Ahoj, včera jsem si všimnul, že mám na pozadí zaplý program TiWorker.exe, který mi bere většinu procesoru, ram a disku. Vím, že to má být spojené s akutalizacemi ve Windows, ale ty jsem všechny vypnul. Další věc je ta, že jakmile otevřu správce úloh, tak se TiWorker.exe sám od sebe vypne a snaží se ''schovat''. Neví někdo, jak to dát pryč, pokud je to teda virus.
Díky moc.
TiWorker.exe virus
-
mmmartin
- Moderátor
-
Elite Level 10
- Příspěvky: 9504
- Registrován: srpen 04
- Bydliště: Praha
- Pohlaví:
- Stav:
Online
Re: TiWorker.exe virus
ASUS Prime Z390-P / Hexa Core Intel core i5 Coffee Lake-S / Gigabyte GeForce GTX 650 Ti / FORTRON BlueStorm Bronze 80PLUS / W 11
Re: TiWorker.exe virus
Ano, tohoto jsem si vědom, ale také jsem četl, že to může byt minerský vir. Je nějaká možnost, jak to ověřit?
-
ITCrowd
- Tvůrce článků
-
Guru Level 13.5
- Příspěvky: 23603
- Registrován: březen 10
- Pohlaví:
- Stav:
Offline
Re: TiWorker.exe virus
Jistě. Vlož log z HijackThis do stejné sekce. Naši virobijci ti už řeknou, co a jak.
Zkusili jste to vypnout a zapnout? Problémy řeším pouze v tématech. Do SZ mi proto píšete zbytečně.
Základní diagnostika WiFi Jak na diagnostiku sítě Router jako switch Proč je nesmysl chtít router s velkým dosahem Vybíráme router
Základní diagnostika WiFi Jak na diagnostiku sítě Router jako switch Proč je nesmysl chtít router s velkým dosahem Vybíráme router
Re: TiWorker.exe virus
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:28:28, on 01.11.2020
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.18362.0001)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\Program Files (x86)\Steam\steam.exe
C:\WINDOWS\SysWOW64\NOTEPAD.EXE
C:\Users\Tedas\Desktop\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Tedas\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [Discord] C:\Users\Tedas\AppData\Local\Discord\app-0.0.308\Discord.exe
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_AC42B993303A9B313EB69949F2D35547] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
O4 - Startup: DS4Windows.lnk = C:\hovna\ds4\DS4Windows.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~2\Office12\GRA32A~1.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\CredentialEnrollmentManager.exe,-100 (CredentialEnrollmentManagerUserSvc) - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: CredentialEnrollmentManagerUserSvc_58293 - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: Služba Microsoft Edge Update (edgeupdate) (edgeupdate) - Unknown owner - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe (file missing)
O23 - Service: Služba Microsoft Edge Update (edgeupdatem) (edgeupdatem) - Unknown owner - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google LLC - C:\Program Files (x86)\Google\Chrome\Application\86.0.4240.111\elevation_service.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Microsoft Edge Elevation Service (MicrosoftEdgeElevationService) - Unknown owner - C:\Program Files (x86)\Microsoft\Edge\Application\81.0.416.81\elevation_service.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_edab19158bdd0d0a\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\WINDOWS\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Rockstar Game Library Service (Rockstar Service) - Rockstar Games - C:\Program Files\Rockstar Games\Launcher\RockstarService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: @firewallapi.dll,-50323 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Zakynthos Service (zksvc) - PUBG Corporation - C:\Program Files\Common Files\PUBG\zksvc.exe
--
End of file - 9750 bytes
Snad jsem to poslal správně
Scan saved at 0:28:28, on 01.11.2020
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.18362.0001)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\Program Files (x86)\Steam\steam.exe
C:\WINDOWS\SysWOW64\NOTEPAD.EXE
C:\Users\Tedas\Desktop\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Tedas\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [Discord] C:\Users\Tedas\AppData\Local\Discord\app-0.0.308\Discord.exe
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_AC42B993303A9B313EB69949F2D35547] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
O4 - Startup: DS4Windows.lnk = C:\hovna\ds4\DS4Windows.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~2\Office12\GRA32A~1.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\CredentialEnrollmentManager.exe,-100 (CredentialEnrollmentManagerUserSvc) - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: CredentialEnrollmentManagerUserSvc_58293 - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: Služba Microsoft Edge Update (edgeupdate) (edgeupdate) - Unknown owner - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe (file missing)
O23 - Service: Služba Microsoft Edge Update (edgeupdatem) (edgeupdatem) - Unknown owner - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google LLC - C:\Program Files (x86)\Google\Chrome\Application\86.0.4240.111\elevation_service.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Microsoft Edge Elevation Service (MicrosoftEdgeElevationService) - Unknown owner - C:\Program Files (x86)\Microsoft\Edge\Application\81.0.416.81\elevation_service.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_edab19158bdd0d0a\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\WINDOWS\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Rockstar Game Library Service (Rockstar Service) - Rockstar Games - C:\Program Files\Rockstar Games\Launcher\RockstarService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: @firewallapi.dll,-50323 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Zakynthos Service (zksvc) - PUBG Corporation - C:\Program Files\Common Files\PUBG\zksvc.exe
--
End of file - 9750 bytes
Snad jsem to poslal správně
Re: TiWorker.exe virus
Ještě přidávám FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-10-2020
Ran by Tedas (administrator) on DESKTOP-11JAO0Q (MSI MS-7817) (01-11-2020 00:49:26)
Running from C:\Users\Tedas\Desktop
Loaded Profiles: Tedas
Platform: Windows 10 Home Version 1903 18362.959 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\hovna\ds4\DS4Windows.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <17>
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\perfmon.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe <2>
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2009.7-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2009.7-0\NisSrv.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_edab19158bdd0d0a\Display.NvContainer\NVDisplay.Container.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <8>
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9217024 2017-04-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-08-27] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5890504 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.)
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1359492776-2785733239-201844929-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3416352 2020-10-23] (Valve -> Valve Corporation)
HKU\S-1-5-21-1359492776-2785733239-201844929-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [729704 2018-04-03] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-1359492776-2785733239-201844929-1001\...\Run: [Discord] => C:\Users\Tedas\AppData\Local\Discord\app-0.0.308\Discord.exe [91023672 2020-09-10] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-1359492776-2785733239-201844929-1001\...\Run: [GoogleChromeAutoLaunch_AC42B993303A9B313EB69949F2D35547] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
HKU\S-1-5-21-1359492776-2785733239-201844929-1001\...\Policies\Explorer: [NoSecurityTab] 1
HKU\S-1-5-21-1359492776-2785733239-201844929-1001\...\MountPoints2: {a416e489-4c6f-11e8-aa2d-d8cb8a561954} - "F:\setup.exe"
HKLM\...\Windows x64\Print Processors\Canon MG5300 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDAT.DLL [30208 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG5300 series: C:\Windows\system32\CNMLMAT.DLL [385024 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\MPE3 Port: C:\Windows\system32\mpelocalmon.dll [27648 2016-03-21] (Copyright (c) Code Industry Ltd) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\86.0.4240.111\Installer\chrmstp.exe [2020-10-21] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{9459C573-B17A-45AE-9F64-1857B5D58CEE}] -> "C:\Program Files (x86)\Microsoft\Edge\Application\81.0.416.81\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level
IFEO\dismHost.exe: [Debugger] *
IFEO\EOSNOTIFY.EXE: [Debugger] *
IFEO\InstallAgent.exe: [Debugger] *
IFEO\MusNotification.exe: [Debugger] *
IFEO\MUSNOTIFICATIONUX.EXE: [Debugger] *
IFEO\remsh.exe: [Debugger] *
IFEO\SIHClient.exe: [Debugger] *
IFEO\UpdateAssistant.exe: [Debugger] *
IFEO\UPFC.EXE: [Debugger] *
IFEO\UsoClient.exe: [Debugger] *
IFEO\WaaSMedic.exe: [Debugger] *
IFEO\WaasMedicAgent.exe: [Debugger] *
IFEO\Windows10Upgrade.exe: [Debugger] *
IFEO\WINDOWS10UPGRADERAPP.EXE: [Debugger] *
Startup: C:\Users\Tedas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DS4Windows.lnk [2018-11-05]
ShortcutTarget: DS4Windows.lnk -> C:\hovna\ds4\DS4Windows.exe () [File not signed]
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {044D7DDC-13A0-4898-B71D-B9945340FD0E} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
Task: {1D32A704-F473-44D3-9035-E4389A05E2E9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MpCmdRun.exe [533312 2020-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {36650B59-1F5B-421A-9CEA-2BCDE4BB361A} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {36E03316-981A-4A92-A9BD-D327FFAFEC29} - System32\Tasks\HWiNFO => C:\Program Files\HWiNFO64\HWiNFO64.EXE
Task: {3C0B4884-134A-408B-A677-D65219424A3B} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-05-07] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {40123834-AB65-4B80-9A44-4637D4CA189E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-12] (Google Inc -> Google Inc.)
Task: {64E499E6-96AB-4ADB-9926-96283A28AEEF} - System32\Tasks\ScpUpdater => C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpUpdater.exe
Task: {78C31882-23B0-4365-87A5-D0DFA00FA67F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MpCmdRun.exe [533312 2020-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {82C80C1E-7AC6-430E-B696-697881D6B70A} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
"C:\Windows\System32\Tasks\Microsoft\Windows\Google\GoogleUpdateTaskMachineVW" was unlocked. <==== ATTENTION
Task: {8DBDA4E4-6AAD-4E53-94A6-280516D43CF2} - System32\Tasks\Microsoft\Windows\Google\GoogleUpdateTaskMachineVW => C:\WINDOWS\SysWOW64\Speech\Engines\Q-1-77-32\FD_1.3.73.85.exe [67896 2019-03-19] () [File not signed] <==== ATTENTION
Task: {8FD122C3-EC1B-484F-AF45-E33CD4782CDD} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9181F4E2-0D7E-4A0E-847B-E88E65F9F20C} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B545F0E7-550E-4D8B-965B-1595D5832CEA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-12] (Google Inc -> Google Inc.)
Task: {C3902AD9-C574-478F-A8FA-F0B93408A0FA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MpCmdRun.exe [533312 2020-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CCC11C72-A0EF-4303-A4ED-C4323695A230} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-05-07] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {DBE43F6F-740C-4D21-A1F5-9C860B268640} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3292984 2020-06-25] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {DCC85488-DD26-400E-B5FA-76422A6E1CB4} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {E4B8E569-06F3-4DBA-90E1-8FD248099E74} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [647656 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {EB8F9523-65D5-4EED-B790-0ECEAAFA7BE7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MpCmdRun.exe [533312 2020-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EBA862CC-7EC6-481A-B0B6-B8E67B73B503} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F0F0F582-32E5-45CA-B9F6-3923CCE00F4B} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F23735F4-A3A2-468D-8DB9-5C219565A7BE} - System32\Tasks\Microsoft\Windows\PLA\Nová sada kolekcí dat => {FF679DA1-8FF2-4474-9C9E-52BBD409B557} C:\WINDOWS\system32\pla.dll [1507328 2020-05-24] (Microsoft Windows -> Microsoft Corporation)
Task: {F353CF4E-B0A4-4312-908D-4667E47A1FD3} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\ScpUpdater.job => C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpUpdater.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 217.170.96.24 217.170.96.2
Tcpip\..\Interfaces\{0fef3b3e-9fcc-4dd8-9d0e-b5f69504820d}: [DhcpNameServer] 217.170.96.24 217.170.96.2
Edge:
======
Edge Profile: C:\Users\Tedas\AppData\Local\Microsoft\Edge\User Data\Default [2020-06-04]
FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-06-30] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-06-30] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin HKU\S-1-5-21-1359492776-2785733239-201844929-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Tedas\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-05-25] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
Chrome:
=======
CHR Profile: C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default [2020-11-01]
CHR Notifications: Default -> hxxps://steamcommunity.com
CHR HomePage: Default -> hxxps://www.google.cz/webhp?sourceid=ch ... 2&ie=UTF-8
CHR StartupUrls: Default -> "hxxp://mystart.incredibar.com/?a=6PRfkUrXis&i=26&loc=skw","","hxxp://www.default-search.net?sid=503&aid=100&itype=n&ver=13986&tm=486&src=hmp","hxxp://www.mystartsearch.com/?type=hp&ts=1437388015&z=0c98d7b38cd01e83a7f230fg1z1cbm4c4b9m9bag0o&from=wpc&uid=FUJITSUXMHV2080BHXPL_NW9ZT692KV9E","hxxp://www.google.com"
CHR Extension: (Prezentace) - C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-04-12]
CHR Extension: (Dokumenty) - C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-12]
CHR Extension: (Disk Google) - C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-22]
CHR Extension: (YouTube) - C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-12]
CHR Extension: (Steam Inventory Helper) - C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2020-10-31]
CHR Extension: (Tabulky) - C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-12]
CHR Extension: (Dokumenty Google offline) - C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-10-21]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-10-30]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Gmail) - C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-10-12]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-08-26] (Apple Inc. -> Apple Inc.)
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8730200 2020-09-23] (BattlEye Innovations e.K. -> )
R4 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [3606120 2018-04-03] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S4 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [777856 2020-09-23] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S4 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3361736 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.)
S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc. -> LogMeIn, Inc.)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2019-03-29] (Even Balance, Inc. -> )
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1358464 2020-10-29] (Rockstar Games, Inc. -> Rockstar Games)
S4 SU10Guard; C:\Program Files\UPDATE\SU10Guard.exe [72776 2020-05-30] (Greatis Software LLC -> Greatis Software, LLC)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\NisSrv.exe [2372048 2020-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MsMpEng.exe [128376 2020-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 zksvc; C:\Program Files\Common Files\PUBG\zksvc.exe [6933240 2020-10-22] (PUBG CORPORATION -> PUBG Corporation)
S2 edgeupdate; "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc [X]
S3 edgeupdatem; "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /medsvc [X]
S3 MicrosoftEdgeElevationService; "C:\Program Files (x86)\Microsoft\Edge\Application\81.0.416.81\elevation_service.exe" [X]
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_edab19158bdd0d0a\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_edab19158bdd0d0a\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2018-04-30] (Disc Soft Ltd -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2018-04-30] (Disc Soft Ltd -> Disc Soft Ltd)
R3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2018-12-14] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO64A.SYS [27552 2020-05-15] (Martin Malik - REALiX -> REALiX(tm))
R3 MpKsl7bd835e2; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CF68E865-C744-4659-8560-36510AF62E07}\MpKslDrv.sys [47336 2020-10-31] (Microsoft Windows -> Microsoft Corporation)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2018-02-01] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [50176 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-10-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [428264 2020-10-07] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [69864 2020-10-07] (Microsoft Windows -> Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [74552 2020-01-19] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 cpuz149; \??\C:\WINDOWS\temp\cpuz149\cpuz149_x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-11-01 00:49 - 2020-11-01 00:50 - 000021066 _____ C:\Users\Tedas\Desktop\FRST.txt
2020-11-01 00:49 - 2020-11-01 00:50 - 000000000 ____D C:\FRST
2020-11-01 00:48 - 2020-11-01 00:48 - 002299904 _____ (Farbar) C:\Users\Tedas\Desktop\FRST64.exe
2020-11-01 00:25 - 2020-11-01 00:26 - 000388608 _____ (Trend Micro Inc.) C:\Users\Tedas\Desktop\hijackthis.exe
2020-10-31 23:52 - 2020-10-31 23:54 - 137386432 _____ (Microsoft Corporation) C:\Users\Tedas\Desktop\MSERT.exe
2020-10-29 16:42 - 2020-10-29 20:14 - 000000000 ____D C:\Users\Tedas\Downloads\Luther.S02.HDTV.XviD-soupuciaTPB
2020-10-22 09:29 - 2020-10-22 09:58 - 000000000 ____D C:\Program Files\Common Files\PUBG
2020-10-21 12:56 - 2020-10-21 12:59 - 000000000 ____D C:\Users\Tedas\Downloads\Luther Season 1 Complete 720p BluRay x264 [i_c]
2020-10-19 11:05 - 2020-10-19 11:05 - 000000222 _____ C:\Users\Tedas\Desktop\PUBG.url
2020-10-14 16:11 - 2020-10-14 16:11 - 000001186 _____ C:\Users\Tedas\Desktop\AC.lnk
2020-10-12 12:20 - 2020-10-12 12:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wolfenstein Youngblood
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-11-01 00:28 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-11-01 00:26 - 2018-04-12 19:21 - 000000000 ____D C:\Users\Tedas\AppData\Local\VirtualStore
2020-11-01 00:17 - 2018-09-07 20:44 - 000000000 ____D C:\Users\Tedas\AppData\Local\CrashDumps
2020-10-31 23:35 - 2020-05-30 00:03 - 000000000 ____D C:\Users\Tedas\AppData\Local\ElevatedDiagnostics
2020-10-31 23:27 - 2018-04-12 19:43 - 000000000 ____D C:\Program Files (x86)\Steam
2020-10-31 21:47 - 2018-04-12 19:30 - 000000000 ____D C:\ProgramData\NVIDIA
2020-10-31 21:06 - 2020-03-22 16:08 - 000000000 ____D C:\Users\Tedas\AppData\Roaming\discord
2020-10-31 20:09 - 2018-07-25 17:50 - 000007612 _____ C:\Users\Tedas\AppData\Local\Resmon.ResmonCfg
2020-10-31 18:56 - 2018-05-29 16:44 - 000000000 ____D C:\Users\Tedas\AppData\Local\PlaceholderTileLogoFolder
2020-10-31 17:37 - 2020-06-23 15:20 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2020-10-31 17:36 - 2019-08-17 17:51 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-10-31 17:36 - 2019-03-19 05:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-10-30 12:39 - 2020-01-31 13:00 - 000000000 ____D C:\Users\Tedas\AppData\Roaming\TS3Client
2020-10-29 20:32 - 2018-04-30 13:51 - 000000000 ____D C:\Users\Tedas\AppData\Roaming\uTorrent
2020-10-29 16:42 - 2020-08-16 20:04 - 000000000 ____D C:\Users\Tedas\AppData\Local\BitTorrentHelper
2020-10-29 13:32 - 2019-08-17 17:51 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1359492776-2785733239-201844929-1001
2020-10-29 13:32 - 2019-08-17 11:32 - 000002361 _____ C:\Users\Tedas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-10-29 13:32 - 2018-04-12 19:24 - 000000000 ___RD C:\Users\Tedas\OneDrive
2020-10-27 08:56 - 2019-08-17 17:43 - 001606106 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-10-27 08:56 - 2019-03-19 12:55 - 000682526 _____ C:\WINDOWS\system32\perfh005.dat
2020-10-27 08:56 - 2019-03-19 12:55 - 000137244 _____ C:\WINDOWS\system32\perfc005.dat
2020-10-27 08:56 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF
2020-10-27 00:32 - 2019-08-17 17:25 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-10-21 23:18 - 2018-04-12 19:29 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-10-19 17:17 - 2018-05-28 21:53 - 000000000 ____D C:\Users\Tedas\AppData\Local\D3DSCache
2020-10-15 18:02 - 2020-09-30 18:29 - 000000000 ____D C:\Users\Tedas\Documents\Assassin's Creed Odyssey
2020-10-15 17:11 - 2019-08-17 17:51 - 000003472 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-10-15 17:11 - 2019-08-17 17:51 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-10-14 08:09 - 2020-09-30 17:14 - 000000000 ____D C:\Program Files (x86)\Assassins Creed Odyssey
2020-10-13 11:35 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-10-08 20:11 - 2020-03-22 16:08 - 000000000 ____D C:\Users\Tedas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2020-10-08 20:10 - 2020-03-22 16:08 - 000000000 ____D C:\Users\Tedas\AppData\Local\Discord
2020-10-07 13:17 - 2018-04-19 21:21 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-10-05 16:50 - 2018-05-04 13:18 - 000000000 ____D C:\Users\Tedas\Documents\My Games
2020-10-04 22:57 - 2018-05-07 08:12 - 000000000 ____D C:\Program Files\Rockstar Games
2020-10-04 22:57 - 2018-05-07 08:12 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
==================== Files in the root of some directories ========
2020-06-05 18:35 - 2020-06-05 18:43 - 000011938 _____ () C:\Program Files\devoir.docx
2019-03-11 19:07 - 2019-03-11 19:07 - 000003584 _____ () C:\Users\Tedas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-07-25 17:50 - 2020-10-31 20:09 - 000007612 _____ () C:\Users\Tedas\AppData\Local\Resmon.ResmonCfg
2020-06-24 15:04 - 2020-06-24 15:04 - 000000000 _____ () C:\Users\Tedas\AppData\Local\{364767BB-2829-418F-B9FB-E8834887FC99}
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-10-2020
Ran by Tedas (01-11-2020 00:51:03)
Running from C:\Users\Tedas\Desktop
Windows 10 Home Version 1903 18362.959 (X64) (2019-08-17 16:52:20)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1359492776-2785733239-201844929-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1359492776-2785733239-201844929-503 - Limited - Disabled)
Guest (S-1-5-21-1359492776-2785733239-201844929-501 - Limited - Disabled)
Tedas (S-1-5-21-1359492776-2785733239-201844929-1001 - Administrator - Enabled) => C:\Users\Tedas
WDAGUtilityAccount (S-1-5-21-1359492776-2785733239-201844929-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-1359492776-2785733239-201844929-1001\...\uTorrent) (Version: 3.5.5.45776 - BitTorrent Inc.)
10 Second Ninja X (HKLM\...\MTBzZWNvbmRuaW5qYXg_is1) (Version: 1 - )
A Way Out (HKLM-x32\...\{E8D752CF-2FCC-470D-B0C5-4BFC6F42ACCE}) (Version: 1.0.62.0 - Electronic Arts, Inc.)
Aktualizace NVIDIA 38.0.5.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 38.0.5.0 - NVIDIA Corporation) Hidden
Alien Isolation version 1.0.0 (HKLM-x32\...\Alien Isolation_is1) (Version: 1.0.0 - REPACKY BY TOMI2K9)
Apple Mobile Device Support (HKLM\...\{6CECF0FB-EE71-4FE5-8AE0-FA007408934A}) (Version: 13.0.0.38 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Assassin's Creed Odyssey (HKLM-x32\...\{B7EC622B-1979-450E-8281-C5648506DB83}_is1) (Version: - Ubisoft)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bioshock Infinite verze v1.1.25.5165 (HKLM-x32\...\Bioshock Infinite_is1) (Version: v1.1.25.5165 - (R.G.Danik1B9))
BioShock Remastered (HKLM-x32\...\1439656515_is1) (Version: 1.0.122872 - GOG.com)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.8.0.0410 - Disc Soft Ltd)
Dark Souls III - The Fire Fades Edition (HKLM-x32\...\{C767B161-1DD8-4527-AC44-9B455E6ACEF2}) (Version: 1.0.0 - BANDAI NAMCO)
DARK SOULS REMASTERED (HKLM-x32\...\DARK SOULS REMASTERED_is1) (Version: - )
Dark Souls™ II verze v1.07 (HKLM-x32\...\Dark Souls™ II_is1) (Version: v1.07 - R.G. Danik1B9)
Diablo II (HKLM-x32\...\{BE91F536-19B8-45D8-A083-980E14C3A868}) (Version: 1.0.0 - BLIZZARD)
Diablo II (HKLM-x32\...\Diablo II) (Version: - )
Diablo II Complete Edition MULTi6 - ElAmigos version 1.14D (HKLM-x32\...\{0FE1AA82-BF01-419E-B417-D03428435755}_is1) (Version: 1.14D - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Discord (HKU\S-1-5-21-1359492776-2785733239-201844929-1001\...\Discord) (Version: 0.0.308 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{53041896-BE90-4A26-9954-9E9FDC7D4495}) (Version: 1.1.229.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Far Cry 4 (HKLM-x32\...\Far Cry 4_is1) (Version: 1.4.0 - Ubisoft)
FIFA 19 (HKLM-x32\...\{3391E07D-8484-4124-817E-FCBDA859FD62}) (Version: 1.0.58.64628 - Electronic Arts)
FIFA 19 (HKLM-x32\...\FIFA 19_is1) (Version: - )
FIFA18 version 1.0 (HKLM\...\FIFA18_is1) (Version: 1.0 - STEAMPUNKS) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 86.0.4240.111 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.31 - Google LLC) Hidden
Grand Theft Auto: San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.0.0.22 - Rockstar Games)
Grand Theft Auto: San Andreas (HKLM-x32\...\Grand Theft Auto: San Andreas) (Version: 1.0.0.22 - Rockstar Games)
iTunes (HKLM\...\{A39EE3D3-411E-472C-AF73-9D751E37A7EE}) (Version: 12.10.0.7 - Apple Inc.)
Java 8 Update 171 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\{ECC0FA07-863E-44BC-8B1D-DA22F96E5FB7}) (Version: 2.2.0.633 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.633 - LogMeIn, Inc.)
Lords of the Fallen (HKLM-x32\...\Lords of the Fallen_is1) (Version: - )
Master PDF Editor 3.6 (HKLM\...\Master PDF Editor 3_is1) (Version: 3.6.30 - Code Industry Ltd.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 81.0.416.81 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.127.15 - )
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1359492776-2785733239-201844929-1001\...\OneDriveSetup.exe) (Version: 20.169.0823.0008 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.22.27821 (HKLM-x32\...\{6361b579-2795-4886-b2a8-53d5239b6452}) (Version: 14.22.27821.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-10-2020
Ran by Tedas (administrator) on DESKTOP-11JAO0Q (MSI MS-7817) (01-11-2020 00:49:26)
Running from C:\Users\Tedas\Desktop
Loaded Profiles: Tedas
Platform: Windows 10 Home Version 1903 18362.959 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\hovna\ds4\DS4Windows.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <17>
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\perfmon.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe <2>
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2009.7-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2009.7-0\NisSrv.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_edab19158bdd0d0a\Display.NvContainer\NVDisplay.Container.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <8>
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9217024 2017-04-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-08-27] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5890504 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.)
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1359492776-2785733239-201844929-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3416352 2020-10-23] (Valve -> Valve Corporation)
HKU\S-1-5-21-1359492776-2785733239-201844929-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [729704 2018-04-03] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-1359492776-2785733239-201844929-1001\...\Run: [Discord] => C:\Users\Tedas\AppData\Local\Discord\app-0.0.308\Discord.exe [91023672 2020-09-10] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-1359492776-2785733239-201844929-1001\...\Run: [GoogleChromeAutoLaunch_AC42B993303A9B313EB69949F2D35547] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
HKU\S-1-5-21-1359492776-2785733239-201844929-1001\...\Policies\Explorer: [NoSecurityTab] 1
HKU\S-1-5-21-1359492776-2785733239-201844929-1001\...\MountPoints2: {a416e489-4c6f-11e8-aa2d-d8cb8a561954} - "F:\setup.exe"
HKLM\...\Windows x64\Print Processors\Canon MG5300 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDAT.DLL [30208 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG5300 series: C:\Windows\system32\CNMLMAT.DLL [385024 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\MPE3 Port: C:\Windows\system32\mpelocalmon.dll [27648 2016-03-21] (Copyright (c) Code Industry Ltd) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\86.0.4240.111\Installer\chrmstp.exe [2020-10-21] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{9459C573-B17A-45AE-9F64-1857B5D58CEE}] -> "C:\Program Files (x86)\Microsoft\Edge\Application\81.0.416.81\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level
IFEO\dismHost.exe: [Debugger] *
IFEO\EOSNOTIFY.EXE: [Debugger] *
IFEO\InstallAgent.exe: [Debugger] *
IFEO\MusNotification.exe: [Debugger] *
IFEO\MUSNOTIFICATIONUX.EXE: [Debugger] *
IFEO\remsh.exe: [Debugger] *
IFEO\SIHClient.exe: [Debugger] *
IFEO\UpdateAssistant.exe: [Debugger] *
IFEO\UPFC.EXE: [Debugger] *
IFEO\UsoClient.exe: [Debugger] *
IFEO\WaaSMedic.exe: [Debugger] *
IFEO\WaasMedicAgent.exe: [Debugger] *
IFEO\Windows10Upgrade.exe: [Debugger] *
IFEO\WINDOWS10UPGRADERAPP.EXE: [Debugger] *
Startup: C:\Users\Tedas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DS4Windows.lnk [2018-11-05]
ShortcutTarget: DS4Windows.lnk -> C:\hovna\ds4\DS4Windows.exe () [File not signed]
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {044D7DDC-13A0-4898-B71D-B9945340FD0E} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
Task: {1D32A704-F473-44D3-9035-E4389A05E2E9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MpCmdRun.exe [533312 2020-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {36650B59-1F5B-421A-9CEA-2BCDE4BB361A} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {36E03316-981A-4A92-A9BD-D327FFAFEC29} - System32\Tasks\HWiNFO => C:\Program Files\HWiNFO64\HWiNFO64.EXE
Task: {3C0B4884-134A-408B-A677-D65219424A3B} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-05-07] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {40123834-AB65-4B80-9A44-4637D4CA189E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-12] (Google Inc -> Google Inc.)
Task: {64E499E6-96AB-4ADB-9926-96283A28AEEF} - System32\Tasks\ScpUpdater => C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpUpdater.exe
Task: {78C31882-23B0-4365-87A5-D0DFA00FA67F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MpCmdRun.exe [533312 2020-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {82C80C1E-7AC6-430E-B696-697881D6B70A} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
"C:\Windows\System32\Tasks\Microsoft\Windows\Google\GoogleUpdateTaskMachineVW" was unlocked. <==== ATTENTION
Task: {8DBDA4E4-6AAD-4E53-94A6-280516D43CF2} - System32\Tasks\Microsoft\Windows\Google\GoogleUpdateTaskMachineVW => C:\WINDOWS\SysWOW64\Speech\Engines\Q-1-77-32\FD_1.3.73.85.exe [67896 2019-03-19] () [File not signed] <==== ATTENTION
Task: {8FD122C3-EC1B-484F-AF45-E33CD4782CDD} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9181F4E2-0D7E-4A0E-847B-E88E65F9F20C} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B545F0E7-550E-4D8B-965B-1595D5832CEA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-12] (Google Inc -> Google Inc.)
Task: {C3902AD9-C574-478F-A8FA-F0B93408A0FA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MpCmdRun.exe [533312 2020-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CCC11C72-A0EF-4303-A4ED-C4323695A230} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-05-07] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {DBE43F6F-740C-4D21-A1F5-9C860B268640} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3292984 2020-06-25] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {DCC85488-DD26-400E-B5FA-76422A6E1CB4} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {E4B8E569-06F3-4DBA-90E1-8FD248099E74} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [647656 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {EB8F9523-65D5-4EED-B790-0ECEAAFA7BE7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MpCmdRun.exe [533312 2020-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EBA862CC-7EC6-481A-B0B6-B8E67B73B503} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F0F0F582-32E5-45CA-B9F6-3923CCE00F4B} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F23735F4-A3A2-468D-8DB9-5C219565A7BE} - System32\Tasks\Microsoft\Windows\PLA\Nová sada kolekcí dat => {FF679DA1-8FF2-4474-9C9E-52BBD409B557} C:\WINDOWS\system32\pla.dll [1507328 2020-05-24] (Microsoft Windows -> Microsoft Corporation)
Task: {F353CF4E-B0A4-4312-908D-4667E47A1FD3} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\ScpUpdater.job => C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpUpdater.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 217.170.96.24 217.170.96.2
Tcpip\..\Interfaces\{0fef3b3e-9fcc-4dd8-9d0e-b5f69504820d}: [DhcpNameServer] 217.170.96.24 217.170.96.2
Edge:
======
Edge Profile: C:\Users\Tedas\AppData\Local\Microsoft\Edge\User Data\Default [2020-06-04]
FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-06-30] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-06-30] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin HKU\S-1-5-21-1359492776-2785733239-201844929-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Tedas\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-05-25] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
Chrome:
=======
CHR Profile: C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default [2020-11-01]
CHR Notifications: Default -> hxxps://steamcommunity.com
CHR HomePage: Default -> hxxps://www.google.cz/webhp?sourceid=ch ... 2&ie=UTF-8
CHR StartupUrls: Default -> "hxxp://mystart.incredibar.com/?a=6PRfkUrXis&i=26&loc=skw","","hxxp://www.default-search.net?sid=503&aid=100&itype=n&ver=13986&tm=486&src=hmp","hxxp://www.mystartsearch.com/?type=hp&ts=1437388015&z=0c98d7b38cd01e83a7f230fg1z1cbm4c4b9m9bag0o&from=wpc&uid=FUJITSUXMHV2080BHXPL_NW9ZT692KV9E","hxxp://www.google.com"
CHR Extension: (Prezentace) - C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-04-12]
CHR Extension: (Dokumenty) - C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-12]
CHR Extension: (Disk Google) - C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-22]
CHR Extension: (YouTube) - C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-12]
CHR Extension: (Steam Inventory Helper) - C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2020-10-31]
CHR Extension: (Tabulky) - C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-12]
CHR Extension: (Dokumenty Google offline) - C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-10-21]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-10-30]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Gmail) - C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\Tedas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-10-12]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-08-26] (Apple Inc. -> Apple Inc.)
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8730200 2020-09-23] (BattlEye Innovations e.K. -> )
R4 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [3606120 2018-04-03] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S4 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [777856 2020-09-23] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S4 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3361736 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.)
S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc. -> LogMeIn, Inc.)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2019-03-29] (Even Balance, Inc. -> )
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1358464 2020-10-29] (Rockstar Games, Inc. -> Rockstar Games)
S4 SU10Guard; C:\Program Files\UPDATE\SU10Guard.exe [72776 2020-05-30] (Greatis Software LLC -> Greatis Software, LLC)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\NisSrv.exe [2372048 2020-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MsMpEng.exe [128376 2020-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 zksvc; C:\Program Files\Common Files\PUBG\zksvc.exe [6933240 2020-10-22] (PUBG CORPORATION -> PUBG Corporation)
S2 edgeupdate; "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc [X]
S3 edgeupdatem; "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /medsvc [X]
S3 MicrosoftEdgeElevationService; "C:\Program Files (x86)\Microsoft\Edge\Application\81.0.416.81\elevation_service.exe" [X]
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_edab19158bdd0d0a\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_edab19158bdd0d0a\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2018-04-30] (Disc Soft Ltd -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2018-04-30] (Disc Soft Ltd -> Disc Soft Ltd)
R3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2018-12-14] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO64A.SYS [27552 2020-05-15] (Martin Malik - REALiX -> REALiX(tm))
R3 MpKsl7bd835e2; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CF68E865-C744-4659-8560-36510AF62E07}\MpKslDrv.sys [47336 2020-10-31] (Microsoft Windows -> Microsoft Corporation)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2018-02-01] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [50176 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-10-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [428264 2020-10-07] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [69864 2020-10-07] (Microsoft Windows -> Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [74552 2020-01-19] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 cpuz149; \??\C:\WINDOWS\temp\cpuz149\cpuz149_x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-11-01 00:49 - 2020-11-01 00:50 - 000021066 _____ C:\Users\Tedas\Desktop\FRST.txt
2020-11-01 00:49 - 2020-11-01 00:50 - 000000000 ____D C:\FRST
2020-11-01 00:48 - 2020-11-01 00:48 - 002299904 _____ (Farbar) C:\Users\Tedas\Desktop\FRST64.exe
2020-11-01 00:25 - 2020-11-01 00:26 - 000388608 _____ (Trend Micro Inc.) C:\Users\Tedas\Desktop\hijackthis.exe
2020-10-31 23:52 - 2020-10-31 23:54 - 137386432 _____ (Microsoft Corporation) C:\Users\Tedas\Desktop\MSERT.exe
2020-10-29 16:42 - 2020-10-29 20:14 - 000000000 ____D C:\Users\Tedas\Downloads\Luther.S02.HDTV.XviD-soupuciaTPB
2020-10-22 09:29 - 2020-10-22 09:58 - 000000000 ____D C:\Program Files\Common Files\PUBG
2020-10-21 12:56 - 2020-10-21 12:59 - 000000000 ____D C:\Users\Tedas\Downloads\Luther Season 1 Complete 720p BluRay x264 [i_c]
2020-10-19 11:05 - 2020-10-19 11:05 - 000000222 _____ C:\Users\Tedas\Desktop\PUBG.url
2020-10-14 16:11 - 2020-10-14 16:11 - 000001186 _____ C:\Users\Tedas\Desktop\AC.lnk
2020-10-12 12:20 - 2020-10-12 12:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wolfenstein Youngblood
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-11-01 00:28 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-11-01 00:26 - 2018-04-12 19:21 - 000000000 ____D C:\Users\Tedas\AppData\Local\VirtualStore
2020-11-01 00:17 - 2018-09-07 20:44 - 000000000 ____D C:\Users\Tedas\AppData\Local\CrashDumps
2020-10-31 23:35 - 2020-05-30 00:03 - 000000000 ____D C:\Users\Tedas\AppData\Local\ElevatedDiagnostics
2020-10-31 23:27 - 2018-04-12 19:43 - 000000000 ____D C:\Program Files (x86)\Steam
2020-10-31 21:47 - 2018-04-12 19:30 - 000000000 ____D C:\ProgramData\NVIDIA
2020-10-31 21:06 - 2020-03-22 16:08 - 000000000 ____D C:\Users\Tedas\AppData\Roaming\discord
2020-10-31 20:09 - 2018-07-25 17:50 - 000007612 _____ C:\Users\Tedas\AppData\Local\Resmon.ResmonCfg
2020-10-31 18:56 - 2018-05-29 16:44 - 000000000 ____D C:\Users\Tedas\AppData\Local\PlaceholderTileLogoFolder
2020-10-31 17:37 - 2020-06-23 15:20 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2020-10-31 17:36 - 2019-08-17 17:51 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-10-31 17:36 - 2019-03-19 05:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-10-30 12:39 - 2020-01-31 13:00 - 000000000 ____D C:\Users\Tedas\AppData\Roaming\TS3Client
2020-10-29 20:32 - 2018-04-30 13:51 - 000000000 ____D C:\Users\Tedas\AppData\Roaming\uTorrent
2020-10-29 16:42 - 2020-08-16 20:04 - 000000000 ____D C:\Users\Tedas\AppData\Local\BitTorrentHelper
2020-10-29 13:32 - 2019-08-17 17:51 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1359492776-2785733239-201844929-1001
2020-10-29 13:32 - 2019-08-17 11:32 - 000002361 _____ C:\Users\Tedas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-10-29 13:32 - 2018-04-12 19:24 - 000000000 ___RD C:\Users\Tedas\OneDrive
2020-10-27 08:56 - 2019-08-17 17:43 - 001606106 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-10-27 08:56 - 2019-03-19 12:55 - 000682526 _____ C:\WINDOWS\system32\perfh005.dat
2020-10-27 08:56 - 2019-03-19 12:55 - 000137244 _____ C:\WINDOWS\system32\perfc005.dat
2020-10-27 08:56 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF
2020-10-27 00:32 - 2019-08-17 17:25 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-10-21 23:18 - 2018-04-12 19:29 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-10-19 17:17 - 2018-05-28 21:53 - 000000000 ____D C:\Users\Tedas\AppData\Local\D3DSCache
2020-10-15 18:02 - 2020-09-30 18:29 - 000000000 ____D C:\Users\Tedas\Documents\Assassin's Creed Odyssey
2020-10-15 17:11 - 2019-08-17 17:51 - 000003472 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-10-15 17:11 - 2019-08-17 17:51 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-10-14 08:09 - 2020-09-30 17:14 - 000000000 ____D C:\Program Files (x86)\Assassins Creed Odyssey
2020-10-13 11:35 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-10-08 20:11 - 2020-03-22 16:08 - 000000000 ____D C:\Users\Tedas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2020-10-08 20:10 - 2020-03-22 16:08 - 000000000 ____D C:\Users\Tedas\AppData\Local\Discord
2020-10-07 13:17 - 2018-04-19 21:21 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-10-05 16:50 - 2018-05-04 13:18 - 000000000 ____D C:\Users\Tedas\Documents\My Games
2020-10-04 22:57 - 2018-05-07 08:12 - 000000000 ____D C:\Program Files\Rockstar Games
2020-10-04 22:57 - 2018-05-07 08:12 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
==================== Files in the root of some directories ========
2020-06-05 18:35 - 2020-06-05 18:43 - 000011938 _____ () C:\Program Files\devoir.docx
2019-03-11 19:07 - 2019-03-11 19:07 - 000003584 _____ () C:\Users\Tedas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-07-25 17:50 - 2020-10-31 20:09 - 000007612 _____ () C:\Users\Tedas\AppData\Local\Resmon.ResmonCfg
2020-06-24 15:04 - 2020-06-24 15:04 - 000000000 _____ () C:\Users\Tedas\AppData\Local\{364767BB-2829-418F-B9FB-E8834887FC99}
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-10-2020
Ran by Tedas (01-11-2020 00:51:03)
Running from C:\Users\Tedas\Desktop
Windows 10 Home Version 1903 18362.959 (X64) (2019-08-17 16:52:20)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1359492776-2785733239-201844929-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1359492776-2785733239-201844929-503 - Limited - Disabled)
Guest (S-1-5-21-1359492776-2785733239-201844929-501 - Limited - Disabled)
Tedas (S-1-5-21-1359492776-2785733239-201844929-1001 - Administrator - Enabled) => C:\Users\Tedas
WDAGUtilityAccount (S-1-5-21-1359492776-2785733239-201844929-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-1359492776-2785733239-201844929-1001\...\uTorrent) (Version: 3.5.5.45776 - BitTorrent Inc.)
10 Second Ninja X (HKLM\...\MTBzZWNvbmRuaW5qYXg_is1) (Version: 1 - )
A Way Out (HKLM-x32\...\{E8D752CF-2FCC-470D-B0C5-4BFC6F42ACCE}) (Version: 1.0.62.0 - Electronic Arts, Inc.)
Aktualizace NVIDIA 38.0.5.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 38.0.5.0 - NVIDIA Corporation) Hidden
Alien Isolation version 1.0.0 (HKLM-x32\...\Alien Isolation_is1) (Version: 1.0.0 - REPACKY BY TOMI2K9)
Apple Mobile Device Support (HKLM\...\{6CECF0FB-EE71-4FE5-8AE0-FA007408934A}) (Version: 13.0.0.38 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Assassin's Creed Odyssey (HKLM-x32\...\{B7EC622B-1979-450E-8281-C5648506DB83}_is1) (Version: - Ubisoft)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bioshock Infinite verze v1.1.25.5165 (HKLM-x32\...\Bioshock Infinite_is1) (Version: v1.1.25.5165 - (R.G.Danik1B9))
BioShock Remastered (HKLM-x32\...\1439656515_is1) (Version: 1.0.122872 - GOG.com)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.8.0.0410 - Disc Soft Ltd)
Dark Souls III - The Fire Fades Edition (HKLM-x32\...\{C767B161-1DD8-4527-AC44-9B455E6ACEF2}) (Version: 1.0.0 - BANDAI NAMCO)
DARK SOULS REMASTERED (HKLM-x32\...\DARK SOULS REMASTERED_is1) (Version: - )
Dark Souls™ II verze v1.07 (HKLM-x32\...\Dark Souls™ II_is1) (Version: v1.07 - R.G. Danik1B9)
Diablo II (HKLM-x32\...\{BE91F536-19B8-45D8-A083-980E14C3A868}) (Version: 1.0.0 - BLIZZARD)
Diablo II (HKLM-x32\...\Diablo II) (Version: - )
Diablo II Complete Edition MULTi6 - ElAmigos version 1.14D (HKLM-x32\...\{0FE1AA82-BF01-419E-B417-D03428435755}_is1) (Version: 1.14D - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Discord (HKU\S-1-5-21-1359492776-2785733239-201844929-1001\...\Discord) (Version: 0.0.308 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{53041896-BE90-4A26-9954-9E9FDC7D4495}) (Version: 1.1.229.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Far Cry 4 (HKLM-x32\...\Far Cry 4_is1) (Version: 1.4.0 - Ubisoft)
FIFA 19 (HKLM-x32\...\{3391E07D-8484-4124-817E-FCBDA859FD62}) (Version: 1.0.58.64628 - Electronic Arts)
FIFA 19 (HKLM-x32\...\FIFA 19_is1) (Version: - )
FIFA18 version 1.0 (HKLM\...\FIFA18_is1) (Version: 1.0 - STEAMPUNKS) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 86.0.4240.111 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.31 - Google LLC) Hidden
Grand Theft Auto: San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.0.0.22 - Rockstar Games)
Grand Theft Auto: San Andreas (HKLM-x32\...\Grand Theft Auto: San Andreas) (Version: 1.0.0.22 - Rockstar Games)
iTunes (HKLM\...\{A39EE3D3-411E-472C-AF73-9D751E37A7EE}) (Version: 12.10.0.7 - Apple Inc.)
Java 8 Update 171 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\{ECC0FA07-863E-44BC-8B1D-DA22F96E5FB7}) (Version: 2.2.0.633 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.633 - LogMeIn, Inc.)
Lords of the Fallen (HKLM-x32\...\Lords of the Fallen_is1) (Version: - )
Master PDF Editor 3.6 (HKLM\...\Master PDF Editor 3_is1) (Version: 3.6.30 - Code Industry Ltd.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 81.0.416.81 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.127.15 - )
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1359492776-2785733239-201844929-1001\...\OneDriveSetup.exe) (Version: 20.169.0823.0008 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.22.27821 (HKLM-x32\...\{6361b579-2795-4886-b2a8-53d5239b6452}) (Version: 14.22.27821.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43060
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: TiWorker.exe virus
Frst až na komci..
TiWorker.exe
https://cs.stealthsettings.com/fix-wind ... usage.html
https://www.itexperience.net/fix-high-c ... orker-exe/
Stáhni si ATF Cleaner
https://www.majorgeeks.com/mg/getmirror ... ner,2.html
Poklepej na ATF Cleaner.exe, klikni na select all, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.
Stáhni si TFC
http://www.geekstogo.com/forum/files/fi ... -oldtimer/
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.
Stáhni AdwCleaner (by Xplode
http://www.bleepingcomputer.com/download/adwcleaner/
http://www.adlice.com/downloadprogress/
pro majitele win7 stáhni zde:
https://filehippo.com/download_adwcleaner/ ( nedávej aktualizaci!)
Ulož si ho na svojí plochu . Klikni na „Souhlasím“ k povrzení podmínek.
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Skenování“
Po skenu se objeví log , který se otevře. ( jinak je uložen systémovem disku jako C:\AdwCleaner [C?].txt ), jeho obsah sem celý vlož.
Stáhni si Malwarebytes' Anti-Malware
https://www.malwarebytes.com/mwb-download/thankyou/
na plochu , nainstaluj a spusť ho
-Pokud není program aktuální , klikni na možnost „Aktualizovat nyní“ či „Opravit nyní“.
- bude nalezena aktualizace a nainstaluje se.
- poté klikni na Spustit skenování
- po proběhnutí skenu se ti objeví hláška vpravo dole, tak klikni na Zobrazit zprávu a vyber Export a vyber Kopírovat do schránky a vlož sem celý log. Nebo klikni na „Textový soubor ( .txt)“ a log si ulož.
-jinak se log nachází v programu po kliknutí na „Zprávy“ , nebo je uložen zde: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs
- po té klikni na tlačítko Dokončit, a program zavři křížkem vpravo nahoře.
(zatím nic nemaž!).
Pokud budou problémy , spusť v nouz. režimu.
TiWorker.exe
https://cs.stealthsettings.com/fix-wind ... usage.html
https://www.itexperience.net/fix-high-c ... orker-exe/
Stáhni si ATF Cleaner
https://www.majorgeeks.com/mg/getmirror ... ner,2.html
Poklepej na ATF Cleaner.exe, klikni na select all, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.
Stáhni si TFC
http://www.geekstogo.com/forum/files/fi ... -oldtimer/
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.
Stáhni AdwCleaner (by Xplode
http://www.bleepingcomputer.com/download/adwcleaner/
http://www.adlice.com/downloadprogress/
pro majitele win7 stáhni zde:
https://filehippo.com/download_adwcleaner/ ( nedávej aktualizaci!)
Ulož si ho na svojí plochu . Klikni na „Souhlasím“ k povrzení podmínek.
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Skenování“
Po skenu se objeví log , který se otevře. ( jinak je uložen systémovem disku jako C:\AdwCleaner [C?].txt ), jeho obsah sem celý vlož.
Stáhni si Malwarebytes' Anti-Malware
https://www.malwarebytes.com/mwb-download/thankyou/
na plochu , nainstaluj a spusť ho
-Pokud není program aktuální , klikni na možnost „Aktualizovat nyní“ či „Opravit nyní“.
- bude nalezena aktualizace a nainstaluje se.
- poté klikni na Spustit skenování
- po proběhnutí skenu se ti objeví hláška vpravo dole, tak klikni na Zobrazit zprávu a vyber Export a vyber Kopírovat do schránky a vlož sem celý log. Nebo klikni na „Textový soubor ( .txt)“ a log si ulož.
-jinak se log nachází v programu po kliknutí na „Zprávy“ , nebo je uložen zde: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs
- po té klikni na tlačítko Dokončit, a program zavři křížkem vpravo nahoře.
(zatím nic nemaž!).
Pokud budou problémy , spusť v nouz. režimu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 5 hostů