FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-11-2023 02
Ran by Dee (administrator) on LAPTOP-5E42HBG8 (Acer Aspire E5-573G) (25-11-2023 21:32:04)
Running from C:\Users\Dee\Downloads\FRST64.exe
Loaded Profiles: Dee
Platform: Microsoft Windows 10 Home Version 22H2 19045.3693 (X64) Language: Čeština (Česko)
Default browser: Opera
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(C:\Users\Dee\AppData\Local\Programs\Opera GX\opera.exe ->) (Opera Norway AS -> Opera Software) C:\Users\Dee\AppData\Local\Programs\Opera GX\104.0.4944.74\opera_crashreporter.exe
(Discord Inc. -> Discord Inc.) C:\Users\Dee\AppData\Local\Discord\app-1.0.9024\Discord.exe <7>
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Hanvon Ugee Technology Co., Ltd. -> XPPEN TECHNOLOGY CO.) C:\Program Files\Pentablet\PenTablet.exe
(Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(IObit CO., LTD -> IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\Pub\PubPlatform.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Opera Norway AS -> Opera Software) C:\Users\Dee\AppData\Local\Programs\Opera GX\opera.exe <27>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(services.exe ->) (Digital Wave Ltd -> Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(services.exe ->) (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(services.exe ->) (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(services.exe ->) (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvacig.inf_amd64_b7653e998d156664\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\AdminService.exe
(ShareX Team) [File not signed] C:\Program Files\ShareX\ShareX.exe
(svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040792 2015-07-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3427104 2022-04-13] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [ctfmon] => C:\Windows\System32\ctfmon.exe [11264 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [PenTablet] => C:\Program Files\Pentablet\PenTablet.exe [1103480 2022-09-26] (Hanvon Ugee Technology Co., Ltd. -> XPPEN TECHNOLOGY CO.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2410968 2018-09-13] (Adobe Systems Incorporated -> Adobe Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (No File)
HKLM-x32\...\Run: [TeamsMachineUninstallerLocalAppData] => C:\Users\Dee\AppData\Local\Microsoft\Teams\Update.exe [2588640 2023-11-22] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM-x32\...\Run: [TeamsMachineUninstallerProgramData] => %ProgramData%\Microsoft\Teams\Update.exe --uninstall --msiUninstall --source=default (No File)
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4299968 2016-08-29] (Disc Soft Ltd -> Disc Soft Ltd)
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\Run: [Opera GX Browser Assistant] => C:\Users\Dee\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe [3291288 2021-02-01] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\Run: [MicrosoftEdgeAutoLaunch_E1FFA6E4CF5EE06BE425AD6516A9CAC3] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3896768 2023-11-16] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\Run: [Discord] => C:\Users\Dee\AppData\Local\Discord\Update.exe [1512616 2022-02-17] (Discord Inc. -> GitHub)
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\Run: [RiotClient] => C:\Leauge2.0\Riot Games\Riot Client\RiotClientServices.exe [70912472 2023-11-25] (Riot Games, Inc. -> Riot Games, Inc.)
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\Run: [Gaijin.Net Updater] => "C:\Users\Dee\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe" (No File)
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Dee\AppData\Local\Microsoft\Teams\Update.exe [2588640 2023-11-22] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [44529568 2023-11-21] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\MountPoints2: {62e594f9-164e-11ed-9d45-54ab3a476bdc} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\MountPoints2: {a4ff9eb1-1878-11ec-9d06-54ab3a476bdc} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\MountPoints2: {aacd9a41-cab9-11eb-9cf1-c8ff280f0279} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\MountPoints2: {f2a053ed-ac73-11ec-9d26-c8ff280f0279} - "E:\HiSuiteDownLoader.exe"
HKLM\...\Windows x64\Print Processors\Canon MP260 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPD9G.DLL [27648 2008-04-01] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\Canon MP460 Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPD81.DLL [27136 2006-09-13] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MP260 series: C:\Windows\system32\CNMLM9G.DLL [279040 2008-04-01] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MP460: C:\Windows\system32\CNMLM81.DLL [235520 2008-04-03] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\119.0.6045.160\Installer\chrmstp.exe [2023-11-16] (Google LLC -> Google LLC)
Startup: C:\Users\Dee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Discord.lnk [2021-09-23]
ShortcutTarget: Discord.lnk -> C:\Users\Dee\AppData\Local\Discord\Update.exe (Discord Inc. -> GitHub)
Startup: C:\Users\Dee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk [2016-07-22]
ShortcutTarget: ShareX.lnk -> C:\Program Files\ShareX\ShareX.exe (ShareX Team) [File not signed]
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0B6A9428-B423-4CAE-BCA1-5898B04F3EA4} - \Microsoft\Windows\AppListBackup\BackupNonMaintenance -> No File <==== ATTENTION
Task: {0E5449C5-5AE4-425D-808E-0900CA7FE2A5} - \Microsoft\Windows\Application Experience\MareBackup -> No File <==== ATTENTION
Task: {42924238-738F-4B82-B73E-BA9DCEC815E7} - \Microsoft\Windows\Management\Autopilot\RemediateHardwareChange -> No File <==== ATTENTION
Task: {4BC85114-38BE-42BB-9740-3618B8F13A89} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {665A00E9-732B-42DF-A596-9FE82A6B91D3} - \Microsoft\Windows\PI\SecureBootEncodeUEFI -> No File <==== ATTENTION
Task: {7F91A628-B915-43A3-AF07-66D388AA7AC3} - \Microsoft\Windows\Management\Autopilot\DetectHardwareChange -> No File <==== ATTENTION
Task: {807A6468-AA37-47EF-BB35-021A6C556681} - \Microsoft\Windows\Registry\OOBE-Maintenance -> No File <==== ATTENTION
Task: {88E2DF20-0B21-49D0-82A6-12F013BEA369} - \Microsoft\Windows\Shell\ThemesSyncedImageDownload -> No File <==== ATTENTION
Task: {8F87510C-118C-4E78-A80B-3FEDBD08975D} - \Microsoft\Windows\WindowsUpdate\Refresh Group Policy Cache -> No File <==== ATTENTION
Task: {9F72CF44-9290-4134-85C2-B191DCD42ACF} - \Microsoft\Windows\Printing\PrinterCleanupTask -> No File <==== ATTENTION
Task: {D900F660-679A-4259-ADCE-1785CB35F67F} - \Microsoft\Windows\CloudRestore\Backup -> No File <==== ATTENTION
Task: {EDC00E4E-BD6B-477F-B6CA-440ECD6558A6} - \Microsoft\Windows\ConsentUX\UnifiedConsent\UnifiedConsentSyncTask -> No File <==== ATTENTION
Task: {FBE1992D-A1B2-44DD-9601-A1A2F799B096} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe -auto (No File)
Task: {AE82E0EC-5055-4444-BEE2-0C91FC767031} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3427104 2022-04-13] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {04A05EB8-F698-4DD0-8D7C-A8F54E64FC1E} - System32\Tasks\Avast SecureLine VPN Update => c:\program files\avast software\secureline\vpnupdate.exe (No File)
Task: {46D44DF3-9763-445A-8AF4-79979D759782} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe task (No File)
Task: {587D2393-5971-44A9-9695-C35804EEA4B6} - System32\Tasks\FUBTrackingByPLD => C:\OEM\Preload\FubTracking\FubTracking.exe [30976 2015-05-14] (Acer Incorporated -> )
Task: {4255B467-65DE-4952-B13A-DB5BA51063CC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-06-14] (Google Inc -> Google Inc.)
Task: {7CE803AA-00EE-4C51-BA2E-013E5931B255} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-06-14] (Google Inc -> Google Inc.)
Task: {2CBE2450-06FE-4CAF-8FC3-12117C6BE4E2} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [1741576 2016-03-17] (Intel(R) Software -> Intel Corporation)
Task: {998EC8F4-B60A-4FB4-BC8C-91710EB41413} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27033280 2023-11-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {AEA78E44-9CF8-4C1C-880A-2DFB7A197EFC} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27033280 2023-11-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {473A78EE-2C20-4D31-8D4D-8BDF2D200402} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [305304 2023-11-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {830D770B-E011-45BD-93BB-D7A7A9603771} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [305304 2023-11-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {16880FDA-D3AE-4098-A118-5403149BEC3C} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [169656 2023-11-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {F7308337-0373-42F1-A4F6-96CEA72E73EE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe scan upload mininterval:2880 (No File)
Task: {3BEC7743-C78C-49A5-9948-A125AE07861C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe scan upload (No File)
Task: {AADDFD4F-EBA0-472A-85F3-3120A8C81380} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-311264145-2370866077-2721877644-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File)
Task: {7374DC1B-835D-48F6-9543-CAF35E958EEA} - System32\Tasks\Opera GX scheduled assistant Autoupdate 1649674925 => C:\Users\Dee\AppData\Local\Programs\Opera GX\launcher.exe [2769312 2023-11-22] (Opera Norway AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Dee\AppData\Local\Programs\Opera GX\assistant" $(Arg0)
Task: {6483D094-2AC9-460D-B544-18028F2059ED} - System32\Tasks\Opera GX scheduled Autoupdate 1649002902 => C:\Users\Dee\AppData\Local\Programs\Opera GX\launcher.exe [2769312 2023-11-22] (Opera Norway AS -> Opera Software)
Task: {80879B4F-8B7A-41C4-AB5B-6C49A5EFE185} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe /RunningFrom Schedule (No File)
Task: {4F117C79-2706-4FBF-A748-C0259F51CEFA} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [472928 2015-07-10] (Acer Incorporated -> Acer Incorporated)
Task: {227AA5D5-1B04-418C-BD18-E46A8FA5F4EE} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => C:\WINDOWS\System32\Wscript.exe [170496 2023-10-13] (Microsoft Windows -> Microsoft Corporation) -> //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\ASC_PerformanceMonitor.job => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
Task: C:\WINDOWS\Tasks\ASC_SkipUac_Dee.job => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe
Task: C:\WINDOWS\Tasks\CCleaner Update.job => C:\Program Files\CCleaner\CCUpdate.exe
Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
Task: C:\WINDOWS\Tasks\DivXUpdate.job => C:\Program Files (x86)\Common Files\DivX Shared\DivX Update\DivXUpdate.exe
Task: C:\WINDOWS\Tasks\iTopVPN_SkipUAC_Dee.job => C:\Program Files (x86)\iTop VPN\iTopVPN.exe
Task: C:\WINDOWS\Tasks\OWUninstallerRun.job => C:\Program Files (x86)\Overwolf\Overwolf.exe
Task: C:\WINDOWS\Tasks\SmartDefrag_AutoAnalyze.job => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{45f56f70-3efe-4bc0-8a05-6a023a1151b7}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{c33a99a6-908f-4edd-9a20-70f8428df167}: [DhcpNameServer] 10.0.0.138 192.168.1.1
Edge:
=======
DownloadDir: C:\Users\Dee\Downloads
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\Dee\AppData\Local\Microsoft\Edge\User Data\Default [2023-11-24]
Edge Extension: (Dokumenty Google offline) - C:\Users\Dee\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-10-04]
Edge Extension: (Edge relevant text changes) - C:\Users\Dee\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-10-04]
FireFox:
========
FF DefaultProfile: 1ii45z59.default
FF ProfilePath: C:\Users\Dee\AppData\Roaming\Mozilla\Firefox\Profiles\1ii45z59.default [2023-11-24]
FF Extension: (Czech (CZ) Language Pack) - C:\Users\Dee\AppData\Roaming\Mozilla\Firefox\Profiles\1ii45z59.default\Extensions\langpack-cs@firefox.mozilla.org [2016-06-14] [Legacy]
FF Extension: (Mozilla Partner Defaults) - C:\Users\Dee\AppData\Roaming\Mozilla\Firefox\Profiles\1ii45z59.default\Extensions\partnerdefaults@mozilla.com [2016-06-14] [Legacy]
FF Extension: (Czech (CZ) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-cs@firefox.mozilla.org [2016-02-06] [Legacy]
FF Extension: (Mozilla Partner Defaults) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\partnerdefaults@mozilla.com [2016-02-06] [Legacy]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-08-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.19 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.20 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-09-13] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-10-11] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-10-11] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-11-21] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-09-13] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: BYOND -> C:\Program Files (x86)\BYOND\bin\npbyond.dll [2008-07-08] (BYOND) [File not signed]
Chrome:
=======
CHR Profile: C:\Users\Dee\AppData\Local\Google\Chrome\User Data\Default [2023-11-24]
CHR HomePage: Default -> hxxps://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/"
CHR Extension: (BetterTTV) - C:\Users\Dee\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2023-09-06]
CHR Extension: (Dokumenty Google offline) - C:\Users\Dee\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-05-28]
CHR Extension: (AdBlock - nejlepší blokátor reklam) - C:\Users\Dee\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2023-05-28]
CHR Extension: (SteamDB) - C:\Users\Dee\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdbmhfkmnlmbkgbabkdealhhbfhlmmon [2023-09-06]
CHR Extension: (Story Saver) - C:\Users\Dee\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafcolokinicfdmlidhaebadidhdehpk [2023-05-28]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Dee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
Opera:
=======
StartMenuInternet: (HKU\S-1-5-21-311264145-2370866077-2721877644-1001) Opera GXStable - "C:\Users\Dee\AppData\Local\Programs\Opera GX\Launcher.exe"
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818136 2018-09-13] (Adobe Systems Incorporated -> Adobe Inc.)
S4 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3815712 2022-04-13] (Adobe Inc. -> Adobe Systems, Incorporated)
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3580200 2022-04-13] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12882616 2023-11-11] (Microsoft Corporation -> Microsoft Corporation)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [440808 2017-06-06] (Digital Wave Ltd -> Digital Wave Ltd.)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-08-29] (Disc Soft Ltd -> Disc Soft Ltd)
S3 EABackgroundService; C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe [11182184 2023-11-22] (Electronic Arts, Inc. -> Electronic Arts)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [1135648 2022-05-30] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934352 2022-07-11] (Epic Games Inc. -> Epic Games, Inc.)
S3 EQU8_19; C:\ProgramData\EQU8\Totally Accurate Battlegrounds\bin\anticheat.x64.equ8.exe [8430736 2021-11-12] (Int3 Software AB -> Int3 Software AB)
S3 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] (Intel(R) Software Development Products -> )
S2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2018-03-28] (Hi-Rez Studios) [File not signed]
S4 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192320 2020-08-17] (Huawei Technologies Co., Ltd. -> ) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [167432 2022-10-20] (IObit CO., LTD -> IObit)
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9287968 2023-10-14] (Malwarebytes Inc. -> Malwarebytes)
S3 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [16036272 2023-11-03] (ADLICE -> )
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
S2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] (Intel(R) Software Development Products -> )
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] (Intel(R) Software Development Products -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\NisSrv.exe [3121120 2023-11-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe [133704 2023-11-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 CCDMonitorService; "C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe" [X]
S2 CdRomAccessAgentService; C:\Program Files (x86)\Common Files\cdagtsvc\cdagtsvc_v1.0.0_x86.exe [X]
S3 ePowerSvc; "C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe" [X]
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvacig.inf_amd64_b7653e998d156664\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvacig.inf_amd64_b7653e998d156664\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
S3 QALSvc; "C:\Program Files\Acer\Acer Quick Access\QALSvc.exe" [X]
S3 QASvc; "C:\Program Files\Acer\Acer Quick Access\QASvc.exe" [X]
S3 UEIPSvc; "C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe" [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 amsdk; C:\WINDOWS\system32\drivers\amsdk.sys [232792 2023-11-24] (Zemana D.O.O. Sarajevo -> Copyright 2018.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-09-09] (Disc Soft Ltd -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-09-09] (Disc Soft Ltd -> Disc Soft Ltd)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [264552 2016-06-22] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [14976 2015-09-23] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [186784 2016-06-22] (ESET, spol. s r.o. -> ESET)
R2 epfwwfpr; C:\WINDOWS\system32\DRIVERS\epfwwfpr.sys [170792 2016-06-22] (ESET, spol. s r.o. -> ESET)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2020-06-29] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 Hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [45680 2019-04-02] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
R3 hanvonugeemfilter; C:\WINDOWS\System32\drivers\hanvonugeemfilter.sys [9728 2022-04-26] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
R3 IUFileFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUFileFilter.sys [43896 2022-10-20] (IObit Information Technology -> IObit)
R3 IUProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUProcessFilter.sys [37112 2022-10-20] (IObit Information Technology -> IObit)
R3 IURegistryFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegistryFilter.sys [51128 2022-10-20] (IObit Information Technology -> IObit)
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [31000 2018-05-15] (Acer Incorporated -> Acer Incorporated)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-06-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2023-11-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 Qcamain; C:\WINDOWS\System32\drivers\Qcamainx64.sys [2276352 2015-07-10] (Qualcomm Atheros, Inc.) [File not signed]
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [25368 2018-05-15] (Acer Incorporated -> Acer Incorporated)
R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [30744 2017-03-09] (IObit Information Technology -> IObit)
S3 SnapCameraVirtualDevice; C:\WINDOWS\System32\drivers\SnapCameraVirtualDevice.sys [2800232 2020-10-12] (Snap Inc. -> Windows (R) Win 7 DDK provider)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R1 steamxbox; C:\WINDOWS\System32\drivers\steamxbox.sys [278208 2023-02-21] (Valve Corp. -> Valve Corporation)
S3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2020-06-09] (TEFINCOM S.A. -> The OpenVPN Project)
S3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [49008 2020-08-19] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [55744 2023-11-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [578856 2023-11-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105768 2023-11-07] (Microsoft Windows -> Microsoft Corporation)
R3 XPPenTablet; C:\WINDOWS\System32\drivers\XPPenTablet.sys [10752 2022-04-26] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
S3 cpuz150; \??\C:\WINDOWS\temp\cpuz150\cpuz150_x64.sys [X]
S3 cpuz154; \??\C:\WINDOWS\temp\cpuz154\cpuz154_x64.sys [X]
S3 equ8_helper; \??\C:\WINDOWS\system32\DRIVERS\equ8_helper.sys [X]
S3 EQU8_HELPER_19; \??\C:\WINDOWS\system32\DRIVERS\EQU8_HELPER_19.sys [X]
S3 iobit_monitor_server2021; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win10_x64.sys [X]
S3 PHYMEM2; \??\C:\Program Files (x86)\Leawo\Blu-ray Player\phymem_ext64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-11-25 21:32 - 2023-11-25 21:37 - 000035036 _____ C:\Users\Dee\Downloads\FRST.txt
2023-11-25 21:30 - 2023-11-25 21:36 - 000000000 ____D C:\FRST
2023-11-25 21:25 - 2023-11-25 21:25 - 002383872 _____ (Farbar) C:\Users\Dee\Downloads\FRST64.exe
2023-11-25 11:15 - 2023-11-25 11:15 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2023-11-25 11:11 - 2023-11-25 21:40 - 000198250 _____ C:\WINDOWS\ZAM.krnl.trace
2023-11-24 22:21 - 2023-11-24 22:21 - 000000000 ____D C:\ProgramData\Sophos
2023-11-24 22:20 - 2023-11-24 22:20 - 000002841 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2023-11-24 22:20 - 2023-11-24 22:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2023-11-24 22:20 - 2023-11-24 22:20 - 000000000 ____D C:\Program Files (x86)\Sophos
2023-11-24 22:09 - 2023-11-24 22:15 - 185115928 _____ (Sophos Limited) C:\Users\Dee\Downloads\Sophos Virus Removal Tool.exe
2023-11-24 17:36 - 2023-11-24 17:36 - 000232792 _____ (Copyright 2018.) C:\WINDOWS\system32\Drivers\amsdk.sys
2023-11-24 17:36 - 2023-11-24 17:36 - 000001337 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2023-11-24 17:36 - 2023-11-24 17:36 - 000000000 ____D C:\Users\Dee\AppData\Local\Zemana
2023-11-24 17:36 - 2023-11-24 17:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2023-11-24 17:36 - 2023-11-24 17:36 - 000000000 ____D C:\Program Files (x86)\Zemana
2023-11-24 17:35 - 2023-11-24 22:24 - 000000000 ____D C:\Users\Dee\AppData\Local\AMSDK
2023-11-24 17:34 - 2023-11-24 17:34 - 013922376 _____ (Zemana Ltd. ) C:\Users\Dee\Downloads\Zemana.AntiMalware.Setup.exe
2023-11-24 17:08 - 2023-11-24 17:08 - 000000000 ____D C:\ProgramData\ProductData
2023-11-24 15:49 - 2023-11-24 15:49 - 000000666 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2023-11-24 15:41 - 2023-11-24 15:42 - 000000000 ____D C:\ProgramData\RogueKiller
2023-11-24 15:41 - 2023-11-24 15:41 - 000000909 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2023-11-24 15:41 - 2023-11-24 15:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2023-11-24 15:41 - 2023-11-24 15:41 - 000000000 ____D C:\Program Files\RogueKiller
2023-11-24 15:21 - 2023-11-24 15:49 - 000000000 ____D C:\Program Files\CCleaner
2023-11-24 15:21 - 2023-11-24 15:21 - 000000869 _____ C:\Users\Public\Desktop\CCleaner.lnk
2023-11-24 15:21 - 2023-11-24 15:21 - 000000300 ____H C:\WINDOWS\Tasks\CCleaner Update.job
2023-11-24 15:21 - 2023-11-24 15:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2023-11-24 15:05 - 2023-11-24 15:05 - 047819824 _____ (Adlice Software ) C:\Users\Dee\Downloads\RogueKiller_setup.exe
2023-11-24 15:04 - 2023-11-24 15:05 - 078165328 _____ (Piriform Software Ltd) C:\Users\Dee\Downloads\ccsetup618.exe
2023-11-24 14:58 - 2023-11-24 14:58 - 001790024 _____ (Malwarebytes) C:\Users\Dee\Downloads\JRT.exe
2023-11-24 13:18 - 2023-11-24 13:19 - 000000000 ____D C:\Program Files\CrystalDiskInfo
2023-11-24 13:18 - 2023-11-24 13:18 - 000001840 _____ C:\Users\Dee\Desktop\CrystalDiskInfo.lnk
2023-11-24 13:18 - 2023-11-24 13:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2023-11-24 12:34 - 2023-11-24 15:01 - 000000000 ____D C:\AdwCleaner
2023-11-24 12:24 - 2023-11-24 12:24 - 000000929 _____ C:\Users\Dee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Temp File Cleaner.lnk
2023-11-24 12:24 - 2023-11-24 12:24 - 000000899 _____ C:\Users\Dee\Desktop\Temp File Cleaner.lnk
2023-11-24 12:24 - 2023-11-24 12:24 - 000000000 ____D C:\Users\Dee\AppData\Roaming\addpcs
2023-11-24 12:24 - 2023-11-24 12:24 - 000000000 ____D C:\Program Files\Temp File Cleaner
2023-11-24 00:10 - 2023-11-24 00:10 - 005795360 _____ (Crystal Dew World ) C:\Users\Dee\Downloads\CrystalDiskInfo9_2_1.exe
2023-11-24 00:04 - 2023-11-24 00:04 - 008791352 _____ (Malwarebytes) C:\Users\Dee\Downloads\AdwCleaner.exe
2023-11-24 00:03 - 2023-11-24 00:03 - 002103230 _____ C:\Users\Dee\Downloads\TempFileCleaner_4.5.0_Setup.exe
2023-11-24 00:02 - 2023-11-24 00:02 - 000050688 _____ (Atribune.org) C:\Users\Dee\Downloads\ATF-Cleaner.exe
2023-11-23 22:10 - 2023-11-23 22:10 - 000388608 _____ (Trend Micro Inc.) C:\Users\Dee\Downloads\HijackThis.exe
2023-11-23 21:59 - 2023-11-23 21:59 - 000001426 _____ C:\Users\Dee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prohlížeč Opera GX.lnk
2023-11-22 23:40 - 2023-11-22 23:41 - 000005608 _____ C:\Users\Dee\AppData\Roaming\Network Persistent State
2023-11-22 23:40 - 2023-11-22 23:41 - 000003529 _____ C:\Users\Dee\AppData\Roaming\TransportSecurity
2023-11-22 23:40 - 2023-11-22 23:41 - 000000000 ____D C:\Users\Dee\AppData\Roaming\Session Storage
2023-11-22 23:40 - 2023-11-22 23:41 - 000000000 ____D C:\Users\Dee\AppData\Roaming\Platform Notifications
2023-11-22 23:40 - 2023-11-22 23:41 - 000000000 ____D C:\Users\Dee\AppData\Roaming\blob_storage
2023-11-22 23:40 - 2023-11-22 23:41 - 000000000 _____ C:\Users\Dee\AppData\Roaming\Cookies-journal
2023-11-22 23:40 - 2023-11-22 23:40 - 000131072 _____ C:\Users\Dee\AppData\Roaming\Visited Links
2023-11-22 23:40 - 2023-11-22 23:40 - 000003593 _____ C:\Users\Dee\AppData\LocalLow\lpm.dat
2023-11-22 23:40 - 2023-11-22 23:40 - 000000075 _____ C:\Users\Dee\AppData\Roaming\user_prefs.json
2023-11-22 23:40 - 2023-11-22 23:40 - 000000000 ____D C:\Users\Dee\AppData\Roaming\Local Storage
2023-11-22 23:40 - 2023-11-22 23:40 - 000000000 ____D C:\Users\Dee\AppData\Local\DivX
2023-11-22 23:38 - 2023-11-23 15:28 - 000000000 ____D C:\Users\Dee\AppData\Roaming\DivX
2023-11-22 23:38 - 2023-11-22 23:38 - 000000302 _____ C:\WINDOWS\Tasks\DivXUpdate.job
2023-11-22 23:27 - 2023-11-23 17:42 - 000000000 ____D C:\ProgramData\DivX
2023-11-22 23:12 - 2023-11-22 23:12 - 000000000 ____D C:\Users\Dee\AppData\Local\Leawo Blu-ray Player
2023-11-22 22:45 - 2023-11-22 23:12 - 000000000 ____D C:\ProgramData\Leawo
2023-11-22 22:44 - 2023-11-22 22:44 - 000000000 ____D C:\Program Files (x86)\Leawo
2023-11-22 22:39 - 2023-11-22 23:12 - 000000000 ____D C:\Users\Dee\AppData\Roaming\Leawo
2023-11-22 22:31 - 2023-11-22 22:31 - 000000000 ____D C:\Users\Dee\AppData\Local\vlc
2023-11-21 13:43 - 2023-11-21 13:43 - 000002465 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project.lnk
2023-11-21 13:08 - 2023-11-21 13:08 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2023-11-21 13:05 - 2023-11-21 13:05 - 000002418 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2023-11-19 13:17 - 2023-11-19 13:17 - 000000000 ____D C:\Users\Dee\AppData\LocalLow\Iceflake Studios
2023-11-17 14:19 - 2023-11-18 13:54 - 000000000 ____D C:\Users\Dee\AppData\Roaming\StardewValley
2023-11-17 14:12 - 2023-11-17 14:12 - 000001763 _____ C:\Users\Public\Desktop\Stardew Valley.lnk
2023-11-17 13:40 - 2023-11-17 13:40 - 000000000 ____D C:\Users\Dee\Downloads\Stardew.Valley.v1.5.5.1835528477-GOG
2023-11-15 19:12 - 2023-11-15 19:12 - 000000000 ___HD C:\$WinREAgent
2023-11-14 21:02 - 2023-11-23 15:37 - 000000000 ____D C:\Program Files (x86)\4Classic
2023-11-06 15:36 - 2023-11-06 15:36 - 020345527 _____ C:\Users\Dee\Downloads\sims-4-updater-v1.2.3.zip
2023-11-04 18:17 - 2023-11-21 18:21 - 000000000 ____D C:\Users\Dee\AppData\Roaming\BYOND
2023-10-31 13:40 - 2023-10-31 13:40 - 000000945 _____ C:\Users\Dee\Desktop\Cheat Engine.lnk
2023-10-31 13:40 - 2023-10-31 13:40 - 000000000 ____D C:\Users\Dee\Documents\My Cheat Tables
2023-10-31 13:40 - 2023-10-31 13:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 7.5
2023-10-31 13:40 - 2023-10-31 13:40 - 000000000 ____D C:\Program Files\Cheat Engine 7.5
2023-10-29 21:18 - 2023-10-29 21:42 - 005039597 ____H C:\Users\Dee\Downloads\.d6920559874971f4cac7cd0dfc4ec92ff81ea23f.parts
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-11-25 21:43 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-11-25 21:29 - 2022-06-08 13:40 - 000000000 ____D C:\Users\Dee\AppData\Local\Discord
2023-11-25 21:25 - 2016-07-02 14:43 - 000000000 ____D C:\Users\Dee\AppData\Local\Battle.net
2023-11-25 21:23 - 2021-12-17 17:44 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-11-25 21:23 - 2016-06-14 17:14 - 000000000 ____D C:\Program Files (x86)\Google
2023-11-25 21:20 - 2020-09-27 06:50 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-11-25 20:39 - 2020-06-10 14:39 - 000000000 ____D C:\Users\Dee\AppData\Local\Spotify
2023-11-25 19:53 - 2020-06-10 14:38 - 000000000 ____D C:\Users\Dee\AppData\Roaming\Spotify
2023-11-25 18:34 - 2016-06-15 17:09 - 000000000 ____D C:\Users\Dee\Documents\ShareX
2023-11-25 16:32 - 2022-12-11 16:40 - 000000000 ____D C:\ProgramData\Riot Games
2023-11-25 16:28 - 2018-03-03 15:55 - 000000000 ____D C:\Users\Dee\AppData\Roaming\discord
2023-11-25 12:04 - 2020-09-27 08:51 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-11-25 11:58 - 2023-02-18 11:57 - 000003676 _____ C:\WINDOWS\SysWOW64\pubfreeware.ini
2023-11-25 11:15 - 2016-06-14 16:54 - 000000000 __SHD C:\Users\Dee\IntelGraphicsProfiles
2023-11-25 11:13 - 2021-05-07 22:10 - 000000000 ____D C:\Users\Dee
2023-11-25 11:11 - 2020-09-27 06:50 - 000008192 ___SH C:\DumpStack.log.tmp
2023-11-25 11:11 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2023-11-25 11:11 - 2017-10-10 16:58 - 000000000 ____D C:\ProgramData\NVIDIA
2023-11-24 22:25 - 2016-06-17 19:53 - 000000000 ____D C:\Users\Dee\AppData\Local\CrashDumps
2023-11-24 18:41 - 2016-06-14 20:10 - 000000000 ____D C:\Users\Dee\AppData\Roaming\vlc
2023-11-24 17:56 - 2022-02-16 11:06 - 000000000 ____D C:\Program Files\RUXIM
2023-11-24 17:31 - 2016-07-02 14:44 - 000000000 ____D C:\Users\Dee\AppData\Local\Blizzard Entertainment
2023-11-24 17:31 - 2016-07-02 14:43 - 000000000 ____D C:\ProgramData\Blizzard Entertainment
2023-11-24 16:56 - 2020-04-25 22:08 - 000000000 ____D C:\Users\Dee\AppData\Roaming\Telegram Desktop
2023-11-24 16:55 - 2016-06-14 17:17 - 000000000 ____D C:\Program Files (x86)\Steam
2023-11-24 16:40 - 2016-06-14 17:20 - 000000000 ____D C:\Users\Dee\AppData\Local\Steam
2023-11-24 16:35 - 2016-11-13 18:02 - 000000000 ____D C:\Games
2023-11-24 16:26 - 2016-08-09 11:04 - 000000000 ____D C:\Users\Dee\Desktop\Screenshots
2023-11-24 16:24 - 2020-05-12 22:31 - 000000000 ____D C:\Program Files\Microsoft Office
2023-11-24 16:22 - 2016-09-29 15:19 - 000000000 ____D C:\Program Files\Epic Games
2023-11-24 16:08 - 2017-10-28 21:01 - 000000000 ____D C:\Users\Dee\AppData\Local\Packages
2023-11-24 15:54 - 2019-09-08 21:53 - 000000000 ____D C:\Users\Dee\Desktop\ps mastah
2023-11-24 15:39 - 2016-06-23 17:42 - 000000000 ____D C:\Users\Dee\AppData\Roaming\uTorrent
2023-11-24 15:35 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2023-11-24 15:02 - 2015-08-31 11:52 - 000000000 ____D C:\Program Files\Acer
2023-11-24 15:02 - 2015-08-31 11:50 - 000000000 ____D C:\ProgramData\Acer
2023-11-24 15:02 - 2015-08-31 11:50 - 000000000 ____D C:\Program Files (x86)\Acer
2023-11-24 15:01 - 2022-12-11 16:17 - 000000000 ____D C:\Users\Dee\AppData\LocalLow\IObit
2023-11-24 15:01 - 2022-12-11 16:16 - 000000000 ____D C:\Program Files (x86)\IObit
2023-11-24 15:01 - 2022-12-11 16:15 - 000000000 ____D C:\Users\Dee\AppData\Roaming\IObit
2023-11-24 15:01 - 2022-12-11 16:15 - 000000000 ____D C:\ProgramData\IObit
2023-11-24 12:42 - 2023-05-11 21:04 - 000000000 ____D C:\Users\Dee\AppData\Local\Malwarebytes
2023-11-24 12:27 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2023-11-24 12:25 - 2018-05-31 16:39 - 000000000 ____D C:\Users\Dee\AppData\LocalLow\Temp
2023-11-24 12:25 - 2016-02-06 03:02 - 000000000 ____D C:\ProgramData\Temp
2023-11-23 21:29 - 2016-06-28 21:53 - 000000000 ____D C:\Users\Dee\AppData\Roaming\Microsoft\MMC
2023-11-23 19:29 - 2021-05-08 11:50 - 000991708 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-11-23 19:29 - 2019-12-07 15:41 - 000718024 _____ C:\WINDOWS\system32\perfh005.dat
2023-11-23 19:29 - 2019-12-07 15:41 - 000145166 _____ C:\WINDOWS\system32\perfc005.dat
2023-11-23 19:29 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2023-11-23 18:45 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-11-23 16:13 - 2017-05-26 20:20 - 000000000 ____D C:\Program Files (x86)\Overwatch
2023-11-23 15:48 - 2020-05-04 22:31 - 000000000 ____D C:\Users\Dee\AppData\Roaming\Microsoft\Teams
2023-11-23 15:39 - 2016-07-02 14:42 - 000000000 ____D C:\ProgramData\Battle.net
2023-11-23 15:36 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-11-23 15:27 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-11-23 14:45 - 2020-09-27 06:50 - 005172072 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-11-23 00:00 - 2019-12-07 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\cs
2023-11-23 00:00 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2023-11-23 00:00 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2023-11-23 00:00 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2023-11-23 00:00 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2023-11-23 00:00 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2023-11-23 00:00 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2023-11-23 00:00 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2023-11-23 00:00 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2023-11-23 00:00 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2023-11-23 00:00 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2023-11-23 00:00 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2023-11-23 00:00 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2023-11-23 00:00 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2023-11-23 00:00 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2023-11-22 23:54 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2023-11-22 23:54 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2023-11-22 23:54 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2023-11-22 23:54 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2023-11-22 23:54 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2023-11-22 23:54 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2023-11-22 23:54 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2023-11-22 23:54 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2023-11-22 23:54 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2023-11-22 23:54 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-11-22 23:54 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2023-11-22 23:54 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2023-11-22 23:54 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2023-11-22 23:53 - 2022-06-26 16:47 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB
2023-11-22 23:53 - 2019-12-07 15:41 - 000000000 ____D C:\WINDOWS\system32\cs
2023-11-22 23:53 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2023-11-22 23:53 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2023-11-22 23:53 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2023-11-22 23:53 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2023-11-22 23:53 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2023-11-22 23:53 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Com
2023-11-22 23:53 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2023-11-22 23:53 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2023-11-22 23:50 - 2022-06-26 16:47 - 000000000 ____D C:\WINDOWS\en-GB
2023-11-22 23:50 - 2019-12-07 15:44 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2023-11-22 23:50 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2023-11-22 23:50 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2023-11-22 23:50 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2023-11-22 23:50 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning
2023-11-22 23:50 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\IME
2023-11-22 23:50 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-11-22 23:50 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2023-11-22 23:50 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2023-11-22 23:49 - 2019-12-07 15:44 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2023-11-22 23:49 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2023-11-22 23:49 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System
2023-11-22 23:34 - 2016-02-06 02:26 - 000000000 ____D C:\ProgramData\Package Cache
2023-11-22 22:35 - 2023-05-23 18:39 - 000000920 _____ C:\Users\Public\Desktop\VLC media player.lnk
2023-11-22 22:26 - 2019-12-07 12:08 - 000000000 ____D C:\Users\Dee\AppData\Roaming\qBittorrent
2023-11-22 13:39 - 2020-05-12 22:57 - 000000000 ____D C:\Users\Dee\AppData\Roaming\Microsoft\Word
2023-11-22 13:34 - 2020-05-12 22:57 - 000000000 ____D C:\Users\Dee\AppData\Roaming\Microsoft\Office
2023-11-22 13:22 - 2018-08-30 20:52 - 000000000 ____D C:\Users\Dee\AppData\Local\D3DSCache
2023-11-22 13:21 - 2017-08-29 00:59 - 000000000 ____D C:\Users\Dee\AppData\Local\SquirrelTemp
2023-11-22 13:17 - 2016-08-26 23:39 - 000000000 ____D C:\Users\Dee\AppData\Local\ConnectedDevicesPlatform
2023-11-21 13:43 - 2020-05-12 22:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2023-11-21 13:08 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2023-11-20 13:10 - 2022-05-13 19:00 - 000001996 _____ C:\Users\Public\Desktop\BYOND.lnk
2023-11-19 21:55 - 2020-12-29 21:42 - 000001456 _____ C:\Users\Dee\AppData\Local\Adobe Save for Web 13.0 Prefs
2023-11-19 13:27 - 2023-03-18 16:05 - 000000000 ____D C:\Users\Dee\AppData\Roaming\paradox-launcher-v2
2023-11-19 13:16 - 2023-02-20 21:20 - 000000000 ____D C:\Users\Dee\Documents\Paradox Interactive
2023-11-18 12:59 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-11-18 12:58 - 2020-09-27 08:53 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-11-17 13:49 - 2017-12-19 23:21 - 000000000 ____D C:\GOG Games
2023-11-16 23:51 - 2016-06-14 17:15 - 000002305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-11-16 16:15 - 2022-09-18 12:51 - 000000000 ____D C:\Users\Dee\AppData\Local\anadius
2023-11-16 16:15 - 2022-09-18 12:35 - 000000000 ____D C:\Users\Dee\Desktop\sim 4 updater
2023-11-15 20:42 - 2020-09-27 08:53 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-11-15 19:02 - 2016-06-14 20:17 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-11-15 18:51 - 2016-06-14 20:17 - 182871392 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-11-10 14:12 - 2020-07-25 22:38 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-11-07 13:33 - 2020-09-27 08:51 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2023-10-29 21:30 - 2023-07-12 15:23 - 000000000 ____D C:\Users\Dee\Downloads\Supernatural (2005) Season 9 S09 (1080p BluRay x265 HEVC 10bit AAC 5.1 Silence)
2023-10-28 23:03 - 2017-04-03 17:02 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2023-10-28 12:53 - 2022-05-13 17:38 - 000000000 ____D C:\Users\Dee\Documents\BYOND
2023-10-26 18:09 - 2016-07-19 14:11 - 000000000 ____D C:\Users\Dee\Documents\my games
2023-10-26 18:06 - 2022-12-11 15:27 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
==================== Files in the root of some directories ========
2021-05-18 13:51 - 2021-05-24 13:25 - 000000032 _____ () C:\Users\Dee\AppData\Roaming\.machineId
2023-11-22 23:40 - 2023-11-22 23:41 - 000032768 _____ () C:\Users\Dee\AppData\Roaming\Cookies
2023-11-22 23:40 - 2023-11-22 23:41 - 000000000 _____ () C:\Users\Dee\AppData\Roaming\Cookies-journal
2023-11-22 23:40 - 2023-11-22 23:41 - 000005608 _____ () C:\Users\Dee\AppData\Roaming\Network Persistent State
2023-11-22 23:40 - 2023-11-22 23:41 - 000003529 _____ () C:\Users\Dee\AppData\Roaming\TransportSecurity
2023-11-22 23:40 - 2023-11-22 23:40 - 000000075 _____ () C:\Users\Dee\AppData\Roaming\user_prefs.json
2023-11-22 23:40 - 2023-11-22 23:40 - 000131072 _____ () C:\Users\Dee\AppData\Roaming\Visited Links
2016-07-10 13:54 - 2016-10-15 22:53 - 000003935 _____ () C:\Users\Dee\AppData\Roaming\VoiceMeeterDefault.xml
2020-12-29 21:42 - 2023-11-19 21:55 - 000001456 _____ () C:\Users\Dee\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-06-28 21:44 - 2020-12-09 20:30 - 000001480 _____ () C:\Users\Dee\AppData\Local\Adobe Uložit pro web 13.0 Prefs
2019-02-21 17:55 - 2019-02-21 17:55 - 000000000 _____ () C:\Users\Dee\AppData\Local\oobelibMkey.log
2021-07-28 13:00 - 2021-11-12 11:07 - 000030748 _____ () C:\Users\Dee\AppData\Local\PlariumPlay.log
2018-03-01 22:36 - 2022-06-08 12:27 - 000007597 _____ () C:\Users\Dee\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Prosím o kontrolu - pravděpodobně nějakej bordel Vyřešeno
-
TheUnstableDee
- nováček
- Příspěvky: 13
- Registrován: listopad 23
- Pohlaví:
- Stav:
Offline
-
TheUnstableDee
- nováček
- Příspěvky: 13
- Registrován: listopad 23
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu - pravděpodobně nějakej bordel
Adittion 1/2
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-11-2023 02
Ran by Dee (25-11-2023 21:45:38)
Running from C:\Users\Dee\Downloads
Microsoft Windows 10 Home Version 22H2 19045.3693 (X64) (2021-05-08 11:07:23)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-311264145-2370866077-2721877644-500 - Administrator - Disabled)
Dee (S-1-5-21-311264145-2370866077-2721877644-1001 - Administrator - Enabled) => C:\Users\Dee
DefaultAccount (S-1-5-21-311264145-2370866077-2721877644-503 - Limited - Disabled)
Guest (S-1-5-21-311264145-2370866077-2721877644-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-311264145-2370866077-2721877644-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
. . . (HKLM\...\{DB52A2D0-CAA1-4ED1-B122-29E7EDDE187F}) (Version: 2.1.28.3 - Intel) Hidden
. . . (HKLM-x32\...\{06DA421D-EE23-487D-878F-F0AF97EF69AD}) (Version: 2.6.1.4 - Intel) Hidden
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.03.2003 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 4.00.2001.1 - Acer Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.7.0.400 - Adobe Systems Incorporated)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 7.7.0.35 - Adobe Inc.)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.)
BYOND (HKLM-x32\...\BYOND) (Version: 515.1620 - BYOND)
Canon MP260 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP260_series) (Version: - )
Canon MP460 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP460) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 6.18 - Piriform)
CPUID CPU-Z 2.05 (HKLM\...\CPUID CPU-Z_is1) (Version: 2.05 - CPUID, Inc.)
CPUID HWMonitor 1.51 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.51 - CPUID, Inc.)
CrystalDiskInfo 9.2.1 (HKLM\...\CrystalDiskInfo_is1) (Version: 9.2.1 - Crystal Dew World)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0195 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\Discord) (Version: 1.0.9004 - Discord Inc.)
DriverSetupUtility (HKLM\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3011 - Acer Incorporated)
EA app (HKLM\...\{C2622085-ABD2-49E5-8AB9-D3D6A642C091}) (Version: 13.67.0.5580 - Electronic Arts) Hidden
EA app (HKLM-x32\...\{f39d5c85-5b2b-4e3f-a523-e60242aed116}) (Version: 13.67.0.5580 - Electronic Arts)
Epic Games Launcher (HKLM-x32\...\{553CD836-D438-469B-B268-700638DFF184}) (Version: 1.1.151.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{19695986-25CE-41AC-9C6F-54794653EDBA}) (Version: 2.0.36.0 - Epic Games, Inc.)
Foxit PhantomPDF (HKLM-x32\...\{A4023BDF-82D5-412D-9D58-8C2819EBFE2E}) (Version: 7.0.410.326 - Foxit Software Inc.)
Google Earth Pro (HKLM\...\{F27DBA46-80E1-4858-9285-19198FFFBF3D}) (Version: 7.3.6.9345 - Google)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 119.0.6045.160 - Google LLC)
Hextech Repair Tool (HKLM-x32\...\{7F9A97E6-E666-11E5-B582-B88687E82322}) (Version: 1.1.176 - Riot Games, Inc.)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.1.4.6 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HiSuite (HKLM-x32\...\Hi Suite) (Version: 10.1.1.500 - Huawei Technologies Co., Ltd.)
Cheat Engine 7.5 (HKLM\...\Cheat Engine_is1) (Version: - Cheat Engine)
Intel(R) Chipset Device Software (HKLM\...\{8C91A5EB-2C62-4A6D-8802-CC79FD2ED390}) (Version: 10.1.1.7 - Intel Corporation) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{06F2A7C5-19F0-4962-B8D2-A495B7DD2A30}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{B4FF8C31-F307-4873-A244-BBC0233CAD4B}) (Version: 11.0.0.1153 - Intel Corporation) Hidden
Intel(R) ME UninstallLegacy (HKLM\...\{FD37351B-3074-4652-8188-1B3FB784EC4E}) (Version: 1.0.1.0 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4703 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{205AE40D-8AD7-4F29-A430-DD2168DA562D}) (Version: 14.5.0.1081 - Intel Corporation) Hidden
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.253.0 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{CBD9BDB2-3126-4756-A03A-621CCF87C188}) (Version: 1.1.253.0 - Intel Corporation) Hidden
Intel® Driver Update Utility (HKLM-x32\...\{fe2eebd3-ee15-4538-bb19-b627e3f2a911}) (Version: 2.6.1.4 - Intel)
Intel® RealSense™ SDK 2014 Runtime (x64): Core (HKLM\...\{37D41A97-6B02-4C30-8753-85107BE1D674}) (Version: 3.1.0.25181 - Intel Corporation) Hidden
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{7D84E343-A23D-451C-B123-0195B2D903A6}) (Version: 1.42.17.0 - Intel Corporation) Hidden
IObit Uninstaller 12 (HKLM-x32\...\IObitUninstall) (Version: 12.1.0.6 - IObit)
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Kontrola stavu osobního počítače s Windows (HKLM\...\{D18FE9D2-2F54-4C68-A2DE-A59D4A80A9BC}) (Version: 3.1.2109.29003 - Microsoft Corporation)
Kontrola stavu osobního počítače s Windows (HKLM\...\{D1F15F7A-707A-42BD-BE6B-3380616F796D}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\Riot Game league_of_legends.live) (Version: - Riot Games, Inc)
LogMeIn Hamachi (HKLM-x32\...\{ECC0FA07-863E-44BC-8B1D-DA22F96E5FB7}) (Version: 2.2.0.633 - LogMeIn, Inc.) Hidden
Malwarebytes version 4.6.3.282 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.3.282 - Malwarebytes)
Medieval CUE Splitter (HKLM-x32\...\{B96D2269-568B-4CBF-9332-12FAE8B158F7}) (Version: 1.2.0 - Medieval Software)
Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.16924.20150 - Microsoft Corporation)
Microsoft 365 Apps for enterprise - en-us.proof (HKLM\...\O365ProPlusRetail - en-us.proof) (Version: 16.0.16924.20150 - Microsoft Corporation)
Microsoft 365 Apps pro velké organizace - cs-cz (HKLM\...\O365ProPlusRetail - cs-cz) (Version: 16.0.16924.20150 - Microsoft Corporation)
Microsoft 365 Apps pro velké organizace - cs-cz.proof (HKLM\...\O365ProPlusRetail - cs-cz.proof) (Version: 16.0.16924.20150 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 119.0.2151.72 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 119.0.2151.72 - Microsoft Corporation)
Microsoft HEVC Media Extension Installation for Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe (x64) (HKLM\...\{B0169E83-757B-EF66-E2F0-391944D785BC}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Office Standard 2019 - cs-cz (HKLM\...\Standard2019Retail - cs-cz) (Version: 16.0.16924.20150 - Microsoft Corporation)
Microsoft Office Standard 2019 - cs-cz.proof (HKLM\...\Standard2019Retail - cs-cz.proof) (Version: 16.0.16924.20150 - Microsoft Corporation)
Microsoft Office Standard 2019 - en-us (HKLM\...\Standard2019Retail - en-us) (Version: 16.0.16924.20150 - Microsoft Corporation)
Microsoft Office Standard 2019 - en-us.proof (HKLM\...\Standard2019Retail - en-us.proof) (Version: 16.0.16924.20150 - Microsoft Corporation)
Microsoft Project - cs-cz (HKLM\...\ProjectProRetail - cs-cz) (Version: 16.0.16924.20150 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (HKLM-x32\...\{8bdfe669-9705-4184-9368-db9ce581e0e7}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (HKLM-x32\...\{410c0ee1-00bb-41b6-9772-e12c2828b02f}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (HKLM\...\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (HKLM\...\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (HKLM-x32\...\{C2C59CAB-8766-4ABD-A8EF-1151A36C41E5}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (HKLM-x32\...\{73F77E4E-5A17-46E5-A5FC-8A061047725F}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (HKLM-x32\...\{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (HKLM-x32\...\{08D2E121-7F6A-43EB-97FD-629B44903403}) (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 43.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0 (x86 en-US)) (Version: 43.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0 - Mozilla)
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
NVIDIA Ovladače grafiky 536.99 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 536.99 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 25.0.1 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16924.20124 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16924.20150 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
OpenOffice 4.1.2 (HKLM-x32\...\{69D27D4C-36CE-4CB2-A290-C38B0A990955}) (Version: 4.12.9782 - Apache Software Foundation)
Opera GX Stable 104.0.4944.74 (HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\Opera GX 104.0.4944.74) (Version: 104.0.4944.74 - Opera Software)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Overwatch Beta (HKLM-x32\...\Overwatch Beta) (Version: - Blizzard Entertainment)
Paradox Launcher (HKLM-x32\...\{ED2CDA1D-39E4-4CBB-992C-5C1D08672128}) (Version: 1.1.0.0 - Paradox Interactive)
Paradox Launcher v2 (HKLM\...\{8C5CF4CE-D589-40B4-A77F-01FD64602C50}) (Version: 2.4.0 - Paradox Interactive)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Pentablet (HKLM\...\{5DAB8C1A-6D8E-467D-BE62-AC13087AA950}_is1) (Version: 3.3.10.220926 - XPPen Technology)
qBittorrent (HKLM-x32\...\qBittorrent) (Version: 4.5.5 - The qBittorrent project)
Qualcomm Atheros QCA9377 Wireless LAN & Bluetooth Installer (HKLM-x32\...\{3241744A-BA36-41F0-B4AA-EF3946D00632}) (Version: 11.0.0.067 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
Riot Client (HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\Riot Game Riot_Client.) (Version: - Riot Games, Inc)
Riot Repair Tool 1.1.3 (HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\980795d3-660d-5bf1-af59-4286bb5d9647) (Version: 1.1.3 - Riot Games Inc.)
RogueKiller version 15.13.0.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.13.0.0 - Adlice Software)
ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 11.1.0 - ShareX Team)
Skype verze 8.85 (HKLM-x32\...\Skype_is1) (Version: 8.85 - Skype Technologies S.A.)
Smart Defrag 8 (HKLM-x32\...\Smart Defrag_is1) (Version: 8.5.0.281 - IObit)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.9.0 - Sophos Limited)
Spotify (HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\Spotify) (Version: 1.2.24.756.g7a7fc7f0 - Spotify AB)
Stardew Valley (HKLM-x32\...\1453375253_is1) (Version: 1.5.5.1835528477 - GOG.com)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Temp File Cleaner (HKLM\...\Temp File Cleaner) (Version: 4.5.0.74(master)(8d92a0e96285c09fa03691e2b7618aee84c6c2b6) - Addpcs, LLC)
The Sims 4 Cottage Living (HKLM-x32\...\The Sims 4 Cottage Living_is1) (Version: - )
TLauncher (HKLM-x32\...\TLauncher) (Version: 2.871 - TLauncher Inc.)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 27.0 - Ubisoft)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{82BD0A1C-815F-487F-9AE7-CE73DA413CFF}) (Version: 4.91.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.20 - VideoLAN)
WhatsApp (HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\WhatsApp) (Version: 2.2147.16 - WhatsApp)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Zemana AntiMalware verze 3.2.28 (HKLM-x32\...\{4E1F3677-C72E-4F7D-B66E-85467B1A289E}_is1) (Version: 3.2.28 - Zemana)
Packages:
=========
Acer Explorer -> C:\Program Files\WindowsApps\AcerIncorporated.AcerExplorer_2.0.3007.0_x86__48frkmn4z8aw4 [2016-07-07] (Acer Incorporated)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-12-24] (Microsoft Corporation)
Doplněk pro Fotky -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-14] (Microsoft Corporation)
Homescapes -> C:\Program Files\WindowsApps\PLRWorldwideSales.Homescapes_5.4.3.0_x64__1feq88045d2v2 [2022-06-19] (Playrix)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_136.1.269.0_x64__v10z8vjag6ke6 [2022-04-30] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.13.5310.0_x64__8wekyb3d8bbwe [2022-06-07] (Microsoft Studios) [MS Ad]
Movie Maker - Video Editor FREE -> C:\Program Files\WindowsApps\21336V3TApps.MovieMaker-FREE_3.5.2.0_x64__bzg06mxvgh4fa [2022-06-26] (V3TApps)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2023-08-11] (NVIDIA Corp.)
Telegram Desktop -> C:\Program Files\WindowsApps\TelegramMessengerLLP.TelegramDesktop_4.0.0.0_x64__t4vj0pshhgkwm [2022-06-26] (Telegram Messenger LLP) [Startup Task]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-311264145-2370866077-2721877644-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana\AntiMalware\AM_ShellExt64.dll [2021-03-30] (Zemana D.O.O. Sarajevo -> Advanced Malware Protection. Copyright 2019.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BB FlashBack 2] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} => -> No File
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2015-01-28] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2019-09-12] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-03] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-09-25] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvacig.inf_amd64_b7653e998d156664\nvshext.dll [2023-08-05] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana\AntiMalware\AM_ShellExt64.dll [2021-03-30] (Zemana D.O.O. Sarajevo -> Advanced Malware Protection. Copyright 2019.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-03] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2019-09-12] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2008-09-05] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2008-09-05] (Electronic Arts -> On2.com)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Dee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda3 (64-bit)\Anaconda Prompt (Miniconda3).lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> "/K" C:\Users\Dee\Miniconda3\Scripts\activate.bat C:\Users\Dee\Miniconda3
==================== Loaded Modules (Whitelisted) =============
2022-10-12 16:49 - 2022-09-13 09:55 - 001224704 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Pentablet\LIBEAY32.dll
2022-10-12 16:49 - 2022-09-13 09:55 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Pentablet\SSLEAY32.dll
2022-10-12 16:49 - 2022-04-26 14:20 - 000036352 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Pentablet\imageformats\qdds.dll
2022-10-12 16:49 - 2022-09-13 09:55 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Pentablet\imageformats\qgif.dll
2022-10-12 16:49 - 2022-09-13 09:55 - 000033280 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Pentablet\imageformats\qicns.dll
2022-10-12 16:49 - 2022-09-13 09:55 - 000027648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Pentablet\imageformats\qico.dll
2022-10-12 16:49 - 2022-09-13 09:55 - 000243712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Pentablet\imageformats\qjpeg.dll
2022-10-12 16:49 - 2022-09-13 09:55 - 000021504 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Pentablet\imageformats\qsvg.dll
2022-10-12 16:49 - 2022-09-13 09:55 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Pentablet\imageformats\qtga.dll
2022-10-12 16:49 - 2022-09-13 09:55 - 000333824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Pentablet\imageformats\qtiff.dll
2022-10-12 16:49 - 2022-09-13 09:55 - 000019968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Pentablet\imageformats\qwbmp.dll
2022-10-12 16:49 - 2022-09-13 09:55 - 000415232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Pentablet\imageformats\qwebp.dll
2022-10-12 16:49 - 2022-09-13 09:55 - 001064960 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Pentablet\platforms\qwindows.dll
2022-10-12 16:49 - 2022-09-13 09:55 - 004814336 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Pentablet\Qt5Core.dll
2022-10-12 16:49 - 2022-09-13 09:55 - 004965376 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Pentablet\Qt5Gui.dll
2022-10-12 16:49 - 2022-09-13 09:55 - 000930304 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Pentablet\Qt5Network.dll
2022-10-12 16:49 - 2022-09-13 09:55 - 000264704 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Pentablet\Qt5Svg.dll
2022-10-12 16:49 - 2022-09-13 09:55 - 004464640 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Pentablet\Qt5Widgets.dll
2022-10-12 16:49 - 2022-09-13 09:55 - 000149504 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Pentablet\Qt5Xml.dll
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-11-2023 02
Ran by Dee (25-11-2023 21:45:38)
Running from C:\Users\Dee\Downloads
Microsoft Windows 10 Home Version 22H2 19045.3693 (X64) (2021-05-08 11:07:23)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-311264145-2370866077-2721877644-500 - Administrator - Disabled)
Dee (S-1-5-21-311264145-2370866077-2721877644-1001 - Administrator - Enabled) => C:\Users\Dee
DefaultAccount (S-1-5-21-311264145-2370866077-2721877644-503 - Limited - Disabled)
Guest (S-1-5-21-311264145-2370866077-2721877644-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-311264145-2370866077-2721877644-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
. . . (HKLM\...\{DB52A2D0-CAA1-4ED1-B122-29E7EDDE187F}) (Version: 2.1.28.3 - Intel) Hidden
. . . (HKLM-x32\...\{06DA421D-EE23-487D-878F-F0AF97EF69AD}) (Version: 2.6.1.4 - Intel) Hidden
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.03.2003 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 4.00.2001.1 - Acer Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.7.0.400 - Adobe Systems Incorporated)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 7.7.0.35 - Adobe Inc.)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.)
BYOND (HKLM-x32\...\BYOND) (Version: 515.1620 - BYOND)
Canon MP260 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP260_series) (Version: - )
Canon MP460 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP460) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 6.18 - Piriform)
CPUID CPU-Z 2.05 (HKLM\...\CPUID CPU-Z_is1) (Version: 2.05 - CPUID, Inc.)
CPUID HWMonitor 1.51 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.51 - CPUID, Inc.)
CrystalDiskInfo 9.2.1 (HKLM\...\CrystalDiskInfo_is1) (Version: 9.2.1 - Crystal Dew World)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0195 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\Discord) (Version: 1.0.9004 - Discord Inc.)
DriverSetupUtility (HKLM\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3011 - Acer Incorporated)
EA app (HKLM\...\{C2622085-ABD2-49E5-8AB9-D3D6A642C091}) (Version: 13.67.0.5580 - Electronic Arts) Hidden
EA app (HKLM-x32\...\{f39d5c85-5b2b-4e3f-a523-e60242aed116}) (Version: 13.67.0.5580 - Electronic Arts)
Epic Games Launcher (HKLM-x32\...\{553CD836-D438-469B-B268-700638DFF184}) (Version: 1.1.151.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{19695986-25CE-41AC-9C6F-54794653EDBA}) (Version: 2.0.36.0 - Epic Games, Inc.)
Foxit PhantomPDF (HKLM-x32\...\{A4023BDF-82D5-412D-9D58-8C2819EBFE2E}) (Version: 7.0.410.326 - Foxit Software Inc.)
Google Earth Pro (HKLM\...\{F27DBA46-80E1-4858-9285-19198FFFBF3D}) (Version: 7.3.6.9345 - Google)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 119.0.6045.160 - Google LLC)
Hextech Repair Tool (HKLM-x32\...\{7F9A97E6-E666-11E5-B582-B88687E82322}) (Version: 1.1.176 - Riot Games, Inc.)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.1.4.6 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HiSuite (HKLM-x32\...\Hi Suite) (Version: 10.1.1.500 - Huawei Technologies Co., Ltd.)
Cheat Engine 7.5 (HKLM\...\Cheat Engine_is1) (Version: - Cheat Engine)
Intel(R) Chipset Device Software (HKLM\...\{8C91A5EB-2C62-4A6D-8802-CC79FD2ED390}) (Version: 10.1.1.7 - Intel Corporation) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{06F2A7C5-19F0-4962-B8D2-A495B7DD2A30}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{B4FF8C31-F307-4873-A244-BBC0233CAD4B}) (Version: 11.0.0.1153 - Intel Corporation) Hidden
Intel(R) ME UninstallLegacy (HKLM\...\{FD37351B-3074-4652-8188-1B3FB784EC4E}) (Version: 1.0.1.0 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4703 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{205AE40D-8AD7-4F29-A430-DD2168DA562D}) (Version: 14.5.0.1081 - Intel Corporation) Hidden
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.253.0 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{CBD9BDB2-3126-4756-A03A-621CCF87C188}) (Version: 1.1.253.0 - Intel Corporation) Hidden
Intel® Driver Update Utility (HKLM-x32\...\{fe2eebd3-ee15-4538-bb19-b627e3f2a911}) (Version: 2.6.1.4 - Intel)
Intel® RealSense™ SDK 2014 Runtime (x64): Core (HKLM\...\{37D41A97-6B02-4C30-8753-85107BE1D674}) (Version: 3.1.0.25181 - Intel Corporation) Hidden
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{7D84E343-A23D-451C-B123-0195B2D903A6}) (Version: 1.42.17.0 - Intel Corporation) Hidden
IObit Uninstaller 12 (HKLM-x32\...\IObitUninstall) (Version: 12.1.0.6 - IObit)
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Kontrola stavu osobního počítače s Windows (HKLM\...\{D18FE9D2-2F54-4C68-A2DE-A59D4A80A9BC}) (Version: 3.1.2109.29003 - Microsoft Corporation)
Kontrola stavu osobního počítače s Windows (HKLM\...\{D1F15F7A-707A-42BD-BE6B-3380616F796D}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\Riot Game league_of_legends.live) (Version: - Riot Games, Inc)
LogMeIn Hamachi (HKLM-x32\...\{ECC0FA07-863E-44BC-8B1D-DA22F96E5FB7}) (Version: 2.2.0.633 - LogMeIn, Inc.) Hidden
Malwarebytes version 4.6.3.282 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.3.282 - Malwarebytes)
Medieval CUE Splitter (HKLM-x32\...\{B96D2269-568B-4CBF-9332-12FAE8B158F7}) (Version: 1.2.0 - Medieval Software)
Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.16924.20150 - Microsoft Corporation)
Microsoft 365 Apps for enterprise - en-us.proof (HKLM\...\O365ProPlusRetail - en-us.proof) (Version: 16.0.16924.20150 - Microsoft Corporation)
Microsoft 365 Apps pro velké organizace - cs-cz (HKLM\...\O365ProPlusRetail - cs-cz) (Version: 16.0.16924.20150 - Microsoft Corporation)
Microsoft 365 Apps pro velké organizace - cs-cz.proof (HKLM\...\O365ProPlusRetail - cs-cz.proof) (Version: 16.0.16924.20150 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 119.0.2151.72 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 119.0.2151.72 - Microsoft Corporation)
Microsoft HEVC Media Extension Installation for Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe (x64) (HKLM\...\{B0169E83-757B-EF66-E2F0-391944D785BC}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Office Standard 2019 - cs-cz (HKLM\...\Standard2019Retail - cs-cz) (Version: 16.0.16924.20150 - Microsoft Corporation)
Microsoft Office Standard 2019 - cs-cz.proof (HKLM\...\Standard2019Retail - cs-cz.proof) (Version: 16.0.16924.20150 - Microsoft Corporation)
Microsoft Office Standard 2019 - en-us (HKLM\...\Standard2019Retail - en-us) (Version: 16.0.16924.20150 - Microsoft Corporation)
Microsoft Office Standard 2019 - en-us.proof (HKLM\...\Standard2019Retail - en-us.proof) (Version: 16.0.16924.20150 - Microsoft Corporation)
Microsoft Project - cs-cz (HKLM\...\ProjectProRetail - cs-cz) (Version: 16.0.16924.20150 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (HKLM-x32\...\{8bdfe669-9705-4184-9368-db9ce581e0e7}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (HKLM-x32\...\{410c0ee1-00bb-41b6-9772-e12c2828b02f}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (HKLM\...\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (HKLM\...\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (HKLM-x32\...\{C2C59CAB-8766-4ABD-A8EF-1151A36C41E5}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (HKLM-x32\...\{73F77E4E-5A17-46E5-A5FC-8A061047725F}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (HKLM-x32\...\{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (HKLM-x32\...\{08D2E121-7F6A-43EB-97FD-629B44903403}) (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 43.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0 (x86 en-US)) (Version: 43.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0 - Mozilla)
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
NVIDIA Ovladače grafiky 536.99 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 536.99 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 25.0.1 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16924.20124 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16924.20150 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
OpenOffice 4.1.2 (HKLM-x32\...\{69D27D4C-36CE-4CB2-A290-C38B0A990955}) (Version: 4.12.9782 - Apache Software Foundation)
Opera GX Stable 104.0.4944.74 (HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\Opera GX 104.0.4944.74) (Version: 104.0.4944.74 - Opera Software)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Overwatch Beta (HKLM-x32\...\Overwatch Beta) (Version: - Blizzard Entertainment)
Paradox Launcher (HKLM-x32\...\{ED2CDA1D-39E4-4CBB-992C-5C1D08672128}) (Version: 1.1.0.0 - Paradox Interactive)
Paradox Launcher v2 (HKLM\...\{8C5CF4CE-D589-40B4-A77F-01FD64602C50}) (Version: 2.4.0 - Paradox Interactive)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Pentablet (HKLM\...\{5DAB8C1A-6D8E-467D-BE62-AC13087AA950}_is1) (Version: 3.3.10.220926 - XPPen Technology)
qBittorrent (HKLM-x32\...\qBittorrent) (Version: 4.5.5 - The qBittorrent project)
Qualcomm Atheros QCA9377 Wireless LAN & Bluetooth Installer (HKLM-x32\...\{3241744A-BA36-41F0-B4AA-EF3946D00632}) (Version: 11.0.0.067 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
Riot Client (HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\Riot Game Riot_Client.) (Version: - Riot Games, Inc)
Riot Repair Tool 1.1.3 (HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\980795d3-660d-5bf1-af59-4286bb5d9647) (Version: 1.1.3 - Riot Games Inc.)
RogueKiller version 15.13.0.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.13.0.0 - Adlice Software)
ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 11.1.0 - ShareX Team)
Skype verze 8.85 (HKLM-x32\...\Skype_is1) (Version: 8.85 - Skype Technologies S.A.)
Smart Defrag 8 (HKLM-x32\...\Smart Defrag_is1) (Version: 8.5.0.281 - IObit)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.9.0 - Sophos Limited)
Spotify (HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\Spotify) (Version: 1.2.24.756.g7a7fc7f0 - Spotify AB)
Stardew Valley (HKLM-x32\...\1453375253_is1) (Version: 1.5.5.1835528477 - GOG.com)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Temp File Cleaner (HKLM\...\Temp File Cleaner) (Version: 4.5.0.74(master)(8d92a0e96285c09fa03691e2b7618aee84c6c2b6) - Addpcs, LLC)
The Sims 4 Cottage Living (HKLM-x32\...\The Sims 4 Cottage Living_is1) (Version: - )
TLauncher (HKLM-x32\...\TLauncher) (Version: 2.871 - TLauncher Inc.)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 27.0 - Ubisoft)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{82BD0A1C-815F-487F-9AE7-CE73DA413CFF}) (Version: 4.91.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.20 - VideoLAN)
WhatsApp (HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\WhatsApp) (Version: 2.2147.16 - WhatsApp)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Zemana AntiMalware verze 3.2.28 (HKLM-x32\...\{4E1F3677-C72E-4F7D-B66E-85467B1A289E}_is1) (Version: 3.2.28 - Zemana)
Packages:
=========
Acer Explorer -> C:\Program Files\WindowsApps\AcerIncorporated.AcerExplorer_2.0.3007.0_x86__48frkmn4z8aw4 [2016-07-07] (Acer Incorporated)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-12-24] (Microsoft Corporation)
Doplněk pro Fotky -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-14] (Microsoft Corporation)
Homescapes -> C:\Program Files\WindowsApps\PLRWorldwideSales.Homescapes_5.4.3.0_x64__1feq88045d2v2 [2022-06-19] (Playrix)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_136.1.269.0_x64__v10z8vjag6ke6 [2022-04-30] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.13.5310.0_x64__8wekyb3d8bbwe [2022-06-07] (Microsoft Studios) [MS Ad]
Movie Maker - Video Editor FREE -> C:\Program Files\WindowsApps\21336V3TApps.MovieMaker-FREE_3.5.2.0_x64__bzg06mxvgh4fa [2022-06-26] (V3TApps)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2023-08-11] (NVIDIA Corp.)
Telegram Desktop -> C:\Program Files\WindowsApps\TelegramMessengerLLP.TelegramDesktop_4.0.0.0_x64__t4vj0pshhgkwm [2022-06-26] (Telegram Messenger LLP) [Startup Task]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-311264145-2370866077-2721877644-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana\AntiMalware\AM_ShellExt64.dll [2021-03-30] (Zemana D.O.O. Sarajevo -> Advanced Malware Protection. Copyright 2019.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BB FlashBack 2] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} => -> No File
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2015-01-28] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2019-09-12] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-03] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-09-25] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvacig.inf_amd64_b7653e998d156664\nvshext.dll [2023-08-05] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana\AntiMalware\AM_ShellExt64.dll [2021-03-30] (Zemana D.O.O. Sarajevo -> Advanced Malware Protection. Copyright 2019.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-03] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2019-09-12] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2008-09-05] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2008-09-05] (Electronic Arts -> On2.com)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Dee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda3 (64-bit)\Anaconda Prompt (Miniconda3).lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> "/K" C:\Users\Dee\Miniconda3\Scripts\activate.bat C:\Users\Dee\Miniconda3
==================== Loaded Modules (Whitelisted) =============
2022-10-12 16:49 - 2022-09-13 09:55 - 001224704 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Pentablet\LIBEAY32.dll
2022-10-12 16:49 - 2022-09-13 09:55 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Pentablet\SSLEAY32.dll
2022-10-12 16:49 - 2022-04-26 14:20 - 000036352 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\Pentablet\imageformats\qdds.dll
2022-10-12 16:49 - 2022-09-13 09:55 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Pentablet\imageformats\qgif.dll
2022-10-12 16:49 - 2022-09-13 09:55 - 000033280 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Pentablet\imageformats\qicns.dll
2022-10-12 16:49 - 2022-09-13 09:55 - 000027648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Pentablet\imageformats\qico.dll
2022-10-12 16:49 - 2022-09-13 09:55 - 000243712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Pentablet\imageformats\qjpeg.dll
2022-10-12 16:49 - 2022-09-13 09:55 - 000021504 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Pentablet\imageformats\qsvg.dll
2022-10-12 16:49 - 2022-09-13 09:55 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Pentablet\imageformats\qtga.dll
2022-10-12 16:49 - 2022-09-13 09:55 - 000333824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Pentablet\imageformats\qtiff.dll
2022-10-12 16:49 - 2022-09-13 09:55 - 000019968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Pentablet\imageformats\qwbmp.dll
2022-10-12 16:49 - 2022-09-13 09:55 - 000415232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Pentablet\imageformats\qwebp.dll
2022-10-12 16:49 - 2022-09-13 09:55 - 001064960 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Pentablet\platforms\qwindows.dll
2022-10-12 16:49 - 2022-09-13 09:55 - 004814336 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Pentablet\Qt5Core.dll
2022-10-12 16:49 - 2022-09-13 09:55 - 004965376 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Pentablet\Qt5Gui.dll
2022-10-12 16:49 - 2022-09-13 09:55 - 000930304 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Pentablet\Qt5Network.dll
2022-10-12 16:49 - 2022-09-13 09:55 - 000264704 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Pentablet\Qt5Svg.dll
2022-10-12 16:49 - 2022-09-13 09:55 - 004464640 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Pentablet\Qt5Widgets.dll
2022-10-12 16:49 - 2022-09-13 09:55 - 000149504 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Pentablet\Qt5Xml.dll
-
TheUnstableDee
- nováček
- Příspěvky: 13
- Registrován: listopad 23
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu - pravděpodobně nějakej bordel
Omlouvám se za tři příspěvky, ale bylo to dlouhý.
Adittion 2/2
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\WINDOWS\system32\$Acer$.cmd:48CE61F693 [3442]
AlternateDataStreams: C:\ProgramData\DisplaySessionContainer1.log:F107EE40EF [3442]
AlternateDataStreams: C:\ProgramData\DisplaySessionContainer1.log_backup1:2DD1EC5C91 [3442]
AlternateDataStreams: C:\ProgramData\DisplaySessionContainer10.log:CCC93B07B0 [3442]
AlternateDataStreams: C:\ProgramData\DisplaySessionContainer10.log_backup1:AD433BF298 [3442]
AlternateDataStreams: C:\ProgramData\DisplaySessionContainer11.log:72C8986B20 [3442]
AlternateDataStreams: C:\ProgramData\DisplaySessionContainer11.log_backup1:97A90964FA [3442]
AlternateDataStreams: C:\ProgramData\DisplaySessionContainer12.log:C40F6B9209 [3442]
AlternateDataStreams: C:\ProgramData\DisplaySessionContainer12.log_backup1:7CC29836A6 [3442]
AlternateDataStreams: C:\ProgramData\DisplaySessionContainer13.log:AE3C879266 [3442]
AlternateDataStreams: C:\ProgramData\DisplaySessionContainer13.log_backup1:AF8AA3CDC1 [3442]
AlternateDataStreams: C:\ProgramData\DisplaySessionContainer14.log:DE1448F4D7 [3442]
AlternateDataStreams: C:\ProgramData\DisplaySessionContainer14.log_backup1:D61270D3FD [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk:0B8462D2EF [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk:285622EEA3 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk:7661CCE9BF [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk:BE981218FF [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk:1F6E0D102B [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk:2AB6ADFE9C [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk:EAE14754DC [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk:B96E9B8455 [3442]
AlternateDataStreams: C:\Users\Public\AppData:CSM [478]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer15.msn.com/?pc=ACTE
SearchScopes: HKU\S-1-5-21-311264145-2370866077-2721877644-1001 -> DefaultScope {4851FAB7-D570-47F2-8777-3F2270C2012F} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2022-10-20] (IObit Information Technology -> IObit)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-11-21] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-10-11] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-10-11] (Oracle America, Inc. -> Oracle Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-11-21] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-11-21] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-11-21] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-11-21] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-11-21] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-11-21] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-11-21] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-11-21] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\amazon.com -> amazon.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-07-10 12:04 - 2016-10-28 00:12 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Common Files\DivX Shared\DesktopService
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Dee\Desktop\thingds\legends-of-runeterra-wiggly-burblefish-uhdpaper.com-hd-8.2471.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIG\Services: AdobeUpdateService => 2
MSCONFIG\Services: AGMService => 2
MSCONFIG\Services: AGSService => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: HuaweiHiSuiteService64.exe => 2
MSCONFIG\Services: MozillaMaintenance => 3
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKLM\...\StartupApproved\Run32: => "TeamsMachineUninstallerLocalAppData"
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\StartupApproved\Run: => "com.blitz.app"
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\StartupApproved\Run: => "Facebook.MessengerDesktop"
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\StartupApproved\Run: => "Opera GX Browser Assistant"
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_E1FFA6E4CF5EE06BE425AD6516A9CAC3"
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\StartupApproved\Run: => "Advanced SystemCare"
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\StartupApproved\Run: => "RiotClient"
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\StartupApproved\Run: => "Gaijin.Net Updater"
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{FA0DC7CB-AFD7-4E1B-8899-4A54DE48A26F}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{5758D484-236F-4C5C-B322-4F953A1DCB48}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{9391CD08-A57B-4137-B2D9-DECB976156CC}] => (Block) C:\program files (x86)\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{3E454881-BD3E-4936-BFE1-92965EB9FC31}] => (Block) C:\program files (x86)\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{9103DC0E-95AE-46FA-835D-397FD8818618}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{8C6AFF6E-5064-40F9-8A2A-6A7E9D256918}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{9C6E46AC-4F09-46FF-A1BF-B2B370A430C3}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{D4E8F210-2D5B-4D5B-9563-07EE95469712}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{96E1ACB0-AE0D-438F-A5B2-1604A1590E70}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{D47D5DA4-4ACE-488C-B0F2-93E1B7A4943B}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{5C5DF0B2-A52C-452B-98EA-16C8F02892C7}C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe
FirewallRules: [TCP Query User{184CFE8F-DC55-43D4-BDDF-CC878308A614}C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe
FirewallRules: [{CCDA26C8-5A06-41B9-B02F-2E262AFDB713}] => (Allow) LPort=25565
FirewallRules: [{19BA3F7A-191E-43F2-81ED-56CCD84349C5}] => (Allow) LPort=25565
FirewallRules: [{91692DC0-BF42-45CE-82A5-6E667F038C2E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{DA225F5C-C571-418A-9132-30223D45C585}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{227DE642-B4A4-40DB-B65D-741AF59B20FE}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe => No File
FirewallRules: [{153D9351-68F9-4CE6-AE66-5419EB374260}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe => No File
FirewallRules: [{D1449E72-5288-4FF3-88B1-34F6AC527BFF}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{05EBF720-9C08-4032-9F83-DDB35AB3D67E}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{9374E55F-F31F-454E-8D92-4D68414A5ACB}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe (Acer Incorporated -> acer)
FirewallRules: [{BA76611A-53EA-4E98-9240-01D77C34D7E0}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe (Acer Incorporated -> acer)
FirewallRules: [{B2ECA3BE-5BED-4097-BEB2-00D4FB38BECA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{D998EF6B-2015-403F-90A3-385708C84F9A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{ACC625E4-7CB9-4E1A-9E6B-9C9F34C4CAF3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{54EE5E77-544B-4AE8-8894-CC3DABFFBD21}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{66C691C4-973B-45B2-A777-965A92F32A2A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{C90E0CC2-7ACC-4245-B9C1-120A901749EF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve Corp. -> )
FirewallRules: [{FEBD46FE-AEF7-4B48-8EA2-D6B88A781A43}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve Corp. -> )
FirewallRules: [{7557BFF4-76ED-4CA8-AE94-7F3C68CE9A0E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe (Valve -> )
FirewallRules: [{E4AC945D-B1BB-4486-9AE1-E2EA0B84B51F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe (Valve -> )
FirewallRules: [TCP Query User{E7FFDC10-BEA0-4FE4-A511-DDEB2A54730D}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{EA2AF055-FB5C-465B-A965-F866C621106C}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{0ED855E6-DAB2-44D1-80EC-3707F4E5CC1C}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{F1307A59-0892-4272-B169-DA7FD1B02E8E}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{F9272A5C-F67A-44D0-B268-C1B5868152AC}C:\users\dee\desktop\wow cata\launcher.exe] => (Allow) C:\users\dee\desktop\wow cata\launcher.exe => No File
FirewallRules: [UDP Query User{474CFED6-01DE-46FB-91EB-960418A3BE06}C:\users\dee\desktop\wow cata\launcher.exe] => (Allow) C:\users\dee\desktop\wow cata\launcher.exe => No File
FirewallRules: [{361146A5-E05E-4B93-81D0-B4627355CA61}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{AA3D6378-8C92-4847-BEF6-9FFCE59E7442}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{12716919-2699-4C93-8748-7E200E66A348}C:\users\dee\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dee\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{B75C198C-1340-4630-B550-7DF6E8C5F843}C:\users\dee\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dee\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3E638A5B-77CE-4F67-97C8-10FF7F9C6DD7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{54495713-ABB0-4ACB-B84F-F9795FDE2541}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [TCP Query User{C0516DDF-1C8B-466C-94ED-B8C9084954CE}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{9D7F9AF7-42CE-4DA8-98EB-83396894C82C}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{F1C802B9-3F7F-4A5C-804C-82D5C504D5AB}C:\users\dee\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\dee\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{0A350A4B-2123-4387-910D-A8690D516018}C:\users\dee\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\dee\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{7FB3A566-6080-4064-859A-DEE464170835}C:\users\dee\appdata\local\packages\telegrammessengerllp.telegramdesktop_t4vj0pshhgkwm\localcache\roaming\utorrent\utorrent.exe] => (Block) C:\users\dee\appdata\local\packages\telegrammessengerllp.telegramdesktop_t4vj0pshhgkwm\localcache\roaming\utorrent\utorrent.exe () [File not signed]
FirewallRules: [UDP Query User{97C673F5-32B0-4374-9B2D-E2510AF01C09}C:\users\dee\appdata\local\packages\telegrammessengerllp.telegramdesktop_t4vj0pshhgkwm\localcache\roaming\utorrent\utorrent.exe] => (Block) C:\users\dee\appdata\local\packages\telegrammessengerllp.telegramdesktop_t4vj0pshhgkwm\localcache\roaming\utorrent\utorrent.exe () [File not signed]
FirewallRules: [{A6A285CF-B23E-44FF-966F-D0AEBD8DF683}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B2FA3777-25E9-4A07-9B35-EE6F01103594}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{A569956F-023C-49D0-99C0-484A163B1707}C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe
FirewallRules: [UDP Query User{5DD08404-D103-43B8-B87A-2A387A65E938}C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe
FirewallRules: [TCP Query User{22391AB1-CC99-4DA2-A97B-6AF28ACC07BD}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{60258D4A-15E2-4057-B340-87246A524F12}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{A5C8CB3B-7E80-4F4D-B607-FCC956E1892B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe => No File
FirewallRules: [{50870982-0416-4DCD-B22B-B6BCCC359D2B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe => No File
FirewallRules: [TCP Query User{5EA4DB0E-69CE-42A8-AAA3-339E48E0F2B9}C:\users\dee\appdata\local\programs\opera gx\opera.exe] => (Allow) C:\users\dee\appdata\local\programs\opera gx\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{0AFCDAE7-7E0F-4119-A582-2D4F6AAE1D08}C:\users\dee\appdata\local\programs\opera gx\opera.exe] => (Allow) C:\users\dee\appdata\local\programs\opera gx\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [{8BBB4B0A-D7C7-4C2E-8CB5-F5D20349141A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{FCFB3F05-35B1-437E-AA3D-684869B5518A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{2E28D1F8-2092-4154-BBC4-C6CA7585E607}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{4E728813-5C54-4D85-8742-81C2AADC4491}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [TCP Query User{1122FEC2-B39A-4A28-ADF9-FA130357E704}C:\program files (x86)\byond\bin\byond.exe] => (Allow) C:\program files (x86)\byond\bin\byond.exe () [File not signed]
FirewallRules: [UDP Query User{440D769E-03F9-4C7A-8F4A-13F24662AE3B}C:\program files (x86)\byond\bin\byond.exe] => (Allow) C:\program files (x86)\byond\bin\byond.exe () [File not signed]
FirewallRules: [{F56BC97B-9BB7-4ABF-95E7-7BDC8D6D5252}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{089D57C4-6B17-4B88-949C-BF6310052041}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1CA8E6C9-4977-49CE-AD9C-A04166CE4D0B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1D42D16E-C95E-475F-8CE9-6E06A2E2E727}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{E2FB9291-EF06-499B-8045-605AF329AACC}C:\program files (x86)\overwatch\_beta_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_beta_\overwatch.exe => No File
FirewallRules: [UDP Query User{4B8F7FAC-16F0-42BA-BF5C-596ABDBB12D5}C:\program files (x86)\overwatch\_beta_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_beta_\overwatch.exe => No File
FirewallRules: [{DD56C8FE-7429-4FFD-A816-16ECB25B9AEA}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5B1B0437-C508-4ED8-A6C2-680798881315}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{C2725252-19CE-4E11-803F-5EF1AB2AB2BF}C:\users\dee\appdata\local\programs\opera gx\opera.exe] => (Block) C:\users\dee\appdata\local\programs\opera gx\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{F272AF80-6558-4DC3-A794-80F835F0ECC3}C:\users\dee\appdata\local\programs\opera gx\opera.exe] => (Block) C:\users\dee\appdata\local\programs\opera gx\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [{AE32C95B-5F8C-4F2A-955A-DC0C1B975E7A}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{29DDD325-F515-435B-9E91-670A52640FDC}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [TCP Query User{13586D37-6644-4A4F-B032-11A68E2295DA}C:\program files (x86)\heroes of the storm\versions\base88481\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base88481\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{12F0076D-1113-4842-B8D5-8AF689494212}C:\program files (x86)\heroes of the storm\versions\base88481\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base88481\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{1394FE59-C032-40D2-978F-B1E5AD9EAA3D}C:\games\the sims 4 cottage living\game\bin\ts4_x64.exe] => (Block) C:\games\the sims 4 cottage living\game\bin\ts4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.) [File not signed]
FirewallRules: [UDP Query User{8A940154-AC15-4C40-B829-1400B8C83533}C:\games\the sims 4 cottage living\game\bin\ts4_x64.exe] => (Block) C:\games\the sims 4 cottage living\game\bin\ts4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.) [File not signed]
FirewallRules: [TCP Query User{822AAC0F-4C32-4367-B278-299B00246F7E}C:\users\dee\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\users\dee\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe
FirewallRules: [UDP Query User{90A00796-A278-4360-9312-157031E74E50}C:\users\dee\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\users\dee\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe
FirewallRules: [TCP Query User{1BC5D728-56D6-4395-9B3A-B2FD9999D9C1}C:\users\dee\appdata\roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\dee\appdata\roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\bin\javaw.exe
FirewallRules: [UDP Query User{26BBA8DE-3ACF-4269-8840-083755C8CA55}C:\users\dee\appdata\roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\dee\appdata\roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\bin\javaw.exe
FirewallRules: [TCP Query User{EB49677F-BE2F-480A-8B03-DF7B0EFFE27B}C:\program files (x86)\paradox interactive\launcher\paradox launcher.exe] => (Allow) C:\program files (x86)\paradox interactive\launcher\paradox launcher.exe (Paradox Interactive AB (publ) -> Paradox Interactive AB)
FirewallRules: [UDP Query User{1273A773-2C76-4C5E-899F-F3E7440993CE}C:\program files (x86)\paradox interactive\launcher\paradox launcher.exe] => (Allow) C:\program files (x86)\paradox interactive\launcher\paradox launcher.exe (Paradox Interactive AB (publ) -> Paradox Interactive AB)
FirewallRules: [TCP Query User{5BB3811C-1E28-4FAA-B765-81A2F913C624}C:\program files (x86)\byond\bin\byond.exe] => (Allow) C:\program files (x86)\byond\bin\byond.exe () [File not signed]
FirewallRules: [UDP Query User{5FF61C58-E93C-47B7-AD24-22BDC0F9D736}C:\program files (x86)\byond\bin\byond.exe] => (Allow) C:\program files (x86)\byond\bin\byond.exe () [File not signed]
FirewallRules: [{3142DFCA-CD44-41F1-AA15-D0ED3A69999A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{9375C831-F42D-4034-8491-A8D3C7267A44}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{B5D90F9F-9A19-4ED8-A223-9F6DEFE1F056}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{9086775A-4CD5-45E7-ACCB-95E086DA5210}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{97FCB24A-D163-4B5B-B21F-02B655904716}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{C27648BA-B691-4DDC-A416-DE4C073D934B}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{8905E62A-C046-4CFF-954F-95396986B057}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{5DAD15A1-AF49-4E4F-9477-7CDE0205ECBC}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{A2D3C080-9EC7-4F39-B3FE-896F21003A40}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{83C25CBA-3D3A-422F-8777-A51067B29B47}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{E1E10B06-AC21-4B48-940C-9A46E68AC438}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{99DE5F8B-B973-4D6F-B11F-6C38D118FBA8}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{E90B2A74-9C56-4B29-A058-BE0447386A1B}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{FAD8FCC9-FBED-42B9-BFA3-ED36FD653348}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALaunchHelper.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [TCP Query User{6DE50899-CDE3-43D7-A477-00648F5D2ACA}C:\games\unpacking\unpacking.exe] => (Allow) C:\games\unpacking\unpacking.exe => No File
FirewallRules: [UDP Query User{8C344F95-5A77-4391-9B28-0459DA11F1A1}C:\games\unpacking\unpacking.exe] => (Allow) C:\games\unpacking\unpacking.exe => No File
FirewallRules: [TCP Query User{052B3A74-FDA1-40A0-AD85-19CD39351481}C:\games\warthunder\launcher.exe] => (Allow) C:\games\warthunder\launcher.exe => No File
FirewallRules: [UDP Query User{DFFD8929-3ABD-4D18-A26A-A6D6BEEA9D4C}C:\games\warthunder\launcher.exe] => (Allow) C:\games\warthunder\launcher.exe => No File
FirewallRules: [TCP Query User{A3B27D4E-989D-43EB-9589-25999C0EF781}C:\games\warthunder\win64\aces.exe] => (Allow) C:\games\warthunder\win64\aces.exe => No File
FirewallRules: [UDP Query User{7E93B137-3108-4240-9753-8A8648FCFE81}C:\games\warthunder\win64\aces.exe] => (Allow) C:\games\warthunder\win64\aces.exe => No File
FirewallRules: [TCP Query User{93320658-8DA7-4CC8-864C-B1093F5ED11F}C:\program files (x86)\heroes of the storm\versions\base91020\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base91020\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{C4D522B0-347F-499C-91FA-435C906FFA01}C:\program files (x86)\heroes of the storm\versions\base91020\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base91020\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{AA089BD2-9C50-4040-AD23-7F20F8F68F5F}C:\program files (x86)\heroes of the storm\versions\base91081\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base91081\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{EFE45B3A-029E-4318-BD17-6D0192FFD4CA}C:\program files (x86)\heroes of the storm\versions\base91081\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base91081\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{40E77EBF-A8AE-4033-86E9-D4E348DA89D6}C:\program files (x86)\heroes of the storm\versions\base91093\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base91093\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{6132FB28-F231-4758-9DE7-9B1AF8CC953C}C:\program files (x86)\heroes of the storm\versions\base91093\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base91093\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{ABAD664E-1618-40A1-8800-2117EAECE423}C:\games\prison architect\prison architect64.exe] => (Allow) C:\games\prison architect\prison architect64.exe => No File
FirewallRules: [UDP Query User{B32CE86D-EE7E-4757-8721-1B4F36026A14}C:\games\prison architect\prison architect64.exe] => (Allow) C:\games\prison architect\prison architect64.exe => No File
FirewallRules: [{C9A98E2E-E22A-4032-8316-F9394A6CA076}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{7EAE36A0-360D-4835-9702-AF11D5A9DD43}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{983A31BA-F45D-493A-97A5-1D3C88AF4BED}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{25EC69FE-01C1-4B81-A470-0453AB04E830}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\119.0.2151.72\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{DD5F048D-E993-405A-87A1-545163507BF6}C:\program files\epic games\survivingtheaftermath\aftermath64.exe] => (Allow) C:\program files\epic games\survivingtheaftermath\aftermath64.exe => No File
FirewallRules: [UDP Query User{22AB6C85-2CA2-44D7-A294-774A102D6ECE}C:\program files\epic games\survivingtheaftermath\aftermath64.exe] => (Allow) C:\program files\epic games\survivingtheaftermath\aftermath64.exe => No File
==================== Restore Points =========================
24-11-2023 14:59:07 AdwCleaner_BeforeCleaning_24/11/2023_14:58:46
24-11-2023 15:07:34 JRT Pre-Junkware Removal
24-11-2023 22:17:22 Installed Sophos Virus Removal Tool.
==================== Faulty Device Manager Devices ============
Name: LogMeIn Hamachi Virtual Ethernet Adapter
Description: LogMeIn Hamachi Virtual Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn Inc.
Service: Hamachi
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: ========================
Application errors:
==================
Error: (11/25/2023 09:50:33 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nepodařilo se naplánovat restartování služby Ochrana softwaru na 2023-12-21T15:53:33Z. Kód chyby: 0x80041315
Error: (11/25/2023 09:50:03 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nepodařilo se naplánovat restartování služby Ochrana softwaru na 2023-12-21T15:53:03Z. Kód chyby: 0x80041315
Error: (11/25/2023 09:49:33 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nepodařilo se naplánovat restartování služby Ochrana softwaru na 2023-12-21T15:53:33Z. Kód chyby: 0x80041315
Error: (11/25/2023 09:49:03 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nepodařilo se naplánovat restartování služby Ochrana softwaru na 2023-12-21T15:53:03Z. Kód chyby: 0x80041315
Error: (11/25/2023 09:48:33 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nepodařilo se naplánovat restartování služby Ochrana softwaru na 2023-12-21T15:53:33Z. Kód chyby: 0x80041315
Error: (11/25/2023 09:48:03 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nepodařilo se naplánovat restartování služby Ochrana softwaru na 2023-12-21T15:53:03Z. Kód chyby: 0x80041315
Error: (11/25/2023 09:47:33 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nepodařilo se naplánovat restartování služby Ochrana softwaru na 2023-12-21T15:53:33Z. Kód chyby: 0x80041315
Error: (11/25/2023 09:47:03 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nepodařilo se naplánovat restartování služby Ochrana softwaru na 2023-12-21T15:53:03Z. Kód chyby: 0x80041315
System errors:
=============
Error: (11/25/2023 04:48:24 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-5E42HBG8)
Description: Server Windows.Gaming.GameBar.PresenceServer.Internal.PresenceWriter se v daném časovém limitu neregistroval u služby DCOM.
Error: (11/25/2023 04:33:06 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-5E42HBG8)
Description: Server Windows.Gaming.GameBar.PresenceServer.Internal.PresenceWriter se v daném časovém limitu neregistroval u služby DCOM.
Error: (11/25/2023 11:27:14 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-5E42HBG8)
Description: Server Windows.Gaming.GameBar.PresenceServer.Internal.PresenceWriter se v daném časovém limitu neregistroval u služby DCOM.
Error: (11/25/2023 11:22:43 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Hostitel synchronizace_53ab9 byla ukončena s následující chybou:
Pro mapovač koncových bodů nejsou k dispozici další koncové body.
Error: (11/25/2023 11:22:18 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Hostitel synchronizace_53ab9 byla ukončena s následující chybou:
Pro mapovač koncových bodů nejsou k dispozici další koncové body.
Error: (11/25/2023 11:20:31 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Správce stažených map přestala během spouštění reagovat.
Error: (11/25/2023 11:18:24 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Intel(R) Management and Security Application Local Management Service přestala během spouštění reagovat.
Error: (11/25/2023 11:14:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Windows Presentation Foundation Font Cache 3.0.0.0 neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.
Windows Defender:
================
Date: 2023-11-25 15:21:00
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: PUA:Win32/CandyOpen
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: file:_C:\Users\Dee\AppData\Roaming\uTorrent\updates\3.4.7_42330.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe
Verze bezpečnostních informací: AV: 1.401.1160.0, AS: 1.401.1160.0, NIS: 1.401.1160.0
Verze modulu: AM: 1.1.23100.2009, NIS: 1.1.23100.2009
Date: 2023-11-25 12:41:17
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: PUABundler:Win32/uTorrent_BundleInstaller
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: file:_C:\Users\Dee\AppData\Roaming\uTorrent\updates\3.4.8_42449.exe
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe
Verze bezpečnostních informací: AV: 1.401.1160.0, AS: 1.401.1160.0, NIS: 1.401.1160.0
Verze modulu: AM: 1.1.23100.2009, NIS: 1.1.23100.2009
Date: 2023-11-24 15:41:53
Description:
Řízený přístup ke složkám zablokoval pro C:\Program Files\RogueKiller\RogueKiller64.exe provádění změn v paměti.
Čas detekce: 2023-11-24T14:41:53.860Z
Uživatel: NT AUTHORITY\SYSTEM
Cesta: \Device\Harddisk0\DR0
Název procesu: C:\Program Files\RogueKiller\RogueKiller64.exe
Verze bezpečnostních informací: 1.401.1109.0
Verze modulu: 1.1.23100.2009
Verze produktu: 4.18.23100.2009
Date: 2023-11-24 15:41:25
Description:
Řízený přístup ke složkám zablokoval pro C:\Program Files\RogueKiller\RogueKillerSvc.exe provádění změn v paměti.
Čas detekce: 2023-11-24T14:41:25.976Z
Uživatel: LAPTOP-5E42HBG8\Dee
Cesta: \Device\Harddisk0\DR0
Název procesu: C:\Program Files\RogueKiller\RogueKillerSvc.exe
Verze bezpečnostních informací: 1.401.1109.0
Verze modulu: 1.1.23100.2009
Verze produktu: 4.18.23100.2009
Date: 2023-11-24 15:41:25
Description:
Řízený přístup ke složkám zablokoval pro C:\Program Files\RogueKiller\RogueKillerSvc.exe provádění změn v paměti.
Čas detekce: 2023-11-24T14:41:25.976Z
Uživatel: NT AUTHORITY\SYSTEM
Cesta: \Device\Harddisk0\DR0
Název procesu: C:\Program Files\RogueKiller\RogueKillerSvc.exe
Verze bezpečnostních informací: 1.401.1109.0
Verze modulu: 1.1.23100.2009
Verze produktu: 4.18.23100.2009
Event[0]:
Date: 2023-07-21 17:50:55
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.393.887.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.23060.1005
Kód chyby: 0x80070643
Popis chyby: Při instalaci došlo k závažné chybě.
Date: 2023-07-01 20:10:05
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.391.3005.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.23050.3
Kód chyby: 0x80240022
Popis chyby: V daném programu nelze zkontrolovat aktualizace definic.
Date: 2023-07-01 20:10:05
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.391.3005.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.23050.3
Kód chyby: 0x80240022
Popis chyby: V daném programu nelze zkontrolovat aktualizace definic.
Date: 2023-06-19 16:45:27
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.391.1975.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.23050.3
Kód chyby: 0x80070102
Popis chyby: Vypršel časový limit operace čekání.
Date: 2023-06-15 17:44:26
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.391.1439.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.23050.3
Kód chyby: 0x80070102
Popis chyby: Vypršel časový limit operace čekání.
CodeIntegrity:
===============
Date: 2023-11-22 22:45:13
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Leawo\Blu-ray Player\phymem_ext64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2023-05-20 22:07:52
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
Date: 2022-05-19 01:11:49
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
BIOS: Insyde Corp. V1.35 11/30/2015
Motherboard: Acer ZORO_BH
Processor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 63%
Total physical RAM: 8112.45 MB
Available physical RAM: 2943.43 MB
Total Virtual: 10928.45 MB
Available Virtual: 4482.82 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:930.56 GB) (Free:510.75 GB) (Model: TOSHIBA MQ01ABD100) NTFS
\\?\Volume{1077a63f-6ff6-4a85-b2db-c4e25c9da18b}\ () (Fixed) (Total:0.83 GB) (Free:0.33 GB) NTFS
\\?\Volume{a158795a-dd1d-452c-b9be-5a1a3025df00}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 68B0D32F)
Partition: GPT.
==================== End of Addition.txt =======================
Adittion 2/2
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\WINDOWS\system32\$Acer$.cmd:48CE61F693 [3442]
AlternateDataStreams: C:\ProgramData\DisplaySessionContainer1.log:F107EE40EF [3442]
AlternateDataStreams: C:\ProgramData\DisplaySessionContainer1.log_backup1:2DD1EC5C91 [3442]
AlternateDataStreams: C:\ProgramData\DisplaySessionContainer10.log:CCC93B07B0 [3442]
AlternateDataStreams: C:\ProgramData\DisplaySessionContainer10.log_backup1:AD433BF298 [3442]
AlternateDataStreams: C:\ProgramData\DisplaySessionContainer11.log:72C8986B20 [3442]
AlternateDataStreams: C:\ProgramData\DisplaySessionContainer11.log_backup1:97A90964FA [3442]
AlternateDataStreams: C:\ProgramData\DisplaySessionContainer12.log:C40F6B9209 [3442]
AlternateDataStreams: C:\ProgramData\DisplaySessionContainer12.log_backup1:7CC29836A6 [3442]
AlternateDataStreams: C:\ProgramData\DisplaySessionContainer13.log:AE3C879266 [3442]
AlternateDataStreams: C:\ProgramData\DisplaySessionContainer13.log_backup1:AF8AA3CDC1 [3442]
AlternateDataStreams: C:\ProgramData\DisplaySessionContainer14.log:DE1448F4D7 [3442]
AlternateDataStreams: C:\ProgramData\DisplaySessionContainer14.log_backup1:D61270D3FD [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk:0B8462D2EF [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk:285622EEA3 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk:7661CCE9BF [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk:BE981218FF [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk:1F6E0D102B [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk:2AB6ADFE9C [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk:EAE14754DC [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk:B96E9B8455 [3442]
AlternateDataStreams: C:\Users\Public\AppData:CSM [478]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer15.msn.com/?pc=ACTE
SearchScopes: HKU\S-1-5-21-311264145-2370866077-2721877644-1001 -> DefaultScope {4851FAB7-D570-47F2-8777-3F2270C2012F} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2022-10-20] (IObit Information Technology -> IObit)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-11-21] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-10-11] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-10-11] (Oracle America, Inc. -> Oracle Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-11-21] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-11-21] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-11-21] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-11-21] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-11-21] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-11-21] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-11-21] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-11-21] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\amazon.com -> amazon.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-07-10 12:04 - 2016-10-28 00:12 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Common Files\DivX Shared\DesktopService
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Dee\Desktop\thingds\legends-of-runeterra-wiggly-burblefish-uhdpaper.com-hd-8.2471.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIG\Services: AdobeUpdateService => 2
MSCONFIG\Services: AGMService => 2
MSCONFIG\Services: AGSService => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: HuaweiHiSuiteService64.exe => 2
MSCONFIG\Services: MozillaMaintenance => 3
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKLM\...\StartupApproved\Run32: => "TeamsMachineUninstallerLocalAppData"
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\StartupApproved\Run: => "com.blitz.app"
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\StartupApproved\Run: => "Facebook.MessengerDesktop"
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\StartupApproved\Run: => "Opera GX Browser Assistant"
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_E1FFA6E4CF5EE06BE425AD6516A9CAC3"
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\StartupApproved\Run: => "Advanced SystemCare"
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\StartupApproved\Run: => "RiotClient"
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\StartupApproved\Run: => "Gaijin.Net Updater"
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{FA0DC7CB-AFD7-4E1B-8899-4A54DE48A26F}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{5758D484-236F-4C5C-B322-4F953A1DCB48}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{9391CD08-A57B-4137-B2D9-DECB976156CC}] => (Block) C:\program files (x86)\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{3E454881-BD3E-4936-BFE1-92965EB9FC31}] => (Block) C:\program files (x86)\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{9103DC0E-95AE-46FA-835D-397FD8818618}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{8C6AFF6E-5064-40F9-8A2A-6A7E9D256918}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{9C6E46AC-4F09-46FF-A1BF-B2B370A430C3}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{D4E8F210-2D5B-4D5B-9563-07EE95469712}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{96E1ACB0-AE0D-438F-A5B2-1604A1590E70}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{D47D5DA4-4ACE-488C-B0F2-93E1B7A4943B}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{5C5DF0B2-A52C-452B-98EA-16C8F02892C7}C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe
FirewallRules: [TCP Query User{184CFE8F-DC55-43D4-BDDF-CC878308A614}C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe
FirewallRules: [{CCDA26C8-5A06-41B9-B02F-2E262AFDB713}] => (Allow) LPort=25565
FirewallRules: [{19BA3F7A-191E-43F2-81ED-56CCD84349C5}] => (Allow) LPort=25565
FirewallRules: [{91692DC0-BF42-45CE-82A5-6E667F038C2E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{DA225F5C-C571-418A-9132-30223D45C585}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{227DE642-B4A4-40DB-B65D-741AF59B20FE}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe => No File
FirewallRules: [{153D9351-68F9-4CE6-AE66-5419EB374260}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe => No File
FirewallRules: [{D1449E72-5288-4FF3-88B1-34F6AC527BFF}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{05EBF720-9C08-4032-9F83-DDB35AB3D67E}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe (Acer Incorporated -> acer)
FirewallRules: [{9374E55F-F31F-454E-8D92-4D68414A5ACB}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe (Acer Incorporated -> acer)
FirewallRules: [{BA76611A-53EA-4E98-9240-01D77C34D7E0}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe (Acer Incorporated -> acer)
FirewallRules: [{B2ECA3BE-5BED-4097-BEB2-00D4FB38BECA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{D998EF6B-2015-403F-90A3-385708C84F9A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{ACC625E4-7CB9-4E1A-9E6B-9C9F34C4CAF3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{54EE5E77-544B-4AE8-8894-CC3DABFFBD21}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{66C691C4-973B-45B2-A777-965A92F32A2A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{C90E0CC2-7ACC-4245-B9C1-120A901749EF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve Corp. -> )
FirewallRules: [{FEBD46FE-AEF7-4B48-8EA2-D6B88A781A43}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve Corp. -> )
FirewallRules: [{7557BFF4-76ED-4CA8-AE94-7F3C68CE9A0E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe (Valve -> )
FirewallRules: [{E4AC945D-B1BB-4486-9AE1-E2EA0B84B51F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe (Valve -> )
FirewallRules: [TCP Query User{E7FFDC10-BEA0-4FE4-A511-DDEB2A54730D}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{EA2AF055-FB5C-465B-A965-F866C621106C}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{0ED855E6-DAB2-44D1-80EC-3707F4E5CC1C}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{F1307A59-0892-4272-B169-DA7FD1B02E8E}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{F9272A5C-F67A-44D0-B268-C1B5868152AC}C:\users\dee\desktop\wow cata\launcher.exe] => (Allow) C:\users\dee\desktop\wow cata\launcher.exe => No File
FirewallRules: [UDP Query User{474CFED6-01DE-46FB-91EB-960418A3BE06}C:\users\dee\desktop\wow cata\launcher.exe] => (Allow) C:\users\dee\desktop\wow cata\launcher.exe => No File
FirewallRules: [{361146A5-E05E-4B93-81D0-B4627355CA61}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{AA3D6378-8C92-4847-BEF6-9FFCE59E7442}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{12716919-2699-4C93-8748-7E200E66A348}C:\users\dee\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dee\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{B75C198C-1340-4630-B550-7DF6E8C5F843}C:\users\dee\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dee\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3E638A5B-77CE-4F67-97C8-10FF7F9C6DD7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{54495713-ABB0-4ACB-B84F-F9795FDE2541}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [TCP Query User{C0516DDF-1C8B-466C-94ED-B8C9084954CE}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{9D7F9AF7-42CE-4DA8-98EB-83396894C82C}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{F1C802B9-3F7F-4A5C-804C-82D5C504D5AB}C:\users\dee\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\dee\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{0A350A4B-2123-4387-910D-A8690D516018}C:\users\dee\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\dee\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{7FB3A566-6080-4064-859A-DEE464170835}C:\users\dee\appdata\local\packages\telegrammessengerllp.telegramdesktop_t4vj0pshhgkwm\localcache\roaming\utorrent\utorrent.exe] => (Block) C:\users\dee\appdata\local\packages\telegrammessengerllp.telegramdesktop_t4vj0pshhgkwm\localcache\roaming\utorrent\utorrent.exe () [File not signed]
FirewallRules: [UDP Query User{97C673F5-32B0-4374-9B2D-E2510AF01C09}C:\users\dee\appdata\local\packages\telegrammessengerllp.telegramdesktop_t4vj0pshhgkwm\localcache\roaming\utorrent\utorrent.exe] => (Block) C:\users\dee\appdata\local\packages\telegrammessengerllp.telegramdesktop_t4vj0pshhgkwm\localcache\roaming\utorrent\utorrent.exe () [File not signed]
FirewallRules: [{A6A285CF-B23E-44FF-966F-D0AEBD8DF683}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B2FA3777-25E9-4A07-9B35-EE6F01103594}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{A569956F-023C-49D0-99C0-484A163B1707}C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe
FirewallRules: [UDP Query User{5DD08404-D103-43B8-B87A-2A387A65E938}C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_144\bin\javaw.exe
FirewallRules: [TCP Query User{22391AB1-CC99-4DA2-A97B-6AF28ACC07BD}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{60258D4A-15E2-4057-B340-87246A524F12}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{A5C8CB3B-7E80-4F4D-B607-FCC956E1892B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe => No File
FirewallRules: [{50870982-0416-4DCD-B22B-B6BCCC359D2B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe => No File
FirewallRules: [TCP Query User{5EA4DB0E-69CE-42A8-AAA3-339E48E0F2B9}C:\users\dee\appdata\local\programs\opera gx\opera.exe] => (Allow) C:\users\dee\appdata\local\programs\opera gx\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{0AFCDAE7-7E0F-4119-A582-2D4F6AAE1D08}C:\users\dee\appdata\local\programs\opera gx\opera.exe] => (Allow) C:\users\dee\appdata\local\programs\opera gx\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [{8BBB4B0A-D7C7-4C2E-8CB5-F5D20349141A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{FCFB3F05-35B1-437E-AA3D-684869B5518A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{2E28D1F8-2092-4154-BBC4-C6CA7585E607}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{4E728813-5C54-4D85-8742-81C2AADC4491}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [TCP Query User{1122FEC2-B39A-4A28-ADF9-FA130357E704}C:\program files (x86)\byond\bin\byond.exe] => (Allow) C:\program files (x86)\byond\bin\byond.exe () [File not signed]
FirewallRules: [UDP Query User{440D769E-03F9-4C7A-8F4A-13F24662AE3B}C:\program files (x86)\byond\bin\byond.exe] => (Allow) C:\program files (x86)\byond\bin\byond.exe () [File not signed]
FirewallRules: [{F56BC97B-9BB7-4ABF-95E7-7BDC8D6D5252}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{089D57C4-6B17-4B88-949C-BF6310052041}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1CA8E6C9-4977-49CE-AD9C-A04166CE4D0B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1D42D16E-C95E-475F-8CE9-6E06A2E2E727}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{E2FB9291-EF06-499B-8045-605AF329AACC}C:\program files (x86)\overwatch\_beta_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_beta_\overwatch.exe => No File
FirewallRules: [UDP Query User{4B8F7FAC-16F0-42BA-BF5C-596ABDBB12D5}C:\program files (x86)\overwatch\_beta_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_beta_\overwatch.exe => No File
FirewallRules: [{DD56C8FE-7429-4FFD-A816-16ECB25B9AEA}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5B1B0437-C508-4ED8-A6C2-680798881315}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{C2725252-19CE-4E11-803F-5EF1AB2AB2BF}C:\users\dee\appdata\local\programs\opera gx\opera.exe] => (Block) C:\users\dee\appdata\local\programs\opera gx\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{F272AF80-6558-4DC3-A794-80F835F0ECC3}C:\users\dee\appdata\local\programs\opera gx\opera.exe] => (Block) C:\users\dee\appdata\local\programs\opera gx\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [{AE32C95B-5F8C-4F2A-955A-DC0C1B975E7A}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{29DDD325-F515-435B-9E91-670A52640FDC}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [TCP Query User{13586D37-6644-4A4F-B032-11A68E2295DA}C:\program files (x86)\heroes of the storm\versions\base88481\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base88481\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{12F0076D-1113-4842-B8D5-8AF689494212}C:\program files (x86)\heroes of the storm\versions\base88481\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base88481\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{1394FE59-C032-40D2-978F-B1E5AD9EAA3D}C:\games\the sims 4 cottage living\game\bin\ts4_x64.exe] => (Block) C:\games\the sims 4 cottage living\game\bin\ts4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.) [File not signed]
FirewallRules: [UDP Query User{8A940154-AC15-4C40-B829-1400B8C83533}C:\games\the sims 4 cottage living\game\bin\ts4_x64.exe] => (Block) C:\games\the sims 4 cottage living\game\bin\ts4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.) [File not signed]
FirewallRules: [TCP Query User{822AAC0F-4C32-4367-B278-299B00246F7E}C:\users\dee\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\users\dee\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe
FirewallRules: [UDP Query User{90A00796-A278-4360-9312-157031E74E50}C:\users\dee\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\users\dee\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe
FirewallRules: [TCP Query User{1BC5D728-56D6-4395-9B3A-B2FD9999D9C1}C:\users\dee\appdata\roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\dee\appdata\roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\bin\javaw.exe
FirewallRules: [UDP Query User{26BBA8DE-3ACF-4269-8840-083755C8CA55}C:\users\dee\appdata\roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\dee\appdata\roaming\.minecraft\runtime\java-runtime-gamma\windows\java-runtime-gamma\bin\javaw.exe
FirewallRules: [TCP Query User{EB49677F-BE2F-480A-8B03-DF7B0EFFE27B}C:\program files (x86)\paradox interactive\launcher\paradox launcher.exe] => (Allow) C:\program files (x86)\paradox interactive\launcher\paradox launcher.exe (Paradox Interactive AB (publ) -> Paradox Interactive AB)
FirewallRules: [UDP Query User{1273A773-2C76-4C5E-899F-F3E7440993CE}C:\program files (x86)\paradox interactive\launcher\paradox launcher.exe] => (Allow) C:\program files (x86)\paradox interactive\launcher\paradox launcher.exe (Paradox Interactive AB (publ) -> Paradox Interactive AB)
FirewallRules: [TCP Query User{5BB3811C-1E28-4FAA-B765-81A2F913C624}C:\program files (x86)\byond\bin\byond.exe] => (Allow) C:\program files (x86)\byond\bin\byond.exe () [File not signed]
FirewallRules: [UDP Query User{5FF61C58-E93C-47B7-AD24-22BDC0F9D736}C:\program files (x86)\byond\bin\byond.exe] => (Allow) C:\program files (x86)\byond\bin\byond.exe () [File not signed]
FirewallRules: [{3142DFCA-CD44-41F1-AA15-D0ED3A69999A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{9375C831-F42D-4034-8491-A8D3C7267A44}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{B5D90F9F-9A19-4ED8-A223-9F6DEFE1F056}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{9086775A-4CD5-45E7-ACCB-95E086DA5210}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{97FCB24A-D163-4B5B-B21F-02B655904716}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{C27648BA-B691-4DDC-A416-DE4C073D934B}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{8905E62A-C046-4CFF-954F-95396986B057}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{5DAD15A1-AF49-4E4F-9477-7CDE0205ECBC}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{A2D3C080-9EC7-4F39-B3FE-896F21003A40}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{83C25CBA-3D3A-422F-8777-A51067B29B47}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{E1E10B06-AC21-4B48-940C-9A46E68AC438}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{99DE5F8B-B973-4D6F-B11F-6C38D118FBA8}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{E90B2A74-9C56-4B29-A058-BE0447386A1B}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{FAD8FCC9-FBED-42B9-BFA3-ED36FD653348}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALaunchHelper.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [TCP Query User{6DE50899-CDE3-43D7-A477-00648F5D2ACA}C:\games\unpacking\unpacking.exe] => (Allow) C:\games\unpacking\unpacking.exe => No File
FirewallRules: [UDP Query User{8C344F95-5A77-4391-9B28-0459DA11F1A1}C:\games\unpacking\unpacking.exe] => (Allow) C:\games\unpacking\unpacking.exe => No File
FirewallRules: [TCP Query User{052B3A74-FDA1-40A0-AD85-19CD39351481}C:\games\warthunder\launcher.exe] => (Allow) C:\games\warthunder\launcher.exe => No File
FirewallRules: [UDP Query User{DFFD8929-3ABD-4D18-A26A-A6D6BEEA9D4C}C:\games\warthunder\launcher.exe] => (Allow) C:\games\warthunder\launcher.exe => No File
FirewallRules: [TCP Query User{A3B27D4E-989D-43EB-9589-25999C0EF781}C:\games\warthunder\win64\aces.exe] => (Allow) C:\games\warthunder\win64\aces.exe => No File
FirewallRules: [UDP Query User{7E93B137-3108-4240-9753-8A8648FCFE81}C:\games\warthunder\win64\aces.exe] => (Allow) C:\games\warthunder\win64\aces.exe => No File
FirewallRules: [TCP Query User{93320658-8DA7-4CC8-864C-B1093F5ED11F}C:\program files (x86)\heroes of the storm\versions\base91020\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base91020\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{C4D522B0-347F-499C-91FA-435C906FFA01}C:\program files (x86)\heroes of the storm\versions\base91020\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base91020\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{AA089BD2-9C50-4040-AD23-7F20F8F68F5F}C:\program files (x86)\heroes of the storm\versions\base91081\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base91081\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{EFE45B3A-029E-4318-BD17-6D0192FFD4CA}C:\program files (x86)\heroes of the storm\versions\base91081\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base91081\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{40E77EBF-A8AE-4033-86E9-D4E348DA89D6}C:\program files (x86)\heroes of the storm\versions\base91093\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base91093\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{6132FB28-F231-4758-9DE7-9B1AF8CC953C}C:\program files (x86)\heroes of the storm\versions\base91093\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base91093\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{ABAD664E-1618-40A1-8800-2117EAECE423}C:\games\prison architect\prison architect64.exe] => (Allow) C:\games\prison architect\prison architect64.exe => No File
FirewallRules: [UDP Query User{B32CE86D-EE7E-4757-8721-1B4F36026A14}C:\games\prison architect\prison architect64.exe] => (Allow) C:\games\prison architect\prison architect64.exe => No File
FirewallRules: [{C9A98E2E-E22A-4032-8316-F9394A6CA076}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{7EAE36A0-360D-4835-9702-AF11D5A9DD43}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{983A31BA-F45D-493A-97A5-1D3C88AF4BED}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{25EC69FE-01C1-4B81-A470-0453AB04E830}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\119.0.2151.72\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{DD5F048D-E993-405A-87A1-545163507BF6}C:\program files\epic games\survivingtheaftermath\aftermath64.exe] => (Allow) C:\program files\epic games\survivingtheaftermath\aftermath64.exe => No File
FirewallRules: [UDP Query User{22AB6C85-2CA2-44D7-A294-774A102D6ECE}C:\program files\epic games\survivingtheaftermath\aftermath64.exe] => (Allow) C:\program files\epic games\survivingtheaftermath\aftermath64.exe => No File
==================== Restore Points =========================
24-11-2023 14:59:07 AdwCleaner_BeforeCleaning_24/11/2023_14:58:46
24-11-2023 15:07:34 JRT Pre-Junkware Removal
24-11-2023 22:17:22 Installed Sophos Virus Removal Tool.
==================== Faulty Device Manager Devices ============
Name: LogMeIn Hamachi Virtual Ethernet Adapter
Description: LogMeIn Hamachi Virtual Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn Inc.
Service: Hamachi
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: ========================
Application errors:
==================
Error: (11/25/2023 09:50:33 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nepodařilo se naplánovat restartování služby Ochrana softwaru na 2023-12-21T15:53:33Z. Kód chyby: 0x80041315
Error: (11/25/2023 09:50:03 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nepodařilo se naplánovat restartování služby Ochrana softwaru na 2023-12-21T15:53:03Z. Kód chyby: 0x80041315
Error: (11/25/2023 09:49:33 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nepodařilo se naplánovat restartování služby Ochrana softwaru na 2023-12-21T15:53:33Z. Kód chyby: 0x80041315
Error: (11/25/2023 09:49:03 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nepodařilo se naplánovat restartování služby Ochrana softwaru na 2023-12-21T15:53:03Z. Kód chyby: 0x80041315
Error: (11/25/2023 09:48:33 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nepodařilo se naplánovat restartování služby Ochrana softwaru na 2023-12-21T15:53:33Z. Kód chyby: 0x80041315
Error: (11/25/2023 09:48:03 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nepodařilo se naplánovat restartování služby Ochrana softwaru na 2023-12-21T15:53:03Z. Kód chyby: 0x80041315
Error: (11/25/2023 09:47:33 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nepodařilo se naplánovat restartování služby Ochrana softwaru na 2023-12-21T15:53:33Z. Kód chyby: 0x80041315
Error: (11/25/2023 09:47:03 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nepodařilo se naplánovat restartování služby Ochrana softwaru na 2023-12-21T15:53:03Z. Kód chyby: 0x80041315
System errors:
=============
Error: (11/25/2023 04:48:24 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-5E42HBG8)
Description: Server Windows.Gaming.GameBar.PresenceServer.Internal.PresenceWriter se v daném časovém limitu neregistroval u služby DCOM.
Error: (11/25/2023 04:33:06 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-5E42HBG8)
Description: Server Windows.Gaming.GameBar.PresenceServer.Internal.PresenceWriter se v daném časovém limitu neregistroval u služby DCOM.
Error: (11/25/2023 11:27:14 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-5E42HBG8)
Description: Server Windows.Gaming.GameBar.PresenceServer.Internal.PresenceWriter se v daném časovém limitu neregistroval u služby DCOM.
Error: (11/25/2023 11:22:43 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Hostitel synchronizace_53ab9 byla ukončena s následující chybou:
Pro mapovač koncových bodů nejsou k dispozici další koncové body.
Error: (11/25/2023 11:22:18 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Hostitel synchronizace_53ab9 byla ukončena s následující chybou:
Pro mapovač koncových bodů nejsou k dispozici další koncové body.
Error: (11/25/2023 11:20:31 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Správce stažených map přestala během spouštění reagovat.
Error: (11/25/2023 11:18:24 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Intel(R) Management and Security Application Local Management Service přestala během spouštění reagovat.
Error: (11/25/2023 11:14:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Windows Presentation Foundation Font Cache 3.0.0.0 neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.
Windows Defender:
================
Date: 2023-11-25 15:21:00
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: PUA:Win32/CandyOpen
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: file:_C:\Users\Dee\AppData\Roaming\uTorrent\updates\3.4.7_42330.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe
Verze bezpečnostních informací: AV: 1.401.1160.0, AS: 1.401.1160.0, NIS: 1.401.1160.0
Verze modulu: AM: 1.1.23100.2009, NIS: 1.1.23100.2009
Date: 2023-11-25 12:41:17
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: PUABundler:Win32/uTorrent_BundleInstaller
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: file:_C:\Users\Dee\AppData\Roaming\uTorrent\updates\3.4.8_42449.exe
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe
Verze bezpečnostních informací: AV: 1.401.1160.0, AS: 1.401.1160.0, NIS: 1.401.1160.0
Verze modulu: AM: 1.1.23100.2009, NIS: 1.1.23100.2009
Date: 2023-11-24 15:41:53
Description:
Řízený přístup ke složkám zablokoval pro C:\Program Files\RogueKiller\RogueKiller64.exe provádění změn v paměti.
Čas detekce: 2023-11-24T14:41:53.860Z
Uživatel: NT AUTHORITY\SYSTEM
Cesta: \Device\Harddisk0\DR0
Název procesu: C:\Program Files\RogueKiller\RogueKiller64.exe
Verze bezpečnostních informací: 1.401.1109.0
Verze modulu: 1.1.23100.2009
Verze produktu: 4.18.23100.2009
Date: 2023-11-24 15:41:25
Description:
Řízený přístup ke složkám zablokoval pro C:\Program Files\RogueKiller\RogueKillerSvc.exe provádění změn v paměti.
Čas detekce: 2023-11-24T14:41:25.976Z
Uživatel: LAPTOP-5E42HBG8\Dee
Cesta: \Device\Harddisk0\DR0
Název procesu: C:\Program Files\RogueKiller\RogueKillerSvc.exe
Verze bezpečnostních informací: 1.401.1109.0
Verze modulu: 1.1.23100.2009
Verze produktu: 4.18.23100.2009
Date: 2023-11-24 15:41:25
Description:
Řízený přístup ke složkám zablokoval pro C:\Program Files\RogueKiller\RogueKillerSvc.exe provádění změn v paměti.
Čas detekce: 2023-11-24T14:41:25.976Z
Uživatel: NT AUTHORITY\SYSTEM
Cesta: \Device\Harddisk0\DR0
Název procesu: C:\Program Files\RogueKiller\RogueKillerSvc.exe
Verze bezpečnostních informací: 1.401.1109.0
Verze modulu: 1.1.23100.2009
Verze produktu: 4.18.23100.2009
Event[0]:
Date: 2023-07-21 17:50:55
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.393.887.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.23060.1005
Kód chyby: 0x80070643
Popis chyby: Při instalaci došlo k závažné chybě.
Date: 2023-07-01 20:10:05
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.391.3005.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.23050.3
Kód chyby: 0x80240022
Popis chyby: V daném programu nelze zkontrolovat aktualizace definic.
Date: 2023-07-01 20:10:05
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.391.3005.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.23050.3
Kód chyby: 0x80240022
Popis chyby: V daném programu nelze zkontrolovat aktualizace definic.
Date: 2023-06-19 16:45:27
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.391.1975.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.23050.3
Kód chyby: 0x80070102
Popis chyby: Vypršel časový limit operace čekání.
Date: 2023-06-15 17:44:26
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.391.1439.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.23050.3
Kód chyby: 0x80070102
Popis chyby: Vypršel časový limit operace čekání.
CodeIntegrity:
===============
Date: 2023-11-22 22:45:13
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Leawo\Blu-ray Player\phymem_ext64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2023-05-20 22:07:52
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
Date: 2022-05-19 01:11:49
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
BIOS: Insyde Corp. V1.35 11/30/2015
Motherboard: Acer ZORO_BH
Processor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 63%
Total physical RAM: 8112.45 MB
Available physical RAM: 2943.43 MB
Total Virtual: 10928.45 MB
Available Virtual: 4482.82 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:930.56 GB) (Free:510.75 GB) (Model: TOSHIBA MQ01ABD100) NTFS
\\?\Volume{1077a63f-6ff6-4a85-b2db-c4e25c9da18b}\ () (Fixed) (Total:0.83 GB) (Free:0.33 GB) NTFS
\\?\Volume{a158795a-dd1d-452c-b9be-5a1a3025df00}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 68B0D32F)
Partition: GPT.
==================== End of Addition.txt =======================
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43061
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu - pravděpodobně nějakej bordel
Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.
(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).
Ulož jej na na plochu jako fixlist.txt
Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.
Kód: Vybrat vše
Start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (No File)
HKLM-x32\...\Run: [TeamsMachineUninstallerProgramData] => %ProgramData%\Microsoft\Teams\Update.exe --uninstall --msiUninstall --source=default (No File)
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\Run: [Gaijin.Net Updater] => "C:\Users\Dee\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe" (No File)
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\MountPoints2: {62e594f9-164e-11ed-9d45-54ab3a476bdc} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\MountPoints2: {a4ff9eb1-1878-11ec-9d06-54ab3a476bdc} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\MountPoints2: {aacd9a41-cab9-11eb-9cf1-c8ff280f0279} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\MountPoints2: {f2a053ed-ac73-11ec-9d26-c8ff280f0279} - "E:\HiSuiteDownLoader.exe"
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {0B6A9428-B423-4CAE-BCA1-5898B04F3EA4} - \Microsoft\Windows\AppListBackup\BackupNonMaintenance -> No File <==== ATTENTION
Task: {0E5449C5-5AE4-425D-808E-0900CA7FE2A5} - \Microsoft\Windows\Application Experience\MareBackup -> No File <==== ATTENTION
Task: {42924238-738F-4B82-B73E-BA9DCEC815E7} - \Microsoft\Windows\Management\Autopilot\RemediateHardwareChange -> No File <==== ATTENTION
Task: {4BC85114-38BE-42BB-9740-3618B8F13A89} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {665A00E9-732B-42DF-A596-9FE82A6B91D3} - \Microsoft\Windows\PI\SecureBootEncodeUEFI -> No File <==== ATTENTION
Task: {7F91A628-B915-43A3-AF07-66D388AA7AC3} - \Microsoft\Windows\Management\Autopilot\DetectHardwareChange -> No File <==== ATTENTION
Task: {807A6468-AA37-47EF-BB35-021A6C556681} - \Microsoft\Windows\Registry\OOBE-Maintenance -> No File <==== ATTENTION
Task: {88E2DF20-0B21-49D0-82A6-12F013BEA369} - \Microsoft\Windows\Shell\ThemesSyncedImageDownload -> No File <==== ATTENTION
Task: {8F87510C-118C-4E78-A80B-3FEDBD08975D} - \Microsoft\Windows\WindowsUpdate\Refresh Group Policy Cache -> No File <==== ATTENTION
Task: {9F72CF44-9290-4134-85C2-B191DCD42ACF} - \Microsoft\Windows\Printing\PrinterCleanupTask -> No File <==== ATTENTION
Task: {D900F660-679A-4259-ADCE-1785CB35F67F} - \Microsoft\Windows\CloudRestore\Backup -> No File <==== ATTENTION
Task: {EDC00E4E-BD6B-477F-B6CA-440ECD6558A6} - \Microsoft\Windows\ConsentUX\UnifiedConsent\UnifiedConsentSyncTask -> No File <==== ATTENTION
Task: {FBE1992D-A1B2-44DD-9601-A1A2F799B096} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe -auto (No File)
Task: {04A05EB8-F698-4DD0-8D7C-A8F54E64FC1E} - System32\Tasks\Avast SecureLine VPN Update => c:\program files\avast software\secureline\vpnupdate.exe (No File)
Task: {46D44DF3-9763-445A-8AF4-79979D759782} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe task (No File)
Task: {4255B467-65DE-4952-B13A-DB5BA51063CC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-06-14] (Google Inc -> Google Inc.)
Task: {7CE803AA-00EE-4C51-BA2E-013E5931B255} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-06-14] (Google Inc -> Google Inc.)
Task: {F7308337-0373-42F1-A4F6-96CEA72E73EE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe scan upload mininterval:2880 (No File)
Task: {3BEC7743-C78C-49A5-9948-A125AE07861C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe scan upload (No File)
Task: {AADDFD4F-EBA0-472A-85F3-3120A8C81380} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-311264145-2370866077-2721877644-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File)
Task: {80879B4F-8B7A-41C4-AB5B-6C49A5EFE185} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe /RunningFrom Schedule (No File)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.19 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BB FlashBack 2] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} => -> No File
ContextMenuHandlers3: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => -> No File
AlternateDataStreams: C:\Users\Public\AppData:CSM [478]
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer15.msn.com/?pc=ACTE
SearchScopes: HKU\S-1-5-21-311264145-2370866077-2721877644-1001 -> DefaultScope {4851FAB7-D570-47F2-8777-3F2270C2012F} URL =
FirewallRules: [{227DE642-B4A4-40DB-B65D-741AF59B20FE}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe => No File
FirewallRules: [{153D9351-68F9-4CE6-AE66-5419EB374260}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe => No File
FirewallRules: [TCP Query User{F9272A5C-F67A-44D0-B268-C1B5868152AC}C:\users\dee\desktop\wow cata\launcher.exe] => (Allow) C:\users\dee\desktop\wow cata\launcher.exe => No File
FirewallRules: [UDP Query User{474CFED6-01DE-46FB-91EB-960418A3BE06}C:\users\dee\desktop\wow cata\launcher.exe] => (Allow) C:\users\dee\desktop\wow cata\launcher.exe => No File
FirewallRules: [TCP Query User{F9272A5C-F67A-44D0-B268-C1B5868152AC}C:\users\dee\desktop\wow cata\launcher.exe] => (Allow) C:\users\dee\desktop\wow cata\launcher.exe => No File
FirewallRules: [UDP Query User{474CFED6-01DE-46FB-91EB-960418A3BE06}C:\users\dee\desktop\wow cata\launcher.exe] => (Allow) C:\users\dee\desktop\wow cata\launcher.exe => No File
FirewallRules: [TCP Query User{DD5F048D-E993-405A-87A1-545163507BF6}C:\program files\epic games\survivingtheaftermath\aftermath64.exe] => (Allow) C:\program files\epic games\survivingtheaftermath\aftermath64.exe => No File
FirewallRules: [UDP Query User{22AB6C85-2CA2-44D7-A294-774A102D6ECE}C:\program files\epic games\survivingtheaftermath\aftermath64.exe] => (Allow) C:\program files\epic games\survivingtheaftermath\aftermath64.exe => No File
Virustotal: C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs
Virustotal: C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
EmptyTemp:
End(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).
Ulož jej na na plochu jako fixlist.txt
Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
TheUnstableDee
- nováček
- Příspěvky: 13
- Registrován: listopad 23
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu - pravděpodobně nějakej bordel
Fix result of Farbar Recovery Scan Tool (x64) Version: 05-11-2023 02
Ran by Dee (25-11-2023 22:46:03) Run:1
Running from C:\Users\Dee\Desktop
Loaded Profiles: Dee
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (No File)
HKLM-x32\...\Run: [TeamsMachineUninstallerProgramData] => %ProgramData%\Microsoft\Teams\Update.exe --uninstall --msiUninstall --source=default (No File)
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\Run: [Gaijin.Net Updater] => "C:\Users\Dee\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe" (No File)
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\MountPoints2: {62e594f9-164e-11ed-9d45-54ab3a476bdc} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\MountPoints2: {a4ff9eb1-1878-11ec-9d06-54ab3a476bdc} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\MountPoints2: {aacd9a41-cab9-11eb-9cf1-c8ff280f0279} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\MountPoints2: {f2a053ed-ac73-11ec-9d26-c8ff280f0279} - "E:\HiSuiteDownLoader.exe"
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {0B6A9428-B423-4CAE-BCA1-5898B04F3EA4} - \Microsoft\Windows\AppListBackup\BackupNonMaintenance -> No File <==== ATTENTION
Task: {0E5449C5-5AE4-425D-808E-0900CA7FE2A5} - \Microsoft\Windows\Application Experience\MareBackup -> No File <==== ATTENTION
Task: {42924238-738F-4B82-B73E-BA9DCEC815E7} - \Microsoft\Windows\Management\Autopilot\RemediateHardwareChange -> No File <==== ATTENTION
Task: {4BC85114-38BE-42BB-9740-3618B8F13A89} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {665A00E9-732B-42DF-A596-9FE82A6B91D3} - \Microsoft\Windows\PI\SecureBootEncodeUEFI -> No File <==== ATTENTION
Task: {7F91A628-B915-43A3-AF07-66D388AA7AC3} - \Microsoft\Windows\Management\Autopilot\DetectHardwareChange -> No File <==== ATTENTION
Task: {807A6468-AA37-47EF-BB35-021A6C556681} - \Microsoft\Windows\Registry\OOBE-Maintenance -> No File <==== ATTENTION
Task: {88E2DF20-0B21-49D0-82A6-12F013BEA369} - \Microsoft\Windows\Shell\ThemesSyncedImageDownload -> No File <==== ATTENTION
Task: {8F87510C-118C-4E78-A80B-3FEDBD08975D} - \Microsoft\Windows\WindowsUpdate\Refresh Group Policy Cache -> No File <==== ATTENTION
Task: {9F72CF44-9290-4134-85C2-B191DCD42ACF} - \Microsoft\Windows\Printing\PrinterCleanupTask -> No File <==== ATTENTION
Task: {D900F660-679A-4259-ADCE-1785CB35F67F} - \Microsoft\Windows\CloudRestore\Backup -> No File <==== ATTENTION
Task: {EDC00E4E-BD6B-477F-B6CA-440ECD6558A6} - \Microsoft\Windows\ConsentUX\UnifiedConsent\UnifiedConsentSyncTask -> No File <==== ATTENTION
Task: {FBE1992D-A1B2-44DD-9601-A1A2F799B096} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe -auto (No File)
Task: {04A05EB8-F698-4DD0-8D7C-A8F54E64FC1E} - System32\Tasks\Avast SecureLine VPN Update => c:\program files\avast software\secureline\vpnupdate.exe (No File)
Task: {46D44DF3-9763-445A-8AF4-79979D759782} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe task (No File)
Task: {4255B467-65DE-4952-B13A-DB5BA51063CC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-06-14] (Google Inc -> Google Inc.)
Task: {7CE803AA-00EE-4C51-BA2E-013E5931B255} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-06-14] (Google Inc -> Google Inc.)
Task: {F7308337-0373-42F1-A4F6-96CEA72E73EE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe scan upload mininterval:2880 (No File)
Task: {3BEC7743-C78C-49A5-9948-A125AE07861C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe scan upload (No File)
Task: {AADDFD4F-EBA0-472A-85F3-3120A8C81380} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-311264145-2370866077-2721877644-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File)
Task: {80879B4F-8B7A-41C4-AB5B-6C49A5EFE185} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe /RunningFrom Schedule (No File)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.19 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BB FlashBack 2] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} => -> No File
ContextMenuHandlers3: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => -> No File
AlternateDataStreams: C:\Users\Public\AppData:CSM [478]
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer15.msn.com/?pc=ACTE
SearchScopes: HKU\S-1-5-21-311264145-2370866077-2721877644-1001 -> DefaultScope {4851FAB7-D570-47F2-8777-3F2270C2012F} URL =
FirewallRules: [{227DE642-B4A4-40DB-B65D-741AF59B20FE}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe => No File
FirewallRules: [{153D9351-68F9-4CE6-AE66-5419EB374260}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe => No File
FirewallRules: [TCP Query User{F9272A5C-F67A-44D0-B268-C1B5868152AC}C:\users\dee\desktop\wow cata\launcher.exe] => (Allow) C:\users\dee\desktop\wow cata\launcher.exe => No File
FirewallRules: [UDP Query User{474CFED6-01DE-46FB-91EB-960418A3BE06}C:\users\dee\desktop\wow cata\launcher.exe] => (Allow) C:\users\dee\desktop\wow cata\launcher.exe => No File
FirewallRules: [TCP Query User{F9272A5C-F67A-44D0-B268-C1B5868152AC}C:\users\dee\desktop\wow cata\launcher.exe] => (Allow) C:\users\dee\desktop\wow cata\launcher.exe => No File
FirewallRules: [UDP Query User{474CFED6-01DE-46FB-91EB-960418A3BE06}C:\users\dee\desktop\wow cata\launcher.exe] => (Allow) C:\users\dee\desktop\wow cata\launcher.exe => No File
FirewallRules: [TCP Query User{DD5F048D-E993-405A-87A1-545163507BF6}C:\program files\epic games\survivingtheaftermath\aftermath64.exe] => (Allow) C:\program files\epic games\survivingtheaftermath\aftermath64.exe => No File
FirewallRules: [UDP Query User{22AB6C85-2CA2-44D7-A294-774A102D6ECE}C:\program files\epic games\survivingtheaftermath\aftermath64.exe] => (Allow) C:\program files\epic games\survivingtheaftermath\aftermath64.exe => No File
Virustotal: C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs
Virustotal: C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
EmptyTemp:
End
*****************
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\DivXMediaServer" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\TeamsMachineUninstallerProgramData" => removed successfully
"HKU\S-1-5-21-311264145-2370866077-2721877644-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Gaijin.Net Updater" => removed successfully
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{62e594f9-164e-11ed-9d45-54ab3a476bdc} => removed successfully
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4ff9eb1-1878-11ec-9d06-54ab3a476bdc} => removed successfully
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aacd9a41-cab9-11eb-9cf1-c8ff280f0279} => removed successfully
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2a053ed-ac73-11ec-9d26-c8ff280f0279} => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B6A9428-B423-4CAE-BCA1-5898B04F3EA4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B6A9428-B423-4CAE-BCA1-5898B04F3EA4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\AppListBackup\BackupNonMaintenance" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0E5449C5-5AE4-425D-808E-0900CA7FE2A5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E5449C5-5AE4-425D-808E-0900CA7FE2A5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\MareBackup" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{42924238-738F-4B82-B73E-BA9DCEC815E7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42924238-738F-4B82-B73E-BA9DCEC815E7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Management\Autopilot\RemediateHardwareChange" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4BC85114-38BE-42BB-9740-3618B8F13A89}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4BC85114-38BE-42BB-9740-3618B8F13A89}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{665A00E9-732B-42DF-A596-9FE82A6B91D3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{665A00E9-732B-42DF-A596-9FE82A6B91D3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\PI\SecureBootEncodeUEFI" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7F91A628-B915-43A3-AF07-66D388AA7AC3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F91A628-B915-43A3-AF07-66D388AA7AC3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Management\Autopilot\DetectHardwareChange" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{807A6468-AA37-47EF-BB35-021A6C556681}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{807A6468-AA37-47EF-BB35-021A6C556681}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Registry\OOBE-Maintenance" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{88E2DF20-0B21-49D0-82A6-12F013BEA369}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88E2DF20-0B21-49D0-82A6-12F013BEA369}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\ThemesSyncedImageDownload" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8F87510C-118C-4E78-A80B-3FEDBD08975D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F87510C-118C-4E78-A80B-3FEDBD08975D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsUpdate\Refresh Group Policy Cache" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9F72CF44-9290-4134-85C2-B191DCD42ACF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F72CF44-9290-4134-85C2-B191DCD42ACF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Printing\PrinterCleanupTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D900F660-679A-4259-ADCE-1785CB35F67F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D900F660-679A-4259-ADCE-1785CB35F67F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\CloudRestore\Backup" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EDC00E4E-BD6B-477F-B6CA-440ECD6558A6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EDC00E4E-BD6B-477F-B6CA-440ECD6558A6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\ConsentUX\UnifiedConsent\UnifiedConsentSyncTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FBE1992D-A1B2-44DD-9601-A1A2F799B096}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FBE1992D-A1B2-44DD-9601-A1A2F799B096}" => removed successfully
C:\WINDOWS\System32\Tasks\ACC => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ACC" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{04A05EB8-F698-4DD0-8D7C-A8F54E64FC1E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04A05EB8-F698-4DD0-8D7C-A8F54E64FC1E}" => removed successfully
C:\WINDOWS\System32\Tasks\Avast SecureLine VPN Update => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast SecureLine VPN Update" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{46D44DF3-9763-445A-8AF4-79979D759782}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46D44DF3-9763-445A-8AF4-79979D759782}" => removed successfully
C:\WINDOWS\System32\Tasks\BacKGroundAgent => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BacKGroundAgent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4255B467-65DE-4952-B13A-DB5BA51063CC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4255B467-65DE-4952-B13A-DB5BA51063CC}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7CE803AA-00EE-4C51-BA2E-013E5931B255}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7CE803AA-00EE-4C51-BA2E-013E5931B255}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F7308337-0373-42F1-A4F6-96CEA72E73EE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F7308337-0373-42F1-A4F6-96CEA72E73EE}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\OfficeTelemetryAgentFallBack2016" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3BEC7743-C78C-49A5-9948-A125AE07861C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3BEC7743-C78C-49A5-9948-A125AE07861C}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\OfficeTelemetryAgentLogOn2016" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AADDFD4F-EBA0-472A-85F3-3120A8C81380}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AADDFD4F-EBA0-472A-85F3-3120A8C81380}" => removed successfully
C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-311264145-2370866077-2721877644-500 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OneDrive Standalone Update Task-S-1-5-21-311264145-2370866077-2721877644-500" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{80879B4F-8B7A-41C4-AB5B-6C49A5EFE185}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80879B4F-8B7A-41C4-AB5B-6C49A5EFE185}" => removed successfully
C:\WINDOWS\System32\Tasks\Overwolf Updater Task => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Overwolf Updater Task" => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.3 => removed successfully
C:\Program Files\VideoLAN\VLC\npvlc.dll => moved successfully
HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.4 => removed successfully
"C:\Program Files\VideoLAN\VLC\npvlc.dll" => not found
HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.6 => removed successfully
"C:\Program Files\VideoLAN\VLC\npvlc.dll" => not found
HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.7.1 => removed successfully
"C:\Program Files\VideoLAN\VLC\npvlc.dll" => not found
HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.8 => removed successfully
"C:\Program Files\VideoLAN\VLC\npvlc.dll" => not found
HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.4 => removed successfully
"C:\Program Files\VideoLAN\VLC\npvlc.dll" => not found
HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.6 => removed successfully
"C:\Program Files\VideoLAN\VLC\npvlc.dll" => not found
HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.10 => removed successfully
"C:\Program Files\VideoLAN\VLC\npvlc.dll" => not found
HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.11 => removed successfully
"C:\Program Files\VideoLAN\VLC\npvlc.dll" => not found
HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.16 => removed successfully
"C:\Program Files\VideoLAN\VLC\npvlc.dll" => not found
HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.18 => removed successfully
"C:\Program Files\VideoLAN\VLC\npvlc.dll" => not found
HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.19 => removed successfully
"C:\Program Files\VideoLAN\VLC\npvlc.dll" => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ FileSyncEx => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BB FlashBack 2 => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\Advanced SystemCare => removed successfully
C:\Users\Public\AppData => ":CSM" ADS removed successfully
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\Software\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
"HKU\S-1-5-21-311264145-2370866077-2721877644-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{227DE642-B4A4-40DB-B65D-741AF59B20FE}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{153D9351-68F9-4CE6-AE66-5419EB374260}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F9272A5C-F67A-44D0-B268-C1B5868152AC}C:\users\dee\desktop\wow cata\launcher.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{474CFED6-01DE-46FB-91EB-960418A3BE06}C:\users\dee\desktop\wow cata\launcher.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F9272A5C-F67A-44D0-B268-C1B5868152AC}C:\users\dee\desktop\wow cata\launcher.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{474CFED6-01DE-46FB-91EB-960418A3BE06}C:\users\dee\desktop\wow cata\launcher.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{DD5F048D-E993-405A-87A1-545163507BF6}C:\program files\epic games\survivingtheaftermath\aftermath64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{22AB6C85-2CA2-44D7-A294-774A102D6ECE}C:\program files\epic games\survivingtheaftermath\aftermath64.exe" => removed successfully
VirusTotal: C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs => https://www.virustotal.com/gui/file/ae0 ... 1696908518
VirusTotal: C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => https://www.virustotal.com/gui/file/3bc ... 1700911158
=========== EmptyTemp: ==========
FlushDNS => completed
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 59056496 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 1469036365 B
Windows/system/drivers => 2620442 B
Edge => 90306 B
Chrome => 5533908 B
Firefox => 6199118 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 7600 B
LocalService => 7600 B
NetworkService => 9944 B
Dee => 27630363 B
RecycleBin => 265050 B
EmptyTemp: => 1.5 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 22:53:33 ====
Ran by Dee (25-11-2023 22:46:03) Run:1
Running from C:\Users\Dee\Desktop
Loaded Profiles: Dee
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (No File)
HKLM-x32\...\Run: [TeamsMachineUninstallerProgramData] => %ProgramData%\Microsoft\Teams\Update.exe --uninstall --msiUninstall --source=default (No File)
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\Run: [Gaijin.Net Updater] => "C:\Users\Dee\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe" (No File)
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\MountPoints2: {62e594f9-164e-11ed-9d45-54ab3a476bdc} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\MountPoints2: {a4ff9eb1-1878-11ec-9d06-54ab3a476bdc} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\MountPoints2: {aacd9a41-cab9-11eb-9cf1-c8ff280f0279} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\...\MountPoints2: {f2a053ed-ac73-11ec-9d26-c8ff280f0279} - "E:\HiSuiteDownLoader.exe"
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {0B6A9428-B423-4CAE-BCA1-5898B04F3EA4} - \Microsoft\Windows\AppListBackup\BackupNonMaintenance -> No File <==== ATTENTION
Task: {0E5449C5-5AE4-425D-808E-0900CA7FE2A5} - \Microsoft\Windows\Application Experience\MareBackup -> No File <==== ATTENTION
Task: {42924238-738F-4B82-B73E-BA9DCEC815E7} - \Microsoft\Windows\Management\Autopilot\RemediateHardwareChange -> No File <==== ATTENTION
Task: {4BC85114-38BE-42BB-9740-3618B8F13A89} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {665A00E9-732B-42DF-A596-9FE82A6B91D3} - \Microsoft\Windows\PI\SecureBootEncodeUEFI -> No File <==== ATTENTION
Task: {7F91A628-B915-43A3-AF07-66D388AA7AC3} - \Microsoft\Windows\Management\Autopilot\DetectHardwareChange -> No File <==== ATTENTION
Task: {807A6468-AA37-47EF-BB35-021A6C556681} - \Microsoft\Windows\Registry\OOBE-Maintenance -> No File <==== ATTENTION
Task: {88E2DF20-0B21-49D0-82A6-12F013BEA369} - \Microsoft\Windows\Shell\ThemesSyncedImageDownload -> No File <==== ATTENTION
Task: {8F87510C-118C-4E78-A80B-3FEDBD08975D} - \Microsoft\Windows\WindowsUpdate\Refresh Group Policy Cache -> No File <==== ATTENTION
Task: {9F72CF44-9290-4134-85C2-B191DCD42ACF} - \Microsoft\Windows\Printing\PrinterCleanupTask -> No File <==== ATTENTION
Task: {D900F660-679A-4259-ADCE-1785CB35F67F} - \Microsoft\Windows\CloudRestore\Backup -> No File <==== ATTENTION
Task: {EDC00E4E-BD6B-477F-B6CA-440ECD6558A6} - \Microsoft\Windows\ConsentUX\UnifiedConsent\UnifiedConsentSyncTask -> No File <==== ATTENTION
Task: {FBE1992D-A1B2-44DD-9601-A1A2F799B096} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe -auto (No File)
Task: {04A05EB8-F698-4DD0-8D7C-A8F54E64FC1E} - System32\Tasks\Avast SecureLine VPN Update => c:\program files\avast software\secureline\vpnupdate.exe (No File)
Task: {46D44DF3-9763-445A-8AF4-79979D759782} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe task (No File)
Task: {4255B467-65DE-4952-B13A-DB5BA51063CC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-06-14] (Google Inc -> Google Inc.)
Task: {7CE803AA-00EE-4C51-BA2E-013E5931B255} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-06-14] (Google Inc -> Google Inc.)
Task: {F7308337-0373-42F1-A4F6-96CEA72E73EE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe scan upload mininterval:2880 (No File)
Task: {3BEC7743-C78C-49A5-9948-A125AE07861C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe scan upload (No File)
Task: {AADDFD4F-EBA0-472A-85F3-3120A8C81380} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-311264145-2370866077-2721877644-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File)
Task: {80879B4F-8B7A-41C4-AB5B-6C49A5EFE185} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe /RunningFrom Schedule (No File)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.19 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BB FlashBack 2] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} => -> No File
ContextMenuHandlers3: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => -> No File
AlternateDataStreams: C:\Users\Public\AppData:CSM [478]
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer15.msn.com/?pc=ACTE
SearchScopes: HKU\S-1-5-21-311264145-2370866077-2721877644-1001 -> DefaultScope {4851FAB7-D570-47F2-8777-3F2270C2012F} URL =
FirewallRules: [{227DE642-B4A4-40DB-B65D-741AF59B20FE}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe => No File
FirewallRules: [{153D9351-68F9-4CE6-AE66-5419EB374260}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe => No File
FirewallRules: [TCP Query User{F9272A5C-F67A-44D0-B268-C1B5868152AC}C:\users\dee\desktop\wow cata\launcher.exe] => (Allow) C:\users\dee\desktop\wow cata\launcher.exe => No File
FirewallRules: [UDP Query User{474CFED6-01DE-46FB-91EB-960418A3BE06}C:\users\dee\desktop\wow cata\launcher.exe] => (Allow) C:\users\dee\desktop\wow cata\launcher.exe => No File
FirewallRules: [TCP Query User{F9272A5C-F67A-44D0-B268-C1B5868152AC}C:\users\dee\desktop\wow cata\launcher.exe] => (Allow) C:\users\dee\desktop\wow cata\launcher.exe => No File
FirewallRules: [UDP Query User{474CFED6-01DE-46FB-91EB-960418A3BE06}C:\users\dee\desktop\wow cata\launcher.exe] => (Allow) C:\users\dee\desktop\wow cata\launcher.exe => No File
FirewallRules: [TCP Query User{DD5F048D-E993-405A-87A1-545163507BF6}C:\program files\epic games\survivingtheaftermath\aftermath64.exe] => (Allow) C:\program files\epic games\survivingtheaftermath\aftermath64.exe => No File
FirewallRules: [UDP Query User{22AB6C85-2CA2-44D7-A294-774A102D6ECE}C:\program files\epic games\survivingtheaftermath\aftermath64.exe] => (Allow) C:\program files\epic games\survivingtheaftermath\aftermath64.exe => No File
Virustotal: C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs
Virustotal: C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
EmptyTemp:
End
*****************
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\DivXMediaServer" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\TeamsMachineUninstallerProgramData" => removed successfully
"HKU\S-1-5-21-311264145-2370866077-2721877644-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Gaijin.Net Updater" => removed successfully
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{62e594f9-164e-11ed-9d45-54ab3a476bdc} => removed successfully
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4ff9eb1-1878-11ec-9d06-54ab3a476bdc} => removed successfully
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aacd9a41-cab9-11eb-9cf1-c8ff280f0279} => removed successfully
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2a053ed-ac73-11ec-9d26-c8ff280f0279} => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B6A9428-B423-4CAE-BCA1-5898B04F3EA4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B6A9428-B423-4CAE-BCA1-5898B04F3EA4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\AppListBackup\BackupNonMaintenance" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0E5449C5-5AE4-425D-808E-0900CA7FE2A5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E5449C5-5AE4-425D-808E-0900CA7FE2A5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\MareBackup" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{42924238-738F-4B82-B73E-BA9DCEC815E7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42924238-738F-4B82-B73E-BA9DCEC815E7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Management\Autopilot\RemediateHardwareChange" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4BC85114-38BE-42BB-9740-3618B8F13A89}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4BC85114-38BE-42BB-9740-3618B8F13A89}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{665A00E9-732B-42DF-A596-9FE82A6B91D3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{665A00E9-732B-42DF-A596-9FE82A6B91D3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\PI\SecureBootEncodeUEFI" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7F91A628-B915-43A3-AF07-66D388AA7AC3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F91A628-B915-43A3-AF07-66D388AA7AC3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Management\Autopilot\DetectHardwareChange" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{807A6468-AA37-47EF-BB35-021A6C556681}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{807A6468-AA37-47EF-BB35-021A6C556681}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Registry\OOBE-Maintenance" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{88E2DF20-0B21-49D0-82A6-12F013BEA369}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88E2DF20-0B21-49D0-82A6-12F013BEA369}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\ThemesSyncedImageDownload" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8F87510C-118C-4E78-A80B-3FEDBD08975D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F87510C-118C-4E78-A80B-3FEDBD08975D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsUpdate\Refresh Group Policy Cache" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9F72CF44-9290-4134-85C2-B191DCD42ACF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F72CF44-9290-4134-85C2-B191DCD42ACF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Printing\PrinterCleanupTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D900F660-679A-4259-ADCE-1785CB35F67F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D900F660-679A-4259-ADCE-1785CB35F67F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\CloudRestore\Backup" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EDC00E4E-BD6B-477F-B6CA-440ECD6558A6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EDC00E4E-BD6B-477F-B6CA-440ECD6558A6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\ConsentUX\UnifiedConsent\UnifiedConsentSyncTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FBE1992D-A1B2-44DD-9601-A1A2F799B096}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FBE1992D-A1B2-44DD-9601-A1A2F799B096}" => removed successfully
C:\WINDOWS\System32\Tasks\ACC => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ACC" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{04A05EB8-F698-4DD0-8D7C-A8F54E64FC1E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04A05EB8-F698-4DD0-8D7C-A8F54E64FC1E}" => removed successfully
C:\WINDOWS\System32\Tasks\Avast SecureLine VPN Update => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast SecureLine VPN Update" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{46D44DF3-9763-445A-8AF4-79979D759782}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46D44DF3-9763-445A-8AF4-79979D759782}" => removed successfully
C:\WINDOWS\System32\Tasks\BacKGroundAgent => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BacKGroundAgent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4255B467-65DE-4952-B13A-DB5BA51063CC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4255B467-65DE-4952-B13A-DB5BA51063CC}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7CE803AA-00EE-4C51-BA2E-013E5931B255}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7CE803AA-00EE-4C51-BA2E-013E5931B255}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F7308337-0373-42F1-A4F6-96CEA72E73EE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F7308337-0373-42F1-A4F6-96CEA72E73EE}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\OfficeTelemetryAgentFallBack2016" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3BEC7743-C78C-49A5-9948-A125AE07861C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3BEC7743-C78C-49A5-9948-A125AE07861C}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\OfficeTelemetryAgentLogOn2016" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AADDFD4F-EBA0-472A-85F3-3120A8C81380}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AADDFD4F-EBA0-472A-85F3-3120A8C81380}" => removed successfully
C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-311264145-2370866077-2721877644-500 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OneDrive Standalone Update Task-S-1-5-21-311264145-2370866077-2721877644-500" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{80879B4F-8B7A-41C4-AB5B-6C49A5EFE185}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80879B4F-8B7A-41C4-AB5B-6C49A5EFE185}" => removed successfully
C:\WINDOWS\System32\Tasks\Overwolf Updater Task => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Overwolf Updater Task" => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.3 => removed successfully
C:\Program Files\VideoLAN\VLC\npvlc.dll => moved successfully
HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.4 => removed successfully
"C:\Program Files\VideoLAN\VLC\npvlc.dll" => not found
HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.6 => removed successfully
"C:\Program Files\VideoLAN\VLC\npvlc.dll" => not found
HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.7.1 => removed successfully
"C:\Program Files\VideoLAN\VLC\npvlc.dll" => not found
HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.8 => removed successfully
"C:\Program Files\VideoLAN\VLC\npvlc.dll" => not found
HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.4 => removed successfully
"C:\Program Files\VideoLAN\VLC\npvlc.dll" => not found
HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.6 => removed successfully
"C:\Program Files\VideoLAN\VLC\npvlc.dll" => not found
HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.10 => removed successfully
"C:\Program Files\VideoLAN\VLC\npvlc.dll" => not found
HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.11 => removed successfully
"C:\Program Files\VideoLAN\VLC\npvlc.dll" => not found
HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.16 => removed successfully
"C:\Program Files\VideoLAN\VLC\npvlc.dll" => not found
HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.18 => removed successfully
"C:\Program Files\VideoLAN\VLC\npvlc.dll" => not found
HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.19 => removed successfully
"C:\Program Files\VideoLAN\VLC\npvlc.dll" => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ FileSyncEx => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BB FlashBack 2 => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\Advanced SystemCare => removed successfully
C:\Users\Public\AppData => ":CSM" ADS removed successfully
HKU\S-1-5-21-311264145-2370866077-2721877644-1001\Software\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
"HKU\S-1-5-21-311264145-2370866077-2721877644-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{227DE642-B4A4-40DB-B65D-741AF59B20FE}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{153D9351-68F9-4CE6-AE66-5419EB374260}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F9272A5C-F67A-44D0-B268-C1B5868152AC}C:\users\dee\desktop\wow cata\launcher.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{474CFED6-01DE-46FB-91EB-960418A3BE06}C:\users\dee\desktop\wow cata\launcher.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F9272A5C-F67A-44D0-B268-C1B5868152AC}C:\users\dee\desktop\wow cata\launcher.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{474CFED6-01DE-46FB-91EB-960418A3BE06}C:\users\dee\desktop\wow cata\launcher.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{DD5F048D-E993-405A-87A1-545163507BF6}C:\program files\epic games\survivingtheaftermath\aftermath64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{22AB6C85-2CA2-44D7-A294-774A102D6ECE}C:\program files\epic games\survivingtheaftermath\aftermath64.exe" => removed successfully
VirusTotal: C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs => https://www.virustotal.com/gui/file/ae0 ... 1696908518
VirusTotal: C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => https://www.virustotal.com/gui/file/3bc ... 1700911158
=========== EmptyTemp: ==========
FlushDNS => completed
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 59056496 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 1469036365 B
Windows/system/drivers => 2620442 B
Edge => 90306 B
Chrome => 5533908 B
Firefox => 6199118 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 7600 B
LocalService => 7600 B
NetworkService => 9944 B
Dee => 27630363 B
RecycleBin => 265050 B
EmptyTemp: => 1.5 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 22:53:33 ====
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43061
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu - pravděpodobně nějakej bordel
To je vše s ohledem na ten disk co se dalo udělat.
Stáhni si zde DelFix
https://www.bleepingcomputer.com/download/delfix/
ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7, 8 a10 musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci
Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt
Pokud nejsou jiné problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
Stáhni si zde DelFix
https://www.bleepingcomputer.com/download/delfix/
ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7, 8 a10 musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci
Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt
Pokud nejsou jiné problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
TheUnstableDee
- nováček
- Příspěvky: 13
- Registrován: listopad 23
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu - pravděpodobně nějakej bordel
Vkládám a fajvkuji, díky.
# DelFix v1.010 - Logfile created 26/11/2023 at 16:03:37
# Updated 26/04/2015 by Xplode
# Username : Dee - LAPTOP-5E42HBG8
# Operating System : Windows 10 Home (64 bits)
~ Removing disinfection tools ...
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Dee\Desktop\Fixlog.txt
Deleted : C:\Users\Dee\Desktop\FRST64.exe
Deleted : C:\Users\Public\Desktop\RogueKiller.lnk
Deleted : C:\Users\Dee\Downloads\Addition.txt
Deleted : C:\Users\Dee\Downloads\AdwCleaner.exe
Deleted : C:\Users\Dee\Downloads\FRST.txt
Deleted : C:\Users\Dee\Downloads\JRT.exe
Deleted : C:\Users\Dee\Downloads\HijackThis.exe
Deleted : C:\Users\Dee\Downloads\hijackthis.log
Deleted : C:\Users\Dee\Downloads\RogueKiller_setup.exe
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
~ Cleaning system restore ...
Deleted : RP #170 [AdwCleaner_BeforeCleaning_24/11/2023_14:58:46 | 11/24/2023 13:59:07]
Deleted : RP #171 [JRT Pre-Junkware Removal | 11/24/2023 14:07:34]
Deleted : RP #172 [Installed Sophos Virus Removal Tool. | 11/24/2023 21:17:22]
New restore point created !
########## - EOF - ##########
# DelFix v1.010 - Logfile created 26/11/2023 at 16:03:37
# Updated 26/04/2015 by Xplode
# Username : Dee - LAPTOP-5E42HBG8
# Operating System : Windows 10 Home (64 bits)
~ Removing disinfection tools ...
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Dee\Desktop\Fixlog.txt
Deleted : C:\Users\Dee\Desktop\FRST64.exe
Deleted : C:\Users\Public\Desktop\RogueKiller.lnk
Deleted : C:\Users\Dee\Downloads\Addition.txt
Deleted : C:\Users\Dee\Downloads\AdwCleaner.exe
Deleted : C:\Users\Dee\Downloads\FRST.txt
Deleted : C:\Users\Dee\Downloads\JRT.exe
Deleted : C:\Users\Dee\Downloads\HijackThis.exe
Deleted : C:\Users\Dee\Downloads\hijackthis.log
Deleted : C:\Users\Dee\Downloads\RogueKiller_setup.exe
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
~ Cleaning system restore ...
Deleted : RP #170 [AdwCleaner_BeforeCleaning_24/11/2023_14:58:46 | 11/24/2023 13:59:07]
Deleted : RP #171 [JRT Pre-Junkware Removal | 11/24/2023 14:07:34]
Deleted : RP #172 [Installed Sophos Virus Removal Tool. | 11/24/2023 21:17:22]
New restore point created !
########## - EOF - ##########
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 36 hostů