vypnout antivir a firewall před testem nešlo kvůli důvodu výše
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-08-2025
Ran by matej (30-08-2025 21:33:04)
Running from C:\Users\matej\Desktop
Microsoft Windows 11 Pro Version 24H2 26100.5074 (X64) (2024-12-04 23:04:43)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-1133320186-482538794-3055530732-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1133320186-482538794-3055530732-503 - Limited - Disabled)
Guest (S-1-5-21-1133320186-482538794-3055530732-501 - Limited - Disabled)
matej (S-1-5-21-1133320186-482538794-3055530732-1001 - Administrator - Enabled) => C:\Users\matej
WDAGUtilityAccount (S-1-5-21-1133320186-482538794-3055530732-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
2.23 (HKLM-x32\...\{338761A3-7305-4C78-A41B-B1EA1E00912E}_is1) (Version: 2.23 - pop_0098)
Ableton Live 12 Suite (HKLM\...\{0380CF5F-9EF2-4ABA-BF87-EA4826A1B89B}) (Version: 12.0.0.0 - Ableton) Hidden
Ableton Live 12 Suite (HKLM-x32\...\{9FE4C915-316D-4C18-B4C4-BF627B8504DD}) (Version: 12.0.0.0 - Ableton)
Ableton USB Audio Driver v5.68.0 (HKLM\...\{A823612A-AA91-4911-886A-7C589452C65C}) (Version: 5.68.0 - Ableton)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 25.001.20643 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601110}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AMD GPIO2 Driver (HKLM-x32\...\{E9DD399F-21A3-479E-A7DF-D6CF4B2ADBF3}) (Version: 2.2.0.133 - Advanced Micro Devices, Inc.) Hidden
AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 6.10.22.027 - Advanced Micro Devices, Inc.)
AMD I2C Driver (HKLM-x32\...\{B31D92D9-2914-46B0-9738-F668A563DE73}) (Version: 1.2.0.126 - Advanced Micro Devices, Inc.) Hidden
AMD PPM Provisioning File Driver (HKLM-x32\...\{3665A5DE-D07C-46D7-9207-713E8E9FEF32}) (Version: 8.0.0.33 - Advanced Micro Devices, Inc.) Hidden
AMD PSP Driver (HKLM-x32\...\{988F14B8-79A8-475D-BAC7-83F96AD3D821}) (Version: 5.30.0.0 - Advanced Micro Devices, Inc.) Hidden
AMD SBxxx SMBus Driver (HKLM-x32\...\{AAE0E27D-C88A-49BA-8715-77ADCD4286A3}) (Version: 5.12.0.44 - Advanced Micro Devices, Inc.) Hidden
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 24.10.34 - Advanced Micro Devices, Inc.)
AMD_Chipset_Drivers (HKLM-x32\...\{8d13ff58-77bd-4c18-a602-acd72ef0a328}) (Version: 6.10.22.027 - Advanced Micro Devices, Inc.) Hidden
ApSIC Xbench 2.9 (HKLM-x32\...\ApSIC Xbench) (Version: 2.9 - ApSIC, S.L.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.16 - tippach engineering)
Awakened PoE Trade 3.26.101 (HKU\S-1-5-21-1133320186-482538794-3055530732-1001\...\2ea281da-028b-5d55-b26e-53163c89344a) (Version: 3.26.101 - Alexander Drozdov)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 139.1.81.137 - Autoři prohlížeče Brave)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.78.1094 - AB Team, d.o.o.)
CPUID HWMonitor 1.55 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.55 - CPUID, Inc.)
DeepL (HKU\S-1-5-21-1133320186-482538794-3055530732-1001\...\https%3a##appdownload.deepl.com#windows#0install#deepl.xml) (Version: 25.8.1 - DeepL SE)
Discord (HKU\S-1-5-21-1133320186-482538794-3055530732-1001\...\Discord) (Version: 1.0.9173 - Discord Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 231.4.5770 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.983.1 - Dropbox, Inc.) Hidden
Epic Games Launcher (HKLM-x32\...\{C5C3EE71-4047-4144-946E-18D500510CB5}) (Version: 1.3.128.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{5122B8BC-D6DF-48FF-8D4E-15A63EEC5073}) (Version: 2.8.1 - Epic Games, Inc.)
Exilence CE 1.2.11 (HKU\S-1-5-21-1133320186-482538794-3055530732-1001\...\8fcea500-7a34-5fc1-9e0b-1a176108955a) (Version: 1.2.11 - )
GBT_MB_Update (HKLM\...\GBT_MB_Update) (Version: 24.10.24.01 - GIGABYTE)
GBT_RGB_Sync_Control 24.10.24.01 (HKLM\...\GBT_RGB_Sync_Control) (Version: 24.10.24.01 - GIGABYTE)
GBT_rgbMotherboard_UC 24.10.24.01 (HKLM\...\GBT_rgbMotherboard_UC) (Version: 24.10.24.01 - GIGABYTE)
GIGABYTE Control Center 24.10.28.01 (HKLM\...\GIGABYTE Control Center) (Version: 24.10.28.01 - GIGABYTE)
GIGABYTE Performance Library (HKLM\...\MBEasyTune) (Version: 24.10.30.01 - GIGABYTE)
GIGABYTE SSD Firmware Update Tool (HKLM\...\GBTSsdFirmwareUpdate) (Version: 24.06.19.01 - GIGABYTE)
Glossary Converter (HKLM-x32\...\{337477c7-3632-42e5-874c-05588688ec1f}) (Version: 6.4.9138.36048 - Gerhard Kordmann)
Glossary Converter (HKLM-x32\...\{C3427D61-1F6D-41D7-9CA9-BB325968B9D5}) (Version: 6.4.9138.36048 - Gerhard Kordmann) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 139.0.7258.155 - Google LLC)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
Hamachi (HKLM-x32\...\{C00E2143-38F2-49BA-AB8A-03F22F02F0A4}) (Version: 2.3.0.111 - LogMeIn, Inc.) Hidden
Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.3.0.111 - LogMeIn, Inc.)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKU\S-1-5-21-1133320186-482538794-3055530732-1001\...\Riot Game league_of_legends.live) (Version: - Riot Games, Inc)
Lingea Lexicon 7 (HKLM-x32\...\Lexicon7) (Version: - Lingea s.r.o.)
Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version: 2025.6.759533 - Logitech)
LoopBe1 - Internal MIDI Port (HKLM-x32\...\LoopBe1) (Version: - )
Malwarebytes version 5.3.6.205 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.3.6.205 - Malwarebytes)
Microsoft .NET Host - 6.0.36 (x64) (HKLM\...\{D6932D97-36F1-40B8-9CDC-CA8365B21000}) (Version: 48.144.23141 - Microsoft Corporation) Hidden
Microsoft .NET Host - 7.0.10 (x64) (HKLM\...\{454BEFFD-28B3-47C0-A7AF-E965B685D2FF}) (Version: 56.43.64668 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.36 (x64) (HKLM\...\{A9E32B25-994B-4856-A12B-0EBED3050410}) (Version: 48.144.23141 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 7.0.10 (x64) (HKLM\...\{898266E3-A0E5-4BA3-AF3F-E3C5D626EABA}) (Version: 56.43.64668 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.36 (x64) (HKLM\...\{C912E33F-956A-4921-9F55-CC11AE8F09AF}) (Version: 48.144.23141 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 7.0.10 (x64) (HKLM\...\{8AE22909-0EDC-41D3-A522-602CA7DC3621}) (Version: 56.43.64668 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 139.0.3405.125 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 139.0.3405.125 - Microsoft Corporation) Hidden
Microsoft Office LTSC Professional Plus 2024 - cs-cz (HKLM\...\ProPlus2024Volume - cs-cz) (Version: 16.0.19127.20154 - Microsoft Corporation)
Microsoft Office LTSC Professional Plus 2024 - en-us (HKLM\...\ProPlus2024Volume - en-us) (Version: 16.0.19127.20154 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 25.140.0720.0001 - Microsoft Corporation)
Microsoft Visual Basic/C++ Runtime (x86) (HKLM-x32\...\{C5E3A69D-D391-45A6-A8FB-00B01E2B010D}) (Version: 1.1.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61135 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61135 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61135 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61135 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.42.34438 (HKLM-x32\...\{b49c10dd-4d54-45f8-ad13-fa25704456a4}) (Version: 14.42.34438.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.42.34438 (HKLM-x32\...\{ba10fda9-f731-441f-a999-000bbb7ceec2}) (Version: 14.42.34438.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.42.34438 (HKLM\...\{E528AD94-12D7-42C4-91A3-908BE28E9BD2}) (Version: 14.42.34438 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.42.34438 (HKLM\...\{2E15F519-4FDA-4834-B4EE-7EFCE7D8D4EE}) (Version: 14.42.34438 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.42.34438 (HKLM-x32\...\{A5592FEF-F948-4BA6-A066-8BBFC2DC7EE1}) (Version: 14.42.34438 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.42.34438 (HKLM-x32\...\{5D0C4511-3CA1-4FF8-A4BA-C0E1957ABEEA}) (Version: 14.42.34438 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022-2024 Redistributable (x64) - 14.36.32532 (HKLM-x32\...\{048E023D-08A9-065B-896C-A5B31DE30A40}) (Version: 24.4.4.9118 - Microsoft)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{610487D9-3460-328A-9333-219D43A75CC5}) (Version: 10.0.60922 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 6.0.36 (x64) (HKLM\...\{61D4736B-3325-4D4A-BD41-8BD206C6A86E}) (Version: 48.144.23186 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.36 (x64) (HKLM-x32\...\{0532b8f2-12d7-43de-95fc-7b87006758a8}) (Version: 6.0.36.34217 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 7.0.10 (x64) (HKLM\...\{86377F8B-E35E-4774-B156-35EA6776B231}) (Version: 56.43.64722 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 7.0.10 (x64) (HKLM-x32\...\{749f7aca-89a5-4659-92a5-0449fc5fdd78}) (Version: 7.0.10.32717 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox (x64 cs) (HKLM\...\Mozilla Firefox 141.0.3 (x64 cs)) (Version: 141.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 133.0 - Mozilla)
MPC-HC 2.5.2 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 2.5.2 - MPC-HC Team)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.7.4 - Notepad++ Team)
NVIDIA App 11.0.5.245 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NvApp) (Version: 11.0.5.245 - NVIDIA Corporation)
NVIDIA FrameView SDK 1.5.11504.36206172 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.5.11504.36206172 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.4.3.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.4.3.2 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 576.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 576.88 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.23.1019 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.23.1019 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.19127.20154 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.19029.20208 - Microsoft Corporation) Hidden
qBittorrent (HKLM-x32\...\qBittorrent) (Version: 5.1.0 - The qBittorrent project)
Quick Utility (HKLM-x32\...\{285B6EE0-85A3-4AD9-A7E8-80089D27816A}) (Version: 1.5.34.450 - Advanced Systems)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9733.1 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 11.20.0729.2024 - Realtek)
Realtek PCI-E Wireless LAN WiFi 6 Driver (HKLM-x32\...\InstallShield_{F226CA8A-6F3D-429b-B310-776FEA12B17E}) (Version: Drv_3.00.0045 - REALTEK Semiconductor Corp.)
Riot Client (HKU\S-1-5-21-1133320186-482538794-3055530732-1001\...\Riot Game Riot_Client.) (Version: - Riot Games, Inc)
Riot Vanguard (HKLM\...\Riot Vanguard) (Version: - Riot Games, Inc.)
Smart Backup (x64) (HKLM\...\{BC1FA5CF-A36F-4C61-9638-09D0B431B006}) (Version: 3.24.0829.1 - Gigabyte) Hidden
Smart Backup (x64) (HKLM-x32\...\InstallShield_{BC1FA5CF-A36F-4C61-9638-09D0B431B006}) (Version: 3.24.0829.1 - Gigabyte)
SoundSwitch 6.5.4.0 (HKU\S-1-5-21-1133320186-482538794-3055530732-1001\...\SoundSwitch_is1) (Version: 6.5.4.0 - Antoine Aflalo)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stronghold Crusader Definitive Edition (HKLM-x32\...\Stronghold Crusader Definitive Edition_is1) (Version: - )
Synthesia (HKLM-x32\...\Synthesia) (Version: 10.5 - Synthesia LLC)
Trados Studio 2022 SR1 (HKLM-x32\...\{AA84644D-E993-45C7-8760-32304834A41A}) (Version: 17.1.16252 - SDL Limited (a part of the RWS Holdings Plc group)) Hidden
Trados Studio 2022 SR1 (HKLM-x32\...\Studio17) (Version: 17.1.6.16252 - SDL Limited (a part of the RWS Holdings plc group))
Trados Studio 2024 (HKLM-x32\...\{377515B8-4925-4DD8-95F8-B75D84F4B1ED}) (Version: 18.0.1013 - SDL Limited (a part of the RWS Holdings Plc group)) Hidden
Trados Studio 2024 (HKLM-x32\...\Studio18) (Version: 18.0.0.1013 - RWS Holdings plc or affiliates)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 151.2.11050 - Ubisoft)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.21 - VideoLAN)
WinRAR 7.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 7.01.0 - win.rar GmbH)
Packages:
=========
@{MicrosoftWindows.55182690.Taskbar_1000.26100.3624.0_x64__cw5n1h2txyewy?ms-resource://MicrosoftWindows.55182690.Taskbar/Resources/ProductPkgDisplayName} -> C:\Windows\SystemApps\SxS\MicrosoftWindows.55182690.Taskbar_cw5n1h2txyewy [2025-05-29] ()
@{MicrosoftWindows.55182690.Taskbar_1000.26100.3775.0_x64__cw5n1h2txyewy?ms-resource://MicrosoftWindows.55182690.Taskbar/Resources/ProductPkgDisplayName} -> C:\Windows\SystemApps\SxS\MicrosoftWindows.55182690.Taskbar_cw5n1h2txyewy [2025-05-29] ()
@{MicrosoftWindows.55182690.Taskbar_1000.26100.3912.0_x64__cw5n1h2txyewy?ms-resource://MicrosoftWindows.55182690.Taskbar/Resources/ProductPkgDisplayName} -> C:\Windows\SystemApps\SxS\MicrosoftWindows.55182690.Taskbar_cw5n1h2txyewy [2025-05-29] ()
Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Assets [2025-08-29] ()
AMD Radeon Software -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.24.10035.0_x64__0a9344xs7nr4m [2025-08-30] (Advanced Micro Devices Inc.) [Startup Task]
Dropbox -> C:\Program Files (x86)\Dropbox\Client\PackageAssets [2025-08-27] (Dropbox Inc.)
Local Artificial Intelligence Manager -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\AI [2025-08-29] ()
Malwarebytes Anti-Malware -> C:\Program Files\Malwarebytes\Anti-Malware [2025-08-29] ()
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2025-08-30] (Microsoft Corp.)
Microsoft Sonia (Natural) - English (United Kingdom) -> C:\Program Files\WindowsApps\MicrosoftWindows.Voice.en-GB.Sonia.1_1.0.4.0_x64__cw5n1h2txyewy [2025-08-30] (Microsoft Windows)
Microsoft.Office.ActionsServer -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\ActionsServer [2025-08-29] ()
Narrator Extension - Excel -> C:\Program Files\WindowsApps\MicrosoftWindows.NarratorScript.Excel_1.0.14.0_neutral__cw5n1h2txyewy [2025-08-30] (Microsoft Windows)
NarratorExtension - Outlook -> C:\Program Files\WindowsApps\MicrosoftWindows.NarratorScript.Outlook_1.0.8.0_neutral__cw5n1h2txyewy [2025-08-30] (Microsoft Windows)
Notepad++ -> C:\Program Files\Notepad++\contextMenu [2024-12-12] (Notepad++)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.968.0_x64__56jybvy8sckqj [2025-08-30] (NVIDIA Corp.)
OfficePushNotificationsUtility -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16 [2025-08-29] ()
Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2025-08-30] (Adobe Systems Incorporated)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.51.347.0_x64__dt26b99r8h8gj [2025-08-30] (Realtek Semiconductor Corp)
SpotifyAB.SpotifyMusic -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.271.421.0_x64__zpdnekdrzrea0 [2025-08-30] (Spotify AB) [Startup Task]
WinRAR -> C:\Program Files\WinRAR [2024-12-07] (win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1133320186-482538794-3055530732-1001_Classes\CLSID\{04271989-C4D2-A1DA-C5CD-2605C5C590C9} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-1133320186-482538794-3055530732-1001_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-1133320186-482538794-3055530732-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-1133320186-482538794-3055530732-1001_Classes\CLSID\{b72e6f5e-f6e0-a9eb-461b-6118363bd15c}\localserver32 -> C:\Users\matej\AppData\Local\0install.net\implementations\sha256new_OYTPCOM3P4AQZIYXT5RHTSGHKPQHHWLIWUEBOBCEKRG2WWDRCMMA\DeepL.exe (DeepL SE -> DeepL SE)
CustomCLSID: HKU\S-1-5-21-1133320186-482538794-3055530732-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Translation\Dropbox [2024-12-05 02:58]
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\25.140.0720.0001\FileSyncShell64.dll [2025-08-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\25.140.0720.0001\FileSyncShell64.dll [2025-08-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\25.140.0720.0001\FileSyncShell64.dll [2025-08-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\25.140.0720.0001\FileSyncShell64.dll [2025-08-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\25.140.0720.0001\FileSyncShell64.dll [2025-08-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\25.140.0720.0001\FileSyncShell64.dll [2025-08-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\25.140.0720.0001\FileSyncShell64.dll [2025-08-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.86.0.dll [2025-08-26] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.86.0.dll [2025-08-26] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.86.0.dll [2025-08-26] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.86.0.dll [2025-08-26] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.86.0.dll [2025-08-26] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.86.0.dll [2025-08-26] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.86.0.dll [2025-08-26] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.86.0.dll [2025-08-26] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.86.0.dll [2025-08-26] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.86.0.dll [2025-08-26] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\25.140.0720.0001\FileSyncShell64.dll [2025-08-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\25.140.0720.0001\FileSyncShell64.dll [2025-08-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\25.140.0720.0001\FileSyncShell64.dll [2025-08-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\25.140.0720.0001\FileSyncShell64.dll [2025-08-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\25.140.0720.0001\FileSyncShell64.dll [2025-08-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\25.140.0720.0001\FileSyncShell64.dll [2025-08-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\25.140.0720.0001\FileSyncShell64.dll [2025-08-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.86.0.dll [2025-08-26] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.86.0.dll [2025-08-26] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.86.0.dll [2025-08-26] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.86.0.dll [2025-08-26] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.86.0.dll [2025-08-26] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.86.0.dll [2025-08-26] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.86.0.dll [2025-08-26] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.86.0.dll [2025-08-26] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.86.0.dll [2025-08-26] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.86.0.dll [2025-08-26] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.140.0720.0001\FileSyncShell64.dll [2025-08-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2025-08-22] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.86.0.dll [2025-08-26] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-08-29] (Malwarebytes Inc -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.140.0720.0001\FileSyncShell64.dll [2025-08-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.86.0.dll [2025-08-26] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.140.0720.0001\FileSyncShell64.dll [2025-08-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.86.0.dll [2025-08-26] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_08efa4f6500ab001\nvshext.dll [2025-06-25] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-08-29] (Malwarebytes Inc -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\SysWOW64\vp6vfw.dll [447752 2008-09-04] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\SysWOW64\vp6vfw.dll [447752 2008-09-04] (Electronic Arts -> On2.com)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\matej\Desktop\Ostatní\Co-op\ER.lnk -> D:\Games\Steam\steamapps\common\ELDEN RING\Game\launchmod_eldenring.bat (No File)
==================== Loaded Modules (Whitelisted) =============
2024-12-05 02:29 - 2023-02-09 18:57 - 000028672 _____ () [File not signed] [File is in use] C:\Users\matej\AppData\Local\Programs\SoundSwitch\SerilogTraceListener.dll
2024-12-05 02:29 - 2023-02-09 18:57 - 000102400 _____ (Antoine Aflalo) [File not signed] [File is in use] C:\Users\matej\AppData\Local\Programs\SoundSwitch\Job.Scheduler.dll
2024-12-05 02:29 - 2023-02-09 18:57 - 000163840 _____ (Lucas Zimerman) [File not signed] [File is in use] C:\Users\matej\AppData\Local\Programs\SoundSwitch\ContribSentry.dll
2024-12-05 02:29 - 2023-02-09 18:57 - 000344064 _____ (Mark Heath) [File not signed] [File is in use] C:\Users\matej\AppData\Local\Programs\SoundSwitch\NAudio.Wasapi.dll
2024-12-05 02:29 - 2023-02-09 18:57 - 000049152 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\matej\AppData\Local\Programs\SoundSwitch\Microsoft.Extensions.Caching.Abstractions.dll
2024-12-05 02:29 - 2023-02-09 18:57 - 000081920 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\matej\AppData\Local\Programs\SoundSwitch\Microsoft.Extensions.Caching.Memory.dll
2024-12-05 02:29 - 2023-02-09 18:57 - 000131072 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\matej\AppData\Local\Programs\SoundSwitch\Microsoft.Extensions.Logging.Abstractions.dll
2024-12-05 02:29 - 2023-02-09 18:57 - 000118784 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\matej\AppData\Local\Programs\SoundSwitch\Microsoft.Extensions.Options.dll
2024-12-05 02:29 - 2023-02-09 18:57 - 000073728 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Users\matej\AppData\Local\Programs\SoundSwitch\Microsoft.Extensions.Primitives.dll
2024-12-05 02:29 - 2023-02-09 18:57 - 000102400 _____ (Muhammad Rehan Saeed (RehanSaeed.com)) [File not signed] [File is in use] C:\Users\matej\AppData\Local\Programs\SoundSwitch\Serilog.Exceptions.dll
2024-12-05 02:29 - 2023-02-09 18:57 - 001863680 _____ (Newtonsoft) [File not signed] [File is in use] C:\Users\matej\AppData\Local\Programs\SoundSwitch\Newtonsoft.Json.dll
2025-08-29 17:20 - 2025-08-29 17:20 - 000000000 ____L (NVIDIA Corporation) [symlink -> C:\Program Files\NVIDIA Corporation\NVIDIA App\CEF\PlugIns\NVIDIA App\MessageBusRouter.dll] C:\Program Files\NVIDIA Corporation\NVIDIA App\CEF\plugins\NVIDIA Overlay\MessageBusRouter.dll
2024-12-05 14:38 - 2025-08-29 17:20 - 000000000 ____L (NVIDIA Corporation) [symlink -> C:\Program Files\NVIDIA Corporation\NVIDIA App\MessageBus\NvMessageBusBroadcast.dll] C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\NvMessageBusBroadcast.dll
2024-12-05 02:29 - 2023-02-09 18:57 - 001101824 _____ (Sentry.io) [File not signed] [File is in use] C:\Users\matej\AppData\Local\Programs\SoundSwitch\Sentry.dll
2024-12-05 02:29 - 2023-02-09 18:57 - 000040960 _____ (Sentry.io) [File not signed] [File is in use] C:\Users\matej\AppData\Local\Programs\SoundSwitch\Sentry.Serilog.dll
2024-12-05 02:29 - 2023-02-09 18:57 - 000368640 _____ (Serilog Contributors) [File not signed] [File is in use] C:\Users\matej\AppData\Local\Programs\SoundSwitch\Serilog.dll
2024-12-05 02:29 - 2023-02-09 18:57 - 000077824 _____ (Serilog Contributors) [File not signed] [File is in use] C:\Users\matej\AppData\Local\Programs\SoundSwitch\Serilog.Sinks.File.dll
2024-12-05 02:29 - 2023-02-09 18:57 - 000036864 _____ (SoftFrame) [File not signed] C:\Users\matej\AppData\Local\Programs\SoundSwitch\RailSharp.dll
2024-12-05 02:29 - 2023-02-09 18:57 - 002076672 _____ (SoundSwitch) [File not signed] [File is in use] C:\Users\matej\AppData\Local\Programs\SoundSwitch\SoundSwitch.dll
2024-12-05 02:29 - 2023-02-09 18:57 - 000086016 _____ (SoundSwitch.Audio.Manager) [File not signed] [File is in use] C:\Users\matej\AppData\Local\Programs\SoundSwitch\SoundSwitch.Audio.Manager.dll
2024-12-05 02:29 - 2023-02-09 18:57 - 000077824 _____ (SoundSwitch.Common) [File not signed] [File is in use] C:\Users\matej\AppData\Local\Programs\SoundSwitch\SoundSwitch.Common.dll
2024-12-05 02:29 - 2023-02-09 18:57 - 000065536 _____ (SoundSwitch.UI.Menu) [File not signed] [File is in use] C:\Users\matej\AppData\Local\Programs\SoundSwitch\SoundSwitch.UI.Menu.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Lingea Lexicon 7.lnk:BA5FA6B951 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ableton Live 12 Suite.lnk:07297DC925 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini:41964AA945 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox — anonymní prohlížení.lnk:DD458B7765 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk:159ADC9AA1 [3442]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [5258]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Microsoft => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) =============
BHO: GBHO.BHO -> {45d30484-7ded-43d9-957a-d2fd1f046511} -> C:\Windows\system32\mscoree.dll [2025-03-27] (Microsoft Windows -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2025-08-29] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM - Smart Backup - {1d09c093-f71e-43c3-b948-19316cbd695e} - C:\Windows\system32\mscoree.dll [2025-03-27] (Microsoft Windows -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-08-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-08-29] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-08-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-08-29] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-08-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-08-29] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-08-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-08-29] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2024-04-01 09:26 - 2024-04-01 09:24 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
==================== Network ===========================
(Currently there is no automatic fix for this section.)
DNS Servers: 8.8.8.8 - 8.8.4.4
Windows Firewall is enabled.
Network Binding:
=============
Hamachi: LogMeIn Hamachi Virtual Ethernet Adapter -> Hamdrv.sys
Wi-Fi: Realtek 8852CE WiFi 6E PCI-E NIC -> rtwlane602.sys
Síťové připojení Bluetooth: Bluetooth Device (Personal Area Network) -> bthpan.sys
Ethernet: Realtek PCIe GbE Family Controller -> rt68cx21x64.sys
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1133320186-482538794-3055530732-1001\Control Panel\Desktop\\Wallpaper -> D:\Pictures\forest-aerial-view-nature-scenery-4k-wallpaper-uhdpaper.com-816@0@g.jpg
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows Defender\Features => (TamperProtection: 1) (TamperProtectionSource: 5)
HKLM\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection => (DpaDisabled: 0)
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Extensions|.exe
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Extensions|.ps1
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths|C:\Windows\System32\SppExtComObjHook.dll
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths|C:\
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths|C:\Windows
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths|C:\Users
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths|C:\ProgramData
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths|C:\Users\Public
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths|C:\ProgramData\Player800
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths|C:\Users\Public\IObitUnlocker\BR
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths|C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\AudioService
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths|C:\Windows\system32\config\systemprofile\AppData\Local\Temp
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths|C:\Windows\system32\config\systemprofile\AppData\Roaming
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths|C:\Windows\system32\config\systemprofile\AppData\Local
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes|powershell.exe
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes|Wscript.exe
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes|cmd.exe
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes|C:\Windows\explorer.exe
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes|conhost.exe
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes|jsc.exe
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes|C:\Users\Public\IObitUnlocker\RAR.exe
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes|AudioService.exe
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes|C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\AudioService\AudioService.exe
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes|schtasks.exe
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes|vbc.exe
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes|aspnet_compiler.exe
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes|Font.exe
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes|proquota.exe
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes|RegAsm.exe
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKU\S-1-5-21-1133320186-482538794-3055530732-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_11872F9D971483CA9643D2EC2AA57DAE"
HKU\S-1-5-21-1133320186-482538794-3055530732-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{97828FCC-CA97-4B3C-B625-707102ACBB66}] => (Allow) C:\Program Files\GIGABYTE\Control Center\GCC.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [TCP Query User{F23602B5-775A-440E-A72B-B581CCADF160}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe => No File
FirewallRules: [UDP Query User{D1E25590-345E-4A91-8923-C4B333844D33}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe => No File
FirewallRules: [TCP Query User{4AA72CE6-0762-4A00-9610-214E1956565F}D:\games\riot games\riot client\riotclientelectron\riot client.exe] => (Allow) D:\games\riot games\riot client\riotclientelectron\riot client.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [UDP Query User{D602CC55-7093-47C1-84D5-95E46C6D288D}D:\games\riot games\riot client\riotclientelectron\riot client.exe] => (Allow) D:\games\riot games\riot client\riotclientelectron\riot client.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [TCP Query User{6BEFB270-3F93-4F3B-8A37-C69B473853C7}D:\games\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) D:\games\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{7B4FC567-5A2B-4BA1-8867-823D2E9C1CE2}D:\games\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) D:\games\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{5CE6147D-0AC5-4403-9D57-EDB361CF7FBD}] => (Allow) D:\Games\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{85E22C05-33BC-4616-95E8-26834F644F46}] => (Allow) D:\Games\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{47F410A3-CC81-4CDE-BBA5-0726454A3201}] => (Allow) D:\Games\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{70A6BA1D-8966-4DEA-B87A-725D8D2A0D36}] => (Allow) D:\Games\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{0AD1DC4D-E246-4E70-A9CE-BEFCB4444688}] => (Allow) D:\Games\Steam\steamapps\common\wallpaper_engine\launcher.exe (Skutta Software GmbH -> )
FirewallRules: [{29261CAB-3245-486D-96E6-8564315BF84A}] => (Allow) D:\Games\Steam\steamapps\common\wallpaper_engine\launcher.exe (Skutta Software GmbH -> )
FirewallRules: [{74EB55EF-08E8-4CF8-9611-5315B15AAF91}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{7B6538E1-A86D-40B4-ABB9-BD08DA653081}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{21A0FDB9-7447-4749-922F-AE31B5ED3C90}D:\games\steam\steamapps\common\marvelrivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\marvelrivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe => No File
FirewallRules: [UDP Query User{BAFC467A-EA77-4A17-859A-5D51278CB345}D:\games\steam\steamapps\common\marvelrivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\marvelrivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe => No File
FirewallRules: [{A729AFF9-59B3-4037-956B-E34681C683AC}] => (Allow) D:\Games\Steam\steamapps\common\Path of Exile 2\PathOfExileSteam.exe (Grinding Gear Games Limited -> )
FirewallRules: [{877862D0-0C8A-4C5F-863B-9FE646D036A2}] => (Allow) D:\Games\Steam\steamapps\common\Path of Exile 2\PathOfExileSteam.exe (Grinding Gear Games Limited -> )
FirewallRules: [TCP Query User{2484B317-24E7-4F67-9E96-A0AF359DBC74}D:\programy\ableton\live 12 suite\program\ableton live 12 suite.exe] => (Allow) D:\programy\ableton\live 12 suite\program\ableton live 12 suite.exe (Ableton AG -> Ableton)
FirewallRules: [UDP Query User{E0435BE3-C37D-4FE4-91AA-60D273EC51DD}D:\programy\ableton\live 12 suite\program\ableton live 12 suite.exe] => (Allow) D:\programy\ableton\live 12 suite\program\ableton live 12 suite.exe (Ableton AG -> Ableton)
FirewallRules: [{AD680278-0DB2-4558-8DE2-DA49A5F84F63}] => (Block) C:\Program Files (x86)\Synthesia\Synthesia.exe () [File not signed]
FirewallRules: [{FC645139-B8E3-462E-B163-6A7C2E4DA273}] => (Block) D:\Programy\Ableton\Live 12 Suite\Program\Ableton Live 12 Suite.exe (Ableton AG -> Ableton)
FirewallRules: [{EF31CFB5-AF59-429C-B79B-15973A8375A0}] => (Allow) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe (LogMeIn, Inc. -> LogMeIn Inc.)
FirewallRules: [{54B50E50-052A-425B-AFAA-E10C71356453}] => (Allow) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe (LogMeIn, Inc. -> LogMeIn Inc.)
FirewallRules: [TCP Query User{8C88150A-B3A8-4BD1-81D0-13BF84A688A8}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{F3B53AF9-D7D6-4436-BAB6-D438AEE4C2CF}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{19E6EC0E-4F0D-49AD-A487-1825D878EFA8}] => (Allow) C:\Users\matej\AppData\Local\VoicemodV3\app\last\Voicemod.exe => No File
FirewallRules: [{37C9FAC9-8E98-4B88-B161-D266CA2E8FEA}] => (Allow) C:\Users\matej\AppData\Local\VoicemodV3\app\last\Voicemod.exe => No File
FirewallRules: [{E44271FD-2BDE-46DB-84BF-E4EC8C113795}] => (Allow) D:\Games\Steam\steamapps\common\Total War WARHAMMER III\launcher\launcher.exe (Creative Assembly -> Creative Assembly Ltd)
FirewallRules: [{596B61DD-AB17-4C5D-B1B1-768645BFA321}] => (Allow) D:\Games\Steam\steamapps\common\Total War WARHAMMER III\launcher\launcher.exe (Creative Assembly -> Creative Assembly Ltd)
FirewallRules: [TCP Query User{D8C426C5-CF3D-4968-A6F7-1BBE6D5316D4}D:\games\steam\steamapps\common\total war warhammer iii\warhammer3.exe] => (Allow) D:\games\steam\steamapps\common\total war warhammer iii\warhammer3.exe (Creative Assembly -> The Creative Assembly Ltd)
FirewallRules: [UDP Query User{CDF786CF-6394-44A8-B469-1C4DBBCBD0AD}D:\games\steam\steamapps\common\total war warhammer iii\warhammer3.exe] => (Allow) D:\games\steam\steamapps\common\total war warhammer iii\warhammer3.exe (Creative Assembly -> The Creative Assembly Ltd)
FirewallRules: [{5F8AC63D-7931-4ADB-9B65-199F0ECEA46A}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{B7F69040-C1DD-446C-BC73-11A2F403D204}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{025488FF-8E1F-4FCE-9978-13905C075EED}] => (Allow) D:\Games\Steam\steamapps\common\Don't Starve Together\bin64\dontstarve_steam_x64.exe () [File not signed]
FirewallRules: [{2CA47E5F-9B3C-4F89-9F49-0815C536837D}] => (Allow) D:\Games\Steam\steamapps\common\Don't Starve Together\bin64\dontstarve_steam_x64.exe () [File not signed]
FirewallRules: [{3183F2B5-27BD-436E-9E71-2B9E1D2ADA37}] => (Allow) D:\Games\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe () [File not signed]
FirewallRules: [{F1FBBEE0-5799-479A-A137-3767594E09B4}] => (Allow) D:\Games\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe () [File not signed]
FirewallRules: [TCP Query User{8B6CD5A6-4C58-4DA9-B704-0EA19CA9786A}D:\games\steam\steamapps\common\fragpunk\fragpunk\binaries\win64\fragpunk.exe] => (Allow) D:\games\steam\steamapps\common\fragpunk\fragpunk\binaries\win64\fragpunk.exe => No File
FirewallRules: [UDP Query User{D563B6BC-76DD-421A-8145-9154B3AA3551}D:\games\steam\steamapps\common\fragpunk\fragpunk\binaries\win64\fragpunk.exe] => (Allow) D:\games\steam\steamapps\common\fragpunk\fragpunk\binaries\win64\fragpunk.exe => No File
FirewallRules: [{EB041C24-25A8-40FC-9446-8FA563BE34FC}] => (Allow) D:\Games\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe (Grinding Gear Games Limited -> )
FirewallRules: [{2DD7C815-07CF-4B82-B5B8-49B0AD49A944}] => (Allow) D:\Games\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe (Grinding Gear Games Limited -> )
FirewallRules: [TCP Query User{32053B8A-0F78-48C9-B31B-F26EC23B72FD}C:\games\sidmeierscivilizationvi\base\binaries\win64eos\civilizationvi.exe] => (Allow) C:\games\sidmeierscivilizationvi\base\binaries\win64eos\civilizationvi.exe (2K Games, Inc. -> Firaxis Games)
FirewallRules: [UDP Query User{68FA7CCD-323F-46B1-BB73-0F4A1093035F}C:\games\sidmeierscivilizationvi\base\binaries\win64eos\civilizationvi.exe] => (Allow) C:\games\sidmeierscivilizationvi\base\binaries\win64eos\civilizationvi.exe (2K Games, Inc. -> Firaxis Games)
FirewallRules: [TCP Query User{B98D9CC3-AF7F-44E7-A58A-95387E72A2AB}D:\iso\trine 5 a clockwork conspiracy\trine 5 a clockwork conspiracy\trine5.exe] => (Allow) D:\iso\trine 5 a clockwork conspiracy\trine 5 a clockwork conspiracy\trine5.exe () [File not signed]
FirewallRules: [UDP Query User{3E5C4B28-1DF0-454E-81D9-0E9F6BFFDC24}D:\iso\trine 5 a clockwork conspiracy\trine 5 a clockwork conspiracy\trine5.exe] => (Allow) D:\iso\trine 5 a clockwork conspiracy\trine 5 a clockwork conspiracy\trine5.exe () [File not signed]
FirewallRules: [{05646328-1FB8-466F-B36B-417838E6F80E}] => (Allow) D:\Games\Steam\steamapps\common\Terraria\Terraria.exe (Re-Logic) [File not signed]
FirewallRules: [{935BF597-83A4-40ED-9509-0157F1A831BB}] => (Allow) D:\Games\Steam\steamapps\common\Terraria\Terraria.exe (Re-Logic) [File not signed]
FirewallRules: [{56390ECF-B5E7-4EA3-90B6-0E9FFE6E05BF}] => (Allow) D:\Games\Steam\steamapps\common\Anno 1800\Bin\Win64\Anno1800.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{52125031-0400-49DD-A469-E7F518F47045}] => (Allow) D:\Games\Steam\steamapps\common\Anno 1800\Bin\Win64\Anno1800.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{EB6B649B-D27C-4B5B-B671-A848916DD490}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{D5917C5D-754F-4036-B31E-0CBA1F28F8A9}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{16D832AF-1E57-46A9-95AE-FE980F47B0BA}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{6BBFE532-87D7-4F2B-AEC9-540F19A7EF08}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.271.421.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{775340A7-63DE-411D-BEE8-6AA257752648}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.271.421.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{BED8696F-CC94-47E0-83A9-6C24BE77073B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.271.421.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{EB4BD4EF-7ED3-476A-8A13-7B914E68135B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.271.421.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{C93CFB54-2AE0-40F7-B84D-DBDC86CC5EF8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.271.421.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{C282A977-E03F-4BC5-942D-4E84F4D6B19B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.271.421.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{8CB343BE-C5BE-4597-ACFC-C3E968186150}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.271.421.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{65239C17-A13E-4D4A-9057-5C15212EC7D1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.271.421.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{79AA4780-7076-4301-82E6-CAD93316F64C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.271.421.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{BA448118-C758-40A0-8C89-31062AF6392E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.271.421.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{618E00AB-DB98-446D-BD27-D86F60FCF570}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.271.421.0_x64__zpdnekdrzrea0\SpotifyLauncher.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{8D402498-DF56-4D57-BAC1-EBBBF51EAE36}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.271.421.0_x64__zpdnekdrzrea0\SpotifyLauncher.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{DA82AAF8-E56F-4246-AE5B-8C186E5027BF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.271.421.0_x64__zpdnekdrzrea0\SpotifyLauncher.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [TCP Query User{CDD91587-F107-43BB-869B-5087431AF543}D:\iso\broforce\broforce\broforce_beta.exe] => (Allow) D:\iso\broforce\broforce\broforce_beta.exe => No File
FirewallRules: [UDP Query User{A1611C98-31F5-4CBB-BF8D-958B9EE3FD34}D:\iso\broforce\broforce\broforce_beta.exe] => (Allow) D:\iso\broforce\broforce\broforce_beta.exe => No File
FirewallRules: [{C979449D-47C1-409D-AA4D-06FBF0F55E51}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{4F8FB9AF-DE79-47E6-8311-B124652DA5B5}C:\games\makewaybd5d1\make way.exe] => (Allow) C:\games\makewaybd5d1\make way.exe => No File
FirewallRules: [UDP Query User{7E86AB6D-F367-4674-9E72-E3577E5D2B93}C:\games\makewaybd5d1\make way.exe] => (Allow) C:\games\makewaybd5d1\make way.exe => No File
FirewallRules: [TCP Query User{28F72AC2-D341-4D9C-AC63-9E1B4E083AE5}C:\program files (x86)\epic games\epic online services\managedartifacts\98bc04bc842e4906993fd6d6644ffb8d\eosoverlayrenderer-win64-shipping.exe] => (Allow) C:\program files (x86)\epic games\epic online services\managedartifacts\98bc04bc842e4906993fd6d6644ffb8d\eosoverlayrenderer-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{383F1C76-DE1E-43DF-8C51-F52E2AD35AA7}C:\program files (x86)\epic games\epic online services\managedartifacts\98bc04bc842e4906993fd6d6644ffb8d\eosoverlayrenderer-win64-shipping.exe] => (Allow) C:\program files (x86)\epic games\epic online services\managedartifacts\98bc04bc842e4906993fd6d6644ffb8d\eosoverlayrenderer-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
==================== Restore Points =========================
29-08-2025 23:11:12 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices ============
Name: LogMeIn Hamachi Virtual Ethernet Adapter
Description: LogMeIn Hamachi Virtual Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn Inc.
Service: Hamachi
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Podezření na keylogger
Re: Podezření na keylogger
==================== Event log errors: ========================
Application errors:
==================
Error: (08/30/2025 07:32:35 PM) (Source: Application Error) (EventID: 1000) (User: MB)
Description: Název chybující aplikace: trine5.exe, verze: 0.0.0.0, časové razítko: 0x64edc94c
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.26100.4946, časové razítko: 0x723bcf0f
Kód výjimky: 0xc06d007e
Posun chyby: 0x00000000000c7f7a
ID chybujícího procesu: 0xd288
Čas spuštění chybující aplikace: 0x1dc19d410e9d2c7
Cesta k chybující aplikaci: D:\ISO\Trine 5 A Clockwork Conspiracy\Trine 5 A Clockwork Conspiracy\trine5.exe
Cesta k chybujícímu modulu: C:\Windows\System32\KERNELBASE.dll
ID sestavy: 9209db7c-4f9e-4bb1-ab22-38170384dc85
Celý název chybujícího balíčku:
ID chybující aplikace relativní vzhledem k balíčku:
Error: (08/30/2025 07:31:56 PM) (Source: Application Error) (EventID: 1000) (User: MB)
Description: Název chybující aplikace: trine5.exe, verze: 0.0.0.0, časové razítko: 0x64edc94c
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.26100.4946, časové razítko: 0x723bcf0f
Kód výjimky: 0xc06d007e
Posun chyby: 0x00000000000c7f7a
ID chybujícího procesu: 0xe940
Čas spuštění chybující aplikace: 0x1dc19d3f9f312b5
Cesta k chybující aplikaci: D:\ISO\Trine 5 A Clockwork Conspiracy\Trine 5 A Clockwork Conspiracy\trine5.exe
Cesta k chybujícímu modulu: C:\Windows\System32\KERNELBASE.dll
ID sestavy: 262ec0ea-110a-490d-8e48-537f5526cec5
Celý název chybujícího balíčku:
ID chybující aplikace relativní vzhledem k balíčku:
Error: (08/30/2025 07:30:59 PM) (Source: Application Error) (EventID: 1000) (User: MB)
Description: Název chybující aplikace: trine5.exe, verze: 0.0.0.0, časové razítko: 0x64edc94c
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.26100.4946, časové razítko: 0x723bcf0f
Kód výjimky: 0xc06d007e
Posun chyby: 0x00000000000c7f7a
ID chybujícího procesu: 0xe9a8
Čas spuštění chybující aplikace: 0x1dc19d3d77388dd
Cesta k chybující aplikaci: D:\ISO\Trine 5 A Clockwork Conspiracy\Trine 5 A Clockwork Conspiracy\trine5.exe
Cesta k chybujícímu modulu: C:\Windows\System32\KERNELBASE.dll
ID sestavy: 04be4b3a-a8c8-4d8b-862c-1492ee111cea
Celý název chybujícího balíčku:
ID chybující aplikace relativní vzhledem k balíčku:
Error: (08/30/2025 09:12:53 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - Došlo k chybě při inicializaci infrastruktury připojení profilovacího rozhraní API. Tento proces neumožní připojení profileru. HRESULT: 0x80004005. ID procesu (desítkově): 17016. ID zprávy: [0x2509].
Error: (08/30/2025 09:12:17 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - Došlo k chybě při inicializaci infrastruktury připojení profilovacího rozhraní API. Tento proces neumožní připojení profileru. HRESULT: 0x80004005. ID procesu (desítkově): 3416. ID zprávy: [0x2509].
Error: (08/30/2025 09:12:00 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - Došlo k chybě při inicializaci infrastruktury připojení profilovacího rozhraní API. Tento proces neumožní připojení profileru. HRESULT: 0x80004005. ID procesu (desítkově): 24192. ID zprávy: [0x2509].
Error: (08/30/2025 09:11:30 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - Došlo k chybě při inicializaci infrastruktury připojení profilovacího rozhraní API. Tento proces neumožní připojení profileru. HRESULT: 0x80004005. ID procesu (desítkově): 15420. ID zprávy: [0x2509].
Error: (08/30/2025 09:06:57 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - Došlo k chybě při inicializaci infrastruktury připojení profilovacího rozhraní API. Tento proces neumožní připojení profileru. HRESULT: 0x80004005. ID procesu (desítkově): 12596. ID zprávy: [0x2509].
System errors:
=============
Error: (08/30/2025 09:26:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba WinDefend neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (08/30/2025 09:26:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba MDCoreSvc neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (08/30/2025 09:25:09 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 30) (User: NT AUTHORITY)
Description: Služba protokolování událostí zjistila chybu (5) při povolení vydavatele {8e889f0c-7d54-52b3-e4ae-2c8b27a482c2} pro kanál Microsoft-Windows-LocationServiceProvider/Operational. Tato chyba neovlivní funkci kanálu, ale ovlivní možnost vydavatele odesílat události do tohoto kanálu. Jednou z běžných příčin této chyby je, že zprostředkovatel používá zabezpečení zprostředkovatele ETW a neudělil oprávnění k povolení pro identitu služby Event Log.
Error: (08/30/2025 09:24:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba WinDefend neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (08/30/2025 09:24:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba MDCoreSvc neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (08/30/2025 09:23:16 PM) (Source: DCOM) (EventID: 10010) (User: MB)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.
Error: (08/30/2025 09:23:16 PM) (Source: DCOM) (EventID: 10010) (User: MB)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.
Error: (08/30/2025 09:23:16 PM) (Source: DCOM) (EventID: 10010) (User: MB)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.
Windows Defender:
================
Date: 2025-08-29 21:54:38
Description:
Vypnutí systému nelze přerušit, protože žádné neprobíhá.
Date: 2025-08-29 11:44:05
Description:
Vypnutí systému nelze přerušit, protože žádné neprobíhá.
Date: 2025-08-29 11:44:05
Description:
Vypnutí systému nelze přerušit, protože žádné neprobíhá.
Date: 2025-08-29 11:44:05
Description:
Vypnutí systému nelze přerušit, protože žádné neprobíhá.
Date: 2025-08-29 10:20:55
Description:
Okno nemůže zpracovat poslanou zprávu.
Event[0]
Date: 2025-08-29 19:17:21
Description:
Soubor tiskové fronty nebyl nalezen.
Date: 2025-08-29 13:19:40
Description:
Soubor tiskové fronty nebyl nalezen.
Date: 2025-08-01 01:57:08
Description:
Neplatný klíč konfiguračního registru.
Date: 2025-04-05 22:20:47
Description:
Neplatný klíč konfiguračního registru.
CodeIntegrity:
===============
Date: 2025-06-11 10:12:43
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Dropbox\Client\Dropbox.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Dropbox\Client\225.4.4896\vulkan-1.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends International, LLC. F31 08/14/2024
Motherboard: Gigabyte Technology Co., Ltd. B650 EAGLE AX
Processor: AMD Ryzen 5 7600 6-Core Processor
Percentage of memory in use: 27%
Total physical RAM: 31861.9 MB
Available physical RAM: 23022.4 MB
Total Virtual: 39797.9 MB
Available Virtual: 29164.48 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.5 GB) (Free:376.58 GB) (Model: WD Blue SN580 1TB) NTFS
Drive d: (Fun) (Fixed) (Total:930.91 GB) (Free:227.18 GB) (Model: CT1000P1SSD8) NTFS
\\?\Volume{e233a2c2-b44f-425a-9d0d-2d9abb54cf06}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.05 GB) NTFS
\\?\Volume{94348446-56fd-44cc-bb0b-5c3ec3643acd}\ () (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt =======================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2025
Ran by matej (administrator) on MB (Gigabyte Technology Co., Ltd. B650 EAGLE AX) (30-08-2025 21:32:22)
Running from C:\Users\matej\Desktop\FRST64.exe
Loaded Profiles: matej
Platform: Microsoft Windows 11 Pro Version 24H2 26100.5074 (X64) Language: Čeština (Česko)
Default browser: Brave
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveCrashHandler.exe
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveCrashHandler64.exe
(C:\Program Files (x86)\Windows MV\ScreenConnect.ClientService.exe ->) (Connectwise, LLC -> ScreenConnect Software) C:\Program Files (x86)\Windows MV\ScreenConnect.WindowsClient.exe
(C:\Program Files\LGHUB\system_tray\lghub_system_tray.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_agent.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA app\CEF\NVIDIA Overlay.exe <5>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA app\ShadowPlay\nvsphelper64.exe
(C:\Users\matej\AppData\Local\0install.net\implementations\sha256new_OYTPCOM3P4AQZIYXT5RHTSGHKPQHHWLIWUEBOBCEKRG2WWDRCMMA\DeepL.exe ->) (DeepL SE -> The CefSharp Authors) C:\Users\matej\AppData\Local\0install.net\implementations\sha256new_BKTKEWCIR7C4BCMWF3GJC2FQGDNFGNL34Z4LRSEAN3K6LCCTSV7A\CefSharp.BrowserSubprocess.exe <5>
(D:\Games\Steam\steam.exe ->) (Valve Corp. -> Valve Corporation) D:\Games\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(DeepL SE -> DeepL SE) C:\Users\matej\AppData\Local\0install.net\implementations\sha256new_OYTPCOM3P4AQZIYXT5RHTSGHKPQHHWLIWUEBOBCEKRG2WWDRCMMA\DeepL.exe
(Discord Inc. -> Discord Inc.) C:\Users\matej\AppData\Local\Discord\app-1.0.9205\Discord.exe <7>
(DriverStore\FileRepository\u0406695.inf_amd64_6133138125e49a58\B406235\atiesrxx.exe ->) (Advanced Micro Devices -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0406695.inf_amd64_6133138125e49a58\B406235\atieclxx.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <8>
(explorer.exe ->) () [File not signed] C:\Programy\MonitorProfileSwitcher_v0700\MonitorSwitcherGUI.exe
(explorer.exe ->) (Daniel Schmitt -> nerds.de) C:\Program Files (x86)\nerds.de\LoopBe1\loopBeMon.exe
(explorer.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\system_tray\lghub_system_tray.exe
(explorer.exe ->) (Riot Games, Inc. -> Riot Games, Inc.) C:\Program Files\Riot Vanguard\vgtray.exe
(explorer.exe ->) (Skutta Software GmbH -> ) D:\Games\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe
(explorer.exe ->) (SoundSwitch -> SoundSwitch) C:\Users\matej\AppData\Local\Programs\SoundSwitch\SoundSwitch.exe
(explorer.exe ->) (Thesycon Software Solutions GmbH & Co. KG -> ) C:\Program Files\Ableton\USB Audio Driver\x64\AbletonAudioCpl.exe
(explorer.exe ->) (Valve Corp. -> Valve Corporation) D:\Games\Steam\steam.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <3>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Advanced Micro Devices -> AMD) C:\Windows\System32\DriverStore\FileRepository\amdppkg.inf_amd64_7bf038ca4e246b90\AmdPpkgSvc.exe
(services.exe ->) (Advanced Micro Devices -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0406695.inf_amd64_6133138125e49a58\B406235\atiesrxx.exe
(services.exe ->) (Connectwise, LLC -> ) C:\Program Files (x86)\Windows MV\ScreenConnect.ClientService.exe
(services.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(services.exe ->) (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\EasyTuneEngineService.exe
(services.exe ->) (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Windows\System32\GigabyteUpdateService.exe
(services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_updater.exe
(services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Windows\System32\DriverStore\FileRepository\logi_lamparray_usb.inf_amd64_68ef34ee4bd32b33\logi_lamparray_service.exe
(services.exe ->) (LogMeIn, Inc. -> LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(services.exe ->) (LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\DriverStore\FileRepository\amdfendr.inf_amd64_987f8cede005f427\amdfendrsr.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <4>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_08efa4f6500ab001\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_c2fa179f72a88c18\RtkAudUService64.exe <2>
(services.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\steamservice.exe
(sihost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\CrossDeviceResume.exe
(svchost.exe ->) (GIGA-BYTE TECHNOLOGY CO., LTD. -> ) C:\Program Files\GIGABYTE\Control Center\GCC.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.StartExperiencesApp_1.92.1.0_x64__8wekyb3d8bbwe\MicrosoftStartFeedProvider\MicrosoftStartFeedProvider.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\NgcIso.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_c2fa179f72a88c18\RtkAudUService64.exe [2257752 2024-09-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [4143440 2025-08-06] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [9212864 2025-08-26] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [7811960 2024-03-25] (LogMeIn, Inc. -> LogMeIn Inc.)
HKU\S-1-5-21-1133320186-482538794-3055530732-1001\...\Run: [MicrosoftEdgeAutoLaunch_11872F9D971483CA9643D2EC2AA57DAE] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4117544 2025-08-28] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1133320186-482538794-3055530732-1001\...\Run: [Discord] => C:\Users\matej\AppData\Local\Discord\Update.exe [1505792 2024-12-02] (Discord Inc.) [File not signed]
HKU\S-1-5-21-1133320186-482538794-3055530732-1001\...\Run: [SoundSwitch] => C:\Users\matej\AppData\Local\Programs\SoundSwitch\SoundSwitch.exe [308608 2023-02-09] (SoundSwitch -> SoundSwitch)
HKU\S-1-5-21-1133320186-482538794-3055530732-1001\...\Run: [WallpaperEngine] => D:\Games\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe [3647928 2025-02-20] (Skutta Software GmbH -> )
HKU\S-1-5-21-1133320186-482538794-3055530732-1001\...\Run: [Steam] => D:\Games\Steam\steam.exe [4698720 2025-06-28] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-1133320186-482538794-3055530732-1001\...\Run: [LGHUB] => C:\Program Files\LGHUB\system_tray\lghub_system_tray.exe [22913872 2025-08-14] (Logitech Inc -> Logitech, Inc.)
HKU\S-1-5-21-1133320186-482538794-3055530732-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [42450392 2025-08-22] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1133320186-482538794-3055530732-1001\...\MountPoints2: {8608ecf4-b294-11ef-920a-28d043ed2969} - "H:\setup.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\139.0.7258.155\Installer\chrmstp.exe [2025-08-28] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\139.1.81.137\Installer\chrmstp.exe [2025-08-27] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{6FF59A85-BC37-4CD4-BD8E-5AE965B838AB}] -> C:\Program Files (x86)\Windows MV\ScreenConnect.WindowsCredentialProvider.dll [2024-12-18] (Connectwise, LLC -> )
Lsa: [Authentication Packages] msv1_0 C:\Program Files (x86)\Windows MV\ScreenConnect.WindowsAuthenticationPackage.dll
Startup: C:\Users\matej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeepL auto-start.lnk [2024-12-06]
ShortcutTarget: DeepL auto-start.lnk -> C:\Users\matej\AppData\Roaming\0install.net\desktop-integration\stubs\1eae01f3cdb5ff0ecf683b15a60a1489573c1188cb34abc205fcf7a924b4e54d\auto-start.exe () [File not signed]
Startup: C:\Users\matej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MonitorSwitcherGUI.exe – zástupce.lnk [2024-12-05]
ShortcutTarget: MonitorSwitcherGUI.exe – zástupce.lnk -> C:\Programy\MonitorProfileSwitcher_v0700\MonitorSwitcherGUI.exe () [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ableton USB Audio Control Panel Autostart.lnk [2024-12-09]
ShortcutTarget: Ableton USB Audio Control Panel Autostart.lnk -> C:\Program Files\Ableton\USB Audio Driver\x64\AbletonAudioCpl.exe (Thesycon Software Solutions GmbH & Co. KG -> )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LoopBe1 Monitor.lnk [2024-12-09]
ShortcutTarget: LoopBe1 Monitor.lnk -> C:\Program Files (x86)\nerds.de\LoopBe1\loopBeMon.exe (Daniel Schmitt -> nerds.de)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {2E9435A6-3F7D-4133-B292-8746370EFC42} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1580992 2025-03-21] (Adobe Inc. -> Adobe Inc.)
Task: {C9263293-49E4-476B-AAA7-3628D48FC6CC} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1031384 2024-07-30] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
Task: {CBD74F27-0D7B-4415-9F0E-2BDB8812542D} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore{60030403-C873-438F-A05D-D569F93DEAF3} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [167440 2024-12-04] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {4BE652E9-0092-482E-9340-0CD5BEF6CACB} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA{2E6C7355-F1B0-430F-B087-2CAF4A482C93} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [167440 2024-12-04] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {A486C22A-CE93-4BD6-B2A8-9F7EB9B1E140} - System32\Tasks\DropboxSystem\DropboxUpdater\DropboxUpdaterTaskSystem123.0.6299.129{2306B9EC-DE3E-4CE3-84FB-B064B3D7ED0A} => C:\Program Files\Dropbox\DropboxUpdater\123.0.6299.129\updater.exe [5898104 2025-05-26] (Dropbox, Inc -> Dropbox, Inc.)
Task: {4D531360-8AE2-424E-9A6D-229AB20A66A2} - System32\Tasks\GCC => C:\Program Files\GIGABYTE\Control Center\GCC.exe [35404904 2024-10-22] (GIGA-BYTE TECHNOLOGY CO., LTD. -> ) -> C:\Program Files\GIGABYTE\Control Center\\-b
Task: {40ACE85C-C44F-4CEB-A8FE-A86A46362B2E} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem141.0.7340.0{E6B90A15-F356-4F7A-A5F0-058114C60915} => C:\Program Files (x86)\Google\GoogleUpdater\141.0.7340.0\updater.exe [6813336 2025-08-06] (Google LLC -> Google LLC)
Task: {6C35A249-2EDD-4136-B155-DFDB503848F1} - System32\Tasks\Microsoft\Office\Office Actions Server => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ActionsServer\ActionsServer.exe [17009512 2025-08-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {671567A7-387B-4033-B972-FBD355303F4C} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29024616 2025-08-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {3A89338F-1741-48F3-AA7C-99B987589467} - System32\Tasks\Microsoft\Office\Office Background Push Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\opushutil.exe [70560 2025-08-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {74A52B7D-D169-4031-A4F7-91490E61158B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29024616 2025-08-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {0463A826-2CCF-4C0E-AD08-9FC616F25718} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [313696 2025-08-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {6ACFD543-6AF6-4492-9D64-484E4C238AFA} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [313696 2025-08-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {3D2AAB21-573B-4001-B9E5-B12261D547CE} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [1365272 2025-08-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {02D2D69F-0A0B-4455-A097-3F8575D50F0A} - System32\Tasks\Microsoft\Windows\Shell\UndockedFlightingUpdate => C:\Windows\system32\UndockedFlightingUpdateTask.exe [81920 2025-08-30] (Microsoft Windows -> Microsoft Corporation)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {D4033C61-6FA3-4D1E-B787-07273D5874D9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25070.5-0\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance (No File)
Task: {6661D0AB-CCF8-439D-AA9C-7B97D8BE081D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25070.5-0\MpCmdRun.exe -IdleTask -TaskName WdCleanup (No File)
Task: {1A012B0C-5C6D-4867-AE95-705C631D0C13} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25070.5-0\MpCmdRun.exe Scan -ScheduleJob -ScanTrigger 55 -IdleScheduledJob (No File)
Task: {6EE54D59-08A8-41EB-A3AA-4EB460EDC01C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25070.5-0\MpCmdRun.exe -IdleTask -TaskName WdVerification (No File)
Task: {559B4C77-D219-423E-9A4B-E754FB49E0DC} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1031384 2024-07-30] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
Task: {114A21B9-A1FA-4DA0-8093-703113A3BC95} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-1133320186-482538794-3055530732-1001 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [694912 2025-08-29] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {7B806373-64FA-4E95-9BD2-D972EC435163} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34944 2025-08-29] (Mozilla Corporation -> Mozilla Foundation)
Task: {FD209AC6-67BE-4028-A354-31003F86AB15} - System32\Tasks\NVIDIA App SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA App\CEF\NVIDIA App.exe [3323936 2025-08-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {BBC4515E-0B43-4731-BD28-50DD56257284} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4232592 2025-08-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {D42FCF71-7D13-4544-9554-41BC274E642C} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1133320186-482538794-3055530732-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4232592 2025-08-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {6F400D2E-D2E4-4744-9012-AA803DEBBBBA} - System32\Tasks\OneDrive Startup Task-S-1-5-21-1133320186-482538794-3055530732-1001 => C:\Program Files\Microsoft OneDrive\25.140.0720.0001\OneDriveLauncher.exe [723816 2025-08-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {9F2D8314-C9D8-459B-9772-19FC3D0DE85C} - System32\Tasks\Updater => C:\Users\Public\Updater.vbs [370 2025-08-29] () [File not signed] <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2c087047-b861-450a-b176-129c0b827f9c}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{2c087047-b861-450a-b176-129c0b827f9c}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2c087047-b861-450a-b176-129c0b827f9c}: [DhcpDomain] home
Edge:
=======
Edge Profile: C:\Users\matej\AppData\Local\Microsoft\Edge\User Data\Default [2025-08-30]
Edge Extension: (Dokumenty Google offline) - C:\Users\matej\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-07-16]
Edge Extension: (BetterTTV) - C:\Users\matej\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\icllegkipkooaicfmdfaloehobmglglb [2025-08-29]
Edge Extension: (Edge relevant text changes) - C:\Users\matej\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-12-04]
FireFox:
========
FF DefaultProfile: a8dhjkru.default
FF ProfilePath: C:\Users\matej\AppData\Roaming\Mozilla\Firefox\Profiles\a8dhjkru.default [2024-12-05]
FF ProfilePath: C:\Users\matej\AppData\Roaming\Mozilla\Firefox\Profiles\r22ltfji.default-release [2025-08-30]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2025-08-29] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.21 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2024-06-08] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2025-08-22] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2025-08-29] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\matej\AppData\Local\Google\Chrome\User Data\Default [2025-08-30]
CHR DefaultSearchURL: Default -> hxxps://search.brave.com/search?q={searchTerms}
CHR DefaultSearchKeyword: Default -> search.brave.com
CHR DefaultSuggestURL: Default -> hxxps://search.brave.com/api/suggest?q={searchTerms}
CHR Extension: (BetterTTV) - C:\Users\matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2025-05-26]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2025-08-30]
CHR Extension: (Dokumenty Google offline) - C:\Users\matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-08-30]
CHR Extension: (TELUS Digital Rating Extension) - C:\Users\matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\hggdekahccifhildkadlnnfkdcmlmpah [2025-05-22]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2025-08-30]
CHR HKU\S-1-5-21-1133320186-482538794-3055530732-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
Brave:
=======
BRA Profile: C:\Users\matej\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2025-08-30]
BRA Extension: (BetterTTV) - C:\Users\matej\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2025-08-30]
BRA Extension: (YouTube Auto HD - Automatické HD pro YouTube) - C:\Users\matej\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\bcdpampngmloakedpagolicejhdflkhb [2025-08-30]
BRA Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\matej\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2025-08-30]
BRA Extension: (Return YouTube Dislike) - C:\Users\matej\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\gebbhagfogifgggkldgodflihgfeippi [2025-08-30]
BRA Extension: (Twitch Right Now : Stream Notifier) - C:\Users\matej\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\jaebeaoffbboingfjbdkgbnnfdkjilld [2025-08-30]
BRA Extension: (Brave Ad Block Updater (Brave First Party Adblock Filters (plaintext))) - C:\Users\matej\AppData\Local\BraveSoftware\Brave-Browser\User Data\adcocjohghhfpidemphmcmlmhnfgikei [2025-08-30]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\matej\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2025-08-30]
BRA Extension: (Brave NTP background images) - C:\Users\matej\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2025-04-18]
BRA Extension: (Brave Ad Block Updater (Fanboy's Mobile Notifications (plaintext))) - C:\Users\matej\AppData\Local\BraveSoftware\Brave-Browser\User Data\bfpgedeaaibpoidldhjcknekahbikncb [2025-08-30]
BRA Extension: (Wallet Data Files Updater) - C:\Users\matej\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2024-12-04]
BRA Extension: (Brave Ad Block Updater (EasyList Cookie (plaintext))) - C:\Users\matej\AppData\Local\BraveSoftware\Brave-Browser\User Data\cdbbhgbmjhfnhnmgeddbliobbofkgdhe [2025-08-30]
BRA Extension: (Brave NTP sponsored images) - C:\Users\matej\AppData\Local\BraveSoftware\Brave-Browser\User Data\efkihffiamafhbhefjaljejgdpkelpal [2025-08-30]
BRA Extension: (Brave Ad Block Updater (Regional Catalog)) - C:\Users\matej\AppData\Local\BraveSoftware\Brave-Browser\User Data\gkboaolpopklhgplhaaiboijnklogmbc [2025-08-28]
BRA Extension: (Brave NTP Super Referrer mapping table) - C:\Users\matej\AppData\Local\BraveSoftware\Brave-Browser\User Data\heplpbhjcbmiibdlchlanmdenffpiibo [2024-12-04]
BRA Extension: (Brave Ads Resources) - C:\Users\matej\AppData\Local\BraveSoftware\Brave-Browser\User Data\iejekkikpddbbockoldagmfcdbffomfc [2025-03-26]
BRA Extension: (Brave Ad Block Updater (Brave Default Adblock Filters (plaintext))) - C:\Users\matej\AppData\Local\BraveSoftware\Brave-Browser\User Data\iodkpdagapdfkphljnddpjlldadblomo [2025-08-30]
BRA Extension: (Brave Ad Block Updater (Brave Default Privacy Filters (plaintext))) - C:\Users\matej\AppData\Local\BraveSoftware\Brave-Browser\User Data\kihnoaefogbkmblfimmibknnmkllbhlf [2025-08-30]
BRA Extension: (Brave Ad Block Updater (Resources)) - C:\Users\matej\AppData\Local\BraveSoftware\Brave-Browser\User Data\mfddibmblmbccpadfndgakiopmmhebop [2025-07-23]
BRA Extension: (Brave Ad Block Updater (Brave Twitch Adblock Rules (plaintext))) - C:\Users\matej\AppData\Local\BraveSoftware\Brave-Browser\User Data\mhccgcegedfkhdbfbgllfkkcjhgkoinc [2024-12-04]
BRA Extension: (Brave User Agent) - C:\Users\matej\AppData\Local\BraveSoftware\Brave-Browser\User Data\nlpaeekllejnmhoonlpcefpfnpbajbpe [2025-08-30]
BRA Extension: (Brave Ad Block Updater (EasyList Czech and Slovak (plaintext))) - C:\Users\matej\AppData\Local\BraveSoftware\Brave-Browser\User Data\oegebjahecghlckbhkmojgnpcgdeajdi [2025-06-04]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\matej\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2024-12-04]
BRA Extension: (P3A Configuration) - C:\Users\matej\AppData\Local\BraveSoftware\Brave-Browser\User Data\P3AConfig [2025-08-10]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [174520 2025-03-21] (Adobe Inc. -> Adobe Inc.)
R2 AmdPpkgSvc; C:\Windows\System32\DriverStore\FileRepository\amdppkg.inf_amd64_7bf038ca4e246b90\AmdPpkgSvc.exe [525608 2024-10-06] (Advanced Micro Devices -> AMD)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [167440 2024-12-04] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 BraveElevationService; C:\Program Files\BraveSoftware\Brave-Browser\Application\139.1.81.137\elevation_service.exe [3199568 2025-08-27] (Brave Software, Inc. -> Brave Software, Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [167440 2024-12-04] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13288344 2025-08-24] (Microsoft Corporation -> Microsoft Corporation)
R2 DbxSvc; C:\Windows\System32\DbxSvc.exe [58984 2025-04-29] (Dropbox, Inc -> Dropbox, Inc.)
S3 DropboxElevationService; C:\Program Files (x86)\Dropbox\Client\231.4.5770\DropboxElevationService.exe [1659344 2025-08-26] (Dropbox, Inc -> Dropbox, Inc.)
S2 DropboxUpdaterInternalService123.0.6299.129; C:\Program Files\Dropbox\DropboxUpdater\123.0.6299.129\updater.exe [5898104 2025-05-26] (Dropbox, Inc -> Dropbox, Inc.)
S2 DropboxUpdaterService123.0.6299.129; C:\Program Files\Dropbox\DropboxUpdater\123.0.6299.129\updater.exe [5898104 2025-05-26] (Dropbox, Inc -> Dropbox, Inc.)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [959216 2025-05-29] (EasyAntiCheat Oy -> Epic Games, Inc.)
R2 EasyTuneEngineService; C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\EasyTuneEngineService.exe [150640 2023-11-06] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
S3 EpicGamesUpdater; D:\Games\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesUpdater.exe [3071904 2025-08-29] (Epic Games Inc. -> Epic Games, Inc.)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [1604512 2025-08-18] (Epic Games Inc. -> Epic Games, Inc.)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\25.140.0720.0001\FileSyncHelper.exe [3639184 2025-08-18] (Microsoft Corporation -> Microsoft Corporation)
S2 GBTECService; C:\Program Files (x86)\GIGABYTE\GBTECService\OLEDDisplayService.exe [19568 2024-07-04] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [4920184 2024-03-25] (LogMeIn, Inc. -> LogMeIn Inc.)
R2 LGHUBUpdaterService; C:\Program Files\LGHUB\lghub_updater.exe [18539856 2025-08-14] (Logitech Inc -> Logitech, Inc.)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc. -> LogMeIn, Inc.)
R2 logi_lamparray_service; C:\Windows\System32\DriverStore\FileRepository\logi_lamparray_usb.inf_amd64_68ef34ee4bd32b33\logi_lamparray_service.exe [11407904 2025-08-15] (Logitech Inc -> Logitech, Inc.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9609096 2025-08-29] (Malwarebytes Inc -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [2788304 2024-12-23] (Malwarebytes Inc. -> Malwarebytes)
R2 Microsoft; C:\Program Files (x86)\Windows MV\ScreenConnect.ClientService.exe [95512 2024-12-18] (Connectwise, LLC -> )
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_08efa4f6500ab001\Display.NvContainer\NVDisplay.Container.exe [1275552 2025-06-25] (NVIDIA Corporation -> NVIDIA Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\25.140.0720.0001\OneDriveUpdaterService.exe [3922304 2025-08-18] (Microsoft Corporation -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [918456 2025-07-22] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [40900296 2025-08-06] (Riot Games, Inc. -> Riot Games, Inc.)
R2 GigabyteUpdateService; C:\Windows\system32\GigabyteUpdateService.exe [878840 2025-08-30] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
S2 MDCoreSvc; "%ProgramData%\Microsoft\Windows Defender\Platform\4.18.25070.5-0\MpDefenderCoreService.exe" [X]
S3 WdNisSvc; "%ProgramData%\Microsoft\Windows Defender\Platform\4.18.25070.5-0\NisSrv.exe" [X]
S2 WinDefend; "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25070.5-0\MsMpEng.exe" [X]
Application errors:
==================
Error: (08/30/2025 07:32:35 PM) (Source: Application Error) (EventID: 1000) (User: MB)
Description: Název chybující aplikace: trine5.exe, verze: 0.0.0.0, časové razítko: 0x64edc94c
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.26100.4946, časové razítko: 0x723bcf0f
Kód výjimky: 0xc06d007e
Posun chyby: 0x00000000000c7f7a
ID chybujícího procesu: 0xd288
Čas spuštění chybující aplikace: 0x1dc19d410e9d2c7
Cesta k chybující aplikaci: D:\ISO\Trine 5 A Clockwork Conspiracy\Trine 5 A Clockwork Conspiracy\trine5.exe
Cesta k chybujícímu modulu: C:\Windows\System32\KERNELBASE.dll
ID sestavy: 9209db7c-4f9e-4bb1-ab22-38170384dc85
Celý název chybujícího balíčku:
ID chybující aplikace relativní vzhledem k balíčku:
Error: (08/30/2025 07:31:56 PM) (Source: Application Error) (EventID: 1000) (User: MB)
Description: Název chybující aplikace: trine5.exe, verze: 0.0.0.0, časové razítko: 0x64edc94c
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.26100.4946, časové razítko: 0x723bcf0f
Kód výjimky: 0xc06d007e
Posun chyby: 0x00000000000c7f7a
ID chybujícího procesu: 0xe940
Čas spuštění chybující aplikace: 0x1dc19d3f9f312b5
Cesta k chybující aplikaci: D:\ISO\Trine 5 A Clockwork Conspiracy\Trine 5 A Clockwork Conspiracy\trine5.exe
Cesta k chybujícímu modulu: C:\Windows\System32\KERNELBASE.dll
ID sestavy: 262ec0ea-110a-490d-8e48-537f5526cec5
Celý název chybujícího balíčku:
ID chybující aplikace relativní vzhledem k balíčku:
Error: (08/30/2025 07:30:59 PM) (Source: Application Error) (EventID: 1000) (User: MB)
Description: Název chybující aplikace: trine5.exe, verze: 0.0.0.0, časové razítko: 0x64edc94c
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.26100.4946, časové razítko: 0x723bcf0f
Kód výjimky: 0xc06d007e
Posun chyby: 0x00000000000c7f7a
ID chybujícího procesu: 0xe9a8
Čas spuštění chybující aplikace: 0x1dc19d3d77388dd
Cesta k chybující aplikaci: D:\ISO\Trine 5 A Clockwork Conspiracy\Trine 5 A Clockwork Conspiracy\trine5.exe
Cesta k chybujícímu modulu: C:\Windows\System32\KERNELBASE.dll
ID sestavy: 04be4b3a-a8c8-4d8b-862c-1492ee111cea
Celý název chybujícího balíčku:
ID chybující aplikace relativní vzhledem k balíčku:
Error: (08/30/2025 09:12:53 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - Došlo k chybě při inicializaci infrastruktury připojení profilovacího rozhraní API. Tento proces neumožní připojení profileru. HRESULT: 0x80004005. ID procesu (desítkově): 17016. ID zprávy: [0x2509].
Error: (08/30/2025 09:12:17 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - Došlo k chybě při inicializaci infrastruktury připojení profilovacího rozhraní API. Tento proces neumožní připojení profileru. HRESULT: 0x80004005. ID procesu (desítkově): 3416. ID zprávy: [0x2509].
Error: (08/30/2025 09:12:00 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - Došlo k chybě při inicializaci infrastruktury připojení profilovacího rozhraní API. Tento proces neumožní připojení profileru. HRESULT: 0x80004005. ID procesu (desítkově): 24192. ID zprávy: [0x2509].
Error: (08/30/2025 09:11:30 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - Došlo k chybě při inicializaci infrastruktury připojení profilovacího rozhraní API. Tento proces neumožní připojení profileru. HRESULT: 0x80004005. ID procesu (desítkově): 15420. ID zprávy: [0x2509].
Error: (08/30/2025 09:06:57 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - Došlo k chybě při inicializaci infrastruktury připojení profilovacího rozhraní API. Tento proces neumožní připojení profileru. HRESULT: 0x80004005. ID procesu (desítkově): 12596. ID zprávy: [0x2509].
System errors:
=============
Error: (08/30/2025 09:26:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba WinDefend neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (08/30/2025 09:26:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba MDCoreSvc neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (08/30/2025 09:25:09 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 30) (User: NT AUTHORITY)
Description: Služba protokolování událostí zjistila chybu (5) při povolení vydavatele {8e889f0c-7d54-52b3-e4ae-2c8b27a482c2} pro kanál Microsoft-Windows-LocationServiceProvider/Operational. Tato chyba neovlivní funkci kanálu, ale ovlivní možnost vydavatele odesílat události do tohoto kanálu. Jednou z běžných příčin této chyby je, že zprostředkovatel používá zabezpečení zprostředkovatele ETW a neudělil oprávnění k povolení pro identitu služby Event Log.
Error: (08/30/2025 09:24:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba WinDefend neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (08/30/2025 09:24:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba MDCoreSvc neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (08/30/2025 09:23:16 PM) (Source: DCOM) (EventID: 10010) (User: MB)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.
Error: (08/30/2025 09:23:16 PM) (Source: DCOM) (EventID: 10010) (User: MB)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.
Error: (08/30/2025 09:23:16 PM) (Source: DCOM) (EventID: 10010) (User: MB)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.
Windows Defender:
================
Date: 2025-08-29 21:54:38
Description:
Vypnutí systému nelze přerušit, protože žádné neprobíhá.
Date: 2025-08-29 11:44:05
Description:
Vypnutí systému nelze přerušit, protože žádné neprobíhá.
Date: 2025-08-29 11:44:05
Description:
Vypnutí systému nelze přerušit, protože žádné neprobíhá.
Date: 2025-08-29 11:44:05
Description:
Vypnutí systému nelze přerušit, protože žádné neprobíhá.
Date: 2025-08-29 10:20:55
Description:
Okno nemůže zpracovat poslanou zprávu.
Event[0]
Date: 2025-08-29 19:17:21
Description:
Soubor tiskové fronty nebyl nalezen.
Date: 2025-08-29 13:19:40
Description:
Soubor tiskové fronty nebyl nalezen.
Date: 2025-08-01 01:57:08
Description:
Neplatný klíč konfiguračního registru.
Date: 2025-04-05 22:20:47
Description:
Neplatný klíč konfiguračního registru.
CodeIntegrity:
===============
Date: 2025-06-11 10:12:43
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Dropbox\Client\Dropbox.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Dropbox\Client\225.4.4896\vulkan-1.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends International, LLC. F31 08/14/2024
Motherboard: Gigabyte Technology Co., Ltd. B650 EAGLE AX
Processor: AMD Ryzen 5 7600 6-Core Processor
Percentage of memory in use: 27%
Total physical RAM: 31861.9 MB
Available physical RAM: 23022.4 MB
Total Virtual: 39797.9 MB
Available Virtual: 29164.48 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.5 GB) (Free:376.58 GB) (Model: WD Blue SN580 1TB) NTFS
Drive d: (Fun) (Fixed) (Total:930.91 GB) (Free:227.18 GB) (Model: CT1000P1SSD8) NTFS
\\?\Volume{e233a2c2-b44f-425a-9d0d-2d9abb54cf06}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.05 GB) NTFS
\\?\Volume{94348446-56fd-44cc-bb0b-5c3ec3643acd}\ () (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt =======================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2025
Ran by matej (administrator) on MB (Gigabyte Technology Co., Ltd. B650 EAGLE AX) (30-08-2025 21:32:22)
Running from C:\Users\matej\Desktop\FRST64.exe
Loaded Profiles: matej
Platform: Microsoft Windows 11 Pro Version 24H2 26100.5074 (X64) Language: Čeština (Česko)
Default browser: Brave
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveCrashHandler.exe
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveCrashHandler64.exe
(C:\Program Files (x86)\Windows MV\ScreenConnect.ClientService.exe ->) (Connectwise, LLC -> ScreenConnect Software) C:\Program Files (x86)\Windows MV\ScreenConnect.WindowsClient.exe
(C:\Program Files\LGHUB\system_tray\lghub_system_tray.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_agent.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA app\CEF\NVIDIA Overlay.exe <5>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA app\ShadowPlay\nvsphelper64.exe
(C:\Users\matej\AppData\Local\0install.net\implementations\sha256new_OYTPCOM3P4AQZIYXT5RHTSGHKPQHHWLIWUEBOBCEKRG2WWDRCMMA\DeepL.exe ->) (DeepL SE -> The CefSharp Authors) C:\Users\matej\AppData\Local\0install.net\implementations\sha256new_BKTKEWCIR7C4BCMWF3GJC2FQGDNFGNL34Z4LRSEAN3K6LCCTSV7A\CefSharp.BrowserSubprocess.exe <5>
(D:\Games\Steam\steam.exe ->) (Valve Corp. -> Valve Corporation) D:\Games\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(DeepL SE -> DeepL SE) C:\Users\matej\AppData\Local\0install.net\implementations\sha256new_OYTPCOM3P4AQZIYXT5RHTSGHKPQHHWLIWUEBOBCEKRG2WWDRCMMA\DeepL.exe
(Discord Inc. -> Discord Inc.) C:\Users\matej\AppData\Local\Discord\app-1.0.9205\Discord.exe <7>
(DriverStore\FileRepository\u0406695.inf_amd64_6133138125e49a58\B406235\atiesrxx.exe ->) (Advanced Micro Devices -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0406695.inf_amd64_6133138125e49a58\B406235\atieclxx.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <8>
(explorer.exe ->) () [File not signed] C:\Programy\MonitorProfileSwitcher_v0700\MonitorSwitcherGUI.exe
(explorer.exe ->) (Daniel Schmitt -> nerds.de) C:\Program Files (x86)\nerds.de\LoopBe1\loopBeMon.exe
(explorer.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\system_tray\lghub_system_tray.exe
(explorer.exe ->) (Riot Games, Inc. -> Riot Games, Inc.) C:\Program Files\Riot Vanguard\vgtray.exe
(explorer.exe ->) (Skutta Software GmbH -> ) D:\Games\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe
(explorer.exe ->) (SoundSwitch -> SoundSwitch) C:\Users\matej\AppData\Local\Programs\SoundSwitch\SoundSwitch.exe
(explorer.exe ->) (Thesycon Software Solutions GmbH & Co. KG -> ) C:\Program Files\Ableton\USB Audio Driver\x64\AbletonAudioCpl.exe
(explorer.exe ->) (Valve Corp. -> Valve Corporation) D:\Games\Steam\steam.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <3>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Advanced Micro Devices -> AMD) C:\Windows\System32\DriverStore\FileRepository\amdppkg.inf_amd64_7bf038ca4e246b90\AmdPpkgSvc.exe
(services.exe ->) (Advanced Micro Devices -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0406695.inf_amd64_6133138125e49a58\B406235\atiesrxx.exe
(services.exe ->) (Connectwise, LLC -> ) C:\Program Files (x86)\Windows MV\ScreenConnect.ClientService.exe
(services.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(services.exe ->) (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\EasyTuneEngineService.exe
(services.exe ->) (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Windows\System32\GigabyteUpdateService.exe
(services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_updater.exe
(services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Windows\System32\DriverStore\FileRepository\logi_lamparray_usb.inf_amd64_68ef34ee4bd32b33\logi_lamparray_service.exe
(services.exe ->) (LogMeIn, Inc. -> LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(services.exe ->) (LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\DriverStore\FileRepository\amdfendr.inf_amd64_987f8cede005f427\amdfendrsr.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <4>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_08efa4f6500ab001\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_c2fa179f72a88c18\RtkAudUService64.exe <2>
(services.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\steamservice.exe
(sihost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\CrossDeviceResume.exe
(svchost.exe ->) (GIGA-BYTE TECHNOLOGY CO., LTD. -> ) C:\Program Files\GIGABYTE\Control Center\GCC.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.StartExperiencesApp_1.92.1.0_x64__8wekyb3d8bbwe\MicrosoftStartFeedProvider\MicrosoftStartFeedProvider.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\NgcIso.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_c2fa179f72a88c18\RtkAudUService64.exe [2257752 2024-09-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [4143440 2025-08-06] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [9212864 2025-08-26] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [7811960 2024-03-25] (LogMeIn, Inc. -> LogMeIn Inc.)
HKU\S-1-5-21-1133320186-482538794-3055530732-1001\...\Run: [MicrosoftEdgeAutoLaunch_11872F9D971483CA9643D2EC2AA57DAE] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4117544 2025-08-28] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1133320186-482538794-3055530732-1001\...\Run: [Discord] => C:\Users\matej\AppData\Local\Discord\Update.exe [1505792 2024-12-02] (Discord Inc.) [File not signed]
HKU\S-1-5-21-1133320186-482538794-3055530732-1001\...\Run: [SoundSwitch] => C:\Users\matej\AppData\Local\Programs\SoundSwitch\SoundSwitch.exe [308608 2023-02-09] (SoundSwitch -> SoundSwitch)
HKU\S-1-5-21-1133320186-482538794-3055530732-1001\...\Run: [WallpaperEngine] => D:\Games\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe [3647928 2025-02-20] (Skutta Software GmbH -> )
HKU\S-1-5-21-1133320186-482538794-3055530732-1001\...\Run: [Steam] => D:\Games\Steam\steam.exe [4698720 2025-06-28] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-1133320186-482538794-3055530732-1001\...\Run: [LGHUB] => C:\Program Files\LGHUB\system_tray\lghub_system_tray.exe [22913872 2025-08-14] (Logitech Inc -> Logitech, Inc.)
HKU\S-1-5-21-1133320186-482538794-3055530732-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [42450392 2025-08-22] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1133320186-482538794-3055530732-1001\...\MountPoints2: {8608ecf4-b294-11ef-920a-28d043ed2969} - "H:\setup.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\139.0.7258.155\Installer\chrmstp.exe [2025-08-28] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\139.1.81.137\Installer\chrmstp.exe [2025-08-27] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{6FF59A85-BC37-4CD4-BD8E-5AE965B838AB}] -> C:\Program Files (x86)\Windows MV\ScreenConnect.WindowsCredentialProvider.dll [2024-12-18] (Connectwise, LLC -> )
Lsa: [Authentication Packages] msv1_0 C:\Program Files (x86)\Windows MV\ScreenConnect.WindowsAuthenticationPackage.dll
Startup: C:\Users\matej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeepL auto-start.lnk [2024-12-06]
ShortcutTarget: DeepL auto-start.lnk -> C:\Users\matej\AppData\Roaming\0install.net\desktop-integration\stubs\1eae01f3cdb5ff0ecf683b15a60a1489573c1188cb34abc205fcf7a924b4e54d\auto-start.exe () [File not signed]
Startup: C:\Users\matej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MonitorSwitcherGUI.exe – zástupce.lnk [2024-12-05]
ShortcutTarget: MonitorSwitcherGUI.exe – zástupce.lnk -> C:\Programy\MonitorProfileSwitcher_v0700\MonitorSwitcherGUI.exe () [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ableton USB Audio Control Panel Autostart.lnk [2024-12-09]
ShortcutTarget: Ableton USB Audio Control Panel Autostart.lnk -> C:\Program Files\Ableton\USB Audio Driver\x64\AbletonAudioCpl.exe (Thesycon Software Solutions GmbH & Co. KG -> )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LoopBe1 Monitor.lnk [2024-12-09]
ShortcutTarget: LoopBe1 Monitor.lnk -> C:\Program Files (x86)\nerds.de\LoopBe1\loopBeMon.exe (Daniel Schmitt -> nerds.de)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {2E9435A6-3F7D-4133-B292-8746370EFC42} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1580992 2025-03-21] (Adobe Inc. -> Adobe Inc.)
Task: {C9263293-49E4-476B-AAA7-3628D48FC6CC} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1031384 2024-07-30] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
Task: {CBD74F27-0D7B-4415-9F0E-2BDB8812542D} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore{60030403-C873-438F-A05D-D569F93DEAF3} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [167440 2024-12-04] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {4BE652E9-0092-482E-9340-0CD5BEF6CACB} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA{2E6C7355-F1B0-430F-B087-2CAF4A482C93} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [167440 2024-12-04] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {A486C22A-CE93-4BD6-B2A8-9F7EB9B1E140} - System32\Tasks\DropboxSystem\DropboxUpdater\DropboxUpdaterTaskSystem123.0.6299.129{2306B9EC-DE3E-4CE3-84FB-B064B3D7ED0A} => C:\Program Files\Dropbox\DropboxUpdater\123.0.6299.129\updater.exe [5898104 2025-05-26] (Dropbox, Inc -> Dropbox, Inc.)
Task: {4D531360-8AE2-424E-9A6D-229AB20A66A2} - System32\Tasks\GCC => C:\Program Files\GIGABYTE\Control Center\GCC.exe [35404904 2024-10-22] (GIGA-BYTE TECHNOLOGY CO., LTD. -> ) -> C:\Program Files\GIGABYTE\Control Center\\-b
Task: {40ACE85C-C44F-4CEB-A8FE-A86A46362B2E} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem141.0.7340.0{E6B90A15-F356-4F7A-A5F0-058114C60915} => C:\Program Files (x86)\Google\GoogleUpdater\141.0.7340.0\updater.exe [6813336 2025-08-06] (Google LLC -> Google LLC)
Task: {6C35A249-2EDD-4136-B155-DFDB503848F1} - System32\Tasks\Microsoft\Office\Office Actions Server => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ActionsServer\ActionsServer.exe [17009512 2025-08-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {671567A7-387B-4033-B972-FBD355303F4C} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29024616 2025-08-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {3A89338F-1741-48F3-AA7C-99B987589467} - System32\Tasks\Microsoft\Office\Office Background Push Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\opushutil.exe [70560 2025-08-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {74A52B7D-D169-4031-A4F7-91490E61158B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29024616 2025-08-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {0463A826-2CCF-4C0E-AD08-9FC616F25718} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [313696 2025-08-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {6ACFD543-6AF6-4492-9D64-484E4C238AFA} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [313696 2025-08-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {3D2AAB21-573B-4001-B9E5-B12261D547CE} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [1365272 2025-08-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {02D2D69F-0A0B-4455-A097-3F8575D50F0A} - System32\Tasks\Microsoft\Windows\Shell\UndockedFlightingUpdate => C:\Windows\system32\UndockedFlightingUpdateTask.exe [81920 2025-08-30] (Microsoft Windows -> Microsoft Corporation)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {D4033C61-6FA3-4D1E-B787-07273D5874D9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25070.5-0\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance (No File)
Task: {6661D0AB-CCF8-439D-AA9C-7B97D8BE081D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25070.5-0\MpCmdRun.exe -IdleTask -TaskName WdCleanup (No File)
Task: {1A012B0C-5C6D-4867-AE95-705C631D0C13} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25070.5-0\MpCmdRun.exe Scan -ScheduleJob -ScanTrigger 55 -IdleScheduledJob (No File)
Task: {6EE54D59-08A8-41EB-A3AA-4EB460EDC01C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25070.5-0\MpCmdRun.exe -IdleTask -TaskName WdVerification (No File)
Task: {559B4C77-D219-423E-9A4B-E754FB49E0DC} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1031384 2024-07-30] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
Task: {114A21B9-A1FA-4DA0-8093-703113A3BC95} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-1133320186-482538794-3055530732-1001 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [694912 2025-08-29] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {7B806373-64FA-4E95-9BD2-D972EC435163} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34944 2025-08-29] (Mozilla Corporation -> Mozilla Foundation)
Task: {FD209AC6-67BE-4028-A354-31003F86AB15} - System32\Tasks\NVIDIA App SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA App\CEF\NVIDIA App.exe [3323936 2025-08-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {BBC4515E-0B43-4731-BD28-50DD56257284} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4232592 2025-08-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {D42FCF71-7D13-4544-9554-41BC274E642C} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1133320186-482538794-3055530732-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4232592 2025-08-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {6F400D2E-D2E4-4744-9012-AA803DEBBBBA} - System32\Tasks\OneDrive Startup Task-S-1-5-21-1133320186-482538794-3055530732-1001 => C:\Program Files\Microsoft OneDrive\25.140.0720.0001\OneDriveLauncher.exe [723816 2025-08-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {9F2D8314-C9D8-459B-9772-19FC3D0DE85C} - System32\Tasks\Updater => C:\Users\Public\Updater.vbs [370 2025-08-29] () [File not signed] <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2c087047-b861-450a-b176-129c0b827f9c}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{2c087047-b861-450a-b176-129c0b827f9c}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2c087047-b861-450a-b176-129c0b827f9c}: [DhcpDomain] home
Edge:
=======
Edge Profile: C:\Users\matej\AppData\Local\Microsoft\Edge\User Data\Default [2025-08-30]
Edge Extension: (Dokumenty Google offline) - C:\Users\matej\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-07-16]
Edge Extension: (BetterTTV) - C:\Users\matej\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\icllegkipkooaicfmdfaloehobmglglb [2025-08-29]
Edge Extension: (Edge relevant text changes) - C:\Users\matej\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-12-04]
FireFox:
========
FF DefaultProfile: a8dhjkru.default
FF ProfilePath: C:\Users\matej\AppData\Roaming\Mozilla\Firefox\Profiles\a8dhjkru.default [2024-12-05]
FF ProfilePath: C:\Users\matej\AppData\Roaming\Mozilla\Firefox\Profiles\r22ltfji.default-release [2025-08-30]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2025-08-29] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.21 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2024-06-08] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2025-08-22] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2025-08-29] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\matej\AppData\Local\Google\Chrome\User Data\Default [2025-08-30]
CHR DefaultSearchURL: Default -> hxxps://search.brave.com/search?q={searchTerms}
CHR DefaultSearchKeyword: Default -> search.brave.com
CHR DefaultSuggestURL: Default -> hxxps://search.brave.com/api/suggest?q={searchTerms}
CHR Extension: (BetterTTV) - C:\Users\matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2025-05-26]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2025-08-30]
CHR Extension: (Dokumenty Google offline) - C:\Users\matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-08-30]
CHR Extension: (TELUS Digital Rating Extension) - C:\Users\matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\hggdekahccifhildkadlnnfkdcmlmpah [2025-05-22]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2025-08-30]
CHR HKU\S-1-5-21-1133320186-482538794-3055530732-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
Brave:
=======
BRA Profile: C:\Users\matej\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2025-08-30]
BRA Extension: (BetterTTV) - C:\Users\matej\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2025-08-30]
BRA Extension: (YouTube Auto HD - Automatické HD pro YouTube) - C:\Users\matej\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\bcdpampngmloakedpagolicejhdflkhb [2025-08-30]
BRA Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\matej\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2025-08-30]
BRA Extension: (Return YouTube Dislike) - C:\Users\matej\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\gebbhagfogifgggkldgodflihgfeippi [2025-08-30]
BRA Extension: (Twitch Right Now : Stream Notifier) - C:\Users\matej\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\jaebeaoffbboingfjbdkgbnnfdkjilld [2025-08-30]
BRA Extension: (Brave Ad Block Updater (Brave First Party Adblock Filters (plaintext))) - C:\Users\matej\AppData\Local\BraveSoftware\Brave-Browser\User Data\adcocjohghhfpidemphmcmlmhnfgikei [2025-08-30]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\matej\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2025-08-30]
BRA Extension: (Brave NTP background images) - C:\Users\matej\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2025-04-18]
BRA Extension: (Brave Ad Block Updater (Fanboy's Mobile Notifications (plaintext))) - C:\Users\matej\AppData\Local\BraveSoftware\Brave-Browser\User Data\bfpgedeaaibpoidldhjcknekahbikncb [2025-08-30]
BRA Extension: (Wallet Data Files Updater) - C:\Users\matej\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2024-12-04]
BRA Extension: (Brave Ad Block Updater (EasyList Cookie (plaintext))) - C:\Users\matej\AppData\Local\BraveSoftware\Brave-Browser\User Data\cdbbhgbmjhfnhnmgeddbliobbofkgdhe [2025-08-30]
BRA Extension: (Brave NTP sponsored images) - C:\Users\matej\AppData\Local\BraveSoftware\Brave-Browser\User Data\efkihffiamafhbhefjaljejgdpkelpal [2025-08-30]
BRA Extension: (Brave Ad Block Updater (Regional Catalog)) - C:\Users\matej\AppData\Local\BraveSoftware\Brave-Browser\User Data\gkboaolpopklhgplhaaiboijnklogmbc [2025-08-28]
BRA Extension: (Brave NTP Super Referrer mapping table) - C:\Users\matej\AppData\Local\BraveSoftware\Brave-Browser\User Data\heplpbhjcbmiibdlchlanmdenffpiibo [2024-12-04]
BRA Extension: (Brave Ads Resources) - C:\Users\matej\AppData\Local\BraveSoftware\Brave-Browser\User Data\iejekkikpddbbockoldagmfcdbffomfc [2025-03-26]
BRA Extension: (Brave Ad Block Updater (Brave Default Adblock Filters (plaintext))) - C:\Users\matej\AppData\Local\BraveSoftware\Brave-Browser\User Data\iodkpdagapdfkphljnddpjlldadblomo [2025-08-30]
BRA Extension: (Brave Ad Block Updater (Brave Default Privacy Filters (plaintext))) - C:\Users\matej\AppData\Local\BraveSoftware\Brave-Browser\User Data\kihnoaefogbkmblfimmibknnmkllbhlf [2025-08-30]
BRA Extension: (Brave Ad Block Updater (Resources)) - C:\Users\matej\AppData\Local\BraveSoftware\Brave-Browser\User Data\mfddibmblmbccpadfndgakiopmmhebop [2025-07-23]
BRA Extension: (Brave Ad Block Updater (Brave Twitch Adblock Rules (plaintext))) - C:\Users\matej\AppData\Local\BraveSoftware\Brave-Browser\User Data\mhccgcegedfkhdbfbgllfkkcjhgkoinc [2024-12-04]
BRA Extension: (Brave User Agent) - C:\Users\matej\AppData\Local\BraveSoftware\Brave-Browser\User Data\nlpaeekllejnmhoonlpcefpfnpbajbpe [2025-08-30]
BRA Extension: (Brave Ad Block Updater (EasyList Czech and Slovak (plaintext))) - C:\Users\matej\AppData\Local\BraveSoftware\Brave-Browser\User Data\oegebjahecghlckbhkmojgnpcgdeajdi [2025-06-04]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\matej\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2024-12-04]
BRA Extension: (P3A Configuration) - C:\Users\matej\AppData\Local\BraveSoftware\Brave-Browser\User Data\P3AConfig [2025-08-10]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [174520 2025-03-21] (Adobe Inc. -> Adobe Inc.)
R2 AmdPpkgSvc; C:\Windows\System32\DriverStore\FileRepository\amdppkg.inf_amd64_7bf038ca4e246b90\AmdPpkgSvc.exe [525608 2024-10-06] (Advanced Micro Devices -> AMD)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [167440 2024-12-04] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 BraveElevationService; C:\Program Files\BraveSoftware\Brave-Browser\Application\139.1.81.137\elevation_service.exe [3199568 2025-08-27] (Brave Software, Inc. -> Brave Software, Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [167440 2024-12-04] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13288344 2025-08-24] (Microsoft Corporation -> Microsoft Corporation)
R2 DbxSvc; C:\Windows\System32\DbxSvc.exe [58984 2025-04-29] (Dropbox, Inc -> Dropbox, Inc.)
S3 DropboxElevationService; C:\Program Files (x86)\Dropbox\Client\231.4.5770\DropboxElevationService.exe [1659344 2025-08-26] (Dropbox, Inc -> Dropbox, Inc.)
S2 DropboxUpdaterInternalService123.0.6299.129; C:\Program Files\Dropbox\DropboxUpdater\123.0.6299.129\updater.exe [5898104 2025-05-26] (Dropbox, Inc -> Dropbox, Inc.)
S2 DropboxUpdaterService123.0.6299.129; C:\Program Files\Dropbox\DropboxUpdater\123.0.6299.129\updater.exe [5898104 2025-05-26] (Dropbox, Inc -> Dropbox, Inc.)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [959216 2025-05-29] (EasyAntiCheat Oy -> Epic Games, Inc.)
R2 EasyTuneEngineService; C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\EasyTuneEngineService.exe [150640 2023-11-06] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
S3 EpicGamesUpdater; D:\Games\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesUpdater.exe [3071904 2025-08-29] (Epic Games Inc. -> Epic Games, Inc.)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [1604512 2025-08-18] (Epic Games Inc. -> Epic Games, Inc.)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\25.140.0720.0001\FileSyncHelper.exe [3639184 2025-08-18] (Microsoft Corporation -> Microsoft Corporation)
S2 GBTECService; C:\Program Files (x86)\GIGABYTE\GBTECService\OLEDDisplayService.exe [19568 2024-07-04] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [4920184 2024-03-25] (LogMeIn, Inc. -> LogMeIn Inc.)
R2 LGHUBUpdaterService; C:\Program Files\LGHUB\lghub_updater.exe [18539856 2025-08-14] (Logitech Inc -> Logitech, Inc.)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc. -> LogMeIn, Inc.)
R2 logi_lamparray_service; C:\Windows\System32\DriverStore\FileRepository\logi_lamparray_usb.inf_amd64_68ef34ee4bd32b33\logi_lamparray_service.exe [11407904 2025-08-15] (Logitech Inc -> Logitech, Inc.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9609096 2025-08-29] (Malwarebytes Inc -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [2788304 2024-12-23] (Malwarebytes Inc. -> Malwarebytes)
R2 Microsoft; C:\Program Files (x86)\Windows MV\ScreenConnect.ClientService.exe [95512 2024-12-18] (Connectwise, LLC -> )
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_08efa4f6500ab001\Display.NvContainer\NVDisplay.Container.exe [1275552 2025-06-25] (NVIDIA Corporation -> NVIDIA Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\25.140.0720.0001\OneDriveUpdaterService.exe [3922304 2025-08-18] (Microsoft Corporation -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [918456 2025-07-22] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [40900296 2025-08-06] (Riot Games, Inc. -> Riot Games, Inc.)
R2 GigabyteUpdateService; C:\Windows\system32\GigabyteUpdateService.exe [878840 2025-08-30] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
S2 MDCoreSvc; "%ProgramData%\Microsoft\Windows Defender\Platform\4.18.25070.5-0\MpDefenderCoreService.exe" [X]
S3 WdNisSvc; "%ProgramData%\Microsoft\Windows Defender\Platform\4.18.25070.5-0\NisSrv.exe" [X]
S2 WinDefend; "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25070.5-0\MsMpEng.exe" [X]
Re: Podezření na keylogger
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AcpiAudioCompositorInbox; C:\Windows\System32\DriverStore\FileRepository\acpiaudiocompositor.inf_amd64_047f553a6f70b169\AcpiAudioCompositor.sys [102400 2025-08-30] (Microsoft Windows -> Microsoft Corporation)
R3 amdfendrmgr; C:\Windows\System32\DriverStore\FileRepository\amdfendr.inf_amd64_987f8cede005f427\amdfendrmgr.sys [55456 2024-07-14] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amduw23g; C:\Windows\System32\DriverStore\FileRepository\u0406695.inf_amd64_6133138125e49a58\B406235\amdkmdag.sys [106260672 2024-08-22] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
R3 AMDXE; C:\Windows\System32\drivers\amdxe.sys [63008 2024-05-16] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
S3 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [110592 2024-11-12] (Microsoft Corporation) [File not signed]
R3 gdrv3; C:\Windows\System32\drivers\gdrv3.sys [52440 2024-12-04] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2024-03-25] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
R2 inpoutx64; C:\Windows\System32\Drivers\inpoutx64.sys [15008 2025-02-28] (Red Fox UK Limited -> Highresolution Enterprises [www.highrez.co.uk])
S3 KslD; C:\Windows\System32\drivers\wd\KslD.sys [332184 2025-08-10] (Microsoft Windows -> Microsoft Corporation)
R3 logi_audio_surround; C:\Windows\System32\DriverStore\FileRepository\logi_audio.inf_amd64_affafe6e263c4f51\logi_audio_surround.sys [44112 2025-06-11] (Microsoft Windows Hardware Compatibility Publisher -> Logitech, Inc.)
R3 logi_joy_bus_enum; C:\Windows\system32\drivers\logi_joy_bus_enum.sys [44992 2025-06-11] (Logitech Inc -> Logitech)
R3 logi_joy_vir_hid; C:\Windows\system32\drivers\logi_joy_vir_hid.sys [32200 2025-06-11] (Logitech Inc -> Logitech)
R3 logi_joy_xlcore; C:\Windows\system32\drivers\logi_joy_xlcore.sys [73152 2025-06-11] (Logitech Inc -> Logitech)
R3 logi_lamparray; C:\Windows\System32\DriverStore\FileRepository\logi_lamparray_usb.inf_amd64_68ef34ee4bd32b33\logi_lamparray.sys [89656 2025-08-15] (Logitech Inc -> Logitech, Inc.)
R3 LoopBeMidi1; C:\Windows\system32\drivers\loopbe1.sys [13824 2011-04-09] (Daniel Schmitt -> nerds.de)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [22120 2025-05-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [242752 2025-08-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 rt68cx21; C:\Windows\System32\DriverStore\FileRepository\rt68cx21x64.inf_amd64_16d0e5f2b3759518\rt68cx21x64.sys [845256 2024-08-21] (Realtek Semiconductor Corp. -> Realtek)
S3 rtcx21; C:\Windows\System32\DriverStore\FileRepository\rtcx21x64.inf_amd64_feec7a9662e785f0\rtcx21x64.sys [539648 2024-03-28] (Microsoft Windows -> Realtek)
R3 RtkBtFilter2; C:\Windows\System32\drivers\RtkBtFilter2.sys [180888 2024-07-30] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corporation)
S3 SdcaHidInbox; C:\Windows\System32\DriverStore\FileRepository\sdcahid.inf_amd64_9b043c5c82568ed0\SdcaHid.sys [159744 2025-08-30] (Microsoft Windows -> Microsoft Corporation)
S3 SdcaMfdInbox; C:\Windows\System32\DriverStore\FileRepository\sdcamfd.inf_amd64_7616b07de0d13d6f\SdcaMfd.sys [176128 2025-08-30] (Microsoft Windows -> Microsoft Corporation)
S1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [25681688 2025-08-06] (Riot Games, Inc. -> Riot Games, Inc.)
S3 VOICEMOD_Driver; C:\Windows\system32\drivers\mvvad.sys [51840 2024-11-11] (VOICEMOD, INC. SUCURSAL EN ESPAÑA -> Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [20888 2025-08-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [627120 2025-08-10] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [101792 2025-08-10] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-08-30 21:32 - 2025-08-30 21:32 - 000036020 _____ C:\Users\matej\Desktop\FRST.txt
2025-08-30 21:31 - 2025-08-30 21:32 - 000000000 ____D C:\FRST
2025-08-30 21:30 - 2025-08-30 21:30 - 002409472 _____ (Farbar) C:\Users\matej\Desktop\FRST64.exe
2025-08-30 21:30 - 2025-08-30 21:30 - 000711764 _____ C:\Windows\system32\perfh005.dat
2025-08-30 21:30 - 2025-08-30 21:30 - 000152978 _____ C:\Windows\system32\perfc005.dat
2025-08-30 20:21 - 2025-08-30 21:26 - 000000000 ____D C:\Windows\CbsTemp
2025-08-30 16:16 - 2025-08-30 16:16 - 000001408 _____ C:\Users\matej\Desktop\Malwarebytes Scan Report 2025-08-30 141526.txt
2025-08-30 15:12 - 2025-08-30 15:12 - 013922376 _____ (Zemana Ltd. ) C:\Users\matej\Downloads\Zemana.AntiMalware.Setup.exe
2025-08-30 13:58 - 2025-08-30 13:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2025-08-30 09:26 - 2025-08-30 09:26 - 000077233 _____ C:\Windows\SysWOW64\ctac.json
2025-08-30 09:26 - 2025-08-30 09:26 - 000077233 _____ C:\Windows\system32\ctac.json
2025-08-30 09:26 - 2025-08-30 09:26 - 000001681 _____ C:\Windows\system32\DeviceFeatureDDF.json
2025-08-30 09:03 - 2025-08-30 21:26 - 000000000 ____D C:\Users\matej\AppData\Roaming\DeepL_SE
2025-08-30 09:03 - 2025-08-30 09:03 - 000000000 ____D C:\Users\matej\AppData\Roaming\SoundSwitch
2025-08-30 04:01 - 2025-08-30 04:01 - 000000000 ____D C:\Users\matej\AppData\Local\PeerDistRepub
2025-08-30 01:15 - 2025-08-30 01:20 - 000000000 ____D C:\zoek
2025-08-30 01:02 - 2025-08-30 19:02 - 000000000 ____D C:\zoek_backup
2025-08-29 23:22 - 2025-08-29 23:26 - 000001642 _____ C:\Users\matej\Desktop\RK.txt
2025-08-29 23:20 - 2025-08-30 19:02 - 000000000 ____D C:\ProgramData\RogueKiller
2025-08-29 23:20 - 2025-08-30 19:02 - 000000000 ____D C:\Program Files\RogueKiller
2025-08-29 23:12 - 2025-08-29 23:12 - 000000553 _____ C:\Users\matej\Desktop\JRT.txt
2025-08-29 23:10 - 2025-08-29 14:16 - 001790024 _____ (Malwarebytes) C:\Users\matej\Desktop\JRT.exe
2025-08-29 23:02 - 2025-08-29 23:02 - 000448512 _____ (OldTimer Tools) C:\Users\matej\Downloads\TFC.exe
2025-08-29 23:01 - 2025-08-29 23:01 - 000050688 _____ (Atribune.org) C:\Users\matej\Downloads\ATF-Cleaner.exe
2025-08-29 23:00 - 2025-08-29 23:00 - 000001811 _____ C:\Users\matej\Desktop\Malwarebytes Scan Report 2025-08-29 205756.txt
2025-08-29 20:46 - 2025-08-29 20:46 - 000001354 _____ C:\Users\matej\Downloads\Malwarebytes Scan Report 2025-08-29 184518.txt
2025-08-29 18:51 - 2025-08-29 18:51 - 000000000 ____D C:\Users\matej\Documents\Road Redemption
2025-08-29 18:51 - 2025-08-29 18:51 - 000000000 ____D C:\Users\matej\AppData\LocalLow\Pixel Dash Studios _ EQ Games
2025-08-29 18:35 - 2025-08-29 18:35 - 000000000 ____D C:\Users\matej\AppData\LocalLow\Ice BEAM
2025-08-29 14:37 - 2025-08-29 14:37 - 000191290 _____ C:\Users\matej\Downloads\VPP_MAJOB_ 1_25.0689f5ec.pdf
2025-08-29 14:16 - 2025-08-29 14:16 - 001790024 _____ (Malwarebytes) C:\Users\matej\Downloads\JRT.exe
2025-08-29 14:08 - 2025-08-29 14:08 - 000388608 _____ (Trend Micro Inc.) C:\Users\matej\Downloads\HijackThis.exe
2025-08-29 13:19 - 2025-08-29 19:32 - 000764324 _____ C:\Windows\ntbtlog.txt
2025-08-29 13:19 - 2025-08-29 19:17 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2025-08-29 12:40 - 2025-08-29 12:50 - 000000000 ____D C:\AdwCleaner
2025-08-29 12:40 - 2025-08-29 12:40 - 009616736 _____ (Malwarebytes) C:\Users\matej\Downloads\adwcleaner_8.6.0.exe
2025-08-29 10:27 - 2025-08-29 10:27 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2025-08-29 01:53 - 2025-08-29 01:53 - 030863979 _____ C:\Users\matej\Desktop\7696_zephyr-1100-service.pdf
2025-08-29 01:52 - 2025-08-29 01:52 - 030863979 _____ C:\Users\matej\Downloads\7696_zephyr-1100-service.pdf
2025-08-29 01:52 - 2025-08-29 01:52 - 003687224 _____ C:\Users\matej\Downloads\2086_ba_zrt10a2.pdf
2025-08-29 01:52 - 2025-08-29 01:52 - 000006860 _____ C:\Users\matej\Downloads\2088_cc_zr1100.pdf
2025-08-29 01:51 - 2025-08-29 01:51 - 025835273 _____ C:\Users\matej\Downloads\6717_zephyr-1100.pdf
2025-08-28 22:51 - 2025-08-28 22:51 - 000000000 ____D C:\Users\matej\AppData\LocalLow\Free Lives
2025-08-28 11:44 - 2025-08-29 19:55 - 000003698 _____ C:\Windows\system32\Tasks\Updater
2025-08-28 11:44 - 2025-08-29 19:55 - 000000370 _____ C:\Users\Public\Updater.vbs
2025-08-27 23:56 - 2025-08-30 19:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2025-08-26 00:48 - 2025-08-30 19:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64
2025-08-26 00:48 - 2025-08-26 00:48 - 000000000 ____D C:\Users\matej\AppData\Roaming\MPC-HC
2025-08-26 00:48 - 2025-08-26 00:48 - 000000000 ____D C:\Program Files\MPC-HC
2025-08-26 00:47 - 2025-08-26 00:47 - 022811586 _____ (MPC-HC Team ) C:\Users\matej\Downloads\MPC-HC.2.5.2.x64.exe
2025-08-26 00:43 - 2025-08-30 19:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BS.Player
2025-08-26 00:43 - 2025-08-26 00:43 - 000001201 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BS.Player FREE.lnk
2025-08-26 00:42 - 2025-08-26 00:42 - 011136288 _____ C:\Users\matej\Downloads\bsplayer278.setup.exe
2025-08-26 00:24 - 2025-08-26 00:24 - 000001040 _____ C:\Users\matej\Desktop\NS.xlsx.lnk
2025-08-26 00:21 - 2025-08-30 13:26 - 000000000 ____D C:\Users\matej\Desktop\Ostatní
2025-08-25 12:56 - 2025-08-25 13:13 - 000000000 ____D C:\ESD
2025-08-25 12:56 - 2025-08-25 12:56 - 000000000 ___HD C:\$Windows.~WS
2025-08-25 12:56 - 2025-08-25 12:56 - 000000000 ____D C:\$WINDOWS.~BT
2025-08-25 12:30 - 2025-08-25 12:30 - 000000552 __RSH C:\ProgramData\ntuser.pol
2025-08-25 10:01 - 2025-08-25 10:02 - 220839398 _____ C:\Users\matej\Downloads\1239.sdlppx
2025-08-24 20:31 - 2025-08-24 20:31 - 000000000 ____D C:\Users\matej\Documents\Max 9
2025-08-24 20:31 - 2025-08-24 20:31 - 000000000 ____D C:\ProgramData\Max 9
2025-08-24 17:51 - 2025-08-24 17:51 - 000000000 ____D C:\Users\matej\Downloads\Rufus
2025-08-24 17:34 - 2025-08-25 12:29 - 000000206 _____ C:\Users\matej\Downloads\rufus.ini
2025-08-24 17:34 - 2025-08-24 17:34 - 002102632 _____ (Akeo Consulting) C:\Users\matej\Downloads\rufus-4.9p.exe
2025-08-22 22:51 - 2025-08-22 22:51 - 000000000 ____D C:\Users\Public\mod.io
2025-08-22 22:34 - 2025-08-28 22:40 - 000000000 ____D C:\Users\matej\Documents\Anno 1800
2025-08-22 22:32 - 2025-08-30 19:15 - 000000000 ____D C:\Users\matej\AppData\Local\Ubisoft Game Launcher
2025-08-22 22:32 - 2025-08-22 22:32 - 000000000 ____D C:\Users\matej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2025-08-22 22:32 - 2025-08-22 22:32 - 000000000 ____D C:\ProgramData\Ubisoft
2025-08-22 22:32 - 2025-08-22 22:32 - 000000000 ____D C:\Program Files (x86)\Ubisoft
2025-08-22 19:26 - 2025-08-22 19:26 - 000000208 _____ C:\Users\matej\Desktop\Anno 1800.url
2025-08-22 10:35 - 2025-08-22 10:35 - 004950466 _____ C:\Users\matej\Downloads\735342111122 - CZ BREN 2 DMR cs (08-2025).pdf
2025-08-21 23:23 - 2025-08-21 23:23 - 000000000 ____D C:\Users\matej\AppData\Roaming\Valve Corporation
2025-08-21 20:16 - 2025-08-22 13:59 - 000000006 _____ C:\Users\matej\AppData\Roaming\crypto_keywords_state.json
2025-08-21 20:16 - 2025-08-21 20:16 - 000013116 _____ C:\Windows\system32\bip-0039.txt
2025-08-21 20:16 - 2025-08-21 20:16 - 000000034 _____ C:\Users\matej\devid
2025-08-21 19:19 - 2025-08-21 23:18 - 000000000 ____D C:\Users\matej\Documents\Studio 2024
2025-08-21 19:19 - 2025-08-21 19:19 - 000000000 ____D C:\Users\matej\AppData\Roaming\Trados AppStore
2025-08-21 19:17 - 2025-08-21 19:17 - 000000013 _____ C:\Windows\51a77459-90cb-4b12-8050-bc6fed072bb4.ddx
2025-08-21 19:17 - 2025-08-21 19:17 - 000000000 ____D C:\Program Files (x86)\Advanced Assistant
2025-08-21 19:15 - 2025-08-30 19:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trados Studio 2024
2025-08-19 20:19 - 2025-08-19 20:19 - 000000000 ____D C:\Users\matej\AppData\Local\WrapHouseSimulator
2025-08-18 22:36 - 2025-08-18 22:36 - 000000000 ____D C:\Users\matej\AppData\Roaming\SketchUp
2025-08-18 22:36 - 2025-08-18 22:36 - 000000000 ____D C:\Users\matej\AppData\Local\SketchUp
2025-08-18 22:35 - 2025-08-18 22:35 - 000000000 ____D C:\ProgramData\SketchUp
2025-08-18 22:00 - 2025-08-18 22:00 - 000000000 ____D C:\Users\matej\AppData\Local\DeadIsland
2025-08-18 17:03 - 2025-08-30 13:59 - 000000000 ____D C:\Users\matej\Downloads\1203 en
2025-08-18 16:59 - 2025-08-18 17:00 - 172216451 _____ C:\Users\matej\Downloads\1203 en.zip
2025-08-18 16:59 - 2025-08-18 17:00 - 117216063 _____ C:\Users\matej\Downloads\1202 en.sdlppx
2025-08-17 11:18 - 2025-08-17 11:18 - 000000730 _____ C:\Users\matej\Desktop\DARK SOULS III.lnk
2025-08-16 23:54 - 2025-08-16 23:54 - 001287892 _____ C:\Users\matej\Downloads\DS3 Seamless Co-op v0.1.1-1895-0-1-1-1741470313.zip
2025-08-16 23:49 - 2025-08-16 23:51 - 000000000 ____D C:\Users\matej\AppData\Roaming\DarkSoulsIII
2025-08-15 09:16 - 2025-08-30 19:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2025-08-15 09:16 - 2025-08-15 09:16 - 000000000 ____D C:\Program Files\LGHUB
2025-08-14 22:40 - 2025-08-14 22:40 - 000000000 ____D C:\Users\matej\Documents\Paradox Interactive
2025-08-13 09:38 - 2025-08-13 09:40 - 332215714 _____ C:\Users\matej\Downloads\1176 en.sdlppx
2025-08-10 14:43 - 2025-08-10 14:43 - 127779805 _____ C:\Users\matej\Downloads\1144-2.sdlppx
2025-08-03 17:21 - 2025-08-03 17:21 - 000000000 ____D C:\Users\matej\AppData\Roaming\Microsoft\PowerPoint
2025-08-01 19:49 - 2025-08-01 19:49 - 000000000 ____D C:\Users\matej\Games
2025-08-01 16:46 - 2025-08-03 17:27 - 000000000 ____D C:\Users\matej\Downloads\1123
2025-08-01 16:46 - 2025-08-01 16:46 - 017527660 _____ C:\Users\matej\Downloads\1123.zip
2025-07-31 14:41 - 2025-07-31 14:41 - 022300485 _____ C:\Users\matej\Downloads\3rlj1743TD-1753103189.zip
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-08-30 21:30 - 2024-12-05 01:12 - 001692324 _____ C:\Windows\system32\PerfStringBackup.INI
2025-08-30 21:30 - 2024-04-01 09:24 - 000000000 ____D C:\Windows\INF
2025-08-30 21:28 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\SystemTemp
2025-08-30 21:27 - 2024-12-05 02:55 - 000000000 ____D C:\Users\matej\AppData\Roaming\Dropbox
2025-08-30 21:27 - 2024-12-05 02:55 - 000000000 ____D C:\Users\matej\AppData\Local\Dropbox
2025-08-30 21:27 - 2024-12-05 02:26 - 000000000 ____D C:\Users\matej\AppData\Roaming\discord
2025-08-30 21:26 - 2024-12-05 02:26 - 000000000 ____D C:\Users\matej\AppData\Local\Discord
2025-08-30 21:26 - 2024-12-05 01:16 - 000003084 _____ C:\Windows\system32\Tasks\AMDLinkUpdate
2025-08-30 21:26 - 2024-12-05 01:13 - 000003422 _____ C:\Windows\system32\Tasks\GCC
2025-08-30 21:26 - 2024-12-05 01:10 - 000089336 _____ (GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Windows\system32\GigabyteDownloadAssistant.exe
2025-08-30 21:26 - 2024-12-05 01:10 - 000000000 ____D C:\ProgramData\NVIDIA
2025-08-30 21:26 - 2024-12-05 01:04 - 000001623 _____ C:\Windows\system32\config\VSMIDK
2025-08-30 21:26 - 2024-12-05 01:03 - 000015914 _____ C:\Windows\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2
2025-08-30 21:26 - 2024-12-05 01:02 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2025-08-30 21:26 - 2024-12-05 01:01 - 000906528 _____ C:\Windows\system32\wpbbin.exe
2025-08-30 21:26 - 2024-12-05 01:01 - 000878840 _____ (GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Windows\system32\GigabyteUpdateService.exe
2025-08-30 21:26 - 2024-12-05 01:01 - 000012288 ___SH C:\DumpStack.log.tmp
2025-08-30 21:26 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\ServiceState
2025-08-30 21:26 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\AppReadiness
2025-08-30 21:26 - 2024-04-01 09:26 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-08-30 21:25 - 2024-04-01 09:21 - 000524288 _____ C:\Windows\system32\config\BBI
2025-08-30 21:24 - 2024-12-05 01:01 - 000343968 _____ C:\Windows\system32\FNTCACHE.DAT
2025-08-30 21:23 - 2025-02-19 22:11 - 000000000 ____D C:\Windows\system32\Drivers\en-GB
2025-08-30 21:23 - 2024-04-01 10:03 - 000000000 ____D C:\Windows\system32\OpenSSH
2025-08-30 21:23 - 2024-04-01 10:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2025-08-30 21:23 - 2024-04-01 09:26 - 000000000 ___SD C:\Windows\SysWOW64\F12
2025-08-30 21:23 - 2024-04-01 09:26 - 000000000 ___SD C:\Windows\system32\F12
2025-08-30 21:23 - 2024-04-01 09:26 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2025-08-30 21:23 - 2024-04-01 09:26 - 000000000 ___RD C:\Program Files\Windows Defender
2025-08-30 21:23 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\UUS
2025-08-30 21:23 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2025-08-30 21:23 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\SysWOW64\setup
2025-08-30 21:23 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\SysWOW64\oobe
2025-08-30 21:23 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\SysWOW64\InstallShield
2025-08-30 21:23 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\SysWOW64\Dism
2025-08-30 21:23 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2025-08-30 21:23 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\SystemResources
2025-08-30 21:23 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\WinMetadata
2025-08-30 21:23 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\setup
2025-08-30 21:23 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2025-08-30 21:23 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\oobe
2025-08-30 21:23 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\migwiz
2025-08-30 21:23 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\HealthAttestationClient
2025-08-30 21:23 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\Dism
2025-08-30 21:23 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\appraiser
2025-08-30 21:23 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\AdvancedInstallers
2025-08-30 21:23 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\ShellExperiences
2025-08-30 21:23 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\ShellComponents
2025-08-30 21:23 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\Provisioning
2025-08-30 21:23 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\PolicyDefinitions
2025-08-30 21:23 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\bcastdvr
2025-08-30 21:23 - 2024-04-01 09:26 - 000000000 ____D C:\Program Files\Common Files\System
2025-08-30 21:23 - 2024-04-01 09:21 - 000000000 ____D C:\Windows\servicing
2025-08-30 21:22 - 2024-12-05 02:00 - 000000000 ____D C:\Users\matej\AppData\Roaming\qBittorrent
2025-08-30 21:05 - 2024-12-23 14:28 - 000000000 ____D C:\Users\matej\AppData\Local\Malwarebytes
2025-08-30 20:39 - 2024-12-06 01:42 - 000000000 ____D C:\Users\matej\AppData\Roaming\vlc
2025-08-30 20:39 - 2024-12-05 01:10 - 000000000 ____D C:\Users\matej\AppData\Local\Packages
2025-08-30 20:25 - 2024-04-01 09:26 - 000282624 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll
2025-08-30 20:25 - 2024-04-01 09:26 - 000235520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2025-08-30 20:20 - 2025-01-16 23:57 - 000000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
2025-08-30 19:32 - 2024-12-07 17:54 - 000000000 ____D C:\Users\matej\AppData\Local\CrashDumps
2025-08-30 19:02 - 2025-07-29 21:23 - 000000000 ____D C:\Users\matej\AppData\Local\DrugDealerSimulator2
2025-08-30 19:02 - 2025-07-16 00:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stronghold Crusader Definitive Edition
2025-08-30 19:02 - 2025-06-20 00:07 - 000000000 ____D C:\Users\matej\AppData\Roaming\exilence-ce-app
2025-08-30 19:02 - 2025-04-28 00:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2025-08-30 19:02 - 2025-03-01 17:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trados Studio 2022
2025-08-30 19:02 - 2025-02-17 00:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2025-08-30 19:02 - 2024-12-15 21:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ApSIC Tools
2025-08-30 19:02 - 2024-12-12 18:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lingea Lexicon 7
2025-08-30 19:02 - 2024-12-10 00:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LoopBe1 - Internal MIDI Port
2025-08-30 19:02 - 2024-12-09 23:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Ableton
2025-08-30 19:02 - 2024-12-08 00:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2025-08-30 19:02 - 2024-12-07 01:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2025-08-30 19:02 - 2024-12-06 01:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2025-08-30 19:02 - 2024-12-06 00:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VobSub
2025-08-30 19:02 - 2024-12-05 20:39 - 000000000 ____D C:\Program Files\Mozilla Firefox
2025-08-30 19:02 - 2024-12-05 20:39 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2025-08-30 19:02 - 2024-12-05 16:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2025-08-30 19:02 - 2024-12-05 15:42 - 000000000 ____D C:\Users\matej\AppData\Roaming\riot-client-ux
2025-08-30 19:02 - 2024-12-05 15:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
2025-08-30 19:02 - 2024-12-05 14:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2025-08-30 19:02 - 2024-12-05 01:14 - 000000000 ____D C:\ProgramData\Package Cache
2025-08-30 19:02 - 2024-12-05 01:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE
2025-08-30 19:02 - 2024-04-01 09:26 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2025-08-30 19:01 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\registration
2025-08-30 14:06 - 2024-12-05 20:52 - 000000000 ____D C:\Users\matej\AppData\Roaming\Microsoft\Word
2025-08-30 13:58 - 2025-04-05 22:44 - 000002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2025-08-30 13:58 - 2025-04-05 22:44 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2025-08-30 13:58 - 2025-04-05 22:44 - 000002413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2025-08-30 13:30 - 2024-12-06 20:50 - 000000000 ____D C:\Users\matej\AppData\Roaming\Path of Exile 2
2025-08-30 10:29 - 2024-12-05 16:24 - 000000000 ____D C:\Users\matej\AppData\Local\Steam
2025-08-30 09:32 - 2024-12-05 01:02 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-08-30 09:32 - 2024-04-01 09:26 - 000000000 ___HD C:\Program Files\WindowsApps
2025-08-30 09:26 - 2024-12-05 01:05 - 003270656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2025-08-30 09:05 - 2024-12-05 01:10 - 000000000 ____D C:\Users\matej\AppData\Local\D3DSCache
2025-08-30 09:03 - 2024-12-05 02:36 - 000000000 ____D C:\Users\matej\AppData\Local\LGHUB
2025-08-30 09:02 - 2024-12-05 01:09 - 000000000 ____D C:\Users\matej
2025-08-30 08:40 - 2024-12-05 01:02 - 000000000 ____D C:\Windows\system32\SleepStudy
2025-08-29 23:10 - 2024-12-05 19:18 - 000000000 ____D C:\Users\matej\AppData\Local\0install.net
2025-08-29 23:09 - 2024-12-05 15:47 - 000000001 _____ C:\Windows\vgkbootstatus.dat
2025-08-29 20:45 - 2024-12-23 14:28 - 000242752 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2025-08-29 19:40 - 2025-01-07 15:48 - 000000000 ____D C:\Games
2025-08-29 17:20 - 2024-12-05 14:38 - 000003834 _____ C:\Windows\system32\Tasks\NVIDIA App SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2025-08-29 17:20 - 2024-12-05 01:52 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2025-08-29 16:23 - 2024-12-05 20:39 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2025-08-29 16:22 - 2024-12-05 20:39 - 000001073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2025-08-29 14:10 - 2025-02-17 00:17 - 000000000 ____D C:\Users\matej\AppData\Local\LogMeIn Hamachi
2025-08-29 14:09 - 2024-12-05 01:10 - 000000000 ____D C:\Users\matej\AppData\Local\VirtualStore
2025-08-29 13:37 - 2025-03-06 12:47 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2025-08-29 13:37 - 2025-03-06 12:47 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2025-08-29 13:22 - 2024-12-05 15:47 - 134222904 _____ C:\Windows\392667600.dat
2025-08-29 11:46 - 2024-12-05 01:04 - 000000000 ____D C:\ProgramData\Packages
2025-08-29 10:27 - 2025-04-05 22:43 - 000000000 ____D C:\Program Files\Microsoft Office
2025-08-29 01:10 - 2024-12-15 14:21 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2025-08-28 17:14 - 2024-12-12 19:08 - 000000000 ____D C:\Users\matej\Documents\Lexicon
2025-08-28 14:55 - 2024-12-05 15:41 - 000000000 ____D C:\ProgramData\Riot Games
2025-08-28 13:48 - 2024-12-09 23:54 - 000000000 ____D C:\Users\matej\AppData\Roaming\Ableton
2025-08-27 23:56 - 2024-12-05 02:55 - 000000000 ____D C:\Program Files (x86)\Dropbox
2025-08-27 20:29 - 2024-12-05 01:23 - 000002364 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2025-08-26 13:36 - 2024-12-05 01:49 - 000000000 ____D C:\Users\matej\AppData\Local\UnrealEngine
2025-08-26 13:35 - 2024-12-05 16:40 - 000000000 ____D C:\Users\matej\AppData\Roaming\EasyAntiCheat
2025-08-26 00:50 - 2024-12-06 00:31 - 000000000 ____D C:\Users\matej\AppData\Roaming\BSplayer
2025-08-26 00:43 - 2024-12-06 00:31 - 000000000 ____D C:\Program Files (x86)\Webteh
2025-08-25 13:41 - 2024-12-05 01:10 - 000000000 ___SD C:\Users\matej\AppData\Roaming\Microsoft\Crypto
2025-08-25 13:13 - 2024-12-05 02:01 - 000000000 ____D C:\Windows\Panther
2025-08-24 20:31 - 2024-12-09 23:54 - 000000000 ____D C:\Users\matej\AppData\Roaming\Cycling '74
2025-08-24 13:39 - 2024-12-05 12:17 - 000000000 ____D C:\Users\matej\AppData\Roaming\Microsoft\Excel
2025-08-24 08:09 - 2024-12-05 14:38 - 001310240 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2025-08-24 08:09 - 2024-12-05 14:38 - 001114656 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2025-08-24 08:09 - 2024-12-05 01:52 - 000287776 _____ C:\Windows\system32\FvSDK_x64.dll
2025-08-24 08:09 - 2024-12-05 01:52 - 000262688 _____ C:\Windows\SysWOW64\FvSDK_x86.dll
2025-08-24 07:46 - 2024-12-05 01:52 - 000180760 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2025-08-24 07:46 - 2024-12-05 01:52 - 000159768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2025-08-24 07:45 - 2024-12-05 01:52 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2025-08-22 22:51 - 2024-12-27 17:14 - 000000000 ____D C:\Users\matej\AppData\Local\mod.io
2025-08-22 19:26 - 2024-12-05 16:33 - 000000000 ____D C:\Users\matej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2025-08-22 13:54 - 2024-12-23 21:55 - 004213136 _____ (Microsoft Corporation) C:\Windows\system32\xgameruntime.dll
2025-08-22 13:54 - 2024-12-23 21:55 - 000829808 _____ (Microsoft Corporation) C:\Windows\system32\gameplatformservices.dll
2025-08-22 13:54 - 2024-12-23 21:55 - 000276880 _____ (Microsoft Corporation) C:\Windows\system32\gamelaunchhelper.dll
2025-08-22 13:54 - 2024-12-23 21:55 - 000244112 _____ (Microsoft Corporation) C:\Windows\system32\gameconfighelper.dll
2025-08-22 13:54 - 2024-12-23 21:55 - 000166264 _____ (Microsoft Corporation) C:\Windows\system32\gamingtcuihelpers.dll
2025-08-22 13:54 - 2024-12-23 21:55 - 000121208 _____ (Microsoft Corporation) C:\Windows\system32\xgamehelper.exe
2025-08-22 13:54 - 2024-12-23 21:55 - 000076152 _____ (Microsoft Corporation) C:\Windows\system32\xgamecontrol.exe
2025-08-19 11:06 - 2025-07-08 17:26 - 000000000 ____D C:\Windows\Minidump
2025-08-19 11:06 - 2024-12-06 13:03 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2025-08-19 11:06 - 2024-12-05 01:01 - 004460682 ____N C:\Windows\Minidump\081925-23953-01.dmp
2025-08-19 01:26 - 2025-01-02 23:09 - 000000000 ____D C:\Users\matej\Zomboid
2025-08-19 00:35 - 2025-02-17 20:35 - 000003546 _____ C:\Windows\system32\Tasks\OneDrive Startup Task-S-1-5-21-1133320186-482538794-3055530732-1001
2025-08-19 00:35 - 2024-12-05 12:16 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2025-08-19 00:35 - 2024-12-05 12:16 - 000002130 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2025-08-19 00:35 - 2024-12-05 01:12 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1133320186-482538794-3055530732-1001
2025-08-18 22:00 - 2024-12-05 15:44 - 000000000 ____D C:\Users\matej\AppData\Local\EpicGamesLauncher
2025-08-16 18:08 - 2024-12-06 20:50 - 000000000 ____D C:\Users\matej\Documents\My Games
2025-08-15 09:17 - 2024-12-05 02:36 - 000000000 ____D C:\Users\matej\AppData\Roaming\G HUB
2025-08-14 01:14 - 2024-04-01 10:03 - 000000000 ____D C:\Windows\system32\Microsoft-Edge-WebView
2025-08-13 22:43 - 2024-12-07 01:54 - 000000000 ____D C:\Windows\system32\MRT
2025-08-13 22:42 - 2024-12-07 01:54 - 223939376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2025-08-11 08:18 - 2024-12-05 15:42 - 000000000 ____D C:\Program Files\Riot Vanguard
2025-08-10 12:37 - 2024-12-05 01:02 - 000000000 ____D C:\Windows\system32\Drivers\wd
2025-08-02 10:41 - 2024-12-05 01:01 - 004521104 ____N C:\Windows\Minidump\080225-23484-01.dmp
2025-08-02 10:23 - 2025-07-28 20:46 - 000000108 _____ C:\logUploaderSettings_temp.ini
2025-08-02 10:23 - 2025-07-28 20:46 - 000000108 _____ C:\logUploaderSettings.ini
2025-08-01 20:26 - 2024-12-05 01:02 - 000003716 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA{536BFF0B-7614-4020-AEA4-E7C28BF15FF1}
2025-08-01 20:26 - 2024-12-05 01:02 - 000003590 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore{1E635A62-BD04-4D30-831E-1B5842BB4851}
==================== Files in the root of some directories ========
2025-08-28 11:44 - 2025-08-29 19:55 - 000000370 _____ () C:\Users\Public\Updater.vbs
2025-08-21 20:16 - 2025-08-22 13:59 - 000000006 _____ () C:\Users\matej\AppData\Roaming\crypto_keywords_state.json
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AcpiAudioCompositorInbox; C:\Windows\System32\DriverStore\FileRepository\acpiaudiocompositor.inf_amd64_047f553a6f70b169\AcpiAudioCompositor.sys [102400 2025-08-30] (Microsoft Windows -> Microsoft Corporation)
R3 amdfendrmgr; C:\Windows\System32\DriverStore\FileRepository\amdfendr.inf_amd64_987f8cede005f427\amdfendrmgr.sys [55456 2024-07-14] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amduw23g; C:\Windows\System32\DriverStore\FileRepository\u0406695.inf_amd64_6133138125e49a58\B406235\amdkmdag.sys [106260672 2024-08-22] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
R3 AMDXE; C:\Windows\System32\drivers\amdxe.sys [63008 2024-05-16] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
S3 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [110592 2024-11-12] (Microsoft Corporation) [File not signed]
R3 gdrv3; C:\Windows\System32\drivers\gdrv3.sys [52440 2024-12-04] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2024-03-25] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
R2 inpoutx64; C:\Windows\System32\Drivers\inpoutx64.sys [15008 2025-02-28] (Red Fox UK Limited -> Highresolution Enterprises [www.highrez.co.uk])
S3 KslD; C:\Windows\System32\drivers\wd\KslD.sys [332184 2025-08-10] (Microsoft Windows -> Microsoft Corporation)
R3 logi_audio_surround; C:\Windows\System32\DriverStore\FileRepository\logi_audio.inf_amd64_affafe6e263c4f51\logi_audio_surround.sys [44112 2025-06-11] (Microsoft Windows Hardware Compatibility Publisher -> Logitech, Inc.)
R3 logi_joy_bus_enum; C:\Windows\system32\drivers\logi_joy_bus_enum.sys [44992 2025-06-11] (Logitech Inc -> Logitech)
R3 logi_joy_vir_hid; C:\Windows\system32\drivers\logi_joy_vir_hid.sys [32200 2025-06-11] (Logitech Inc -> Logitech)
R3 logi_joy_xlcore; C:\Windows\system32\drivers\logi_joy_xlcore.sys [73152 2025-06-11] (Logitech Inc -> Logitech)
R3 logi_lamparray; C:\Windows\System32\DriverStore\FileRepository\logi_lamparray_usb.inf_amd64_68ef34ee4bd32b33\logi_lamparray.sys [89656 2025-08-15] (Logitech Inc -> Logitech, Inc.)
R3 LoopBeMidi1; C:\Windows\system32\drivers\loopbe1.sys [13824 2011-04-09] (Daniel Schmitt -> nerds.de)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [22120 2025-05-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [242752 2025-08-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 rt68cx21; C:\Windows\System32\DriverStore\FileRepository\rt68cx21x64.inf_amd64_16d0e5f2b3759518\rt68cx21x64.sys [845256 2024-08-21] (Realtek Semiconductor Corp. -> Realtek)
S3 rtcx21; C:\Windows\System32\DriverStore\FileRepository\rtcx21x64.inf_amd64_feec7a9662e785f0\rtcx21x64.sys [539648 2024-03-28] (Microsoft Windows -> Realtek)
R3 RtkBtFilter2; C:\Windows\System32\drivers\RtkBtFilter2.sys [180888 2024-07-30] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corporation)
S3 SdcaHidInbox; C:\Windows\System32\DriverStore\FileRepository\sdcahid.inf_amd64_9b043c5c82568ed0\SdcaHid.sys [159744 2025-08-30] (Microsoft Windows -> Microsoft Corporation)
S3 SdcaMfdInbox; C:\Windows\System32\DriverStore\FileRepository\sdcamfd.inf_amd64_7616b07de0d13d6f\SdcaMfd.sys [176128 2025-08-30] (Microsoft Windows -> Microsoft Corporation)
S1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [25681688 2025-08-06] (Riot Games, Inc. -> Riot Games, Inc.)
S3 VOICEMOD_Driver; C:\Windows\system32\drivers\mvvad.sys [51840 2024-11-11] (VOICEMOD, INC. SUCURSAL EN ESPAÑA -> Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [20888 2025-08-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [627120 2025-08-10] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [101792 2025-08-10] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-08-30 21:32 - 2025-08-30 21:32 - 000036020 _____ C:\Users\matej\Desktop\FRST.txt
2025-08-30 21:31 - 2025-08-30 21:32 - 000000000 ____D C:\FRST
2025-08-30 21:30 - 2025-08-30 21:30 - 002409472 _____ (Farbar) C:\Users\matej\Desktop\FRST64.exe
2025-08-30 21:30 - 2025-08-30 21:30 - 000711764 _____ C:\Windows\system32\perfh005.dat
2025-08-30 21:30 - 2025-08-30 21:30 - 000152978 _____ C:\Windows\system32\perfc005.dat
2025-08-30 20:21 - 2025-08-30 21:26 - 000000000 ____D C:\Windows\CbsTemp
2025-08-30 16:16 - 2025-08-30 16:16 - 000001408 _____ C:\Users\matej\Desktop\Malwarebytes Scan Report 2025-08-30 141526.txt
2025-08-30 15:12 - 2025-08-30 15:12 - 013922376 _____ (Zemana Ltd. ) C:\Users\matej\Downloads\Zemana.AntiMalware.Setup.exe
2025-08-30 13:58 - 2025-08-30 13:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2025-08-30 09:26 - 2025-08-30 09:26 - 000077233 _____ C:\Windows\SysWOW64\ctac.json
2025-08-30 09:26 - 2025-08-30 09:26 - 000077233 _____ C:\Windows\system32\ctac.json
2025-08-30 09:26 - 2025-08-30 09:26 - 000001681 _____ C:\Windows\system32\DeviceFeatureDDF.json
2025-08-30 09:03 - 2025-08-30 21:26 - 000000000 ____D C:\Users\matej\AppData\Roaming\DeepL_SE
2025-08-30 09:03 - 2025-08-30 09:03 - 000000000 ____D C:\Users\matej\AppData\Roaming\SoundSwitch
2025-08-30 04:01 - 2025-08-30 04:01 - 000000000 ____D C:\Users\matej\AppData\Local\PeerDistRepub
2025-08-30 01:15 - 2025-08-30 01:20 - 000000000 ____D C:\zoek
2025-08-30 01:02 - 2025-08-30 19:02 - 000000000 ____D C:\zoek_backup
2025-08-29 23:22 - 2025-08-29 23:26 - 000001642 _____ C:\Users\matej\Desktop\RK.txt
2025-08-29 23:20 - 2025-08-30 19:02 - 000000000 ____D C:\ProgramData\RogueKiller
2025-08-29 23:20 - 2025-08-30 19:02 - 000000000 ____D C:\Program Files\RogueKiller
2025-08-29 23:12 - 2025-08-29 23:12 - 000000553 _____ C:\Users\matej\Desktop\JRT.txt
2025-08-29 23:10 - 2025-08-29 14:16 - 001790024 _____ (Malwarebytes) C:\Users\matej\Desktop\JRT.exe
2025-08-29 23:02 - 2025-08-29 23:02 - 000448512 _____ (OldTimer Tools) C:\Users\matej\Downloads\TFC.exe
2025-08-29 23:01 - 2025-08-29 23:01 - 000050688 _____ (Atribune.org) C:\Users\matej\Downloads\ATF-Cleaner.exe
2025-08-29 23:00 - 2025-08-29 23:00 - 000001811 _____ C:\Users\matej\Desktop\Malwarebytes Scan Report 2025-08-29 205756.txt
2025-08-29 20:46 - 2025-08-29 20:46 - 000001354 _____ C:\Users\matej\Downloads\Malwarebytes Scan Report 2025-08-29 184518.txt
2025-08-29 18:51 - 2025-08-29 18:51 - 000000000 ____D C:\Users\matej\Documents\Road Redemption
2025-08-29 18:51 - 2025-08-29 18:51 - 000000000 ____D C:\Users\matej\AppData\LocalLow\Pixel Dash Studios _ EQ Games
2025-08-29 18:35 - 2025-08-29 18:35 - 000000000 ____D C:\Users\matej\AppData\LocalLow\Ice BEAM
2025-08-29 14:37 - 2025-08-29 14:37 - 000191290 _____ C:\Users\matej\Downloads\VPP_MAJOB_ 1_25.0689f5ec.pdf
2025-08-29 14:16 - 2025-08-29 14:16 - 001790024 _____ (Malwarebytes) C:\Users\matej\Downloads\JRT.exe
2025-08-29 14:08 - 2025-08-29 14:08 - 000388608 _____ (Trend Micro Inc.) C:\Users\matej\Downloads\HijackThis.exe
2025-08-29 13:19 - 2025-08-29 19:32 - 000764324 _____ C:\Windows\ntbtlog.txt
2025-08-29 13:19 - 2025-08-29 19:17 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2025-08-29 12:40 - 2025-08-29 12:50 - 000000000 ____D C:\AdwCleaner
2025-08-29 12:40 - 2025-08-29 12:40 - 009616736 _____ (Malwarebytes) C:\Users\matej\Downloads\adwcleaner_8.6.0.exe
2025-08-29 10:27 - 2025-08-29 10:27 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2025-08-29 01:53 - 2025-08-29 01:53 - 030863979 _____ C:\Users\matej\Desktop\7696_zephyr-1100-service.pdf
2025-08-29 01:52 - 2025-08-29 01:52 - 030863979 _____ C:\Users\matej\Downloads\7696_zephyr-1100-service.pdf
2025-08-29 01:52 - 2025-08-29 01:52 - 003687224 _____ C:\Users\matej\Downloads\2086_ba_zrt10a2.pdf
2025-08-29 01:52 - 2025-08-29 01:52 - 000006860 _____ C:\Users\matej\Downloads\2088_cc_zr1100.pdf
2025-08-29 01:51 - 2025-08-29 01:51 - 025835273 _____ C:\Users\matej\Downloads\6717_zephyr-1100.pdf
2025-08-28 22:51 - 2025-08-28 22:51 - 000000000 ____D C:\Users\matej\AppData\LocalLow\Free Lives
2025-08-28 11:44 - 2025-08-29 19:55 - 000003698 _____ C:\Windows\system32\Tasks\Updater
2025-08-28 11:44 - 2025-08-29 19:55 - 000000370 _____ C:\Users\Public\Updater.vbs
2025-08-27 23:56 - 2025-08-30 19:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2025-08-26 00:48 - 2025-08-30 19:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64
2025-08-26 00:48 - 2025-08-26 00:48 - 000000000 ____D C:\Users\matej\AppData\Roaming\MPC-HC
2025-08-26 00:48 - 2025-08-26 00:48 - 000000000 ____D C:\Program Files\MPC-HC
2025-08-26 00:47 - 2025-08-26 00:47 - 022811586 _____ (MPC-HC Team ) C:\Users\matej\Downloads\MPC-HC.2.5.2.x64.exe
2025-08-26 00:43 - 2025-08-30 19:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BS.Player
2025-08-26 00:43 - 2025-08-26 00:43 - 000001201 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BS.Player FREE.lnk
2025-08-26 00:42 - 2025-08-26 00:42 - 011136288 _____ C:\Users\matej\Downloads\bsplayer278.setup.exe
2025-08-26 00:24 - 2025-08-26 00:24 - 000001040 _____ C:\Users\matej\Desktop\NS.xlsx.lnk
2025-08-26 00:21 - 2025-08-30 13:26 - 000000000 ____D C:\Users\matej\Desktop\Ostatní
2025-08-25 12:56 - 2025-08-25 13:13 - 000000000 ____D C:\ESD
2025-08-25 12:56 - 2025-08-25 12:56 - 000000000 ___HD C:\$Windows.~WS
2025-08-25 12:56 - 2025-08-25 12:56 - 000000000 ____D C:\$WINDOWS.~BT
2025-08-25 12:30 - 2025-08-25 12:30 - 000000552 __RSH C:\ProgramData\ntuser.pol
2025-08-25 10:01 - 2025-08-25 10:02 - 220839398 _____ C:\Users\matej\Downloads\1239.sdlppx
2025-08-24 20:31 - 2025-08-24 20:31 - 000000000 ____D C:\Users\matej\Documents\Max 9
2025-08-24 20:31 - 2025-08-24 20:31 - 000000000 ____D C:\ProgramData\Max 9
2025-08-24 17:51 - 2025-08-24 17:51 - 000000000 ____D C:\Users\matej\Downloads\Rufus
2025-08-24 17:34 - 2025-08-25 12:29 - 000000206 _____ C:\Users\matej\Downloads\rufus.ini
2025-08-24 17:34 - 2025-08-24 17:34 - 002102632 _____ (Akeo Consulting) C:\Users\matej\Downloads\rufus-4.9p.exe
2025-08-22 22:51 - 2025-08-22 22:51 - 000000000 ____D C:\Users\Public\mod.io
2025-08-22 22:34 - 2025-08-28 22:40 - 000000000 ____D C:\Users\matej\Documents\Anno 1800
2025-08-22 22:32 - 2025-08-30 19:15 - 000000000 ____D C:\Users\matej\AppData\Local\Ubisoft Game Launcher
2025-08-22 22:32 - 2025-08-22 22:32 - 000000000 ____D C:\Users\matej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2025-08-22 22:32 - 2025-08-22 22:32 - 000000000 ____D C:\ProgramData\Ubisoft
2025-08-22 22:32 - 2025-08-22 22:32 - 000000000 ____D C:\Program Files (x86)\Ubisoft
2025-08-22 19:26 - 2025-08-22 19:26 - 000000208 _____ C:\Users\matej\Desktop\Anno 1800.url
2025-08-22 10:35 - 2025-08-22 10:35 - 004950466 _____ C:\Users\matej\Downloads\735342111122 - CZ BREN 2 DMR cs (08-2025).pdf
2025-08-21 23:23 - 2025-08-21 23:23 - 000000000 ____D C:\Users\matej\AppData\Roaming\Valve Corporation
2025-08-21 20:16 - 2025-08-22 13:59 - 000000006 _____ C:\Users\matej\AppData\Roaming\crypto_keywords_state.json
2025-08-21 20:16 - 2025-08-21 20:16 - 000013116 _____ C:\Windows\system32\bip-0039.txt
2025-08-21 20:16 - 2025-08-21 20:16 - 000000034 _____ C:\Users\matej\devid
2025-08-21 19:19 - 2025-08-21 23:18 - 000000000 ____D C:\Users\matej\Documents\Studio 2024
2025-08-21 19:19 - 2025-08-21 19:19 - 000000000 ____D C:\Users\matej\AppData\Roaming\Trados AppStore
2025-08-21 19:17 - 2025-08-21 19:17 - 000000013 _____ C:\Windows\51a77459-90cb-4b12-8050-bc6fed072bb4.ddx
2025-08-21 19:17 - 2025-08-21 19:17 - 000000000 ____D C:\Program Files (x86)\Advanced Assistant
2025-08-21 19:15 - 2025-08-30 19:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trados Studio 2024
2025-08-19 20:19 - 2025-08-19 20:19 - 000000000 ____D C:\Users\matej\AppData\Local\WrapHouseSimulator
2025-08-18 22:36 - 2025-08-18 22:36 - 000000000 ____D C:\Users\matej\AppData\Roaming\SketchUp
2025-08-18 22:36 - 2025-08-18 22:36 - 000000000 ____D C:\Users\matej\AppData\Local\SketchUp
2025-08-18 22:35 - 2025-08-18 22:35 - 000000000 ____D C:\ProgramData\SketchUp
2025-08-18 22:00 - 2025-08-18 22:00 - 000000000 ____D C:\Users\matej\AppData\Local\DeadIsland
2025-08-18 17:03 - 2025-08-30 13:59 - 000000000 ____D C:\Users\matej\Downloads\1203 en
2025-08-18 16:59 - 2025-08-18 17:00 - 172216451 _____ C:\Users\matej\Downloads\1203 en.zip
2025-08-18 16:59 - 2025-08-18 17:00 - 117216063 _____ C:\Users\matej\Downloads\1202 en.sdlppx
2025-08-17 11:18 - 2025-08-17 11:18 - 000000730 _____ C:\Users\matej\Desktop\DARK SOULS III.lnk
2025-08-16 23:54 - 2025-08-16 23:54 - 001287892 _____ C:\Users\matej\Downloads\DS3 Seamless Co-op v0.1.1-1895-0-1-1-1741470313.zip
2025-08-16 23:49 - 2025-08-16 23:51 - 000000000 ____D C:\Users\matej\AppData\Roaming\DarkSoulsIII
2025-08-15 09:16 - 2025-08-30 19:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2025-08-15 09:16 - 2025-08-15 09:16 - 000000000 ____D C:\Program Files\LGHUB
2025-08-14 22:40 - 2025-08-14 22:40 - 000000000 ____D C:\Users\matej\Documents\Paradox Interactive
2025-08-13 09:38 - 2025-08-13 09:40 - 332215714 _____ C:\Users\matej\Downloads\1176 en.sdlppx
2025-08-10 14:43 - 2025-08-10 14:43 - 127779805 _____ C:\Users\matej\Downloads\1144-2.sdlppx
2025-08-03 17:21 - 2025-08-03 17:21 - 000000000 ____D C:\Users\matej\AppData\Roaming\Microsoft\PowerPoint
2025-08-01 19:49 - 2025-08-01 19:49 - 000000000 ____D C:\Users\matej\Games
2025-08-01 16:46 - 2025-08-03 17:27 - 000000000 ____D C:\Users\matej\Downloads\1123
2025-08-01 16:46 - 2025-08-01 16:46 - 017527660 _____ C:\Users\matej\Downloads\1123.zip
2025-07-31 14:41 - 2025-07-31 14:41 - 022300485 _____ C:\Users\matej\Downloads\3rlj1743TD-1753103189.zip
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-08-30 21:30 - 2024-12-05 01:12 - 001692324 _____ C:\Windows\system32\PerfStringBackup.INI
2025-08-30 21:30 - 2024-04-01 09:24 - 000000000 ____D C:\Windows\INF
2025-08-30 21:28 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\SystemTemp
2025-08-30 21:27 - 2024-12-05 02:55 - 000000000 ____D C:\Users\matej\AppData\Roaming\Dropbox
2025-08-30 21:27 - 2024-12-05 02:55 - 000000000 ____D C:\Users\matej\AppData\Local\Dropbox
2025-08-30 21:27 - 2024-12-05 02:26 - 000000000 ____D C:\Users\matej\AppData\Roaming\discord
2025-08-30 21:26 - 2024-12-05 02:26 - 000000000 ____D C:\Users\matej\AppData\Local\Discord
2025-08-30 21:26 - 2024-12-05 01:16 - 000003084 _____ C:\Windows\system32\Tasks\AMDLinkUpdate
2025-08-30 21:26 - 2024-12-05 01:13 - 000003422 _____ C:\Windows\system32\Tasks\GCC
2025-08-30 21:26 - 2024-12-05 01:10 - 000089336 _____ (GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Windows\system32\GigabyteDownloadAssistant.exe
2025-08-30 21:26 - 2024-12-05 01:10 - 000000000 ____D C:\ProgramData\NVIDIA
2025-08-30 21:26 - 2024-12-05 01:04 - 000001623 _____ C:\Windows\system32\config\VSMIDK
2025-08-30 21:26 - 2024-12-05 01:03 - 000015914 _____ C:\Windows\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2
2025-08-30 21:26 - 2024-12-05 01:02 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2025-08-30 21:26 - 2024-12-05 01:01 - 000906528 _____ C:\Windows\system32\wpbbin.exe
2025-08-30 21:26 - 2024-12-05 01:01 - 000878840 _____ (GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Windows\system32\GigabyteUpdateService.exe
2025-08-30 21:26 - 2024-12-05 01:01 - 000012288 ___SH C:\DumpStack.log.tmp
2025-08-30 21:26 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\ServiceState
2025-08-30 21:26 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\AppReadiness
2025-08-30 21:26 - 2024-04-01 09:26 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-08-30 21:25 - 2024-04-01 09:21 - 000524288 _____ C:\Windows\system32\config\BBI
2025-08-30 21:24 - 2024-12-05 01:01 - 000343968 _____ C:\Windows\system32\FNTCACHE.DAT
2025-08-30 21:23 - 2025-02-19 22:11 - 000000000 ____D C:\Windows\system32\Drivers\en-GB
2025-08-30 21:23 - 2024-04-01 10:03 - 000000000 ____D C:\Windows\system32\OpenSSH
2025-08-30 21:23 - 2024-04-01 10:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2025-08-30 21:23 - 2024-04-01 09:26 - 000000000 ___SD C:\Windows\SysWOW64\F12
2025-08-30 21:23 - 2024-04-01 09:26 - 000000000 ___SD C:\Windows\system32\F12
2025-08-30 21:23 - 2024-04-01 09:26 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2025-08-30 21:23 - 2024-04-01 09:26 - 000000000 ___RD C:\Program Files\Windows Defender
2025-08-30 21:23 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\UUS
2025-08-30 21:23 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2025-08-30 21:23 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\SysWOW64\setup
2025-08-30 21:23 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\SysWOW64\oobe
2025-08-30 21:23 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\SysWOW64\InstallShield
2025-08-30 21:23 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\SysWOW64\Dism
2025-08-30 21:23 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2025-08-30 21:23 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\SystemResources
2025-08-30 21:23 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\WinMetadata
2025-08-30 21:23 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\setup
2025-08-30 21:23 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2025-08-30 21:23 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\oobe
2025-08-30 21:23 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\migwiz
2025-08-30 21:23 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\HealthAttestationClient
2025-08-30 21:23 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\Dism
2025-08-30 21:23 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\appraiser
2025-08-30 21:23 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\AdvancedInstallers
2025-08-30 21:23 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\ShellExperiences
2025-08-30 21:23 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\ShellComponents
2025-08-30 21:23 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\Provisioning
2025-08-30 21:23 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\PolicyDefinitions
2025-08-30 21:23 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\bcastdvr
2025-08-30 21:23 - 2024-04-01 09:26 - 000000000 ____D C:\Program Files\Common Files\System
2025-08-30 21:23 - 2024-04-01 09:21 - 000000000 ____D C:\Windows\servicing
2025-08-30 21:22 - 2024-12-05 02:00 - 000000000 ____D C:\Users\matej\AppData\Roaming\qBittorrent
2025-08-30 21:05 - 2024-12-23 14:28 - 000000000 ____D C:\Users\matej\AppData\Local\Malwarebytes
2025-08-30 20:39 - 2024-12-06 01:42 - 000000000 ____D C:\Users\matej\AppData\Roaming\vlc
2025-08-30 20:39 - 2024-12-05 01:10 - 000000000 ____D C:\Users\matej\AppData\Local\Packages
2025-08-30 20:25 - 2024-04-01 09:26 - 000282624 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll
2025-08-30 20:25 - 2024-04-01 09:26 - 000235520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2025-08-30 20:20 - 2025-01-16 23:57 - 000000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
2025-08-30 19:32 - 2024-12-07 17:54 - 000000000 ____D C:\Users\matej\AppData\Local\CrashDumps
2025-08-30 19:02 - 2025-07-29 21:23 - 000000000 ____D C:\Users\matej\AppData\Local\DrugDealerSimulator2
2025-08-30 19:02 - 2025-07-16 00:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stronghold Crusader Definitive Edition
2025-08-30 19:02 - 2025-06-20 00:07 - 000000000 ____D C:\Users\matej\AppData\Roaming\exilence-ce-app
2025-08-30 19:02 - 2025-04-28 00:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2025-08-30 19:02 - 2025-03-01 17:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trados Studio 2022
2025-08-30 19:02 - 2025-02-17 00:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2025-08-30 19:02 - 2024-12-15 21:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ApSIC Tools
2025-08-30 19:02 - 2024-12-12 18:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lingea Lexicon 7
2025-08-30 19:02 - 2024-12-10 00:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LoopBe1 - Internal MIDI Port
2025-08-30 19:02 - 2024-12-09 23:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Ableton
2025-08-30 19:02 - 2024-12-08 00:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2025-08-30 19:02 - 2024-12-07 01:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2025-08-30 19:02 - 2024-12-06 01:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2025-08-30 19:02 - 2024-12-06 00:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VobSub
2025-08-30 19:02 - 2024-12-05 20:39 - 000000000 ____D C:\Program Files\Mozilla Firefox
2025-08-30 19:02 - 2024-12-05 20:39 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2025-08-30 19:02 - 2024-12-05 16:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2025-08-30 19:02 - 2024-12-05 15:42 - 000000000 ____D C:\Users\matej\AppData\Roaming\riot-client-ux
2025-08-30 19:02 - 2024-12-05 15:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
2025-08-30 19:02 - 2024-12-05 14:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2025-08-30 19:02 - 2024-12-05 01:14 - 000000000 ____D C:\ProgramData\Package Cache
2025-08-30 19:02 - 2024-12-05 01:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE
2025-08-30 19:02 - 2024-04-01 09:26 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2025-08-30 19:01 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\registration
2025-08-30 14:06 - 2024-12-05 20:52 - 000000000 ____D C:\Users\matej\AppData\Roaming\Microsoft\Word
2025-08-30 13:58 - 2025-04-05 22:44 - 000002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2025-08-30 13:58 - 2025-04-05 22:44 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2025-08-30 13:58 - 2025-04-05 22:44 - 000002413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2025-08-30 13:30 - 2024-12-06 20:50 - 000000000 ____D C:\Users\matej\AppData\Roaming\Path of Exile 2
2025-08-30 10:29 - 2024-12-05 16:24 - 000000000 ____D C:\Users\matej\AppData\Local\Steam
2025-08-30 09:32 - 2024-12-05 01:02 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-08-30 09:32 - 2024-04-01 09:26 - 000000000 ___HD C:\Program Files\WindowsApps
2025-08-30 09:26 - 2024-12-05 01:05 - 003270656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2025-08-30 09:05 - 2024-12-05 01:10 - 000000000 ____D C:\Users\matej\AppData\Local\D3DSCache
2025-08-30 09:03 - 2024-12-05 02:36 - 000000000 ____D C:\Users\matej\AppData\Local\LGHUB
2025-08-30 09:02 - 2024-12-05 01:09 - 000000000 ____D C:\Users\matej
2025-08-30 08:40 - 2024-12-05 01:02 - 000000000 ____D C:\Windows\system32\SleepStudy
2025-08-29 23:10 - 2024-12-05 19:18 - 000000000 ____D C:\Users\matej\AppData\Local\0install.net
2025-08-29 23:09 - 2024-12-05 15:47 - 000000001 _____ C:\Windows\vgkbootstatus.dat
2025-08-29 20:45 - 2024-12-23 14:28 - 000242752 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2025-08-29 19:40 - 2025-01-07 15:48 - 000000000 ____D C:\Games
2025-08-29 17:20 - 2024-12-05 14:38 - 000003834 _____ C:\Windows\system32\Tasks\NVIDIA App SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2025-08-29 17:20 - 2024-12-05 01:52 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2025-08-29 16:23 - 2024-12-05 20:39 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2025-08-29 16:22 - 2024-12-05 20:39 - 000001073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2025-08-29 14:10 - 2025-02-17 00:17 - 000000000 ____D C:\Users\matej\AppData\Local\LogMeIn Hamachi
2025-08-29 14:09 - 2024-12-05 01:10 - 000000000 ____D C:\Users\matej\AppData\Local\VirtualStore
2025-08-29 13:37 - 2025-03-06 12:47 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2025-08-29 13:37 - 2025-03-06 12:47 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2025-08-29 13:22 - 2024-12-05 15:47 - 134222904 _____ C:\Windows\392667600.dat
2025-08-29 11:46 - 2024-12-05 01:04 - 000000000 ____D C:\ProgramData\Packages
2025-08-29 10:27 - 2025-04-05 22:43 - 000000000 ____D C:\Program Files\Microsoft Office
2025-08-29 01:10 - 2024-12-15 14:21 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2025-08-28 17:14 - 2024-12-12 19:08 - 000000000 ____D C:\Users\matej\Documents\Lexicon
2025-08-28 14:55 - 2024-12-05 15:41 - 000000000 ____D C:\ProgramData\Riot Games
2025-08-28 13:48 - 2024-12-09 23:54 - 000000000 ____D C:\Users\matej\AppData\Roaming\Ableton
2025-08-27 23:56 - 2024-12-05 02:55 - 000000000 ____D C:\Program Files (x86)\Dropbox
2025-08-27 20:29 - 2024-12-05 01:23 - 000002364 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2025-08-26 13:36 - 2024-12-05 01:49 - 000000000 ____D C:\Users\matej\AppData\Local\UnrealEngine
2025-08-26 13:35 - 2024-12-05 16:40 - 000000000 ____D C:\Users\matej\AppData\Roaming\EasyAntiCheat
2025-08-26 00:50 - 2024-12-06 00:31 - 000000000 ____D C:\Users\matej\AppData\Roaming\BSplayer
2025-08-26 00:43 - 2024-12-06 00:31 - 000000000 ____D C:\Program Files (x86)\Webteh
2025-08-25 13:41 - 2024-12-05 01:10 - 000000000 ___SD C:\Users\matej\AppData\Roaming\Microsoft\Crypto
2025-08-25 13:13 - 2024-12-05 02:01 - 000000000 ____D C:\Windows\Panther
2025-08-24 20:31 - 2024-12-09 23:54 - 000000000 ____D C:\Users\matej\AppData\Roaming\Cycling '74
2025-08-24 13:39 - 2024-12-05 12:17 - 000000000 ____D C:\Users\matej\AppData\Roaming\Microsoft\Excel
2025-08-24 08:09 - 2024-12-05 14:38 - 001310240 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2025-08-24 08:09 - 2024-12-05 14:38 - 001114656 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2025-08-24 08:09 - 2024-12-05 01:52 - 000287776 _____ C:\Windows\system32\FvSDK_x64.dll
2025-08-24 08:09 - 2024-12-05 01:52 - 000262688 _____ C:\Windows\SysWOW64\FvSDK_x86.dll
2025-08-24 07:46 - 2024-12-05 01:52 - 000180760 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2025-08-24 07:46 - 2024-12-05 01:52 - 000159768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2025-08-24 07:45 - 2024-12-05 01:52 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2025-08-22 22:51 - 2024-12-27 17:14 - 000000000 ____D C:\Users\matej\AppData\Local\mod.io
2025-08-22 19:26 - 2024-12-05 16:33 - 000000000 ____D C:\Users\matej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2025-08-22 13:54 - 2024-12-23 21:55 - 004213136 _____ (Microsoft Corporation) C:\Windows\system32\xgameruntime.dll
2025-08-22 13:54 - 2024-12-23 21:55 - 000829808 _____ (Microsoft Corporation) C:\Windows\system32\gameplatformservices.dll
2025-08-22 13:54 - 2024-12-23 21:55 - 000276880 _____ (Microsoft Corporation) C:\Windows\system32\gamelaunchhelper.dll
2025-08-22 13:54 - 2024-12-23 21:55 - 000244112 _____ (Microsoft Corporation) C:\Windows\system32\gameconfighelper.dll
2025-08-22 13:54 - 2024-12-23 21:55 - 000166264 _____ (Microsoft Corporation) C:\Windows\system32\gamingtcuihelpers.dll
2025-08-22 13:54 - 2024-12-23 21:55 - 000121208 _____ (Microsoft Corporation) C:\Windows\system32\xgamehelper.exe
2025-08-22 13:54 - 2024-12-23 21:55 - 000076152 _____ (Microsoft Corporation) C:\Windows\system32\xgamecontrol.exe
2025-08-19 11:06 - 2025-07-08 17:26 - 000000000 ____D C:\Windows\Minidump
2025-08-19 11:06 - 2024-12-06 13:03 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2025-08-19 11:06 - 2024-12-05 01:01 - 004460682 ____N C:\Windows\Minidump\081925-23953-01.dmp
2025-08-19 01:26 - 2025-01-02 23:09 - 000000000 ____D C:\Users\matej\Zomboid
2025-08-19 00:35 - 2025-02-17 20:35 - 000003546 _____ C:\Windows\system32\Tasks\OneDrive Startup Task-S-1-5-21-1133320186-482538794-3055530732-1001
2025-08-19 00:35 - 2024-12-05 12:16 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2025-08-19 00:35 - 2024-12-05 12:16 - 000002130 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2025-08-19 00:35 - 2024-12-05 01:12 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1133320186-482538794-3055530732-1001
2025-08-18 22:00 - 2024-12-05 15:44 - 000000000 ____D C:\Users\matej\AppData\Local\EpicGamesLauncher
2025-08-16 18:08 - 2024-12-06 20:50 - 000000000 ____D C:\Users\matej\Documents\My Games
2025-08-15 09:17 - 2024-12-05 02:36 - 000000000 ____D C:\Users\matej\AppData\Roaming\G HUB
2025-08-14 01:14 - 2024-04-01 10:03 - 000000000 ____D C:\Windows\system32\Microsoft-Edge-WebView
2025-08-13 22:43 - 2024-12-07 01:54 - 000000000 ____D C:\Windows\system32\MRT
2025-08-13 22:42 - 2024-12-07 01:54 - 223939376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2025-08-11 08:18 - 2024-12-05 15:42 - 000000000 ____D C:\Program Files\Riot Vanguard
2025-08-10 12:37 - 2024-12-05 01:02 - 000000000 ____D C:\Windows\system32\Drivers\wd
2025-08-02 10:41 - 2024-12-05 01:01 - 004521104 ____N C:\Windows\Minidump\080225-23484-01.dmp
2025-08-02 10:23 - 2025-07-28 20:46 - 000000108 _____ C:\logUploaderSettings_temp.ini
2025-08-02 10:23 - 2025-07-28 20:46 - 000000108 _____ C:\logUploaderSettings.ini
2025-08-01 20:26 - 2024-12-05 01:02 - 000003716 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA{536BFF0B-7614-4020-AEA4-E7C28BF15FF1}
2025-08-01 20:26 - 2024-12-05 01:02 - 000003590 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore{1E635A62-BD04-4D30-831E-1B5842BB4851}
==================== Files in the root of some directories ========
2025-08-28 11:44 - 2025-08-29 19:55 - 000000370 _____ () C:\Users\Public\Updater.vbs
2025-08-21 20:16 - 2025-08-22 13:59 - 000000006 _____ () C:\Users\matej\AppData\Roaming\crypto_keywords_state.json
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43329
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Podezření na keylogger
Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.
(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).
Ulož jej na na plochu jako fixlist.txt
Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.
Možná bude potřeba oparvit windows.
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.
Kód: Vybrat vše
Start
CreateRestorePoint:
CloseProcesses:
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Lingea Lexicon 7.lnk:BA5FA6B951 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ableton Live 12 Suite.lnk:07297DC925 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini:41964AA945 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox — anonymní prohlížení.lnk:DD458B7765 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk:159ADC9AA1 [3442]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [5258]
FirewallRules: [TCP Query User{F23602B5-775A-440E-A72B-B581CCADF160}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe => No File
FirewallRules: [UDP Query User{D1E25590-345E-4A91-8923-C4B333844D33}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe => No File
FirewallRules: [TCP Query User{21A0FDB9-7447-4749-922F-AE31B5ED3C90}D:\games\steam\steamapps\common\marvelrivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\marvelrivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe => No File
FirewallRules: [UDP Query User{BAFC467A-EA77-4A17-859A-5D51278CB345}D:\games\steam\steamapps\common\marvelrivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\marvelrivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe => No File
FirewallRules: [{19E6EC0E-4F0D-49AD-A487-1825D878EFA8}] => (Allow) C:\Users\matej\AppData\Local\VoicemodV3\app\last\Voicemod.exe => No File
FirewallRules: [{37C9FAC9-8E98-4B88-B161-D266CA2E8FEA}] => (Allow) C:\Users\matej\AppData\Local\VoicemodV3\app\last\Voicemod.exe => No File
FirewallRules: [TCP Query User{8B6CD5A6-4C58-4DA9-B704-0EA19CA9786A}D:\games\steam\steamapps\common\fragpunk\fragpunk\binaries\win64\fragpunk.exe] => (Allow) D:\games\steam\steamapps\common\fragpunk\fragpunk\binaries\win64\fragpunk.exe => No File
FirewallRules: [UDP Query User{D563B6BC-76DD-421A-8145-9154B3AA3551}D:\games\steam\steamapps\common\fragpunk\fragpunk\binaries\win64\fragpunk.exe] => (Allow) D:\games\steam\steamapps\common\fragpunk\fragpunk\binaries\win64\fragpunk.exe => No File
FirewallRules: [TCP Query User{CDD91587-F107-43BB-869B-5087431AF543}D:\iso\broforce\broforce\broforce_beta.exe] => (Allow) D:\iso\broforce\broforce\broforce_beta.exe => No File
FirewallRules: [UDP Query User{A1611C98-31F5-4CBB-BF8D-958B9EE3FD34}D:\iso\broforce\broforce\broforce_beta.exe] => (Allow) D:\iso\broforce\broforce\broforce_beta.exe => No File
FirewallRules: [TCP Query User{4F8FB9AF-DE79-47E6-8311-B124652DA5B5}C:\games\makewaybd5d1\make way.exe] => (Allow) C:\games\makewaybd5d1\make way.exe => No File
FirewallRules: [UDP Query User{7E86AB6D-F367-4674-9E72-E3577E5D2B93}C:\games\makewaybd5d1\make way.exe] => (Allow) C:\games\makewaybd5d1\make way.exe => No File
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {40ACE85C-C44F-4CEB-A8FE-A86A46362B2E} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem141.0.7340.0{E6B90A15-F356-4F7A-A5F0-058114C60915} => C:\Program Files (x86)\Google\GoogleUpdater\141.0.7340.0\updater.exe [6813336 2025-08-06] (Google LLC -> Google LLC)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {D4033C61-6FA3-4D1E-B787-07273D5874D9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25070.5-0\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance (No File)
Task: {6661D0AB-CCF8-439D-AA9C-7B97D8BE081D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25070.5-0\MpCmdRun.exe -IdleTask -TaskName WdCleanup (No File)
Task: {1A012B0C-5C6D-4867-AE95-705C631D0C13} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25070.5-0\MpCmdRun.exe Scan -ScheduleJob -ScanTrigger 55 -IdleScheduledJob (No File)
Task: {6EE54D59-08A8-41EB-A3AA-4EB460EDC01C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25070.5-0\MpCmdRun.exe -IdleTask -TaskName WdVerification (No File)
Task: {9F2D8314-C9D8-459B-9772-19FC3D0DE85C} - System32\Tasks\Updater => C:\Users\Public\Updater.vbs [370 2025-08-29] () [File not signed] <==== ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
Virustotal : C:\Users\Public\Updater.vbs
EmptyTemp:
End(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).
Ulož jej na na plochu jako fixlist.txt
Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.
Možná bude potřeba oparvit windows.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Podezření na keylogger
Fix result of Farbar Recovery Scan Tool (x64) Version: 21-08-2025
Ran by matej (31-08-2025 01:05:32) Run:1
Running from C:\Users\matej\Desktop
Loaded Profiles: matej
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Lingea Lexicon 7.lnk:BA5FA6B951 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ableton Live 12 Suite.lnk:07297DC925 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini:41964AA945 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox — anonymní prohlížení.lnk:DD458B7765 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk:159ADC9AA1 [3442]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [5258]
FirewallRules: [TCP Query User{F23602B5-775A-440E-A72B-B581CCADF160}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe => No File
FirewallRules: [UDP Query User{D1E25590-345E-4A91-8923-C4B333844D33}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe => No File
FirewallRules: [TCP Query User{21A0FDB9-7447-4749-922F-AE31B5ED3C90}D:\games\steam\steamapps\common\marvelrivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\marvelrivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe => No File
FirewallRules: [UDP Query User{BAFC467A-EA77-4A17-859A-5D51278CB345}D:\games\steam\steamapps\common\marvelrivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\marvelrivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe => No File
FirewallRules: [{19E6EC0E-4F0D-49AD-A487-1825D878EFA8}] => (Allow) C:\Users\matej\AppData\Local\VoicemodV3\app\last\Voicemod.exe => No File
FirewallRules: [{37C9FAC9-8E98-4B88-B161-D266CA2E8FEA}] => (Allow) C:\Users\matej\AppData\Local\VoicemodV3\app\last\Voicemod.exe => No File
FirewallRules: [TCP Query User{8B6CD5A6-4C58-4DA9-B704-0EA19CA9786A}D:\games\steam\steamapps\common\fragpunk\fragpunk\binaries\win64\fragpunk.exe] => (Allow) D:\games\steam\steamapps\common\fragpunk\fragpunk\binaries\win64\fragpunk.exe => No File
FirewallRules: [UDP Query User{D563B6BC-76DD-421A-8145-9154B3AA3551}D:\games\steam\steamapps\common\fragpunk\fragpunk\binaries\win64\fragpunk.exe] => (Allow) D:\games\steam\steamapps\common\fragpunk\fragpunk\binaries\win64\fragpunk.exe => No File
FirewallRules: [TCP Query User{CDD91587-F107-43BB-869B-5087431AF543}D:\iso\broforce\broforce\broforce_beta.exe] => (Allow) D:\iso\broforce\broforce\broforce_beta.exe => No File
FirewallRules: [UDP Query User{A1611C98-31F5-4CBB-BF8D-958B9EE3FD34}D:\iso\broforce\broforce\broforce_beta.exe] => (Allow) D:\iso\broforce\broforce\broforce_beta.exe => No File
FirewallRules: [TCP Query User{4F8FB9AF-DE79-47E6-8311-B124652DA5B5}C:\games\makewaybd5d1\make way.exe] => (Allow) C:\games\makewaybd5d1\make way.exe => No File
FirewallRules: [UDP Query User{7E86AB6D-F367-4674-9E72-E3577E5D2B93}C:\games\makewaybd5d1\make way.exe] => (Allow) C:\games\makewaybd5d1\make way.exe => No File
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {40ACE85C-C44F-4CEB-A8FE-A86A46362B2E} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem141.0.7340.0{E6B90A15-F356-4F7A-A5F0-058114C60915} => C:\Program Files (x86)\Google\GoogleUpdater\141.0.7340.0\updater.exe [6813336 2025-08-06] (Google LLC -> Google LLC)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {D4033C61-6FA3-4D1E-B787-07273D5874D9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25070.5-0\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance (No File)
Task: {6661D0AB-CCF8-439D-AA9C-7B97D8BE081D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25070.5-0\MpCmdRun.exe -IdleTask -TaskName WdCleanup (No File)
Task: {1A012B0C-5C6D-4867-AE95-705C631D0C13} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25070.5-0\MpCmdRun.exe Scan -ScheduleJob -ScanTrigger 55 -IdleScheduledJob (No File)
Task: {6EE54D59-08A8-41EB-A3AA-4EB460EDC01C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25070.5-0\MpCmdRun.exe -IdleTask -TaskName WdVerification (No File)
Task: {9F2D8314-C9D8-459B-9772-19FC3D0DE85C} - System32\Tasks\Updater => C:\Users\Public\Updater.vbs [370 2025-08-29] () [File not signed] <==== ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
Virustotal : C:\Users\Public\Updater.vbs
EmptyTemp:
End
*****************
Restore point was successfully created.
Processes closed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini => ":B1DA6C571C" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Lingea Lexicon 7.lnk => ":BA5FA6B951" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ableton Live 12 Suite.lnk => ":07297DC925" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini => ":41964AA945" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk => ":BE32D07BC5" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox — anonymní prohlížení.lnk => ":DD458B7765" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk => ":159ADC9AA1" ADS removed successfully
C:\Users\Public\Shared Files => ":VersionCache" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F23602B5-775A-440E-A72B-B581CCADF160}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D1E25590-345E-4A91-8923-C4B333844D33}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{21A0FDB9-7447-4749-922F-AE31B5ED3C90}D:\games\steam\steamapps\common\marvelrivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{BAFC467A-EA77-4A17-859A-5D51278CB345}D:\games\steam\steamapps\common\marvelrivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{19E6EC0E-4F0D-49AD-A487-1825D878EFA8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{37C9FAC9-8E98-4B88-B161-D266CA2E8FEA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{8B6CD5A6-4C58-4DA9-B704-0EA19CA9786A}D:\games\steam\steamapps\common\fragpunk\fragpunk\binaries\win64\fragpunk.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D563B6BC-76DD-421A-8145-9154B3AA3551}D:\games\steam\steamapps\common\fragpunk\fragpunk\binaries\win64\fragpunk.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{CDD91587-F107-43BB-869B-5087431AF543}D:\iso\broforce\broforce\broforce_beta.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A1611C98-31F5-4CBB-BF8D-958B9EE3FD34}D:\iso\broforce\broforce\broforce_beta.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{4F8FB9AF-DE79-47E6-8311-B124652DA5B5}C:\games\makewaybd5d1\make way.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{7E86AB6D-F367-4674-9E72-E3577E5D2B93}C:\games\makewaybd5d1\make way.exe" => removed successfully
"C:\Windows\system32\GroupPolicy\Machine" Folder move:
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{40ACE85C-C44F-4CEB-A8FE-A86A46362B2E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40ACE85C-C44F-4CEB-A8FE-A86A46362B2E}" => removed successfully
C:\Windows\System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem141.0.7340.0{E6B90A15-F356-4F7A-A5F0-058114C60915} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem141.0.7340.0{E6B90A15-F356-4F7A-A5F0-058114C60915}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3E6E7ED-A196-4E44-8803-55FAB3AD4E29}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3E6E7ED-A196-4E44-8803-55FAB3AD4E29}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D4033C61-6FA3-4D1E-B787-07273D5874D9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4033C61-6FA3-4D1E-B787-07273D5874D9}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6661D0AB-CCF8-439D-AA9C-7B97D8BE081D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6661D0AB-CCF8-439D-AA9C-7B97D8BE081D}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Defender\Windows Defender Cleanup" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1A012B0C-5C6D-4867-AE95-705C631D0C13}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A012B0C-5C6D-4867-AE95-705C631D0C13}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6EE54D59-08A8-41EB-A3AA-4EB460EDC01C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6EE54D59-08A8-41EB-A3AA-4EB460EDC01C}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Defender\Windows Defender Verification" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9F2D8314-C9D8-459B-9772-19FC3D0DE85C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F2D8314-C9D8-459B-9772-19FC3D0DE85C}" => removed successfully
C:\Windows\System32\Tasks\Updater => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater" => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj => removed successfully
Virustotal : C:\Users\Public\Updater.vbs => Error: No automatic fix found for this entry.
=========== EmptyTemp: ==========
FlushDNS => completed
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 616470438 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 608024634 B
Windows/system/drivers => 5599414 B
Edge => 0 B
Chrome => 150871733 B
Brave => 1690527372 B
Firefox => 11036439 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
matej => 195888306 B
RecycleBin => 168363 B
EmptyTemp: => 3.1 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 01:06:56 ====
pořád nemám přístup k nastavení Defenderu
Ran by matej (31-08-2025 01:05:32) Run:1
Running from C:\Users\matej\Desktop
Loaded Profiles: matej
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Lingea Lexicon 7.lnk:BA5FA6B951 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ableton Live 12 Suite.lnk:07297DC925 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini:41964AA945 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox — anonymní prohlížení.lnk:DD458B7765 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk:159ADC9AA1 [3442]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [5258]
FirewallRules: [TCP Query User{F23602B5-775A-440E-A72B-B581CCADF160}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe => No File
FirewallRules: [UDP Query User{D1E25590-345E-4A91-8923-C4B333844D33}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe => No File
FirewallRules: [TCP Query User{21A0FDB9-7447-4749-922F-AE31B5ED3C90}D:\games\steam\steamapps\common\marvelrivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\marvelrivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe => No File
FirewallRules: [UDP Query User{BAFC467A-EA77-4A17-859A-5D51278CB345}D:\games\steam\steamapps\common\marvelrivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\marvelrivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe => No File
FirewallRules: [{19E6EC0E-4F0D-49AD-A487-1825D878EFA8}] => (Allow) C:\Users\matej\AppData\Local\VoicemodV3\app\last\Voicemod.exe => No File
FirewallRules: [{37C9FAC9-8E98-4B88-B161-D266CA2E8FEA}] => (Allow) C:\Users\matej\AppData\Local\VoicemodV3\app\last\Voicemod.exe => No File
FirewallRules: [TCP Query User{8B6CD5A6-4C58-4DA9-B704-0EA19CA9786A}D:\games\steam\steamapps\common\fragpunk\fragpunk\binaries\win64\fragpunk.exe] => (Allow) D:\games\steam\steamapps\common\fragpunk\fragpunk\binaries\win64\fragpunk.exe => No File
FirewallRules: [UDP Query User{D563B6BC-76DD-421A-8145-9154B3AA3551}D:\games\steam\steamapps\common\fragpunk\fragpunk\binaries\win64\fragpunk.exe] => (Allow) D:\games\steam\steamapps\common\fragpunk\fragpunk\binaries\win64\fragpunk.exe => No File
FirewallRules: [TCP Query User{CDD91587-F107-43BB-869B-5087431AF543}D:\iso\broforce\broforce\broforce_beta.exe] => (Allow) D:\iso\broforce\broforce\broforce_beta.exe => No File
FirewallRules: [UDP Query User{A1611C98-31F5-4CBB-BF8D-958B9EE3FD34}D:\iso\broforce\broforce\broforce_beta.exe] => (Allow) D:\iso\broforce\broforce\broforce_beta.exe => No File
FirewallRules: [TCP Query User{4F8FB9AF-DE79-47E6-8311-B124652DA5B5}C:\games\makewaybd5d1\make way.exe] => (Allow) C:\games\makewaybd5d1\make way.exe => No File
FirewallRules: [UDP Query User{7E86AB6D-F367-4674-9E72-E3577E5D2B93}C:\games\makewaybd5d1\make way.exe] => (Allow) C:\games\makewaybd5d1\make way.exe => No File
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {40ACE85C-C44F-4CEB-A8FE-A86A46362B2E} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem141.0.7340.0{E6B90A15-F356-4F7A-A5F0-058114C60915} => C:\Program Files (x86)\Google\GoogleUpdater\141.0.7340.0\updater.exe [6813336 2025-08-06] (Google LLC -> Google LLC)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {D4033C61-6FA3-4D1E-B787-07273D5874D9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25070.5-0\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance (No File)
Task: {6661D0AB-CCF8-439D-AA9C-7B97D8BE081D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25070.5-0\MpCmdRun.exe -IdleTask -TaskName WdCleanup (No File)
Task: {1A012B0C-5C6D-4867-AE95-705C631D0C13} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25070.5-0\MpCmdRun.exe Scan -ScheduleJob -ScanTrigger 55 -IdleScheduledJob (No File)
Task: {6EE54D59-08A8-41EB-A3AA-4EB460EDC01C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25070.5-0\MpCmdRun.exe -IdleTask -TaskName WdVerification (No File)
Task: {9F2D8314-C9D8-459B-9772-19FC3D0DE85C} - System32\Tasks\Updater => C:\Users\Public\Updater.vbs [370 2025-08-29] () [File not signed] <==== ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
Virustotal : C:\Users\Public\Updater.vbs
EmptyTemp:
End
*****************
Restore point was successfully created.
Processes closed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini => ":B1DA6C571C" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Lingea Lexicon 7.lnk => ":BA5FA6B951" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ableton Live 12 Suite.lnk => ":07297DC925" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini => ":41964AA945" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk => ":BE32D07BC5" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox — anonymní prohlížení.lnk => ":DD458B7765" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk => ":159ADC9AA1" ADS removed successfully
C:\Users\Public\Shared Files => ":VersionCache" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F23602B5-775A-440E-A72B-B581CCADF160}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D1E25590-345E-4A91-8923-C4B333844D33}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{21A0FDB9-7447-4749-922F-AE31B5ED3C90}D:\games\steam\steamapps\common\marvelrivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{BAFC467A-EA77-4A17-859A-5D51278CB345}D:\games\steam\steamapps\common\marvelrivals\marvelgame\marvel\binaries\win64\marvel-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{19E6EC0E-4F0D-49AD-A487-1825D878EFA8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{37C9FAC9-8E98-4B88-B161-D266CA2E8FEA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{8B6CD5A6-4C58-4DA9-B704-0EA19CA9786A}D:\games\steam\steamapps\common\fragpunk\fragpunk\binaries\win64\fragpunk.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D563B6BC-76DD-421A-8145-9154B3AA3551}D:\games\steam\steamapps\common\fragpunk\fragpunk\binaries\win64\fragpunk.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{CDD91587-F107-43BB-869B-5087431AF543}D:\iso\broforce\broforce\broforce_beta.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A1611C98-31F5-4CBB-BF8D-958B9EE3FD34}D:\iso\broforce\broforce\broforce_beta.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{4F8FB9AF-DE79-47E6-8311-B124652DA5B5}C:\games\makewaybd5d1\make way.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{7E86AB6D-F367-4674-9E72-E3577E5D2B93}C:\games\makewaybd5d1\make way.exe" => removed successfully
"C:\Windows\system32\GroupPolicy\Machine" Folder move:
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{40ACE85C-C44F-4CEB-A8FE-A86A46362B2E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40ACE85C-C44F-4CEB-A8FE-A86A46362B2E}" => removed successfully
C:\Windows\System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem141.0.7340.0{E6B90A15-F356-4F7A-A5F0-058114C60915} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem141.0.7340.0{E6B90A15-F356-4F7A-A5F0-058114C60915}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3E6E7ED-A196-4E44-8803-55FAB3AD4E29}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3E6E7ED-A196-4E44-8803-55FAB3AD4E29}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D4033C61-6FA3-4D1E-B787-07273D5874D9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4033C61-6FA3-4D1E-B787-07273D5874D9}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6661D0AB-CCF8-439D-AA9C-7B97D8BE081D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6661D0AB-CCF8-439D-AA9C-7B97D8BE081D}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Defender\Windows Defender Cleanup" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1A012B0C-5C6D-4867-AE95-705C631D0C13}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A012B0C-5C6D-4867-AE95-705C631D0C13}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6EE54D59-08A8-41EB-A3AA-4EB460EDC01C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6EE54D59-08A8-41EB-A3AA-4EB460EDC01C}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Defender\Windows Defender Verification" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9F2D8314-C9D8-459B-9772-19FC3D0DE85C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F2D8314-C9D8-459B-9772-19FC3D0DE85C}" => removed successfully
C:\Windows\System32\Tasks\Updater => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater" => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj => removed successfully
Virustotal : C:\Users\Public\Updater.vbs => Error: No automatic fix found for this entry.
=========== EmptyTemp: ==========
FlushDNS => completed
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 616470438 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 608024634 B
Windows/system/drivers => 5599414 B
Edge => 0 B
Chrome => 150871733 B
Brave => 1690527372 B
Firefox => 11036439 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
matej => 195888306 B
RecycleBin => 168363 B
EmptyTemp: => 3.1 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 01:06:56 ====
pořád nemám přístup k nastavení Defenderu
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43329
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Podezření na keylogger
Zkus tento postup:
https://www.reddit.com/r/computerhelp/c ... _11/?tl=cs
Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.
(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).
Ulož jej na na plochu jako fixlist.txt
Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.
Ještě můžeš zkusit windows11 manager na opravu:
https://www.yamicsoft.com/en/index.php
https://www.reddit.com/r/computerhelp/c ... _11/?tl=cs
Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.
Kód: Vybrat vše
Start
CreateRestorePoint:
CloseProcesses:
Virustotal: C:\Users\Public\Updater.vbs
EmptyTemp:
End(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).
Ulož jej na na plochu jako fixlist.txt
Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.
Ještě můžeš zkusit windows11 manager na opravu:
https://www.yamicsoft.com/en/index.php
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Podezření na keylogger
Fix result of Farbar Recovery Scan Tool (x64) Version: 21-08-2025
Ran by matej (31-08-2025 15:51:20) Run:2
Running from C:\Users\matej\Desktop
Loaded Profiles: matej
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
Virustotal: C:\Users\Public\Updater.vbs
EmptyTemp:
End
*****************
Restore point was successfully created.
Processes closed successfully.
Virusscan: C:\Users\Public\Updater.vbs => https://virusscan.jotti.org/filescanjob/th0e1ha4uc
=========== EmptyTemp: ==========
FlushDNS => completed
BITS transfer queue => 786432 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10545464 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 79474220 B
Windows/system/drivers => 2483814 B
Edge => 0 B
Chrome => 0 B
Brave => 402070176 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
matej => -1529310 B
RecycleBin => 0 B
EmptyTemp: => 472.4 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 15:52:57 ====
postup na redditu první odpověď nepomohla a co se týče té druhé, složku securityhealth nemám prázdnou a ten exe co jsem měl stáhnout při spuštění jen problikne a nic jiného.
Jinak program Zemana se mi předtim nepodařilo nainstalovat, něco instalaci zablokovalo, a teď vždycky po startu vyskočí na ploše popup "Na tomto zařízení nejde načíst určitý ovladač. Ovladač: amsdk.sys... V načtení tohoto ovladače brání nějaké nastavení zabezpečení". Podle googlu to souvisí se Zemana, ale v nainstalovaných programech Zemana nevidím. A ve Windows Manager se moc neumím orientovat, zkusil jsem tam oprava systému>sken, kterej prý opravil nějaké corrupt files, ale dál nevím.
Ran by matej (31-08-2025 15:51:20) Run:2
Running from C:\Users\matej\Desktop
Loaded Profiles: matej
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
Virustotal: C:\Users\Public\Updater.vbs
EmptyTemp:
End
*****************
Restore point was successfully created.
Processes closed successfully.
Virusscan: C:\Users\Public\Updater.vbs => https://virusscan.jotti.org/filescanjob/th0e1ha4uc
=========== EmptyTemp: ==========
FlushDNS => completed
BITS transfer queue => 786432 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10545464 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 79474220 B
Windows/system/drivers => 2483814 B
Edge => 0 B
Chrome => 0 B
Brave => 402070176 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
matej => -1529310 B
RecycleBin => 0 B
EmptyTemp: => 472.4 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 15:52:57 ====
postup na redditu první odpověď nepomohla a co se týče té druhé, složku securityhealth nemám prázdnou a ten exe co jsem měl stáhnout při spuštění jen problikne a nic jiného.
Jinak program Zemana se mi předtim nepodařilo nainstalovat, něco instalaci zablokovalo, a teď vždycky po startu vyskočí na ploše popup "Na tomto zařízení nejde načíst určitý ovladač. Ovladač: amsdk.sys... V načtení tohoto ovladače brání nějaké nastavení zabezpečení". Podle googlu to souvisí se Zemana, ale v nainstalovaných programech Zemana nevidím. A ve Windows Manager se moc neumím orientovat, zkusil jsem tam oprava systému>sken, kterej prý opravil nějaké corrupt files, ale dál nevím.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43329
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Podezření na keylogger
Kaspersky Virus Removal Tool
http://www.kaspersky.com/antivirus-removal-tool?form=1
https://www.majorgeeks.com/files/detail ... _tool.html
Návod:
https://support.kaspersky.com/kvrt2020/howto/15674
http://www.kaspersky.com/antivirus-removal-tool?form=1
https://www.majorgeeks.com/files/detail ... _tool.html
Návod:
https://support.kaspersky.com/kvrt2020/howto/15674
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Podezření na keylogger
ten nic škodlivýho nenašel
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43329
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Podezření na keylogger
Zkus tu opravu pomocí windows11 manageru. Odkaz je výše.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Podezření na keylogger
kterou konkrétně? tam jsou různé opravy a neviděl jsem tam žádnou, která se soustředí defender, možná Systémové Komponenty na první kartě?
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43329
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Podezření na keylogger
Jo ty..
Pak:
Pro opravu Windows Defender použijte nástroj Kontrola systémových souborů (sfc /scannow) a Nástroj DISM (DISM /Online /Cleanup-Image /RestoreHealth) v příkazovém řádku spuštěném jako správce, restartujte počítač a zkontrolujte nastavení v aplikaci Zabezpečení Windows. Dále můžete resetovat nastavení brány firewall, zkontrolovat a nainstalovat nejnovější aktualizace Windows a zabezpečení nebo ručně znovu nainstalovat Windows Defender
https://www.google.com/search?client=fi ... +defenderu
Pak:
Pro opravu Windows Defender použijte nástroj Kontrola systémových souborů (sfc /scannow) a Nástroj DISM (DISM /Online /Cleanup-Image /RestoreHealth) v příkazovém řádku spuštěném jako správce, restartujte počítač a zkontrolujte nastavení v aplikaci Zabezpečení Windows. Dále můžete resetovat nastavení brány firewall, zkontrolovat a nainstalovat nejnovější aktualizace Windows a zabezpečení nebo ručně znovu nainstalovat Windows Defender
https://www.google.com/search?client=fi ... +defenderu
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 13 hostů