81433\sc2_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [UDP Query User{0869CCC3-7E69-4606-A108-CD931C923485}D:\hry\starcraft ii\versions\base81433\sc2_x64.exe] => (Allow) D:\hry\starcraft ii\versions\base81433\sc2_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [TCP Query User{37C1E175-56CC-42ED-A13B-8A5077A1C2F3}D:\hry\world_of_tanks_eu\win64\worldoftanks.exe] => (Allow) D:\hry\world_of_tanks_eu\win64\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{CE4C0692-DD09-4A47-BECD-612990436570}D:\hry\world_of_tanks_eu\win64\worldoftanks.exe] => (Allow) D:\hry\world_of_tanks_eu\win64\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [TCP Query User{AA421953-A5B4-41AD-9A04-BA963D042320}C:\programdata\wargaming.net\gamecenter\dlls\wgc_renderer.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\dlls\wgc_renderer.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{5CF0D267-485F-4128-8D8C-F00F67A91D40}C:\programdata\wargaming.net\gamecenter\dlls\wgc_renderer.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\dlls\wgc_renderer.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{EC50B1B7-7A95-4E68-B17B-A6FA1DBE520B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{975B5842-2977-45AC-B578-9A217C0052CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{9BCC6B65-6905-4C2F-A99D-DDDFF524368A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )

==================== Restore Points =========================


==================== Faulty Device Manager Devices ============

Name: Teredo Tunneling Pseudo-Interface
Description: Adaptér tunelového režimu Microsoft Teredo
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (11/15/2020 09:56:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/14/2020 09:32:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/14/2020 07:28:26 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Vytvoření bodu obnovení se nezdařilo (Proces = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Popis = Naplánovaný kontrolní bod; Chyba = 0x80070422).

Error: (11/14/2020 02:43:19 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Vytvoření bodu obnovení se nezdařilo (Proces = C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\directx_installer\DXSETUP.exe Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\directx_installer\DXSETUP.exe" /silent; Popis = Nainstalováno rozhraní DirectX; Chyba = 0x80070422).

Error: (11/14/2020 12:37:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/14/2020 02:07:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/13/2020 07:53:22 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Vytvoření bodu obnovení se nezdařilo (Proces = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Popis = Naplánovaný kontrolní bod; Chyba = 0x80070422).

Error: (11/13/2020 04:44:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (11/15/2020 09:57:06 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Seskupování v sítích peer-to-peer závisí na službě Protokol PNRP (Peer Name Resolution Protocol), která neuspěla při spuštění v důsledku následující chyby:
%%-2140993535

Error: (11/15/2020 09:57:06 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Protokol PNRP (Peer Name Resolution Protocol) byla ukončena s následující chybou:
%%-2140993535

Error: (11/15/2020 09:57:06 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Seskupování v sítích peer-to-peer závisí na službě Protokol PNRP (Peer Name Resolution Protocol), která neuspěla při spuštění v důsledku následující chyby:
%%-2140993535

Error: (11/15/2020 09:57:06 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Protokol PNRP (Peer Name Resolution Protocol) byla ukončena s následující chybou:
%%-2140993535

Error: (11/15/2020 09:57:06 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: Protokol PNRP (Peer Name Resolution Protocol) nebylo možné spustit, protože se nezdařilo vytvoření nové identity. Kód chyby: 0x80630801.

Error: (11/15/2020 09:57:06 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: Protokol PNRP (Peer Name Resolution Protocol) nebylo možné spustit, protože se nezdařilo vytvoření nové identity. Kód chyby: 0x80630801.

Error: (11/15/2020 09:56:55 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Seskupování v sítích peer-to-peer závisí na službě Protokol PNRP (Peer Name Resolution Protocol), která neuspěla při spuštění v důsledku následující chyby:
%%-2140993535

Error: (11/15/2020 09:56:55 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Protokol PNRP (Peer Name Resolution Protocol) byla ukončena s následující chybou:
%%-2140993535


CodeIntegrity:
===================================

Date: 2017-07-17 22:08:10.906
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-07-17 22:08:10.875
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-07-17 21:40:59.609
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-07-17 21:40:59.570
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-07-17 21:29:12.210
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-07-17 21:29:12.173
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-07-17 21:21:38.204
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-07-17 21:21:38.167
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 1.L0 06/28/2018
Motherboard: MSI Z170A GAMING M7 (MS-7976)
Processor: Intel(R) Core(TM) i5-6600K CPU @ 3.50GHz
Percentage of memory in use: 35%
Total physical RAM: 16344.97 MB
Available physical RAM: 10483.58 MB
Total Virtual: 32688.12 MB
Available Virtual: 25986.63 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:241.8 GB) NTFS
Drive d: (My Disk) (Fixed) (Total:1397.26 GB) (Free:802.73 GB) NTFS
Drive j: (Red2) (Fixed) (Total:2794.39 GB) (Free:2393.08 GB) NTFS
Drive k: (Nový svazek) (Fixed) (Total:3725.9 GB) (Free:3721.14 GB) NTFS

\\?\Volume{b42749c3-7523-11ea-b2f4-806e6f6e6963}\ () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 2794.5 GB) (Disk ID: BE39594C)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 3726 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1397.3 GB) (Disk ID: B089A6FD)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=42)

==========================================================
Disk: 3 (Size: 465.8 GB) (Disk ID: FD237C35)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================
Nahoru
Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:
Kontaktovat uživatele Diallix

Re: Spyware, Keyloger nebo něco?

#7 Příspěvek od Diallix »

Do poznamkoveho bloku skopirujte obsah dole:

Kód: Vybrat vše

CloseProcesses:
CreateRestorePoint:

FirewallRules: [TCP Query User{08593755-7B0C-418F-B0CC-B2CCB3945A2D}D:\hry\starcraft ii\versions\base78285\sc2_x64.exe] => (Allow) D:\hry\starcraft ii\versions\base78285\sc2_x64.exe => No File
FirewallRules: [UDP Query User{E16FD9F4-222B-4599-9FE7-47DE3F73E254}D:\hry\starcraft ii\versions\base78285\sc2_x64.exe] => (Allow) D:\hry\starcraft ii\versions\base78285\sc2_x64.exe => No File
FirewallRules: [{46018A88-7FDA-4ABA-8984-7978B6F28225}] => (Allow) LPort=2869
FirewallRules: [{AF101DCF-8A82-4E2B-82CD-D182BE132227}] => (Allow) LPort=1900
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2212251401-2950746402-1092012157-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
AlternateDataStreams: C:\Windows\system32\nvapi64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nvcompiler.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nvcuda.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nvcuvid.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nvd3dumx.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nvdispco6437892.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nvdispgenco6437892.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nvfatbinaryLoader.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\NvFBC64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nvhdagenco6420103.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nvhdap64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\NvIFR64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nvinitx.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nvoglshim64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nvoglv64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nvopencl.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nvptxJitCompiler.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nvumdshimx.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nvwgf2umx.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\OpenCL.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\vulkaninfo-1-1-0-39-1.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\vulkaninfo.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\nvapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\nvcompiler.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\nvcuda.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\nvcuvid.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\nvd3dum.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\nvfatbinaryLoader.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\NvFBC.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\NvIFR.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\nvinit.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\nvoglshim32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\nvoglv32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\nvopencl.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\nvptxJitCompiler.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\nvStreaming.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\nvumdshim.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\nvwgf2um.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\OpenCL.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\vulkaninfo-1-1-0-39-1.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\vulkaninfo.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\nvhda64v.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\nvlddmkm.sys:$CmdTcID [130]
AlternateDataStreams: C:\ProgramData\TEMP:E369BDA7 [119]
S3 MSICDSetup; \??\D:\Drivers Files\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\Drivers Files\NTIOLib_X64.sys [X]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
Task: {4BADB7C8-879C-4AD3-82B0-4065E8F76591} - System32\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} => C:\ProgramData\cisD42F.exe <==== ATTENTION
Task: {AF9AB662-4285-4E84-AE27-ED5278A3D926} - System32\Tasks\{69CBF674-488A-4C6A-9333-7E5609E93A67} => C:\Windows\system32\pcalua.exe -a "V:\soft\CAD\SolidWorks\SolidWorks-2014\SolidWorks 2014\SW2014_sp0_x64_SSQ\setup.exe" -d "V:\soft\CAD\SolidWorks\SolidWorks-2014\SolidWorks 2014\SW2014_sp0_x64_SSQ"
Task: {F7EF0B15-E1F5-48D9-A211-D21C51DDAF10} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-01-10] (Google Inc -> Google Inc.)
Task: {F8CCFCB2-626F-413E-BBFF-5A1D592E974B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-01-10] (Google Inc -> Google Inc.)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\...\MountPoints2: E - E:\RunGame.exe
HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\...\MountPoints2: G - "G:\Diablo III Setup.exe"
HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\...\MountPoints2: H - H:\autorun\autorun.exe
HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\...\MountPoints2: {87815fb9-509d-11e9-b432-d8cb8a997724} - E:\RunGame.exe
HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\...\MountPoints2: {87815fc2-509d-11e9-b432-d8cb8a997724} - G:\RunGame.exe
HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\...\MountPoints2: {87815fc7-509d-11e9-b432-d8cb8a997724} - H:\RunGame.exe
HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\...\MountPoints2: {e409463e-9112-11e5-8f30-d8cb8a997724} - L:\setup.exe
HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\...\MountPoints2: {f1de4444-8d0b-11e5-bd0e-d8cb8a997724} - H:\autorun\autorun.exe
HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\...\MountPoints2: {f1de4468-8d0b-11e5-bd0e-d8cb8a997724} - G:\setup.exe
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [710776 2020-06-18] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\Run: [] => [X]

EmptyTemp:
Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Nahoru
kubikula421
Návštěvník
Návštěvník
Příspěvky: 64
Registrován: 02 dub 2007 22:49

Re: Spyware, Keyloger nebo něco?

#8 Příspěvek od kubikula421 »

Provedeno. Jak to vypadá teď?

Jde z logů vyčíst jestli jsem měl v počítači keyloger nebo něco podobného? Nevěřím, že bych se stal obětí pishingu.
Děkuji.


Fix result of Farbar Recovery Scan Tool (x64) Version: 15-11-2020
Ran by Ku (15-11-2020 16:13:27) Run:1
Running from D:\FRST
Loaded Profiles: Ku
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

FirewallRules: [TCP Query User{08593755-7B0C-418F-B0CC-B2CCB3945A2D}D:\hry\starcraft ii\versions\base78285\sc2_x64.exe] => (Allow) D:\hry\starcraft ii\versions\base78285\sc2_x64.exe => No File
FirewallRules: [UDP Query User{E16FD9F4-222B-4599-9FE7-47DE3F73E254}D:\hry\starcraft ii\versions\base78285\sc2_x64.exe] => (Allow) D:\hry\starcraft ii\versions\base78285\sc2_x64.exe => No File
FirewallRules: [{46018A88-7FDA-4ABA-8984-7978B6F28225}] => (Allow) LPort=2869
FirewallRules: [{AF101DCF-8A82-4E2B-82CD-D182BE132227}] => (Allow) LPort=1900
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2212251401-2950746402-1092012157-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
AlternateDataStreams: C:\Windows\system32\nvapi64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nvcompiler.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nvcuda.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nvcuvid.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nvd3dumx.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nvdispco6437892.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nvdispgenco6437892.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nvfatbinaryLoader.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\NvFBC64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nvhdagenco6420103.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nvhdap64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\NvIFR64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nvinitx.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nvoglshim64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nvoglv64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nvopencl.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nvptxJitCompiler.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nvumdshimx.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nvwgf2umx.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\OpenCL.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\vulkaninfo-1-1-0-39-1.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\vulkaninfo.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\nvapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\nvcompiler.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\nvcuda.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\nvcuvid.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\nvd3dum.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\nvfatbinaryLoader.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\NvFBC.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\NvIFR.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\nvinit.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\nvoglshim32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\nvoglv32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\nvopencl.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\nvptxJitCompiler.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\nvStreaming.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\nvumdshim.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\nvwgf2um.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\OpenCL.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\vulkaninfo-1-1-0-39-1.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\vulkaninfo.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\nvhda64v.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\nvlddmkm.sys:$CmdTcID [130]
AlternateDataStreams: C:\ProgramData\TEMP:E369BDA7 [119]
S3 MSICDSetup; \??\D:\Drivers Files\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\Drivers Files\NTIOLib_X64.sys [X]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
Task: {4BADB7C8-879C-4AD3-82B0-4065E8F76591} - System32\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} => C:\ProgramData\cisD42F.exe <==== ATTENTION
Task: {AF9AB662-4285-4E84-AE27-ED5278A3D926} - System32\Tasks\{69CBF674-488A-4C6A-9333-7E5609E93A67} => C:\Windows\system32\pcalua.exe -a "V:\soft\CAD\SolidWorks\SolidWorks-2014\SolidWorks 2014\SW2014_sp0_x64_SSQ\setup.exe" -d "V:\soft\CAD\SolidWorks\SolidWorks-2014\SolidWorks 2014\SW2014_sp0_x64_SSQ"
Task: {F7EF0B15-E1F5-48D9-A211-D21C51DDAF10} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-01-10] (Google Inc -> Google Inc.)
Task: {F8CCFCB2-626F-413E-BBFF-5A1D592E974B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-01-10] (Google Inc -> Google Inc.)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\...\MountPoints2: E - E:\RunGame.exe
HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\...\MountPoints2: G - "G:\Diablo III Setup.exe"
HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\...\MountPoints2: H - H:\autorun\autorun.exe
HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\...\MountPoints2: {87815fb9-509d-11e9-b432-d8cb8a997724} - E:\RunGame.exe
HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\...\MountPoints2: {87815fc2-509d-11e9-b432-d8cb8a997724} - G:\RunGame.exe
HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\...\MountPoints2: {87815fc7-509d-11e9-b432-d8cb8a997724} - H:\RunGame.exe
HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\...\MountPoints2: {e409463e-9112-11e5-8f30-d8cb8a997724} - L:\setup.exe
HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\...\MountPoints2: {f1de4444-8d0b-11e5-bd0e-d8cb8a997724} - H:\autorun\autorun.exe
HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\...\MountPoints2: {f1de4468-8d0b-11e5-bd0e-d8cb8a997724} - G:\setup.exe
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [710776 2020-06-18] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\Run: [] => [X]

EmptyTemp:
*****************

Processes closed successfully.
Error: (0) Failed to create a restore point.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{08593755-7B0C-418F-B0CC-B2CCB3945A2D}D:\hry\starcraft ii\versions\base78285\sc2_x64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{E16FD9F4-222B-4599-9FE7-47DE3F73E254}D:\hry\starcraft ii\versions\base78285\sc2_x64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{46018A88-7FDA-4ABA-8984-7978B6F28225}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AF101DCF-8A82-4E2B-82CD-D182BE132227}" => removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
"HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
C:\Windows\system32\nvapi64.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\nvcompiler.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\nvcuda.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\nvcuvid.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\nvd3dumx.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\nvdispco6437892.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\nvdispgenco6437892.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\nvfatbinaryLoader.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\NvFBC64.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\nvhdagenco6420103.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\nvhdap64.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\NvIFR64.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\nvinitx.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\nvoglshim64.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\nvoglv64.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\nvopencl.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\nvptxJitCompiler.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\nvumdshimx.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\nvwgf2umx.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\OpenCL.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\vulkaninfo-1-1-0-39-1.exe => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\vulkaninfo.exe => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\nvapi.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\nvcompiler.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\nvcuda.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\nvcuvid.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\nvd3dum.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\nvfatbinaryLoader.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\NvFBC.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\NvIFR.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\nvinit.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\nvoglshim32.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\nvoglv32.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\nvopencl.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\nvptxJitCompiler.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\nvStreaming.exe => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\nvumdshim.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\nvwgf2um.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\OpenCL.dll => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\vulkaninfo-1-1-0-39-1.exe => ":$CmdTcID" ADS removed successfully
C:\Windows\SysWOW64\vulkaninfo.exe => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\Drivers\nvhda64v.sys => ":$CmdTcID" ADS removed successfully
C:\Windows\system32\Drivers\nvlddmkm.sys => ":$CmdTcID" ADS removed successfully
C:\ProgramData\TEMP => ":E369BDA7" ADS removed successfully
HKLM\System\CurrentControlSet\Services\MSICDSetup => removed successfully
MSICDSetup => service removed successfully
HKLM\System\CurrentControlSet\Services\NTIOLib_1_0_C => removed successfully
NTIOLib_1_0_C => service removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4BADB7C8-879C-4AD3-82B0-4065E8F76591}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4BADB7C8-879C-4AD3-82B0-4065E8F76591}" => removed successfully
C:\Windows\System32\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AF9AB662-4285-4E84-AE27-ED5278A3D926}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF9AB662-4285-4E84-AE27-ED5278A3D926}" => removed successfully
C:\Windows\System32\Tasks\{69CBF674-488A-4C6A-9333-7E5609E93A67} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{69CBF674-488A-4C6A-9333-7E5609E93A67}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F7EF0B15-E1F5-48D9-A211-D21C51DDAF10}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F7EF0B15-E1F5-48D9-A211-D21C51DDAF10}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F8CCFCB2-626F-413E-BBFF-5A1D592E974B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8CCFCB2-626F-413E-BBFF-5A1D592E974B}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E => removed successfully
HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F => removed successfully
HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G => removed successfully
HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H => removed successfully
HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{87815fb9-509d-11e9-b432-d8cb8a997724} => removed successfully
HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{87815fc2-509d-11e9-b432-d8cb8a997724} => removed successfully
HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{87815fc7-509d-11e9-b432-d8cb8a997724} => removed successfully
HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e409463e-9112-11e5-8f30-d8cb8a997724} => removed successfully
HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1de4444-8d0b-11e5-bd0e-d8cb8a997724} => removed successfully
HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1de4468-8d0b-11e5-bd0e-d8cb8a997724} => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
"HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 114347269 B
Java, Flash, Steam htmlcache => 727016228 B
Windows/system/drivers => 3631176 B
Edge => 0 B
Chrome => 36957217 B
Firefox => 1167984420 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16802 B
systemprofile32 => 49988 B
LocalService => 49988 B
NetworkService => 49988 B
Ku => 6639455889 B

RecycleBin => 3581022 B
EmptyTemp: => 8.1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 16:15:40 ====
Nahoru
Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:
Kontaktovat uživatele Diallix

Re: Spyware, Keyloger nebo něco?

#9 Příspěvek od Diallix »

Poprosim o nove logy FRST + ADDITION.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Nahoru
kubikula421
Návštěvník
Návštěvník
Příspěvky: 64
Registrován: 02 dub 2007 22:49

Re: Spyware, Keyloger nebo něco?

#10 Příspěvek od kubikula421 »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-11-2020
Ran by Ku (administrator) on KU-PC (MSI MS-7976) (15-11-2020 16:33:15)
Running from D:\FRST
Loaded Profiles: Ku
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSISvc32.exe
() [File not signed] C:\Program Files\Nahimic\NahimicMSI\UserInterface\x64\NahimicMSISvc64.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <3>
(A-Volute -> ) C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIUILauncher.exe
(Big Angry Dog Ltd -> Big Angry Dog Ltd) C:\Program Files (x86)\DreamCalc DC5G\dreamcalc.exe
(Comodo Security Solutions, Inc. -> COMODO) C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe
(Comodo Security Solutions, Inc. -> COMODO) C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe
(Dassault Systemes) [File not signed] C:\Program Files (x86)\Dassault Systemes\B20\intel_a\code\bin\CATSysDemon.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <7>
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Rivet Networks) [File not signed] C:\Program Files\Killer Networking\Network Manager\KillerService.exe
(Rivet Networks) [File not signed] C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe
(Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
(Wargaming.net Limited -> Wargaming.net) C:\ProgramData\Wargaming.net\GameCenter\dlls\wgc_renderer.exe <3>
(Wargaming.net Limited -> Wargaming.net) C:\ProgramData\Wargaming.net\GameCenter\WargamingErrorMonitor.exe
(Wargaming.net Limited -> Wargaming.net) C:\ProgramData\Wargaming.net\GameCenter\wgc.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8484056 2015-06-12] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [NahimicMSIUILauncher] => C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIUILauncher.exe [532448 2015-06-18] (A-Volute -> )
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [109664 2020-10-24] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [296216 2015-06-15] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [3632848 2017-07-05] (Comodo Security Solutions, Inc. -> COMODO)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\...\Run: [DreamCalc DC5G] => C:\Program Files (x86)\DreamCalc DC5G\dreamcalc.exe [4476040 2017-03-15] (Big Angry Dog Ltd -> Big Angry Dog Ltd)
HKLM\...\Windows x64\Print Processors\hpzppWN7: C:\Windows\System32\spool\prtprocs\x64\hpzppWN7.dll [101376 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\Bullzip PDF Print Monitor: C:\Program Files\Common Files\Bullzip\PDF Printer\Ports\BULLZIP\bzpdf.dll [218112 2016-03-07] (Bullzip) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\86.0.4240.198\Installer\chrmstp.exe [2020-11-11] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2015-11-16]
ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks) [File not signed]
Startup: C:\Users\Ku\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lingea Update Center.lnk [2015-11-17]
ShortcutTarget: Lingea Update Center.lnk -> C:\Program Files (x86)\Common Files\Lingea Shared\luc.exe (Lingea s.r.o. -> Lingea)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {11706D02-6BB5-4D41-9111-9A5301BFB078} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [667856 2020-11-11] (Mozilla Corporation -> Mozilla Foundation)
Task: {16D9F178-6750-479F-A6AD-5668865A8E72} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [651200 2017-09-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1CF7A1AA-14B4-40BA-9C71-B604BA58C7D1} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [3047944 2020-10-12] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
Task: {2D82AE9D-114A-4E7C-A800-F488CF65F76E} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1741416 2020-09-19] (Avast Software s.r.o. -> Avast Software)
Task: {3C6E594B-CA71-4CE8-B419-398F6053708C} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [651200 2017-09-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3D5A9401-3241-43DD-935A-8773D1B5DD52} - System32\Tasks\NahimicMSIsvc32Run => C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIsvc32.exe [813568 2015-06-18] () [File not signed]
Task: {4501AEE2-9812-44C1-B0BA-4F25D544B9AB} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [1540544 2017-09-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {46D86316-7786-4A61-92B9-60F9478111BC} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4496488 2020-10-24] (Avast Software s.r.o. -> AVAST Software)
Task: {57D3192D-AB16-4D45-ACAA-C5810AFE3C2B} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-09-19] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {607AE904-E4B6-4A3A-A54C-D012F58E7BE8} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [722880 2017-09-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {718E0588-9FC6-4889-8724-1C69219DB118} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [947136 2017-09-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7263AADB-8C62-4582-97C2-A2E609D8F383} - System32\Tasks\NahimicMSIUILauncherRun => C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIUILauncher.exe [532448 2015-06-18] (A-Volute -> )
Task: {76D0E47F-E711-4AC3-A33E-A9D9E1298B61} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [436160 2017-09-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {83A0D5E6-6EB0-4D80-9F0D-5B406C9050A0} - System32\Tasks\{89A4BC6B-63CE-451E-88FD-15B2C7D82C2E} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\EA GAMES\Need for Speed Underground 2\EAUninstall.exe"
Task: {8D5973EB-70E6-4FF2-AFB9-50D9C367519E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1341008 2020-09-06] (Adobe Inc. -> Adobe Inc.)
Task: {91E32F54-B043-4989-9351-CF73FEF5222F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18227896 2020-03-19] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {95760064-96FC-4822-833A-3FF836060FA7} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [722880 2017-09-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {99FB7C65-F54E-444B-82D2-DFDB580BC486} - System32\Tasks\NahimicMSIsvc64Run => C:\Program Files\Nahimic\NahimicMSI\UserInterface\x64\NahimicMSIsvc64.exe [272384 2015-06-18] () [File not signed]
Task: {CBD59276-B34F-4EE3-A049-46EB81F7BCEF} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {D227A992-E5B3-4A7C-A30C-70EFB3098C76} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-03-19] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {F85F8F22-1CA0-486B-ADF8-4C6DF9868207} - System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe [65432 2020-09-30] (Microsoft Corporation -> Microsoft)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Tcpip\Parameters: [DhcpNameServer] 10.2.255.1 10.2.255.2
Tcpip\..\Interfaces\{424F1AE3-AA58-47DA-AEDC-9015472F8229}: [DhcpNameServer] 10.2.255.1 10.2.255.2
Tcpip\..\Interfaces\{CCB81BDC-62EB-4307-909D-0642C1B614E4}: [DhcpNameServer] 10.2.255.1 10.2.255.2

FireFox:
========
FF DefaultProfile: ow9upyt0.default-1589498915936
FF ProfilePath: C:\Users\Ku\AppData\Roaming\Mozilla\Firefox\Profiles\ow9upyt0.default-1589498915936 [2020-11-15]
FF Plugin: @java.com/DTPlugin,version=11.261.2 -> C:\Program Files\Java\jre1.8.0_261\bin\dtplugin\npDeployJava1.dll [2020-09-30] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.261.2 -> C:\Program Files\Java\jre1.8.0_261\bin\plugin2\npjp2.dll [2020-09-30] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-03-25] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-03-25] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-10-22] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Ku\AppData\Local\Google\Chrome\User Data\Default [2020-11-15]
CHR Extension: (Prezentace) - C:\Users\Ku\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-10]
CHR Extension: (Dokumenty) - C:\Users\Ku\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-10]
CHR Extension: (Disk Google) - C:\Users\Ku\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-10]
CHR Extension: (YouTube) - C:\Users\Ku\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-10]
CHR Extension: (Tabulky) - C:\Users\Ku\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-10]
CHR Extension: (Avira Browser Safety) - C:\Users\Ku\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2020-06-12]
CHR Extension: (Dokumenty Google offline) - C:\Users\Ku\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-06-12]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Ku\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-01-09]
CHR Extension: (Gmail) - C:\Users\Ku\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-01-09]
CHR Extension: (Chrome Media Router) - C:\Users\Ku\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-06-12]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169544 2020-09-06] (Adobe Inc. -> Adobe Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [8450976 2020-10-24] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [360408 2020-10-24] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [2748520 2020-10-24] (Avast Software s.r.o. -> AVAST Software)
R2 BBDemon; C:\Program Files (x86)\Dassault Systemes\B20\intel_a\code\bin\CATSysDemon.exe [36864 2009-09-26] (Dassault Systemes) [File not signed]
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4131944 2019-03-27] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 ElfoService; C:\Program Files (x86)\ElsterFormular Update Service\bin\elfoService.exe [1113864 2020-07-27] (Bayerisches Landesamt fuer Steuern -> )
R2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [133840 2017-07-05] (Comodo Security Solutions, Inc. -> COMODO)
R2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [413696 2015-07-07] (Rivet Networks) [File not signed]
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [956760 2020-11-13] (McAfee, LLC -> McAfee, LLC)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2017-03-18] (SolidWorks) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-05-19] (Microsoft Windows -> Microsoft Corporation)
R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2292480 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin"

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37152 2020-10-24] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [206408 2020-10-24] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [236112 2020-10-24] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [195664 2020-10-24] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [60496 2020-10-24] (Avast Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42784 2020-10-24] (Avast Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [175720 2020-10-24] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [518664 2020-10-24] (Avast Software s.r.o. -> AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [38152 2020-04-20] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [109280 2020-10-24] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84856 2020-10-24] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [851608 2020-10-24] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [470912 2020-10-24] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [217336 2020-10-24] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [326928 2020-10-24] (Avast Software s.r.o. -> AVAST Software)
S3 athur; C:\Windows\System32\DRIVERS\athurx.sys [1847296 2010-01-05] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [117808 2015-06-22] (Rivet Networks LLC -> Rivet Networks, LLC.)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [42256 2019-03-27] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [59360 2019-03-27] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R1 isedrv; C:\Windows\system32\drivers\isedrv.sys [50856 2017-07-05] (Comodo Security Solutions, Inc. -> COMODO)
R1 LUMDriver; C:\Windows\system32\drivers\LUMDriver.sys [24848 2008-01-02] (IBM Polska Sp. z o.o. -> IBM)
R0 secnvme; C:\Windows\System32\DRIVERS\secnvme.sys [90648 2020-01-20] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd)
R0 secnvmeF; C:\Windows\System32\DRIVERS\secnvmeF.sys [30456 2020-01-20] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [393880 2019-03-27] (Disc Soft Ltd -> Duplex Secure Ltd.)
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [121824 2016-07-12] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [195424 2016-07-12] (Oracle Corporation -> Oracle Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-11-15 16:09 - 2020-11-15 16:09 - 000000000 _____ C:\Users\Ku\Downloads\FRST64.exe
2020-11-15 16:08 - 2020-11-15 16:03 - 000006761 _____ C:\Users\Ku\Downloads\fixlist.txt
2020-11-15 16:05 - 2020-11-15 16:05 - 000000000 ___HD C:\$AV_ASW
2020-11-15 16:05 - 2020-11-15 16:05 - 000000000 ____D C:\Users\Ku\Desktop\FRST-OlderVersion
2020-11-15 16:03 - 2020-11-15 16:03 - 000006761 _____ C:\Users\Ku\Desktop\fixlist.txt
2020-11-15 16:02 - 2020-11-15 16:02 - 000000000 _____ C:\Users\Ku\Desktop\Nový textový dokument (13).txt
2020-11-15 14:55 - 2020-11-15 14:55 - 000000143 _____ C:\Users\Ku\Desktop\Nový textový dokument (12).txt
2020-11-15 10:45 - 2020-11-15 10:45 - 000061010 _____ C:\Users\Ku\Downloads\Addition.txt
2020-11-15 10:44 - 2020-11-15 16:33 - 000000000 ____D C:\FRST
2020-11-15 10:44 - 2020-11-15 10:45 - 000037931 _____ C:\Users\Ku\Downloads\FRST.txt
2020-11-14 21:29 - 2020-11-14 21:32 - 000000674 _____ C:\Users\Ku\Desktop\Nový textový dokument (11).txt
2020-11-14 21:25 - 2020-11-14 21:26 - 008447152 _____ (Malwarebytes) C:\Users\Ku\Downloads\adwcleaner_8.0.8.exe
2020-11-14 14:25 - 2020-11-14 14:25 - 000000219 _____ C:\Users\Ku\Desktop\Counter-Strike Global Offensive.url
2020-11-14 02:42 - 2020-11-14 02:42 - 001222144 _____ C:\Users\Ku\Downloads\RSITx64.exe
2020-11-13 18:02 - 2020-11-13 18:24 - 000000000 ____D C:\ProgramData\tmp
2020-11-13 18:02 - 2020-11-13 18:02 - 000001094 _____ C:\Users\Public\Desktop\CEWE FOTOLAB fotosvet.lnk
2020-11-13 18:02 - 2020-11-13 18:02 - 000001094 _____ C:\ProgramData\Desktop\CEWE FOTOLAB fotosvet.lnk
2020-11-13 18:02 - 2020-11-13 18:02 - 000001074 _____ C:\Users\Public\Desktop\CEWE fotoimporter.lnk
2020-11-13 18:02 - 2020-11-13 18:02 - 000001074 _____ C:\ProgramData\Desktop\CEWE fotoimporter.lnk
2020-11-13 18:02 - 2020-11-13 18:02 - 000001064 _____ C:\Users\Public\Desktop\CEWE prezentace.lnk
2020-11-13 18:02 - 2020-11-13 18:02 - 000001064 _____ C:\ProgramData\Desktop\CEWE prezentace.lnk
2020-11-13 18:02 - 2020-11-13 18:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CEWE FOTOLAB fotosvet
2020-11-13 18:02 - 2020-11-13 18:02 - 000000000 ____D C:\ProgramData\hps
2020-11-13 17:59 - 2020-11-13 17:59 - 000000000 ____D C:\Program Files\Fotolab
2020-11-13 17:58 - 2020-11-13 17:58 - 001673864 _____ C:\Users\Ku\Desktop\setup_CEWE_FOTOLAB_fotosvet.exe
2020-11-13 17:47 - 2020-11-13 18:11 - 000000000 ____D C:\Users\Ku\Desktop\fotky 2020
2020-11-11 15:55 - 2020-11-11 15:55 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2020-11-10 10:09 - 2020-11-10 10:09 - 000009798 _____ C:\Users\Ku\Desktop\Nový List aplikace Microsoft Office Excel (2).xlsx
2020-11-10 10:09 - 2020-11-10 10:09 - 000000165 ____H C:\Users\Ku\Desktop\~$Nový List aplikace Microsoft Office Excel (2).xlsx
2020-11-09 15:32 - 2020-11-13 09:20 - 000000000 ____D C:\Users\Ku\Desktop\Mluvnik
2020-11-04 21:31 - 2020-11-04 21:31 - 006516640 _____ (Wargaming.net ) C:\Users\Ku\Downloads\world_of_tanks_install_eu_c6urikdyeimn.exe
2020-11-01 17:26 - 2020-11-01 17:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician
2020-11-01 13:29 - 2020-11-01 13:30 - 000000082 _____ C:\Users\Ku\Desktop\Nový textový dokument (10).txt
2020-10-30 16:12 - 2020-11-02 21:29 - 000000484 _____ C:\Users\Ku\Desktop\odkazy.txt
2020-10-28 16:56 - 2020-11-12 12:47 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2020-10-27 18:34 - 2020-10-27 18:36 - 026942421 _____ C:\Users\Ku\Downloads\HUDEBNI TEORIE a noty housle.zip
2020-10-24 11:33 - 2020-10-24 11:33 - 000339552 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2020-10-24 11:33 - 2020-10-24 11:33 - 000217336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2020-10-24 11:33 - 2020-10-24 11:33 - 000175720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2020-10-23 09:22 - 2020-10-23 09:22 - 000000000 _____ C:\Users\Ku\Desktop\Nový textový dokument (8).txt
2020-10-16 20:10 - 2020-11-10 14:04 - 000000100 _____ C:\Users\Ku\Desktop\gmail.txt

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-11-15 16:28 - 2016-11-18 22:07 - 000000000 ____D C:\Users\Ku\AppData\LocalLow\Mozilla
2020-11-15 16:26 - 2019-01-08 21:05 - 000000000 ____D C:\ProgramData\AVAST Software
2020-11-15 16:24 - 2009-07-14 05:45 - 000032480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-11-15 16:24 - 2009-07-14 05:45 - 000032480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-11-15 16:22 - 2011-04-12 09:34 - 000807980 _____ C:\Windows\system32\perfh005.dat
2020-11-15 16:22 - 2011-04-12 09:34 - 000187564 _____ C:\Windows\system32\perfc005.dat
2020-11-15 16:22 - 2009-07-14 06:13 - 001769414 _____ C:\Windows\system32\PerfStringBackup.INI
2020-11-15 16:22 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2020-11-15 16:18 - 2015-11-16 19:56 - 000000000 ____D C:\ProgramData\NVIDIA
2020-11-15 16:16 - 2020-04-06 13:49 - 000000000 ____D C:\ProgramData\TEMP
2020-11-15 16:16 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-11-15 16:11 - 2009-07-14 06:08 - 000032596 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2020-11-15 10:59 - 2016-02-11 19:00 - 000000000 ____D C:\Program Files (x86)\Steam
2020-11-15 10:39 - 2020-04-02 20:18 - 000003260 _____ C:\Windows\system32\Tasks\SamsungMagician
2020-11-15 10:39 - 2020-03-28 14:26 - 000003138 _____ C:\Windows\system32\Tasks\{89A4BC6B-63CE-451E-88FD-15B2C7D82C2E}
2020-11-15 10:39 - 2019-02-06 20:44 - 000004128 _____ C:\Windows\system32\Tasks\CCleaner Update
2020-11-15 10:39 - 2019-02-06 20:44 - 000002796 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC
2020-11-15 10:39 - 2019-01-08 21:07 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
2020-11-15 10:39 - 2017-09-23 11:23 - 000003814 _____ C:\Windows\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-11-15 10:39 - 2017-03-25 13:04 - 000004146 _____ C:\Windows\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-11-15 10:39 - 2017-03-25 13:04 - 000003852 _____ C:\Windows\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-11-15 10:39 - 2017-03-25 13:03 - 000003738 _____ C:\Windows\system32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-11-15 10:39 - 2017-03-25 13:03 - 000003738 _____ C:\Windows\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-11-15 10:39 - 2017-03-25 13:03 - 000003730 _____ C:\Windows\system32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-11-15 10:39 - 2017-03-25 13:03 - 000003554 _____ C:\Windows\system32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-11-15 10:39 - 2017-03-25 13:03 - 000003494 _____ C:\Windows\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-11-15 10:39 - 2015-11-17 13:44 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2020-11-15 10:39 - 2015-11-16 19:13 - 000003138 _____ C:\Windows\system32\Tasks\NahimicMSIsvc64Run
2020-11-15 10:39 - 2015-11-16 19:13 - 000003130 _____ C:\Windows\system32\Tasks\NahimicMSIsvc32Run
2020-11-15 10:39 - 2015-11-16 19:08 - 000003140 _____ C:\Windows\system32\Tasks\NahimicMSIUILauncherRun
2020-11-15 10:39 - 2015-11-16 00:24 - 000003524 _____ C:\Windows\system32\Tasks\CreateChoiceProcessTask
2020-11-14 21:30 - 2015-11-17 12:38 - 000000000 ____D C:\Users\Ku\Documents\Lexicon
2020-11-14 21:27 - 2016-02-14 12:05 - 000000000 ____D C:\AdwCleaner
2020-11-14 14:25 - 2016-02-11 19:31 - 000000000 ____D C:\Users\Ku\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2020-11-14 02:42 - 2016-02-14 12:41 - 000000000 ____D C:\Program Files\trend micro
2020-11-14 02:37 - 2019-01-08 21:07 - 000000000 ____D C:\Users\Ku\AppData\Local\AVAST Software
2020-11-14 02:17 - 2016-08-12 23:04 - 000000000 ____D C:\Users\Ku\.VirtualBox
2020-11-12 12:47 - 2015-11-16 20:39 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-11-11 21:50 - 2018-01-10 23:48 - 000002234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-11-11 21:50 - 2018-01-10 23:48 - 000002193 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-11-11 21:50 - 2018-01-10 23:48 - 000002193 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-11-11 16:00 - 2015-11-17 11:30 - 000208932 _____ C:\Users\Ku\Desktop\platby.xlsx
2020-11-10 22:04 - 2016-07-27 13:30 - 000000000 ____D C:\Users\Ku\AppData\Local\CrashDumps
2020-11-10 21:36 - 2019-01-08 21:07 - 000004168 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2020-11-04 15:03 - 2018-09-22 12:54 - 000002069 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-11-01 17:26 - 2020-04-02 20:18 - 000001234 _____ C:\Users\Public\Desktop\Samsung Magician.lnk
2020-11-01 17:26 - 2020-04-02 20:18 - 000001234 _____ C:\ProgramData\Desktop\Samsung Magician.lnk
2020-11-01 17:26 - 2015-11-16 00:25 - 000001409 _____ C:\Users\Ku\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2020-11-01 12:08 - 2016-02-20 19:37 - 000000000 ____D C:\Users\Ku\AppData\Roaming\uTorrent
2020-10-30 16:06 - 2020-09-27 22:50 - 000043514 _____ C:\Users\Ku\Desktop\Nový textový dokument (8).html
2020-10-24 11:33 - 2020-04-20 18:37 - 000518664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetHub.sys
2020-10-24 11:33 - 2019-01-15 05:52 - 000236112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2020-10-24 11:33 - 2019-01-08 21:06 - 000851608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2020-10-24 11:33 - 2019-01-08 21:06 - 000470912 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2020-10-24 11:33 - 2019-01-08 21:06 - 000326928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2020-10-24 11:33 - 2019-01-08 21:06 - 000206408 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2020-10-24 11:33 - 2019-01-08 21:06 - 000195664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2020-10-24 11:33 - 2019-01-08 21:06 - 000109280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2020-10-24 11:33 - 2019-01-08 21:06 - 000084856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2020-10-24 11:33 - 2019-01-08 21:06 - 000060496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2020-10-24 11:33 - 2019-01-08 21:06 - 000042784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2020-10-24 11:33 - 2019-01-08 21:06 - 000037152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2020-10-23 09:17 - 2020-04-02 19:49 - 000000000 ____D C:\Users\Ku\Desktop\fleska
2020-10-20 07:34 - 2015-11-19 19:53 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2020-10-20 07:34 - 2015-11-19 19:53 - 000000000 ____D C:\Windows\system32\Macromed

==================== Files in the root of some directories ========

2020-04-06 13:50 - 2020-04-06 15:46 - 000001925 _____ () C:\Users\Ku\AppData\Roaming\DreamCalc DC5G.dat
2018-09-15 11:43 - 2018-09-15 11:43 - 000003584 _____ () C:\Users\Ku\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-02-25 12:46 - 2016-02-25 12:46 - 000000000 _____ () C:\Users\Ku\AppData\Local\Driver_LOM_8171Present.flag
2017-10-03 11:30 - 2017-10-03 11:30 - 000007887 _____ () C:\Users\Ku\AppData\Local\recently-used.xbel

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-11-13 07:46
==================== End of FRST.txt ========================
Nahoru
kubikula421
Návštěvník
Návštěvník
Příspěvky: 64
Registrován: 02 dub 2007 22:49

Re: Spyware, Keyloger nebo něco?

#11 Příspěvek od kubikula421 »

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-11-2020
Ran by Ku (15-11-2020 16:34:03)
Running from D:\FRST
Windows 7 Professional Service Pack 1 (X64) (2015-11-15 23:24:44)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2212251401-2950746402-1092012157-500 - Administrator - Disabled)
Guest (S-1-5-21-2212251401-2950746402-1092012157-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2212251401-2950746402-1092012157-1003 - Limited - Enabled)
Ku (S-1-5-21-2212251401-2950746402-1092012157-1000 - Administrator - Enabled) => C:\Users\Ku

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {5078598A-1FA2-C888-AA5F-A9C66537DB12}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1.25534 - emc, uTorrent.CZ)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 20.013.20064 - Adobe Systems Incorporated)
Aktualizace NVIDIA 28.0.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 28.0.0.0 - NVIDIA Corporation) Hidden
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 378.92 - NVIDIA Corporation) Hidden
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.23.0 - Asmedia Technology)
aTube Catcher verze 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
AudioFXSetup (HKLM\...\{7FE496DB-01A3-4A73-A629-E7F0BB3ABA95}) (Version: 1.2.101 - Nahimic) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 20.8.2432 - Avast Software)
Blizzard App (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bullzip PDF Printer 10.24.0.2543 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.24.0.2543 - Bullzip)
Call of Duty Modern Warfare (HKLM-x32\...\Call of Duty Modern Warfare) (Version: - Blizzard Entertainment)
CCleaner (HKLM\...\CCleaner) (Version: 5.65 - Piriform)
CEWE FOTOLAB fotosvet (HKLM-x32\...\CEWE FOTOLAB fotosvet) (Version: 7.0.3 - CEWE Stiftung u Co. KGaA)
Cyklotrasy 2.32 (HKLM-x32\...\Cyklotrasy 2.32) (Version: - )
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.10.0.0797 - Disc Soft Ltd)
Dassault Systemes Software B20 (HKLM\...\Dassault Systemes B20_0) (Version: - )
Dassault Systemes Software Prerequisites x86-x64 (HKLM\...\{CF1EB598-B424-436A-B15F-B763846BA970}) (Version: 8.1.3 - Dassault Systemes)
Data Lifeguard Diagnostic version 1.36 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation)
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Discord (HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\...\Discord) (Version: 0.0.305 - Discord Inc.)
Domácí učitel němčiny 2 (odstranění) (HKLM-x32\...\DUN2) (Version: - )
Doplněk Microsoft Save as PDF or XPS pro aplikace sady Microsoft Office 2007 (HKLM-x32\...\{90120000-00B2-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation)
DreamCalc DCG5.0.4 (Graphing Edition) (HKLM-x32\...\DreamCalcDC5G_is1) (Version: DCG5.0.4 - Big Angry Dog Ltd)
ElsterFormular (HKLM-x32\...\{C75F51E9-3DDE-42EC-9D00-97E7C4F9CEF8}) (Version: 21.3 - Thüringer Landesfinanzdirektion)
Fallout 2 (HKLM-x32\...\Fallout 2) (Version: - )
FormatFactory 4.1.0.0 (HKLM-x32\...\FormatFactory) (Version: 4.1.0.0 - Free Time)
Fotogalerie (HKLM-x32\...\{F37D360D-9308-4BB1-8515-DC6B637B9486}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
GIMP 2.8.22 (HKLM\...\GIMP-2_is1) (Version: 2.8.22 - The GIMP Team)
Google Earth Pro (HKLM\...\{FB8010D4-05F4-420D-8DFC-2F911A6DD100}) (Version: 7.3.3.7786 - Google)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 86.0.4240.198 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.31 - Google LLC) Hidden
HD Tune Pro 5.70 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software)
CheckDevicesConfigurator (HKLM\...\{CCBC0A4A-0F73-435D-A6A6-029C5A159B4E}) (Version: 1.2.101 - Nahimic) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 4.0.0.36 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{98f335cd-0a32-4b3f-b74c-ef9480e834f0}) (Version: 10.0.27 - Intel(R) Corporation) Hidden
Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.2.422025.92 - Comodo)
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.42 - Irfan Skiljan)
Java 8 Update 261 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180261F0}) (Version: 8.0.2610.12 - Oracle Corporation)
Killer Bandwidth Control Filter Driver (HKLM\...\{4604F4AF-8588-4E17-9FC9-3AC730A24EFB}) (Version: 1.1.54.1095 - Rivet Networks) Hidden
Killer E240x Drivers (HKLM\...\{B1A8F37B-E363-416C-BA58-F2C1E3100E04}) (Version: 1.1.54.1095 - Rivet Networks) Hidden
Killer Network Manager (HKLM\...\{D53C1985-5ABF-4AE6-B2AB-F1F326829173}) (Version: 1.1.54.1095 - Rivet Networks) Hidden
Killer Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.54.1095 - Rivet Networks)
LauncherSetup (HKLM\...\{DC0808E8-8034-4EF8-9D66-F8D9E7A836C4}) (Version: 1.2.101 - Nahimic) Hidden
Lingea Lexicon 5 (HKLM-x32\...\Lexicon5) (Version: - )
Microsoft .NET Framework 4.8 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{A1C962E2-2426-49C6-A38B-9A07E40D607C}) (Version: 3.2.217.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 2.7.3066.826 - Microsoft Corporation)
MKVToolNix 25.0.0 (64-bit) (HKLM-x32\...\MKVToolNix) (Version: 25.0.0 - Moritz Bunkus)
Movie Maker (HKLM-x32\...\{3D2CF65C-B544-4308-B996-700D3E5F6C4C}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 82.0.3 (x64 cs) (HKLM\...\Mozilla Firefox 82.0.3 (x64 cs)) (Version: 82.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 82.0.3.7617 - Mozilla)
MSI Afterburner 4.1.1 (HKLM-x32\...\Afterburner) (Version: 4.1.1 - MSI Co., LTD)
MyHeritage Family Tree Builder (HKLM-x32\...\Family Tree Builder) (Version: 8.0.0.8463 - MyHeritage.com)
Nahimic for MSI (HKLM-x32\...\{5bb2e2ff-ac88-46bf-8220-36fb66134c12}) (Version: 1.2.1 - Nahimic)
NahimicSettingsConfigurator (HKLM\...\{894323EE-7C53-4035-99D6-823C5C9EF207}) (Version: 1.2.101 - Nahimic) Hidden
NVIDIA GeForce Experience 3.9.0.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.9.0.97 - NVIDIA Corporation)
NVIDIA Ovladač 3D Vision 378.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.92 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.34.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.23 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 378.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.92 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Oracle VM VirtualBox 5.1.0 (HKLM\...\{0C801AA7-A02E-4DCF-BD09-0EACB11D9863}) (Version: 5.1.0 - Oracle Corporation)
Ovládací panel NVIDIA 378.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 378.92 - NVIDIA Corporation) Hidden
PotPlayer-64 bit (HKLM\...\PotPlayer64) (Version: - Kakao Corp.)
ProductDaemonSetup (HKLM\...\{99BE7D86-070E-42B5-BC73-8CBED385994D}) (Version: 1.2.101 - Nahimic) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7534 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Samsung Data Migration (HKLM-x32\...\{3B304604-0BF5-488E-AB95-F2F2E31206F3}) (Version: 3.1 - Samsung)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 6.2.1.260 - Samsung Electronics)
Samsung NVM Express Driver (HKLM-x32\...\{ff94c273-58d5-40b5-b03a-9bd41d5cff1e}) (Version: 3.3.0.2003 - Samsung Electronics)
Samsung NVM Express Driver 3.3.0.2003 (HKLM\...\{89D55DD5-FE94-497B-B5E5-91915D52DBF2}) (Version: 3.3.0.2003 - Samsung Electronics Co., Ltd) Hidden
SeaTools for Windows 1.4.0.4 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.4 - Seagate Technology)
Skype™ 7.41 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.41.101 - Skype Technologies S.A.)
Smart View (HKLM-x32\...\{1800D8A5-F7B2-4C20-868E-1CF55CBBDF21}) (Version: 1.0.0.0 - Samsung )
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.4 - TeamSpeak Systems GmbH)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.52a - Ghisler Software GmbH)
TP-LINK Wireless Client Utility (HKLM-x32\...\{3BD98AAF-61B5-46E0-A6C8-593C242C7C48}) (Version: 7.0 - TP-LINK)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 30.0 - Ubisoft)
VBA (3821b) (HKLM-x32\...\{BD8A0C60-1AEB-11D6-B8E1-00025521AE60}) (Version: 6.01.00.1234 - Microsoft Corporation) Hidden
Visual Studio Enterprise 2019 (HKLM-x32\...\8eb94ba6) (Version: 16.7.30523.141 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
vs_filehandler_amd64 (HKLM-x32\...\{804E218D-A59D-48B9-AD2A-13BF6F1C9DA0}) (Version: 16.7.30309 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{3A735826-F946-4348-8DE2-0B9FF750F77D}) (Version: 16.7.30309 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{EF1AD9BC-8273-4B78-ACB6-A35DF4CE4447}) (Version: 16.7.30309 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{760FF3F5-A7F3-4079-92DD-9AEB0344D13E}) (Version: 16.7.30310 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{DA2B1838-3B2E-4220-8B2E-796F4624D463}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_vswebprotocolselectormsi (HKLM-x32\...\{178ED1EA-BAFA-489D-873D-F5FB72EA69B9}) (Version: 16.7.30309 - Microsoft Corporation) Hidden
vs_vswebprotocolselectormsires (HKLM-x32\...\{29892590-BC5E-41EB-A3F0-CF2C53B3AD57}) (Version: 16.7.30309 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Wargaming.net Game Center (HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\...\Wargaming.net Game Center) (Version: 20.7.0.2519 - Wargaming.net)
WebAdvisor od společnosti McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.167 - McAfee, LLC)
Winamp (HKLM-x32\...\Winamp) (Version: 5.8 - Winamp SA)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.70 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)
World of Tanks EU (2) (HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\...\WOT.EU.PRODUCTION(2)) (Version: - Wargaming.net)
World of Tanks EU (HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\...\WOT.EU.PRODUCTION) (Version: - Wargaming.net)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-10-24] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-10-24] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2015-03-11] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2019-03-27] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-10-24] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2019-03-27] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-03-17] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-10-24] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2015-03-11] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\system32\frapsv64.dll [105984 2015-09-05] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [94208 2015-09-05] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [VIDC.FMVC] => C:\Windows\SysWOW64\fmcodec.dll [77824 2008-08-18] (Fox Magic Software) [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) =============

2017-08-30 10:46 - 2016-03-07 20:25 - 000218112 _____ (Bullzip) [File not signed] C:\Program Files\Common Files\Bullzip\PDF Printer\Ports\BULLZIP\bzpdf.dll
2015-11-16 19:06 - 2015-06-15 09:00 - 000074752 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll
2020-07-13 14:55 - 2020-07-13 14:55 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll
2020-07-13 14:55 - 2020-07-13 14:55 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll
2020-07-13 14:55 - 2020-07-13 14:55 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll
2020-07-13 14:55 - 2020-07-13 14:55 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll
2020-07-13 14:55 - 2020-07-13 14:55 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll
2020-07-13 14:55 - 2020-07-13 14:55 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll
2020-07-13 14:55 - 2020-07-13 14:55 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll
2020-07-13 14:55 - 2020-07-13 14:55 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll
2020-07-13 14:55 - 2020-07-13 14:55 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll
2020-07-13 14:55 - 2020-07-13 14:55 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll
2020-07-13 14:55 - 2020-07-13 14:55 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll
2020-07-13 14:55 - 2020-07-13 14:55 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\ucrtbase.DLL
2020-07-13 14:55 - 2020-07-13 14:55 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\1029\avast.local_vc142.crt\VCRUNTIME140.dll
2020-11-15 16:12 - 2020-11-15 16:12 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20111502\avast.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll
2020-11-15 16:12 - 2020-11-15 16:12 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20111502\avast.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll
2020-11-15 16:12 - 2020-11-15 16:12 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20111502\avast.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll
2020-11-15 16:12 - 2020-11-15 16:12 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20111502\avast.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll
2020-11-15 16:12 - 2020-11-15 16:12 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20111502\avast.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll
2020-11-15 16:12 - 2020-11-15 16:12 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20111502\avast.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll
2020-11-15 16:12 - 2020-11-15 16:12 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20111502\avast.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll
2020-11-15 16:12 - 2020-11-15 16:12 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20111502\avast.local_vc142.crt\api-ms-win-crt-environment-l1-1-0.dll
2020-11-15 16:12 - 2020-11-15 16:12 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20111502\avast.local_vc142.crt\api-ms-win-crt-filesystem-l1-1-0.dll
2020-11-15 16:12 - 2020-11-15 16:12 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20111502\avast.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll
2020-11-15 16:12 - 2020-11-15 16:12 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20111502\avast.local_vc142.crt\api-ms-win-crt-locale-l1-1-0.dll
2020-11-15 16:12 - 2020-11-15 16:12 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20111502\avast.local_vc142.crt\api-ms-win-crt-math-l1-1-0.dll
2020-11-15 16:12 - 2020-11-15 16:12 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20111502\avast.local_vc142.crt\api-ms-win-crt-multibyte-l1-1-0.dll
2020-11-15 16:12 - 2020-11-15 16:12 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20111502\avast.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll
2020-11-15 16:12 - 2020-11-15 16:12 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20111502\avast.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll
2020-11-15 16:12 - 2020-11-15 16:12 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20111502\avast.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll
2020-11-15 16:12 - 2020-11-15 16:12 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20111502\avast.local_vc142.crt\api-ms-win-crt-time-l1-1-0.dll
2020-11-15 16:12 - 2020-11-15 16:12 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20111502\avast.local_vc142.crt\api-ms-win-crt-utility-l1-1-0.dll
2020-11-15 16:12 - 2020-11-15 16:12 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20111502\avast.local_vc142.crt\MSVCP140.dll
2020-11-15 16:12 - 2020-11-15 16:12 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20111502\avast.local_vc142.crt\ucrtbase.DLL
2020-11-15 16:12 - 2020-11-15 16:12 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20111502\avast.local_vc142.crt\VCRUNTIME140.dll
2020-11-15 16:12 - 2020-11-15 16:12 - 000000000 ____L (Microsoft Corporation) C:\Program Files\AVAST Software\Avast\defs\20111502\avast.local_vc142.crt\VCRUNTIME140_1.dll
2017-03-25 13:29 - 2017-03-25 13:29 - 000754352 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI.dll
2017-03-25 13:30 - 2017-03-25 13:29 - 000339072 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\_nvstapisvr64.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:E369BDA7 [119]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 11) (Whitelisted) ==========

HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.kosmonautix.cz/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_261\bin\ssv.dll [2020-09-30] (Oracle America, Inc. -> Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2020-11-13] (McAfee, LLC -> McAfee, LLC)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_261\bin\jp2ssv.dll [2020-09-30] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Pomocná služba pro přihlášení k účtu Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2020-11-13] (McAfee, LLC -> McAfee, LLC)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\...\localhost -> localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Skype\Phone\
HKU\S-1-5-21-2212251401-2950746402-1092012157-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ku\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.2.255.1 - 10.2.255.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SolidWorks Nástroj pro stahování na pozadí.lnk => C:\Windows\pss\SolidWorks Nástroj pro stahování na pozadí.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Start GeekBuddy.lnk => C:\Windows\pss\Start GeekBuddy.lnk.CommonStartup
MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DAEMON Tools Lite Automount => "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
MSCONFIG\startupreg: Family Tree Builder Update => C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe
MSCONFIG\startupreg: ShadowPlay => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: Wargaming.net Game Center => "C:\ProgramData\Wargaming.net\GameCenter\wgc.exe" --background ''
MSCONFIG\startupreg: World of Tanks => "C:\Games\World_of_Tanks\WargamingGameUpdater.exe"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) C:\Windows\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) C:\Windows\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) C:\Windows\System32\vpc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{6C81DC09-4BB0-47D3-B8E4-A5FA19B2BA0D}C:\program files (x86)\dassault systemes\b20\intel_a\code\bin\cnext.exe] => (Allow) C:\program files (x86)\dassault systemes\b20\intel_a\code\bin\cnext.exe (Dassault Systemes) [File not signed]
FirewallRules: [UDP Query User{C3AF8705-7AC3-42F7-8A3B-FA19D903554C}C:\program files (x86)\dassault systemes\b20\intel_a\code\bin\cnext.exe] => (Allow) C:\program files (x86)\dassault systemes\b20\intel_a\code\bin\cnext.exe (Dassault Systemes) [File not signed]
FirewallRules: [TCP Query User{1D799C92-768E-4688-969B-91F249AED2C1}C:\users\ku\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\ku\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [UDP Query User{AF3CC367-58B7-4AD4-8FDE-E5E9454D4D22}C:\users\ku\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\ku\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{6EDD6782-F42B-4E90-BDD8-F1F42ADABD2B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{4BFB0EBF-8251-4827-A954-377F6D988407}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{07E42DE1-F622-49FC-9269-AEDA63047C4F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{A444965E-4F4D-42F5-B7DC-A4B5A442DE5B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{66CD8B47-F0FA-4172-8F18-E9FCB47B88CF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6C406EA8-F036-40F7-BD13-CA9528F4DDF2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{D575F950-F400-4951-A350-C44E82F8472C}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{8E151704-633D-4B4C-A048-E52F251A8F2A}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{DC0E2AD9-1CDA-4AEB-9001-B3ECD7A65396}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B2EA4188-5DA1-4B8A-9F8D-DA29283D60E5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{26C29BE8-05AE-4DD4-8E2C-1340074C06E9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{77272689-A777-4A7F-9F3E-62A426834D3A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{D730AA05-A1E6-4BA8-9074-0F1E0A1F2A98}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A5630B2C-E5F0-45D2-83BB-CF49493685B5}] => (Allow) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe (TeamSpeak Systems GmbH -> TeamSpeak Systems GmbH)
FirewallRules: [{46C1B184-DF8F-45D6-B9D9-BE2310142F04}] => (Allow) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe (TeamSpeak Systems GmbH -> TeamSpeak Systems GmbH)
FirewallRules: [{C8823303-3976-46B0-A670-35BE8AADF7F2}] => (Allow) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe (TeamSpeak Systems GmbH -> TeamSpeak Systems GmbH)
FirewallRules: [{FDEBED53-116B-450C-B5B4-FE15F6294920}] => (Allow) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe (TeamSpeak Systems GmbH -> TeamSpeak Systems GmbH)
FirewallRules: [{490F8879-765B-470D-8F36-98B932086DF6}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe (Free Time Co., Ltd. -> Free Time Co., Ltd.) [File not signed]
FirewallRules: [{81D0EA73-A7C6-467D-9792-9B8CE108904B}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe (Free Time Co., Ltd. -> Free Time Co., Ltd.)
FirewallRules: [{8AAA59A4-55D0-41D4-B5D2-1B32B9699C72}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe (Free Time Co., Ltd. -> Free Time Co., Ltd.) [File not signed]
FirewallRules: [{A556499F-C4C7-4352-B57E-A74FA8DE9C58}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe (Free Time Co., Ltd. -> Free Time Co., Ltd.)
FirewallRules: [{2072B291-AF1F-4764-9846-7220940FE46C}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Package\PTInstOnline.exe (Free Time Co., Ltd. -> Free Time)
FirewallRules: [TCP Query User{8C7021F8-FD1B-4821-A7B4-A493466ECB3C}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{D3DD3307-6E99-4F0A-B516-A1A517546B3D}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{995C7FFA-F36A-4AA7-A0E5-B0AE2740521F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{ABEB4066-D228-4C15-AB39-0D733D431E4E}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe (Free Time Co., Ltd. -> Free Time Co., Ltd.)
FirewallRules: [{5F246CAD-76DF-449A-BA87-2771701BA3E0}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe (Free Time Co., Ltd. -> Free Time Co., Ltd.) [File not signed]
FirewallRules: [TCP Query User{41789BC9-C35D-4525-B536-ABBEF7ED7AF0}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{D883EC65-9F63-4222-B861-8B8208774D8E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9BE26B3B-493B-478D-B50B-14E55E20DF3D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{347A6063-1DF6-4699-9D0B-1FA780618AAD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C65FB148-DB25-4C95-AA6A-83D5C975190F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C259A1DD-E590-4B1F-8280-38D6EE33C1F3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{43EF993E-8C6C-4600-85D4-8E8DA4CD100A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{D409C3FC-BD80-4F9A-8B07-6818396AFFB3}C:\users\ku\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\ku\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [UDP Query User{15F45F7B-925F-4EBE-8D18-D77F6E471F30}C:\users\ku\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\ku\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [TCP Query User{123640DC-25E6-4D32-A6D9-6C6B0B4B299B}C:\program files (x86)\smart view\smart view.exe] => (Allow) C:\program files (x86)\smart view\smart view.exe () [File not signed]
FirewallRules: [UDP Query User{66425B3A-F68B-46D1-8CD0-64E94886EDDE}C:\program files (x86)\smart view\smart view.exe] => (Allow) C:\program files (x86)\smart view\smart view.exe () [File not signed]
FirewallRules: [TCP Query User{E4990DE9-68E0-4A30-A56B-015F931F8520}C:\program files (x86)\smart view\smart view.exe] => (Allow) C:\program files (x86)\smart view\smart view.exe () [File not signed]
FirewallRules: [UDP Query User{0BF90029-3572-4D2E-8F98-B4B3C509859B}C:\program files (x86)\smart view\smart view.exe] => (Allow) C:\program files (x86)\smart view\smart view.exe () [File not signed]
FirewallRules: [TCP Query User{A7AE40CC-776C-44B5-BC15-3C89FC84218B}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{302EC845-E915-41A3-BF32-84AC86701B3D}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{E186FE1C-3C82-4BDA-A76E-2A6674CD7720}C:\program files (x86)\dassault systemes\b20\intel_a\code\bin\cnext.exe] => (Block) C:\program files (x86)\dassault systemes\b20\intel_a\code\bin\cnext.exe (Dassault Systemes) [File not signed]
FirewallRules: [UDP Query User{1C73EF79-3A34-4BAC-8632-702BB1D86186}C:\program files (x86)\dassault systemes\b20\intel_a\code\bin\cnext.exe] => (Block) C:\program files (x86)\dassault systemes\b20\intel_a\code\bin\cnext.exe (Dassault Systemes) [File not signed]
FirewallRules: [TCP Query User{62EDEF6B-0D65-43C4-A624-AFE292865B57}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{91031148-97A7-475B-9EE9-99364FAE423A}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{64C84D8F-A65E-4512-9EC3-DACFF475D3E5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{B97F1313-0C7C-4433-939F-01ECBA753D6E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{E74BA1CF-98E3-4C68-9017-16F5523AB894}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{5731865E-A066-4A00-A398-56D6A7616EDB}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{CE41FAC9-B0FD-4CA4-ACF5-94DABAB6581D}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{E18774E4-CAF4-4DCE-9309-4B1EEE899B93}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{169BF202-5837-418F-8CA8-92AD2CF9BBF0}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [TCP Query User{BDC57182-D728-430E-9D01-12994DACEDCD}C:\programdata\wargaming.net\gamecenter\dlls\wgc_renderer.exe] => (Block) C:\programdata\wargaming.net\gamecenter\dlls\wgc_renderer.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{9081A066-E711-423A-BC0C-DD885377406C}C:\programdata\wargaming.net\gamecenter\dlls\wgc_renderer.exe] => (Block) C:\programdata\wargaming.net\gamecenter\dlls\wgc_renderer.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{BD100B31-4F16-47D4-A891-AA550AC72EFB}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Winamp SA -> Winamp SA)
FirewallRules: [{C4CECE67-052A-4A84-A62B-A80BFD0C3453}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Winamp SA -> Winamp SA)
FirewallRules: [TCP Query User{90EBCCB4-1C28-4734-9932-83BA9E211834}D:\hry\starcraft ii\versions\base81433\sc2_x64.exe] => (Allow) D:\hry\starcraft ii\versions\base81433\sc2_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [UDP Query User{0869CCC3-7E69-4606-A108-CD931C923485}D:\hry\starcraft ii\versions\base81433\sc2_x64.exe] => (Allow) D:\hry\starcraft ii\versions\base81433\sc2_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [TCP Query User{37C1E175-56CC-42ED-A13B-8A5077A1C2F3}D:\hry\world_of_tanks_eu\win64\worldoftanks.exe] => (Allow) D:\hry\world_of_tanks_eu\win64\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{CE4C0692-DD09-4A47-BECD-612990436570}D:\hry\world_of_tanks_eu\win64\worldoftanks.exe] => (Allow) D:\hry\world_of_tanks_eu\win64\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [TCP Query User{AA421953-A5B4-41AD-9A04-BA963D042320}C:\programdata\wargaming.net\gamecenter\dlls\wgc_renderer.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\dlls\wgc_renderer.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{5CF0D267-485F-4128-8D8C-F00F67A91D40}C:\programdata\wargaming.net\gamecenter\dlls\wgc_renderer.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\dlls\wgc_renderer.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{EC50B1B7-7A95-4E68-B17B-A6FA1DBE520B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{975B5842-2977-45AC-B578-9A217C0052CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{9BCC6B65-6905-4C2F-A99D-DDDFF524368A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )

==================== Restore Points =========================


==================== Faulty Device Manager Devices ============

Name: Teredo Tunneling Pseudo-Interface
Description: Adaptér tunelového režimu Microsoft Teredo
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (11/15/2020 04:16:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/15/2020 04:13:28 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Vytvoření bodu obnovení se nezdařilo (Proces = D:\FRST\FRST64.exe ; Popis = Restore Point Created by FRST; Chyba = 0x80070422).

Error: (11/15/2020 04:11:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/15/2020 01:13:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/15/2020 09:56:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/14/2020 09:32:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/14/2020 07:28:26 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Vytvoření bodu obnovení se nezdařilo (Proces = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Popis = Naplánovaný kontrolní bod; Chyba = 0x80070422).

Error: (11/14/2020 02:43:19 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Vytvoření bodu obnovení se nezdařilo (Proces = C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\directx_installer\DXSETUP.exe Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\directx_installer\DXSETUP.exe" /silent; Popis = Nainstalováno rozhraní DirectX; Chyba = 0x80070422).


System errors:
=============
Error: (11/15/2020 04:16:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Seskupování v sítích peer-to-peer závisí na službě Protokol PNRP (Peer Name Resolution Protocol), která neuspěla při spuštění v důsledku následující chyby:
%%-2140993535

Error: (11/15/2020 04:16:59 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Protokol PNRP (Peer Name Resolution Protocol) byla ukončena s následující chybou:
%%-2140993535

Error: (11/15/2020 04:16:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Seskupování v sítích peer-to-peer závisí na službě Protokol PNRP (Peer Name Resolution Protocol), která neuspěla při spuštění v důsledku následující chyby:
%%-2140993535

Error: (11/15/2020 04:16:59 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Protokol PNRP (Peer Name Resolution Protocol) byla ukončena s následující chybou:
%%-2140993535

Error: (11/15/2020 04:16:59 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: Protokol PNRP (Peer Name Resolution Protocol) nebylo možné spustit, protože se nezdařilo vytvoření nové identity. Kód chyby: 0x80630801.

Error: (11/15/2020 04:16:59 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: Protokol PNRP (Peer Name Resolution Protocol) nebylo možné spustit, protože se nezdařilo vytvoření nové identity. Kód chyby: 0x80630801.

Error: (11/15/2020 04:16:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Seskupování v sítích peer-to-peer závisí na službě Protokol PNRP (Peer Name Resolution Protocol), která neuspěla při spuštění v důsledku následující chyby:
%%-2140993535

Error: (11/15/2020 04:16:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Protokol PNRP (Peer Name Resolution Protocol) byla ukončena s následující chybou:
%%-2140993535


CodeIntegrity:
===================================

Date: 2017-07-17 22:08:10.906
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-07-17 22:08:10.875
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-07-17 21:40:59.609
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-07-17 21:40:59.570
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-07-17 21:29:12.210
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-07-17 21:29:12.173
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-07-17 21:21:38.204
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-07-17 21:21:38.167
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 1.L0 06/28/2018
Motherboard: MSI Z170A GAMING M7 (MS-7976)
Processor: Intel(R) Core(TM) i5-6600K CPU @ 3.50GHz
Percentage of memory in use: 25%
Total physical RAM: 16344.97 MB
Available physical RAM: 12157.79 MB
Total Virtual: 32688.12 MB
Available Virtual: 28014.07 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:250.02 GB) NTFS
Drive d: (My Disk) (Fixed) (Total:1397.26 GB) (Free:802.72 GB) NTFS
Drive j: (Red2) (Fixed) (Total:2794.39 GB) (Free:2393.08 GB) NTFS
Drive k: (Nový svazek) (Fixed) (Total:3725.9 GB) (Free:3721.14 GB) NTFS

\\?\Volume{b42749c3-7523-11ea-b2f4-806e6f6e6963}\ () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 3726 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1397.3 GB) (Disk ID: B089A6FD)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=42)

==========================================================
Disk: 2 (Size: 2794.5 GB) (Disk ID: BE39594C)

Partition: GPT.

==========================================================
Disk: 3 (Size: 465.8 GB) (Disk ID: FD237C35)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================
Nahoru
Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:
Kontaktovat uživatele Diallix

Re: Spyware, Keyloger nebo něco?

#12 Příspěvek od Diallix »

Do poznamkoveho bloku skopirujte obsah dole:

Kód: Vybrat vše

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Nahoru
kubikula421
Návštěvník
Návštěvník
Příspěvky: 64
Registrován: 02 dub 2007 22:49

Re: Spyware, Keyloger nebo něco?

#13 Příspěvek od kubikula421 »

k rebootu nedošlo, ale log se vytvořil

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-11-2020
Ran by Ku (15-11-2020 18:04:45) Run:2
Running from D:\FRST
Loaded Profiles: Ku
Boot Mode: Normal
==============================================

fixlist content:
*****************
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully

==== End of Fixlog 18:04:45 ====
Nahoru
Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:
Kontaktovat uživatele Diallix

Re: Spyware, Keyloger nebo něco?

#14 Příspěvek od Diallix »

Ano, v pohode. Ako je na tom pocitac?
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Nahoru
kubikula421
Návštěvník
Návštěvník
Příspěvky: 64
Registrován: 02 dub 2007 22:49

Re: Spyware, Keyloger nebo něco?

#15 Příspěvek od kubikula421 »

Děkuji.
On nebyl problém v rychlosti, takže rozdíl je nepoznatelný. Možná je počítač malinko rychlejší.

Problém byl, že někdo odcizil moje přihlašovací údaje do těch několika málo herních účtu, které nebyly zabezpečené systémem 2FA. Proto by mě zajímalo, co bylo příčinou a jestli mě někdo doopravdy odposlouchával.
Ještě snad dodám, že účty byly hacknuté už před několika měsíci, jenom jsem na to přišel až teď protože je normálně nepoužívám.

Ještě jednou díky, příspěvěk pošlu.
Nahoru
Zamčeno

Zpět na „Řešení problémů, logy“