Prosim o kontrolu logu

Yelkinson · Příspěvekod **Yelkinson** » 28 čer 2023 22:59

Zoek.exe v5.0.0.2 Updated 03-May-2018(Online Version)
Tool run by David on st 28.06.2023 at 22:27:22,08.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\David\Desktop\zoek (1).exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2019-08-04-174548.log 28736 bytes

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\Program Files\ATI Technologies deleted successfully
C:\Users\David\AppData\Roaming\Albion deleted successfully
C:\Users\David\AppData\Roaming\Easeware deleted successfully
C:\Users\David\AppData\Roaming\MediaInfo deleted successfully
C:\Users\David\AppData\Roaming\Opera Software deleted successfully
C:\Users\David\AppData\Roaming\orchel deleted successfully
C:\Users\David\AppData\Local\Opera Software deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{01085E3A-4317-4423-A3B3-A4C339C19492} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{01667D7E-DD29-49DF-B80C-CA802863F959} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{02C44847-24F9-438D-9CE1-2D8591B1E48B} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{02DE6B8D-B586-4E74-A4CE-24F69A05233B} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0392F550-69A0-4CE7-828F-2FB6CB4ED203} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{03D6FCEA-8D51-40E6-A28A-35F43FC9423B} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{04D6B6E9-EEFB-4D55-8B2E-F11F351DD118} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0717DECD-BAA7-4A18-BC05-897A1BFF9F85} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{076A0A58-FDBF-4B14-8561-E3E4154F599A} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{086982F7-3341-413C-93E5-73E20C1F185B} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0BE56F23-0BD8-42DE-A695-8036CDA37681} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0E59C465-6382-45A9-AFBB-FB36DB0028ED} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0F735142-B32D-4B8D-9E0E-752ED3217ECA} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1063B891-54C8-4359-A9F3-ED2E12AE9883} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{14F990E1-459F-4524-9986-8AA6975B8908} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{159E36AE-C0A6-441E-802B-FEA69ED1E7E8} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{160ABA4C-467C-4515-8462-46ECDFF1D6B5} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{17213C0B-5FCD-4107-9D47-90984922BED6} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1A264389-D941-49B8-8FE7-9D500CF7F372} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1C9E7F94-C04F-40CD-B82D-D55BA8A39E8E} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E776205-8BC5-48F3-AED6-B8E246C4BE9A} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1FC8BA14-72DF-4DDA-A395-68013067E5D0} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21E05B24-A0AD-4C3F-BE26-247C8DFB9E65} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2232F5D6-A756-4DA7-A098-60067CFEDE29} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{223A9888-22A5-4DF7-B33E-F672C5C1E189} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{24117139-70A2-4952-93C9-2D156973A65B} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{256E97C8-D2D8-4357-A497-2BC75062A592} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{25A76D68-0907-439E-91B3-57CD2900BABD} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2A5D188D-CDCB-4CF7-80FF-70F0F62FF087} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2AC63CEB-4C75-4165-8D18-1284C65B8D22} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E863456-AAA4-4890-B1B0-DD1B81A53985} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2FBCE0E2-CEF5-4406-97BD-3962ACD0F1A8} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31B4AB1C-D415-4A2E-896E-425BB2C04599} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3352FB39-5AC4-4F1F-8860-4B94C201246C} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3367C6CA-1542-4447-8198-04CB1A5732D1} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33DCC85B-F95D-474F-9CF2-9F78082417A3} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{35F8E0E9-E127-4B3C-A2B0-03C46AD08982} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{362EE4A9-21F7-4648-A5CB-A0E0A959470D} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{36CF86FA-2B42-49C3-B9CB-993CF43CE5C9} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3840A21D-441A-4CFA-AB38-F62335942804} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3C7D7661-8257-4956-95BF-A869F7890E91} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D9BE134-5776-495F-AD5D-F0F36CCD603C} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{401853AB-152D-4929-A683-14F62129180C} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{40D30CC0-87D8-43B7-B612-AF241878BFB7} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{411D95BA-0BB5-424B-95C0-EB034FCE7DFB} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{45A3E2B2-F953-4E19-9CBC-EA7F49D355C6} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{48D2A81D-B3FC-479A-B07C-E7F5C0F6D365} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{492692C3-5371-4D60-89E0-6D4452D07B98} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4952D35B-74DF-417D-A2CB-CB0CF6634A90} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4965EDD1-DAA1-484A-B38F-687D94FC6191} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4A9E2D56-0DDA-49E2-A2FA-0D9F8C5F886F} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4ADF7C16-6C51-49F9-9662-3149FE6E45B3} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B37C860-F62F-40AF-A2E7-83B04D8D594A} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{507CCF0C-0FB9-4AC4-8AE6-5AAEF24D0AE8} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5116BAEB-4421-4883-A2F1-4DD5845E0DEB} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{52FAF682-1125-411A-AEEA-AC49B8A08A78} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5618DBC8-1A24-4565-9466-DA7E7398F69E} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{566E704E-B9F8-442A-964B-6A25D32C4273} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56D84430-0DA1-41A4-8395-C6B128D3484C} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5830C685-A254-458C-8237-D89EC0E36920} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59BC062B-D27B-4438-A8E9-5ADEC9D47496} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C622DE8-B11D-4ADC-845B-8539BE7BE768} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5DE97464-A932-4934-8253-179F99666479} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E5C9DDE-8B4F-4E59-842C-639534E5656A} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5FF20985-BE82-4163-824D-E50128F15DEF} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61DE1EEA-215B-420E-B3BF-53E8615C3FDF} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62BFAE57-985D-4674-9C72-6F2FEFD3248A} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{63273A8D-D53B-4756-B9D9-E482BAE6C208} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{63A1CC31-DAC7-40A2-9CD8-B1105D7E8E01} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{64E204FD-8855-49F2-B232-976A28F7BE8C} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{679B47AD-725A-45F6-A751-143D44CAF06B} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6ACF4D51-BCB3-47C2-89CA-9AEF565068EA} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6DB25041-F1A8-43EE-9157-315522568941} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7166ACF2-833B-4CA0-BF7F-278BD924330B} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{73128FC1-46C7-4361-B39C-2870871AE5F7} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7371E156-1467-49D7-8C56-3FB498D4A4D9} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{73F4CC9A-5BDE-4463-A60B-FD42DC67D3D6} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{742229C2-3E6C-43AB-A77C-6294ACF03D3F} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74897964-1FE3-474D-A0C4-184275C80E33} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{748B7477-200E-4BA7-9288-2DAF1CE41627} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{75AAF942-1D0B-430B-BC4B-2683FC94CD43} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{76702915-0D22-4DFA-9561-BA8B9A9770C8} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{77440A53-C60B-4844-BB71-7ED277A8CAE8} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{795E45B1-F11D-43E9-A7A3-82A57924D7CD} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7B95D152-200C-4C65-B5A9-97572EB4DB76} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7CF199D1-F2CD-4D00-8432-05C8062A3D01} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7D28046B-8FC8-4021-A98C-ABFF218AD5B6} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7D6D0B20-3E38-4C14-86EB-C1DBEE2CBF2C} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{81CD9CD0-BD55-41F5-83C4-6510BF5B4C8A} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8236DBEF-62E3-40D3-A401-B24E8532B59C} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{84FBD71B-8584-4451-B6B3-C7EBB3D0AA99} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{86B65780-288D-4DD1-8AE6-BE2CBCA6B87D} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{890BD5B3-6734-4222-82FA-6C6AF4C09770} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{89352FAB-E6EF-465C-882C-F32391F0AE9D} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{899BB43F-9E5C-4BA8-B85A-19689CEDF784} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{900C9763-A504-494F-A9E7-BFC6BD155F5E} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{90A64EFC-C70D-49F3-B3CE-57405DA6D718} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{912E712E-38B5-41E1-8DC1-9B31A6C1DD9B} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{96DC5B1C-C939-4C66-BAAA-2F9172EC6EBE} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98C14B42-BE43-4CD7-8273-59F8D6D6A50E} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9A9D0325-B272-4AC9-843D-7E2F59EF4AF0} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9B7CDFF0-7C49-4391-851B-2C0C66392BE7} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C01A00A-C097-4250-80E3-F21649B834B3} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CAECF9B-8B21-4C3C-8F13-166933835764} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9DACE506-9D16-4245-95FD-44C3F79937F5} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9E4955DC-E196-49E7-9851-E0ABAC84A98D} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9E7BEC8C-03EF-46C0-86B9-6B29C7067A73} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9EA90506-3C5F-40B8-A94D-0E9E1E77D2E8} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9FA4D7ED-67BB-4F35-A953-3E88D2007F68} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9FB3AEAD-875A-43C9-8F0D-D403A17E791E} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A068F438-3522-4228-8695-C5FD768C2A51} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A107894E-4634-45DE-B4A9-8AA71215FD2D} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A14F1731-7BA0-4BB8-8B9B-A751854C0126} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A332FBCE-EE10-4E50-8C8B-F46B79372CC0} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A43B217B-FE3D-424C-93E8-4F3C861C8C5F} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A902BAB1-6155-4107-B3CE-40414704D73B} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AF3E3C4F-4693-4713-A09F-F69A7BD18FD6} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFDB0CB4-BF43-43C8-9CB1-9696C5DB9144} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B226841F-F3A5-43CD-8570-B7C4B3BE6E87} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2710EEF-8EA3-4A98-8961-3DCB0C0D803C} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2E195F7-EF62-412F-BD1A-7B2F05040EC7} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B31A8A56-8A27-445E-8F64-987C729E32C2} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B3FB6AC0-F5D3-444C-BA3B-810DD7B08651} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B55349D2-F941-4B3D-BB35-F5C1F036EF29} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B56AA70F-5CAE-4717-BA52-9CB0D14B4C3B} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B60B482F-FCB6-4951-80AE-BC3AF5A5A65E} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B7FC839C-A93B-46F1-99CC-86D8432834A1} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B87EAFA6-096C-4810-9200-270DB7967422} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BA2A1010-847E-4D15-8635-F4F91A3033C5} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BBDE2F44-3FB2-4B2F-B138-FEC813D4569E} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BC7FC860-3290-4170-9DF4-F0BB55A5A95D} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BDDEC762-1C81-4104-BC4E-42000573CD65} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BDF7E358-5A93-4E8D-8419-663BB22EA0BE} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BFD20BA5-AE56-419E-A8FE-1DDEB4AC359D} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BFF1FF83-D72B-46DC-AC26-DEE8D1BD8B3F} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C2402201-B989-4BC5-823D-752AD2181514} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C2E66E7D-9040-4BB9-BBC9-EE6E910B1FEC} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C312FC86-2CDA-47EF-AE54-25B035B58AB0} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C49F5C66-91A5-493C-9D9E-EACB8BC21536} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4C4B0A7-A9DC-4794-BBAB-1795BDD9CC4A} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C72534B6-8F65-41FC-A514-98D2164B43F6} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCB642C5-3F7C-4EC4-99FC-E48ECA29FEA2} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D49F91B0-2DB8-4D0A-A553-72D1CF268446} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D4B99241-B3ED-4666-8A59-E2651056FD94} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D57907DE-FE0B-4CEC-B4BA-8F4FAC487AFC} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D6DBAF5B-66AE-4CBA-9C5A-32182C1E8E09} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D8AC2DC9-BA57-4205-8584-7420626696BC} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DA02832E-F48F-4884-BCFC-FDC6739D2A7C} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DA122311-8143-4B15-80C5-56AFA7703183} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DAA95CC8-5D04-44DB-8376-4286B98FF737} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DAEA6D92-C951-418E-B82F-319A7579C9AA} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DD984F99-613D-46F3-B21C-902DCDA305A8} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DEA65656-A87A-49E5-B035-E64FAF246564} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DF6D6D12-A060-46A7-A577-A3471A60D12A} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DFFAAE51-B664-40A3-A6D9-B800B15C963F} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E03C1230-72AC-4BCA-8306-6F134E67ACC6} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E1BBF9D5-A5E1-4E4E-A1C4-B17163435BBB} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E2ECCB16-4D44-4627-B4CB-8F976FE07C1E} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E38168D9-3AEB-4C44-83F1-A71D4DEFE160} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E54D0658-5D3A-41AD-8CA2-17AE25F0F892} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6367A95-5340-4014-8D05-EF4653DBCC15} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E643965D-4CCE-4426-9D2E-5AF5EC7BEAB5} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E68A53B4-9683-4B76-8756-994CA5081888} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6E54182-5DD4-4CC3-B140-CC4FC9DDCBC6} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E87A516C-5C83-4A26-B86E-E7A0753308CE} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E8A04E49-101D-40AA-941B-26458C77BE7A} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EA71AE84-CE43-4D8A-86A8-D54C378192FD} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EDA5B6DC-8809-444E-9603-419D14A147B2} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EDE60333-39FD-4891-B983-F624B0D55E03} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EE34037D-EBF4-4638-8A64-F2869CCCA453} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEFCD2DD-6AB3-40FB-AF22-D49CEFA7B01A} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EFBF2023-B656-4783-8FB4-339A800BED46} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F76F1B0A-A660-42D6-9792-0F8662BAB285} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F7A9A31B-4EA0-4693-A30A-6A04127CB336} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F80843E4-C1F2-431C-85D8-2D62DF5692E8} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9226A25-8AA2-4E53-8C53-3F8E075A6431} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FA2FE42E-A782-4D78-8CD5-CA3313AF42A4} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FABCCE92-1207-41DD-B9D3-5592A36FEA02} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAD63A87-0E27-4D7A-827C-61580F7FB7E6} deleted successfully
HKEY_USERS\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FB6F5349-A282-4001-B5F3-DDE550BD59A2} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\qhykbeu8.default\prefs.js:
user_pref("browser.startup.homepage", "https://www.seznam.cz/");
user_pref("browser.newtab.url", "about:newtab");

Added to C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\qhykbeu8.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\Users\David\AppData\Roaming\.technic deleted
C:\Users\David\AppData\Roaming\.tlauncher deleted
C:\Users\David\AppData\Roaming\discord deleted
C:\Users\David\AppData\Roaming\CC deleted
C:\Users\David\.android deleted
C:\Users\David\AppData\Roaming\firefox.txt deleted
C:\Users\David\AppData\Roaming\z0z0z0z0z0.txt deleted
C:\Users\David\AppData\Roaming\pcouffin.log deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\David\AppData\Local\PlariumPlay.log deleted
C:\Users\David\AppData\LocalLow\Unity deleted
"C:\ProgramData\mntemp" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\qhykbeu8.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

==== Firefox Plugins ======================

Profilepath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\qhykbeu8.default
FF131853E04FEC5400C412E1CDDDDDEE - C:\Program Files\Java\jre1.8.0_191\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U191
- C:\Program Files\Java\jre1.8.0_171\bin\dtplugin\npdeployJava1.dll - [?]

==== Chromium Look ======================

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02

==== Reset Google Chrome ======================

C:\Users\David\AppData\Local\Microsoft\Edge\User Data\Default\Preferences was reset successfully
C:\Users\David\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences was reset successfully
C:\Users\David\AppData\Local\Microsoft\Edge\User Data\Default\Web Data was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\6cb63fe0ca582f67e9659bc639b0aafc deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Discord deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EpicGamesLauncher deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype for Desktop deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tmpB9FB deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wargaming.net Game Center deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\David\AppData\Local\Mozilla\Firefox\Profiles\qhykbeu8.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\David\AppData\Local\Microsoft\Edge\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=22939 folders=3161 6700475081 bytes)

==== Empty Temp Folders ======================

C:\Users\David\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\David\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on st 28.06.2023 at 22:57:13,44 ======================

Reklama

Yelkinson · Příspěvekod **Yelkinson** » 28 čer 2023 23:05

Název produktu : Zemana AntiMalware
Stav kontroly : Dokončena
Datum kontroly : 28.6.2023 23:02:32
Typ kontroly : Inteligentní kontrola
Čas trvání : 00:00:33
Zkontrolované objekty : 1085
Zjištěné objekty : 0
Vyloučené objekty : 0
Automatické odesílání : Ne
Operační systém : Windows 7 x64
Procesor : 6X AMD FX(tm)-6300 Six-Core Processor
Režim systému BIOS : Legacy
Informace o doméně : WORKGROUP,False,NetSetupWorkgroupName
CUID : 12661773628E845B9030B8

Yelkinson · Příspěvekod **Yelkinson** » 28 čer 2023 23:12

řekl bych že se nic nezměnilo po zapnutí pc se stále otvírá sám od sebe firefox a otevřou se tyhle 2 stránky:

https://linkvertise.com/22077/aQspx6199690343/1

http://festyy.com/wNKeOb

Yelkinson · Příspěvekod **Yelkinson** » 28 čer 2023 23:13

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:12:58, on 28.6.2023
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.19597)
Boot mode: Normal

Running processes:
C:\Users\David\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
O1 - Hosts: ::1 localhost
O2 - BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\109.0.1518.115\BHO\ie_to_edge_bho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_201\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_201\bin\jp2ssv.dll
O4 - HKCU\..\Run: [Microsoft Edge Update] "C:\Users\David\AppData\Local\Microsoft\EdgeUpdate\1.3.175.29\MicrosoftEdgeUpdateCore.exe"
O4 - Global Startup: Java.bat
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD Crash Defender Service - Unknown owner - C:\Windows\system32\amdfendrsr.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: ACP User Service (amdacpusrsvc) - Unknown owner - C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
O23 - Service: ASUS HM Com Service (asHmComSvc) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
O23 - Service: AsusFanControlService - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: CCleaner Performance Optimizer Service (CCleanerPerformanceOptimizerService) - Piriform Software Ltd - C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RogueKiller RTP (rkrtservice) - Unknown owner - C:\Program Files\RogueKiller\RogueKillerSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6342 bytes

Příspěvekod **jaro3** » 28 čer 2023 23:22

https://www.malwarebytes.com/blog/detec ... e-download

https://www.google.com/search?client=op ... UTF-8#ip=1

Vypni antivir i firewall.
Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
další odkaz:
http://www.bleepingcomputer.com/downloa ... scan-tool/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.

Yelkinson · Příspěvekod **Yelkinson** » 29 čer 2023 06:25

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-06-2023
Ran by David (29-06-2023 06:20:42)
Running from C:\Users\David\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X64) (2018-06-16 17:31:55)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2767009719-3010479440-3224241737-500 - Administrator - Disabled)
David (S-1-5-21-2767009719-3010479440-3224241737-1000 - Administrator - Enabled) => C:\Users\David
Guest (S-1-5-21-2767009719-3010479440-3224241737-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ACP Application (HKLM\...\{C70C71CD-B59A-4A57-83BA-FF64C3F1E6E9}) (Version: 1.2.3.5 - Advanced Micro Devices, Inc.) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.207 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.207 - Adobe)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 21.5.2 - Advanced Micro Devices, Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.1.0 - Asmedia Technology)
Branding64 (HKLM\...\{C871FC62-0186-40ED-BAEA-7C65BE367755}) (Version: 1.00.0006 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 6.04 - Piriform)
Combined Community Codec Pack 64bit 2015-10-18 (HKLM\...\Combined Community Codec Pack 64bit_is1) (Version: 2015.10.19.0 - CCCP Project)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.13 - Google LLC) Hidden
Java 8 Update 201 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LibreOffice 6.3.3.2 (HKLM\...\{4DACF7A7-C851-4943-A63D-3CAE495C48E0}) (Version: 6.3.3.2 - The Document Foundation)
Malwarebytes version 4.5.30.269 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.30.269 - Malwarebytes)
Microsoft .NET Framework 4.8 (CSY) (HKLM\...\{39DC4515-B8C1-3AD9-AA88-D7C8A333612F}) (Version: 4.8.03761 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.8 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft .NET Framework 4.8 (HKLM\...\{16735AF7-1D8D-3681-94A5-C578A61EC832}) (Version: 4.8.03761 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 109.0.1518.115 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 109.0.1518.115 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-2767009719-3010479440-3224241737-1000\...\Teams) (Version: 1.4.00.35564 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (HKLM-x32\...\{49697869-be8e-427d-81a0-c334d1d14950}) (Version: 14.21.27702.2 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.28.29334 (HKLM\...\{2E11EF4E-901F-4B2D-B68E-3DB2A566C857}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.28.29334 (HKLM\...\{8A3F7D5B-422D-49D9-84F7-8DC1B7782967}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.28.29334 (HKLM-x32\...\{14C49FC8-3E9B-4F29-8526-26629B5CF30B}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.28.29334 (HKLM-x32\...\{0D01A812-82A1-481F-8546-8E28E976F8DF}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Minecraft 1.13.2 CZ + TLauncher 2.53 (HKLM-x32\...\Minecraft 1.13.2 CZ + TLauncher 2.53 1.13.2) (Version: 1.13.2 - Mojang)
Mozilla Firefox (x64 cs) (HKLM\...\Mozilla Firefox 114.0.2 (x64 cs)) (Version: 114.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0.2 - Mozilla)
Nitrox (HKLM\...\{F24D865C-7EF4-4089-BDF7-FA738EB52B9D}) (Version: 1.0.6930.29659 - Nitrox)
NVIDIA PhysX (HKLM-x32\...\{DEA314C4-0929-4250-BC92-98E4C105F28D}) (Version: 9.10.0129 - NVIDIA Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.141.511.2021 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.)
Roblox Player for David (HKU\S-1-5-21-2767009719-3010479440-3224241737-1000\...\roblox-player) (Version: - Roblox Corporation)
RogueKiller version 15.11.0.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.11.0.0 - Adlice Software)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.9.0 - Sophos Limited)
UE4 Prerequisites (x64) (HKLM\...\{F9EC45F9-074A-48BF-92E9-A8CADD56F693}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{4e242cc8-5e3c-4b08-9d55-dbc62ddd1208}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.18 - VideoLAN)
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
Zemana AntiMalware verze 3.2.28 (HKLM-x32\...\{4E1F3677-C72E-4F7D-B66E-85467B1A289E}_is1) (Version: 3.2.28 - Zemana)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2767009719-3010479440-3224241737-1000_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\David\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21328.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2767009719-3010479440-3224241737-1000_Classes\CLSID\{5EA43877-C6D8-4885-B77A-C0BB27E94372}\InprocServer32 -> C:\Users\David\AppData\Local\Microsoft\EdgeUpdate\1.3.175.29\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2767009719-3010479440-3224241737-1000_Classes\CLSID\{608D599A-DCA6-4A7C-BED7-AFCD8465345A}\InprocServer32 -> C:\Users\David\AppData\Local\Microsoft\EdgeUpdate\1.3.175.29\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2767009719-3010479440-3224241737-1000_Classes\CLSID\{7C9A348D-C321-47AC-904F-150312A5430F}\InprocServer32 -> C:\Users\David\AppData\Local\Microsoft\EdgeUpdate\1.3.175.27\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2767009719-3010479440-3224241737-1000_Classes\CLSID\{81093D63-7825-417B-BFC8-ADC63FA4E53D}\InprocServer32 -> C:\Users\David\AppData\Local\Microsoft\EdgeUpdate\1.3.175.29\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2767009719-3010479440-3224241737-1000_Classes\CLSID\{B29F5F83-90DF-479A-BDE7-8A9F4412E394}\InprocServer32 -> C:\Users\David\AppData\Local\Microsoft\EdgeUpdate\1.3.171.39\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2767009719-3010479440-3224241737-1000_Classes\CLSID\{F1CBF5EB-347F-4E4C-90AC-E43339FC34EC}\InprocServer32 -> C:\Users\David\AppData\Local\Microsoft\EdgeUpdate\1.3.173.55\psuser_64.dll => No File
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana\AntiMalware\AM_ShellExt64.dll [2021-03-30] (Zemana D.O.O. Sarajevo -> Advanced Malware Protection. Copyright 2019.)
ContextMenuHandlers1: [WinRAR] -> [CC]{B41DB860-64E4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers1: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-06-27] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Windows\System32\atiacm64.dll [2021-05-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana\AntiMalware\AM_ShellExt64.dll [2021-03-30] (Zemana D.O.O. Sarajevo -> Advanced Malware Protection. Copyright 2019.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-06-27] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> [CC]{B41DB860-64E4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers6: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2018-06-17 11:23 - 2018-06-17 11:22 - 000104448 _____ () [File not signed] C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2018-06-17 11:23 - 2023-06-29 06:07 - 000033792 _____ () [File not signed] C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2018-06-17 11:23 - 2018-06-17 11:22 - 000108544 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\AAHM\1.00.20\ASACPI.DLL
2018-06-17 11:25 - 2018-06-17 11:22 - 000108544 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsAcpi.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\desktop.ini:CachedTiles [476]
AlternateDataStreams: C:\Users\David\Data aplikací:6699d3ee8dd9cf775caae782c8f44f03 [394]
AlternateDataStreams: C:\Users\David\AppData\Roaming:6699d3ee8dd9cf775caae782c8f44f03 [394]
AlternateDataStreams: C:\Users\Public\AppData:CSM [470]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [482]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 11) (Whitelisted) ==========

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-2767009719-3010479440-3224241737-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\ssv.dll [2021-12-24] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\jp2ssv.dll [2021-12-24] (Oracle America, Inc. -> Oracle Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2023-06-28 22:30 - 000000841 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0
HKU\S-1-5-21-2767009719-3010479440-3224241737-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\David\AppData\Roaming\Mozilla\Firefox\Pozadí plochy.bmp
DNS Servers: 10.0.1.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupfolder: C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GoogleUpdate.lnk => C:\Windows\pss\GoogleUpdate.lnk.Startup
MSCONFIG\startupfolder: C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Intel HD Graphics Drivers for Windows(R).lnk => C:\Windows\pss\Intel HD Graphics Drivers for Windows(R).lnk.Startup
MSCONFIG\startupfolder: C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^tmpB9FB.tmp.vbs => C:\Windows\pss\tmpB9FB.tmp.vbs.Startup
MSCONFIG\startupfolder: C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^windowsUpdate.lnk => C:\Windows\pss\windowsUpdate.lnk.Startup
MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: com.squirrel.Teams.Teams => C:\Users\David\AppData\Local\Microsoft\Teams\Update.exe --processStart "Teams.exe" --process-start-args "--system-initiated"
MSCONFIG\startupreg: Intel HD Graphics Drivers for Windows(R) => C:\Users\David\AppData\Roaming\Microsoft\Windows\Templates\Intel HD Graphics Drivers for Windows(R).URL
MSCONFIG\startupreg: Intel HD Graphics Drivers for Windows(R)2 => C:\Users\David\AppData\Roaming\Microsoft\Windows\Templates\Intel HD Graphics Drivers for Windows(R).URL
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B0D9C293-F8AF-493A-B59F-A85B8251CC26}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D93ABC39-5093-4ECE-A52C-CDFC01207F10}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{447233FF-9B04-4B0A-9DE8-C76A38C19AC2}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{090574C4-D4C9-4ED4-BBD6-F6D24F6DC4F5}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [TCP Query User{0AC7C2BD-76D0-4D75-B692-8A369F3CBD3E}C:\program files\java\jre1.8.0_191\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_191\bin\javaw.exe
FirewallRules: [UDP Query User{B8942491-970A-46FE-9FBF-9F9365D04D41}C:\program files\java\jre1.8.0_191\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_191\bin\javaw.exe
FirewallRules: [TCP Query User{BCF67290-3E0D-42AF-8A32-5296B8E47AB5}C:\users\david\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\david\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{948323A4-3CC9-4B5D-9347-0BB1EFB85E3B}C:\users\david\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\david\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{56D46C50-316F-4790-A12E-24DC6C675AAA}C:\users\david\appdata\roaming\.tlauncher\jvms\jre1.8.0_51\bin\javaw.exe] => (Allow) C:\users\david\appdata\roaming\.tlauncher\jvms\jre1.8.0_51\bin\javaw.exe => No File
FirewallRules: [UDP Query User{CD52B290-B735-4180-A00C-02869007608C}C:\users\david\appdata\roaming\.tlauncher\jvms\jre1.8.0_51\bin\javaw.exe] => (Allow) C:\users\david\appdata\roaming\.tlauncher\jvms\jre1.8.0_51\bin\javaw.exe => No File
FirewallRules: [{93426A26-52B3-4A16-A511-ACACAE12E887}] => (Allow) C:\Users\David\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{9C22D9A0-E292-4FFA-831A-F40B5AE5019A}] => (Allow) C:\Users\David\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{73DE7557-8E17-44D7-B0FF-5F0720254821}] => (Allow) C:\Users\David\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [{93BE0343-0661-42E5-977B-183D514EA875}] => (Allow) C:\Users\David\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe (Digital Extremes Ltd. -> Digital Extremes)
FirewallRules: [TCP Query User{C7FABEB1-6176-4B92-BD0F-0095CE443CF4}C:\users\david\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\users\david\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe => No File
FirewallRules: [UDP Query User{F21DA227-BCAC-4C0A-BC20-FD07CA410C5A}C:\users\david\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\users\david\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe => No File
FirewallRules: [TCP Query User{89E27204-A8C8-4C16-9EA6-86146BF02670}C:\users\david\appdata\roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\bin\javaw.exe] => (Block) C:\users\david\appdata\roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\bin\javaw.exe
FirewallRules: [UDP Query User{E965E726-78DD-43B8-A812-4837AA13F8B7}C:\users\david\appdata\roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\bin\javaw.exe] => (Block) C:\users\david\appdata\roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\bin\javaw.exe
FirewallRules: [TCP Query User{82EAD628-BA52-4A99-A49A-177F0B942F88}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{4EEE9BBD-5A4C-4C22-BA7A-939ECC899894}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1A0EEE7B-635F-4071-BA82-136040106C8E}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.115\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

28-06-2023 16:24:06 Installed Sophos Virus Removal Tool.

==================== Faulty Device Manager Devices ============

Name: AODDriver4.3.0
Description: AODDriver4.3.0
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AODDriver4.3.0
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: ========================

Application errors:
==================
Error: (06/02/2023 01:11:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: RobloxPlayerBeta.exe, verze: 0.578.0.13398, časové razítko: 0xe89600b6
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0xffffffffffffffff
ID chybujícího procesu: 0xad4
Čas spuštění chybující aplikace: 0x01d99542d93499c8
Cesta k chybující aplikaci: C:\Users\David\AppData\Local\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 47dcadcd-0136-11ee-a3ae-d850e654df35

Error: (05/04/2023 07:18:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: RobloxPlayerBeta.exe, verze: 0.574.1.38815, časové razítko: 0x9cd12f3b
Název chybujícího modulu: RobloxPlayerBeta.exe, verze: 0.574.1.38815, časové razítko: 0x9cd12f3b
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000cd082c
ID chybujícího procesu: 0xa68
Čas spuštění chybující aplikace: 0x01d97eac6b030dec
Cesta k chybující aplikaci: C:\Users\David\AppData\Local\Roblox\Versions\version-dc61c2db7d694b7b\RobloxPlayerBeta.exe
Cesta k chybujícímu modulu: C:\Users\David\AppData\Local\Roblox\Versions\version-dc61c2db7d694b7b\RobloxPlayerBeta.exe
ID zprávy: bd09276d-ea9f-11ed-aaa1-d850e654df35

Error: (02/24/2023 01:45:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: firefox.exe, verze: 110.0.0.8445, časové razítko: 0x63eb2d97
Název chybujícího modulu: xul.dll, verze: 110.0.0.8445, časové razítko: 0x63eb2f31
Kód výjimky: 0x80000003
Posun chyby: 0x000000000473de47
ID chybujícího procesu: 0xa60
Čas spuštění chybující aplikace: 0x01d948454b6c3d79
Cesta k chybující aplikaci: C:\Program Files\Mozilla Firefox\firefox.exe
Cesta k chybujícímu modulu: C:\Program Files\Mozilla Firefox\xul.dll
ID zprávy: c2392a67-b438-11ed-aae4-d850e654df35

System errors:
=============
Error: (06/29/2023 06:23:31 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: Server {BB6DF56B-CACE-11DC-9992-0019B93A3A84} se v daném časovém limitu neregistroval u služby DCOM.

Error: (06/29/2023 06:05:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba AODDriver4.3.0 neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedenou cestu.

Error: (06/28/2023 11:07:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba AODDriver4.3.0 neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedenou cestu.

Error: (06/28/2023 10:56:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba AODDriver4.3.0 neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedenou cestu.

Error: (06/28/2023 10:43:36 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (06/28/2023 10:43:36 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (06/28/2023 10:43:36 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (06/28/2023 10:43:35 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 1903 07/11/2013
Motherboard: ASUSTeK COMPUTER INC. M5A97 LE R2.0
Processor: AMD FX(tm)-6300 Six-Core Processor
Percentage of memory in use: 56%
Total physical RAM: 3996.25 MB
Available physical RAM: 1737.67 MB
Total Virtual: 7990.64 MB
Available Virtual: 5654.26 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:278.75 GB) (Model: WDC WD50 00AZRX-00A8LB0 SATA Disk Device) NTFS

\\?\Volume{49321cd0-7188-11e8-bf22-806e6f6e6963}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: D7C0CC3F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Yelkinson · Příspěvekod **Yelkinson** » 29 čer 2023 06:26

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-06-2023
Ran by David (administrator) on DAVID-PC (29-06-2023 06:19:26)
Running from C:\Users\David\Desktop\FRST64.exe
Loaded Profiles: David
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X64) Language: Čeština (Česká republika)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(atiesrxx.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe
(services.exe ->) (ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(services.exe ->) (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(services.exe ->) (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(services.exe ->) (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9228800 2017-06-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKU\S-1-5-21-2767009719-3010479440-3224241737-1000\...\Run: [Microsoft Edge Update] => C:\Users\David\AppData\Local\Microsoft\EdgeUpdate\1.3.175.29\MicrosoftEdgeUpdateCore.exe [263640 2023-06-15] (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Java.bat [2019-04-13] () [File not signed]

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2D028B93-EE31-4F13-9A79-ADAD3CFF5642} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (No File)
Task: {3AE989B3-3628-40D8-A6CF-BB33234D1E6D} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\Adobe Flash Player Updater" /ENABLE
Task: {3AE989B3-3628-40D8-A6CF-BB33234D1E6D} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\CCleaner Update" /ENABLE
Task: {3AE989B3-3628-40D8-A6CF-BB33234D1E6D} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
Task: {3AE989B3-3628-40D8-A6CF-BB33234D1E6D} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
Task: {3AE989B3-3628-40D8-A6CF-BB33234D1E6D} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\Opera scheduled Autoupdate 1534580516" /ENABLE
Task: {3AE989B3-3628-40D8-A6CF-BB33234D1E6D} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {3B8E604C-2CF2-43BD-BD2A-80D99B35C2FC} - System32\Tasks\AMHelper => C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe [682008 2021-03-30] (Zemana D.O.O. Sarajevo -> Zemana Ltd.)
Task: {4125B674-CB30-478E-8D9F-C99EAA06E611} - System32\Tasks\CCleanerSkipUAC - David => C:\Program Files\CCleaner\CCleaner.exe [32204304 2022-09-12] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {47B51B91-1602-465F-B2A8-82FCBA8C1795} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe /from_scheduler:1 (No File)
Task: {49DF9ECD-16F6-4D3A-92FA-24BE9E6B8F7C} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe (No File)
Task: {56443AD6-B09B-48E1-B670-5A034C9F5F0D} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1713952 2021-05-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {777016B2-F7A2-4306-BE1D-1F143B81C808} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-09-12] (Piriform Software Ltd -> Piriform)
Task: {80CB8A2C-CB76-43B6-8D8B-4C78E60902AF} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [268576 2021-05-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {9045C9E7-BFD1-43B6-82A3-29EAD752BBA4} - System32\Tasks\AMSkipUAC => C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe [682008 2021-03-30] (Zemana D.O.O. Sarajevo -> Zemana Ltd.)
Task: {9366A54A-0458-43A4-90AB-B5EF79C7BFE0} - System32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-2767009719-3010479440-3224241737-1000UA{5C760954-2F23-49C2-A1B0-2852A08DEFE8} => C:\Users\David\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [206256 2023-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {95E0C5D1-85A8-4C7F-8E7B-349AE9232C42} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4666896 2022-09-12] (Piriform Software Ltd -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --configpath "C:\Program Files\CCleaner\Setup" --guid "ef795822-d53c-44b8-9f45-6cca434f0142" --version "6.04.10044" --silent
Task: {9C9E8E09-0D64-44E8-8FC2-A0DC3CF4BB69} - System32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-2767009719-3010479440-3224241737-1000Core{B62F3645-F9E0-45AD-9849-132A9773D0C5} => C:\Users\David\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [206256 2023-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {A8E08529-E9BC-4F45-A5BB-15AA34F90A90} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_207_pepper.exe [1452600 2019-06-11] (Adobe Inc. -> Adobe)
Task: {B18909D6-E3B0-45EC-B792-FD8D18FFFD74} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [680352 2023-06-21] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {B77803B7-0C60-4421-9D9D-1FC082EFE3DE} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1713952 2021-05-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {C245A449-22C6-40C2-837F-807AFF2E9342} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_207_Plugin.exe [1457208 2019-06-11] (Adobe Inc. -> Adobe)
Task: {C3490F6C-7B47-408C-B3F7-BD1E61DB8302} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-06-11] (Adobe Inc. -> Adobe)
Task: {CB69A1DB-F0EB-42E3-BEDF-D192FA1906A6} - System32\Tasks\AMD ThankingURL => C:\Program Files\AMD\CIM\Bin64\Setup.exe [1126176 2021-05-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {DF0B3CD2-42C3-4731-A6AD-368F58F7EC52} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [732064 2023-06-21] (Mozilla Corporation -> Mozilla Foundation)
Task: {EBA1884A-7386-4199-9777-1C96EBB910A3} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1713952 2021-05-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {EFBE04FD-4093-4727-B609-2011974731FD} - System32\Tasks\{64F9115D-F208-4941-A36B-DB47C6B6CAD4} => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe (No File)
Task: {FC83BE08-5243-48D5-97E3-B6E158DD8C4A} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [62752 2021-05-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.1.138
Tcpip\..\Interfaces\{273FA7FE-5002-44B9-B6CE-23FAE36A39B8}: [DhcpNameServer] 10.0.1.138

Edge:
=======
Edge DefaultProfile: Default

FireFox:
========
FF DefaultProfile: qhykbeu8.default
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\qhykbeu8.default [2023-06-29]
FF NewTab: Mozilla\Firefox\Profiles\qhykbeu8.default -> about:newtab
FF Notifications: Mozilla\Firefox\Profiles\qhykbeu8.default -> hxxps://www.youtube.com; hxxps://www.facebook.com
FF NewTabOverride: Mozilla\Firefox\Profiles\qhykbeu8.default -> Enabled: {ea614400-e918-4741-9a97-7a972ff7c30b}
FF Extension: (Add-ons Restricted Domains) - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\qhykbeu8.default\features\{25f25c58-3842-4d8c-8ae1-1368e5563aa1}\addons-restricted-domains@mozilla.com.xpi [2023-06-22]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_207.dll [2019-06-11] (Adobe Inc. -> )
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_207.dll [2019-06-11] (Adobe Inc. -> )
FF Plugin-x32: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2021-12-24] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2021-12-24] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @videolan.org/vlc,version=3.0.18 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2022-10-25] (VideoLAN -> VideoLAN)
FF Plugin HKU\S-1-5-21-2767009719-3010479440-3224241737-1000: @jlgplayer3.julegame.com -> C:\Users\David\AppData\Local\JuleGame\jlgplayer\npjlgplayer3.dll [No File]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-06-11] (Adobe Inc. -> Adobe)
S3 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [190464 2021-05-11] () [File not signed]
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2018-06-17] (ASUSTeK Computer Inc. -> )
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2018-06-17] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2018-06-17] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe [1632256 2018-06-17] (ASUSTeK Computer Inc.) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8901968 2021-03-31] (BattlEye Innovations e.K. -> )
S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1082896 2022-09-12] (Piriform Software Ltd -> Piriform Software Ltd)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9258016 2023-06-27] (Malwarebytes Inc. -> Malwarebytes)
S3 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [15971760 2023-06-22] (ADLICE -> )
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
S4 EasyAntiCheat; "C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2013-01-28] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
R1 amsdk; C:\Windows\system32\drivers\amsdk.sys [232792 2023-06-28] (Zemana D.O.O. Sarajevo -> Copyright 2018.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2018-06-17] (ASUSTeK Computer Inc. -> )
R3 asmthub3; C:\Windows\System32\DRIVERS\asmthub3.sys [129000 2011-09-14] (MCCI Internal Testing Software -> ASMedia Technology Inc)
R3 asmtxhci; C:\Windows\System32\DRIVERS\asmtxhci.sys [394216 2011-09-14] (MCCI Internal Testing Software -> ASMedia Technology Inc)
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2018-06-17] (ASUSTeK Computer Inc. -> )
S3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2018-06-17] (MCCI Corporation -> MCCI Corporation)
S3 ASUSumsc; C:\Windows\System32\DRIVERS\ASUSumsc.sys [151808 2018-06-17] (MCCI Corporation -> MCCI Corporation)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2022-10-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [163644 2018-07-03] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
S3 VOICEMOD_Driver; C:\Windows\System32\drivers\vmdrv.sys [27648 2018-03-15] (Voicemod Sociedad Limitada -> Windows (R) Win 7 DDK provider)
S2 AODDriver4.3.0; \??\C:\Program Files\AMD\Performance Profile Client\amd64\AODDriver2.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-06-29 06:19 - 2023-06-29 06:20 - 000014864 _____ C:\Users\David\Desktop\FRST.txt
2023-06-29 06:17 - 2023-06-29 06:17 - 002383360 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe
2023-06-28 23:01 - 2023-06-28 23:01 - 000232792 _____ (Copyright 2018.) C:\Windows\system32\Drivers\amsdk.sys
2023-06-28 23:01 - 2023-06-28 23:01 - 000003474 _____ C:\Windows\system32\Tasks\AMHelper
2023-06-28 23:01 - 2023-06-28 23:01 - 000002508 _____ C:\Windows\system32\Tasks\AMSkipUAC
2023-06-28 23:01 - 2023-06-28 23:01 - 000001260 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2023-06-28 23:01 - 2023-06-28 23:01 - 000000000 ____D C:\Users\David\AppData\Local\AMSDK
2023-06-28 23:01 - 2023-06-28 23:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2023-06-28 23:01 - 2023-06-28 23:01 - 000000000 ____D C:\Program Files (x86)\Zemana
2023-06-28 22:54 - 2014-02-13 23:59 - 000024064 _____ C:\Windows\zoek-delete.exe
2023-06-28 22:27 - 2023-06-28 22:51 - 000000000 ____D C:\zoek_backup
2023-06-28 16:24 - 2023-06-28 16:24 - 000002759 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2023-06-28 16:24 - 2023-06-28 16:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2023-06-28 16:24 - 2023-06-28 16:24 - 000000000 ____D C:\Program Files (x86)\Sophos
2023-06-28 16:23 - 2020-09-07 00:04 - 002038755 _____ C:\Users\David\Desktop\zoek (1).exe
2023-06-28 16:22 - 2023-06-28 16:22 - 013922376 _____ (Zemana Ltd. ) C:\Users\David\Desktop\Zemana.AntiMalware.Setup.exe
2023-06-28 07:07 - 2023-06-28 07:13 - 000001015 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2023-06-28 07:07 - 2023-06-28 07:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2023-06-28 07:07 - 2023-06-28 07:07 - 000000000 ____D C:\Program Files\RogueKiller
2023-06-27 19:01 - 2023-06-27 19:01 - 000000000 ____D C:\Users\David\AppData\Local\Malwarebytes
2023-06-27 18:57 - 2023-06-27 18:57 - 000001665 _____ C:\mmm.txt
2023-06-27 12:05 - 2023-06-27 12:05 - 000000000 ____D C:\Users\David\AppData\Local\AMD
2023-06-27 12:01 - 2023-06-27 12:01 - 008791352 _____ (Malwarebytes) C:\Users\David\Desktop\AdwCleaner.exe
2023-06-27 12:01 - 2023-06-27 12:01 - 000448512 _____ (OldTimer Tools) C:\Users\David\Desktop\TFC.exe
2023-06-27 12:01 - 2023-06-27 12:01 - 000050688 _____ (Atribune.org) C:\Users\David\Desktop\ATF-Cleaner(1).exe
2023-06-27 11:13 - 2023-06-29 06:05 - 000003112 _____ C:\Windows\system32\Tasks\AMDInstallLauncher
2023-06-25 11:36 - 2023-06-25 11:36 - 000000000 ____D C:\Users\David\Desktop\backups
2023-06-25 11:31 - 2023-06-25 11:31 - 000388608 _____ (Trend Micro Inc.) C:\Users\David\Desktop\hijackthis.exe
2023-06-21 15:20 - 2023-06-23 06:21 - 000000000 ____D C:\Program Files\Mozilla Firefox

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-06-29 06:20 - 2019-08-04 20:29 - 000047568 _____ C:\Windows\ZAM.krnl.trace
2023-06-29 06:19 - 2019-08-09 19:52 - 000000000 ____D C:\FRST
2023-06-29 06:17 - 2022-02-08 18:48 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-06-29 06:15 - 2009-07-14 06:45 - 000024224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2023-06-29 06:15 - 2009-07-14 06:45 - 000024224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2023-06-29 06:07 - 2022-10-15 09:01 - 000003356 _____ C:\Windows\system32\Tasks\CCleanerCrashReporting
2023-06-29 06:07 - 2022-10-15 09:01 - 000000760 _____ C:\Windows\Tasks\CCleanerCrashReporting.job
2023-06-29 06:07 - 2018-07-14 20:43 - 000000000 ____D C:\Program Files\CCleaner
2023-06-29 06:05 - 2023-05-20 09:20 - 000003082 _____ C:\Windows\system32\Tasks\AMDLinkUpdate
2023-06-29 06:05 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-06-28 23:14 - 2018-06-17 12:50 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2023-06-28 22:56 - 2009-07-14 07:08 - 000032624 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2023-06-28 22:51 - 2018-06-16 19:31 - 000000000 ____D C:\Users\David
2023-06-28 07:13 - 2019-08-02 22:41 - 000000000 ____D C:\ProgramData\RogueKiller
2023-06-26 18:24 - 2023-02-12 20:12 - 000000000 ____D C:\Users\David\AppData\Roaming\vlc
2023-06-24 08:53 - 2018-06-17 21:07 - 000000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2023-06-23 06:21 - 2018-06-17 10:42 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-06-22 06:09 - 2021-09-25 09:00 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2023-06-15 21:15 - 2023-04-23 09:02 - 000003718 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-2767009719-3010479440-3224241737-1000UA{5C760954-2F23-49C2-A1B0-2852A08DEFE8}
2023-06-15 21:15 - 2023-04-23 09:02 - 000003650 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-2767009719-3010479440-3224241737-1000Core{B62F3645-F9E0-45AD-9849-132A9773D0C5}
2023-06-14 22:06 - 2018-06-17 11:07 - 000000000 ____D C:\Windows\system32\MRT
2023-06-14 22:03 - 2018-06-17 11:07 - 170078616 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2023-06-14 15:34 - 2023-01-15 20:29 - 000002180 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-06-14 15:34 - 2020-06-26 07:07 - 000002221 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-06-13 19:03 - 2020-06-26 07:06 - 000003540 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-06-13 19:03 - 2020-06-26 07:06 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-06-02 13:10 - 2018-06-17 21:07 - 000000000 ____D C:\Users\David\AppData\Local\Roblox

==================== Files in the root of some directories ========

2021-09-23 09:02 - 2021-10-29 18:07 - 000099384 _____ () C:\Users\David\AppData\Roaming\inst.exe
2021-09-23 09:02 - 2021-10-29 18:07 - 000007859 _____ () C:\Users\David\AppData\Roaming\pcouffin.cat
2021-09-23 09:02 - 2021-10-29 18:07 - 000001167 _____ () C:\Users\David\AppData\Roaming\pcouffin.inf
2021-09-23 09:02 - 2021-10-29 18:07 - 000082816 _____ (VSO Software) C:\Users\David\AppData\Roaming\pcouffin.sys
2019-12-25 20:21 - 2023-01-09 14:18 - 000004608 _____ () C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2019-01-30 21:43 - 2020-06-20 14:53 - 000007601 _____ () C:\Users\David\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2023-06-21 07:16
==================== End of FRST.txt ========================

Yelkinson · Příspěvekod **Yelkinson** » 29 čer 2023 06:26

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-06-2023
Ran by David (administrator) on DAVID-PC (29-06-2023 06:19:26)
Running from C:\Users\David\Desktop\FRST64.exe
Loaded Profiles: David
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X64) Language: Čeština (Česká republika)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(atiesrxx.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe
(services.exe ->) (ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(services.exe ->) (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(services.exe ->) (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(services.exe ->) (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9228800 2017-06-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKU\S-1-5-21-2767009719-3010479440-3224241737-1000\...\Run: [Microsoft Edge Update] => C:\Users\David\AppData\Local\Microsoft\EdgeUpdate\1.3.175.29\MicrosoftEdgeUpdateCore.exe [263640 2023-06-15] (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Java.bat [2019-04-13] () [File not signed]

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2D028B93-EE31-4F13-9A79-ADAD3CFF5642} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (No File)
Task: {3AE989B3-3628-40D8-A6CF-BB33234D1E6D} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\Adobe Flash Player Updater" /ENABLE
Task: {3AE989B3-3628-40D8-A6CF-BB33234D1E6D} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\CCleaner Update" /ENABLE
Task: {3AE989B3-3628-40D8-A6CF-BB33234D1E6D} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
Task: {3AE989B3-3628-40D8-A6CF-BB33234D1E6D} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
Task: {3AE989B3-3628-40D8-A6CF-BB33234D1E6D} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\Opera scheduled Autoupdate 1534580516" /ENABLE
Task: {3AE989B3-3628-40D8-A6CF-BB33234D1E6D} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {3B8E604C-2CF2-43BD-BD2A-80D99B35C2FC} - System32\Tasks\AMHelper => C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe [682008 2021-03-30] (Zemana D.O.O. Sarajevo -> Zemana Ltd.)
Task: {4125B674-CB30-478E-8D9F-C99EAA06E611} - System32\Tasks\CCleanerSkipUAC - David => C:\Program Files\CCleaner\CCleaner.exe [32204304 2022-09-12] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {47B51B91-1602-465F-B2A8-82FCBA8C1795} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe /from_scheduler:1 (No File)
Task: {49DF9ECD-16F6-4D3A-92FA-24BE9E6B8F7C} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe (No File)
Task: {56443AD6-B09B-48E1-B670-5A034C9F5F0D} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1713952 2021-05-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {777016B2-F7A2-4306-BE1D-1F143B81C808} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-09-12] (Piriform Software Ltd -> Piriform)
Task: {80CB8A2C-CB76-43B6-8D8B-4C78E60902AF} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [268576 2021-05-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {9045C9E7-BFD1-43B6-82A3-29EAD752BBA4} - System32\Tasks\AMSkipUAC => C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe [682008 2021-03-30] (Zemana D.O.O. Sarajevo -> Zemana Ltd.)
Task: {9366A54A-0458-43A4-90AB-B5EF79C7BFE0} - System32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-2767009719-3010479440-3224241737-1000UA{5C760954-2F23-49C2-A1B0-2852A08DEFE8} => C:\Users\David\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [206256 2023-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {95E0C5D1-85A8-4C7F-8E7B-349AE9232C42} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4666896 2022-09-12] (Piriform Software Ltd -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --configpath "C:\Program Files\CCleaner\Setup" --guid "ef795822-d53c-44b8-9f45-6cca434f0142" --version "6.04.10044" --silent
Task: {9C9E8E09-0D64-44E8-8FC2-A0DC3CF4BB69} - System32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-2767009719-3010479440-3224241737-1000Core{B62F3645-F9E0-45AD-9849-132A9773D0C5} => C:\Users\David\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [206256 2023-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {A8E08529-E9BC-4F45-A5BB-15AA34F90A90} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_207_pepper.exe [1452600 2019-06-11] (Adobe Inc. -> Adobe)
Task: {B18909D6-E3B0-45EC-B792-FD8D18FFFD74} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [680352 2023-06-21] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {B77803B7-0C60-4421-9D9D-1FC082EFE3DE} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1713952 2021-05-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {C245A449-22C6-40C2-837F-807AFF2E9342} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_207_Plugin.exe [1457208 2019-06-11] (Adobe Inc. -> Adobe)
Task: {C3490F6C-7B47-408C-B3F7-BD1E61DB8302} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-06-11] (Adobe Inc. -> Adobe)
Task: {CB69A1DB-F0EB-42E3-BEDF-D192FA1906A6} - System32\Tasks\AMD ThankingURL => C:\Program Files\AMD\CIM\Bin64\Setup.exe [1126176 2021-05-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {DF0B3CD2-42C3-4731-A6AD-368F58F7EC52} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [732064 2023-06-21] (Mozilla Corporation -> Mozilla Foundation)
Task: {EBA1884A-7386-4199-9777-1C96EBB910A3} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1713952 2021-05-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {EFBE04FD-4093-4727-B609-2011974731FD} - System32\Tasks\{64F9115D-F208-4941-A36B-DB47C6B6CAD4} => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe (No File)
Task: {FC83BE08-5243-48D5-97E3-B6E158DD8C4A} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [62752 2021-05-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.1.138
Tcpip\..\Interfaces\{273FA7FE-5002-44B9-B6CE-23FAE36A39B8}: [DhcpNameServer] 10.0.1.138

Edge:
=======
Edge DefaultProfile: Default

FireFox:
========
FF DefaultProfile: qhykbeu8.default
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\qhykbeu8.default [2023-06-29]
FF NewTab: Mozilla\Firefox\Profiles\qhykbeu8.default -> about:newtab
FF Notifications: Mozilla\Firefox\Profiles\qhykbeu8.default -> hxxps://www.youtube.com; hxxps://www.facebook.com
FF NewTabOverride: Mozilla\Firefox\Profiles\qhykbeu8.default -> Enabled: {ea614400-e918-4741-9a97-7a972ff7c30b}
FF Extension: (Add-ons Restricted Domains) - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\qhykbeu8.default\features\{25f25c58-3842-4d8c-8ae1-1368e5563aa1}\addons-restricted-domains@mozilla.com.xpi [2023-06-22]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_207.dll [2019-06-11] (Adobe Inc. -> )
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_207.dll [2019-06-11] (Adobe Inc. -> )
FF Plugin-x32: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2021-12-24] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2021-12-24] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @videolan.org/vlc,version=3.0.18 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2022-10-25] (VideoLAN -> VideoLAN)
FF Plugin HKU\S-1-5-21-2767009719-3010479440-3224241737-1000: @jlgplayer3.julegame.com -> C:\Users\David\AppData\Local\JuleGame\jlgplayer\npjlgplayer3.dll [No File]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-06-11] (Adobe Inc. -> Adobe)
S3 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [190464 2021-05-11] () [File not signed]
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2018-06-17] (ASUSTeK Computer Inc. -> )
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2018-06-17] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2018-06-17] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe [1632256 2018-06-17] (ASUSTeK Computer Inc.) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8901968 2021-03-31] (BattlEye Innovations e.K. -> )
S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1082896 2022-09-12] (Piriform Software Ltd -> Piriform Software Ltd)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9258016 2023-06-27] (Malwarebytes Inc. -> Malwarebytes)
S3 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [15971760 2023-06-22] (ADLICE -> )
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
S4 EasyAntiCheat; "C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2013-01-28] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
R1 amsdk; C:\Windows\system32\drivers\amsdk.sys [232792 2023-06-28] (Zemana D.O.O. Sarajevo -> Copyright 2018.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2018-06-17] (ASUSTeK Computer Inc. -> )
R3 asmthub3; C:\Windows\System32\DRIVERS\asmthub3.sys [129000 2011-09-14] (MCCI Internal Testing Software -> ASMedia Technology Inc)
R3 asmtxhci; C:\Windows\System32\DRIVERS\asmtxhci.sys [394216 2011-09-14] (MCCI Internal Testing Software -> ASMedia Technology Inc)
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2018-06-17] (ASUSTeK Computer Inc. -> )
S3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2018-06-17] (MCCI Corporation -> MCCI Corporation)
S3 ASUSumsc; C:\Windows\System32\DRIVERS\ASUSumsc.sys [151808 2018-06-17] (MCCI Corporation -> MCCI Corporation)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2022-10-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [163644 2018-07-03] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
S3 VOICEMOD_Driver; C:\Windows\System32\drivers\vmdrv.sys [27648 2018-03-15] (Voicemod Sociedad Limitada -> Windows (R) Win 7 DDK provider)
S2 AODDriver4.3.0; \??\C:\Program Files\AMD\Performance Profile Client\amd64\AODDriver2.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-06-29 06:19 - 2023-06-29 06:20 - 000014864 _____ C:\Users\David\Desktop\FRST.txt
2023-06-29 06:17 - 2023-06-29 06:17 - 002383360 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe
2023-06-28 23:01 - 2023-06-28 23:01 - 000232792 _____ (Copyright 2018.) C:\Windows\system32\Drivers\amsdk.sys
2023-06-28 23:01 - 2023-06-28 23:01 - 000003474 _____ C:\Windows\system32\Tasks\AMHelper
2023-06-28 23:01 - 2023-06-28 23:01 - 000002508 _____ C:\Windows\system32\Tasks\AMSkipUAC
2023-06-28 23:01 - 2023-06-28 23:01 - 000001260 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2023-06-28 23:01 - 2023-06-28 23:01 - 000000000 ____D C:\Users\David\AppData\Local\AMSDK
2023-06-28 23:01 - 2023-06-28 23:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2023-06-28 23:01 - 2023-06-28 23:01 - 000000000 ____D C:\Program Files (x86)\Zemana
2023-06-28 22:54 - 2014-02-13 23:59 - 000024064 _____ C:\Windows\zoek-delete.exe
2023-06-28 22:27 - 2023-06-28 22:51 - 000000000 ____D C:\zoek_backup
2023-06-28 16:24 - 2023-06-28 16:24 - 000002759 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2023-06-28 16:24 - 2023-06-28 16:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2023-06-28 16:24 - 2023-06-28 16:24 - 000000000 ____D C:\Program Files (x86)\Sophos
2023-06-28 16:23 - 2020-09-07 00:04 - 002038755 _____ C:\Users\David\Desktop\zoek (1).exe
2023-06-28 16:22 - 2023-06-28 16:22 - 013922376 _____ (Zemana Ltd. ) C:\Users\David\Desktop\Zemana.AntiMalware.Setup.exe
2023-06-28 07:07 - 2023-06-28 07:13 - 000001015 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2023-06-28 07:07 - 2023-06-28 07:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2023-06-28 07:07 - 2023-06-28 07:07 - 000000000 ____D C:\Program Files\RogueKiller
2023-06-27 19:01 - 2023-06-27 19:01 - 000000000 ____D C:\Users\David\AppData\Local\Malwarebytes
2023-06-27 18:57 - 2023-06-27 18:57 - 000001665 _____ C:\mmm.txt
2023-06-27 12:05 - 2023-06-27 12:05 - 000000000 ____D C:\Users\David\AppData\Local\AMD
2023-06-27 12:01 - 2023-06-27 12:01 - 008791352 _____ (Malwarebytes) C:\Users\David\Desktop\AdwCleaner.exe
2023-06-27 12:01 - 2023-06-27 12:01 - 000448512 _____ (OldTimer Tools) C:\Users\David\Desktop\TFC.exe
2023-06-27 12:01 - 2023-06-27 12:01 - 000050688 _____ (Atribune.org) C:\Users\David\Desktop\ATF-Cleaner(1).exe
2023-06-27 11:13 - 2023-06-29 06:05 - 000003112 _____ C:\Windows\system32\Tasks\AMDInstallLauncher
2023-06-25 11:36 - 2023-06-25 11:36 - 000000000 ____D C:\Users\David\Desktop\backups
2023-06-25 11:31 - 2023-06-25 11:31 - 000388608 _____ (Trend Micro Inc.) C:\Users\David\Desktop\hijackthis.exe
2023-06-21 15:20 - 2023-06-23 06:21 - 000000000 ____D C:\Program Files\Mozilla Firefox

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-06-29 06:20 - 2019-08-04 20:29 - 000047568 _____ C:\Windows\ZAM.krnl.trace
2023-06-29 06:19 - 2019-08-09 19:52 - 000000000 ____D C:\FRST
2023-06-29 06:17 - 2022-02-08 18:48 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-06-29 06:15 - 2009-07-14 06:45 - 000024224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2023-06-29 06:15 - 2009-07-14 06:45 - 000024224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2023-06-29 06:07 - 2022-10-15 09:01 - 000003356 _____ C:\Windows\system32\Tasks\CCleanerCrashReporting
2023-06-29 06:07 - 2022-10-15 09:01 - 000000760 _____ C:\Windows\Tasks\CCleanerCrashReporting.job
2023-06-29 06:07 - 2018-07-14 20:43 - 000000000 ____D C:\Program Files\CCleaner
2023-06-29 06:05 - 2023-05-20 09:20 - 000003082 _____ C:\Windows\system32\Tasks\AMDLinkUpdate
2023-06-29 06:05 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-06-28 23:14 - 2018-06-17 12:50 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2023-06-28 22:56 - 2009-07-14 07:08 - 000032624 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2023-06-28 22:51 - 2018-06-16 19:31 - 000000000 ____D C:\Users\David
2023-06-28 07:13 - 2019-08-02 22:41 - 000000000 ____D C:\ProgramData\RogueKiller
2023-06-26 18:24 - 2023-02-12 20:12 - 000000000 ____D C:\Users\David\AppData\Roaming\vlc
2023-06-24 08:53 - 2018-06-17 21:07 - 000000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2023-06-23 06:21 - 2018-06-17 10:42 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-06-22 06:09 - 2021-09-25 09:00 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2023-06-15 21:15 - 2023-04-23 09:02 - 000003718 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-2767009719-3010479440-3224241737-1000UA{5C760954-2F23-49C2-A1B0-2852A08DEFE8}
2023-06-15 21:15 - 2023-04-23 09:02 - 000003650 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-2767009719-3010479440-3224241737-1000Core{B62F3645-F9E0-45AD-9849-132A9773D0C5}
2023-06-14 22:06 - 2018-06-17 11:07 - 000000000 ____D C:\Windows\system32\MRT
2023-06-14 22:03 - 2018-06-17 11:07 - 170078616 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2023-06-14 15:34 - 2023-01-15 20:29 - 000002180 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-06-14 15:34 - 2020-06-26 07:07 - 000002221 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-06-13 19:03 - 2020-06-26 07:06 - 000003540 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-06-13 19:03 - 2020-06-26 07:06 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-06-02 13:10 - 2018-06-17 21:07 - 000000000 ____D C:\Users\David\AppData\Local\Roblox

==================== Files in the root of some directories ========

2021-09-23 09:02 - 2021-10-29 18:07 - 000099384 _____ () C:\Users\David\AppData\Roaming\inst.exe
2021-09-23 09:02 - 2021-10-29 18:07 - 000007859 _____ () C:\Users\David\AppData\Roaming\pcouffin.cat
2021-09-23 09:02 - 2021-10-29 18:07 - 000001167 _____ () C:\Users\David\AppData\Roaming\pcouffin.inf
2021-09-23 09:02 - 2021-10-29 18:07 - 000082816 _____ (VSO Software) C:\Users\David\AppData\Roaming\pcouffin.sys
2019-12-25 20:21 - 2023-01-09 14:18 - 000004608 _____ () C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2019-01-30 21:43 - 2020-06-20 14:53 - 000007601 _____ () C:\Users\David\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2023-06-21 07:16
==================== End of FRST.txt ========================

Yelkinson · Příspěvekod **Yelkinson** » 29 čer 2023 06:27

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-06-2023
Ran by David (administrator) on DAVID-PC (29-06-2023 06:19:26)
Running from C:\Users\David\Desktop\FRST64.exe
Loaded Profiles: David
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X64) Language: Čeština (Česká republika)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(atiesrxx.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe
(services.exe ->) (ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(services.exe ->) (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(services.exe ->) (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(services.exe ->) (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9228800 2017-06-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKU\S-1-5-21-2767009719-3010479440-3224241737-1000\...\Run: [Microsoft Edge Update] => C:\Users\David\AppData\Local\Microsoft\EdgeUpdate\1.3.175.29\MicrosoftEdgeUpdateCore.exe [263640 2023-06-15] (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Java.bat [2019-04-13] () [File not signed]

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2D028B93-EE31-4F13-9A79-ADAD3CFF5642} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (No File)
Task: {3AE989B3-3628-40D8-A6CF-BB33234D1E6D} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\Adobe Flash Player Updater" /ENABLE
Task: {3AE989B3-3628-40D8-A6CF-BB33234D1E6D} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\CCleaner Update" /ENABLE
Task: {3AE989B3-3628-40D8-A6CF-BB33234D1E6D} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
Task: {3AE989B3-3628-40D8-A6CF-BB33234D1E6D} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
Task: {3AE989B3-3628-40D8-A6CF-BB33234D1E6D} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\Opera scheduled Autoupdate 1534580516" /ENABLE
Task: {3AE989B3-3628-40D8-A6CF-BB33234D1E6D} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {3B8E604C-2CF2-43BD-BD2A-80D99B35C2FC} - System32\Tasks\AMHelper => C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe [682008 2021-03-30] (Zemana D.O.O. Sarajevo -> Zemana Ltd.)
Task: {4125B674-CB30-478E-8D9F-C99EAA06E611} - System32\Tasks\CCleanerSkipUAC - David => C:\Program Files\CCleaner\CCleaner.exe [32204304 2022-09-12] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {47B51B91-1602-465F-B2A8-82FCBA8C1795} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe /from_scheduler:1 (No File)
Task: {49DF9ECD-16F6-4D3A-92FA-24BE9E6B8F7C} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe (No File)
Task: {56443AD6-B09B-48E1-B670-5A034C9F5F0D} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1713952 2021-05-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {777016B2-F7A2-4306-BE1D-1F143B81C808} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-09-12] (Piriform Software Ltd -> Piriform)
Task: {80CB8A2C-CB76-43B6-8D8B-4C78E60902AF} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [268576 2021-05-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {9045C9E7-BFD1-43B6-82A3-29EAD752BBA4} - System32\Tasks\AMSkipUAC => C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe [682008 2021-03-30] (Zemana D.O.O. Sarajevo -> Zemana Ltd.)
Task: {9366A54A-0458-43A4-90AB-B5EF79C7BFE0} - System32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-2767009719-3010479440-3224241737-1000UA{5C760954-2F23-49C2-A1B0-2852A08DEFE8} => C:\Users\David\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [206256 2023-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {95E0C5D1-85A8-4C7F-8E7B-349AE9232C42} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4666896 2022-09-12] (Piriform Software Ltd -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --configpath "C:\Program Files\CCleaner\Setup" --guid "ef795822-d53c-44b8-9f45-6cca434f0142" --version "6.04.10044" --silent
Task: {9C9E8E09-0D64-44E8-8FC2-A0DC3CF4BB69} - System32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-2767009719-3010479440-3224241737-1000Core{B62F3645-F9E0-45AD-9849-132A9773D0C5} => C:\Users\David\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [206256 2023-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {A8E08529-E9BC-4F45-A5BB-15AA34F90A90} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_207_pepper.exe [1452600 2019-06-11] (Adobe Inc. -> Adobe)
Task: {B18909D6-E3B0-45EC-B792-FD8D18FFFD74} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [680352 2023-06-21] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {B77803B7-0C60-4421-9D9D-1FC082EFE3DE} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1713952 2021-05-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {C245A449-22C6-40C2-837F-807AFF2E9342} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_207_Plugin.exe [1457208 2019-06-11] (Adobe Inc. -> Adobe)
Task: {C3490F6C-7B47-408C-B3F7-BD1E61DB8302} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-06-11] (Adobe Inc. -> Adobe)
Task: {CB69A1DB-F0EB-42E3-BEDF-D192FA1906A6} - System32\Tasks\AMD ThankingURL => C:\Program Files\AMD\CIM\Bin64\Setup.exe [1126176 2021-05-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {DF0B3CD2-42C3-4731-A6AD-368F58F7EC52} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [732064 2023-06-21] (Mozilla Corporation -> Mozilla Foundation)
Task: {EBA1884A-7386-4199-9777-1C96EBB910A3} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1713952 2021-05-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {EFBE04FD-4093-4727-B609-2011974731FD} - System32\Tasks\{64F9115D-F208-4941-A36B-DB47C6B6CAD4} => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe (No File)
Task: {FC83BE08-5243-48D5-97E3-B6E158DD8C4A} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [62752 2021-05-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.1.138
Tcpip\..\Interfaces\{273FA7FE-5002-44B9-B6CE-23FAE36A39B8}: [DhcpNameServer] 10.0.1.138

Edge:
=======
Edge DefaultProfile: Default

FireFox:
========
FF DefaultProfile: qhykbeu8.default
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\qhykbeu8.default [2023-06-29]
FF NewTab: Mozilla\Firefox\Profiles\qhykbeu8.default -> about:newtab
FF Notifications: Mozilla\Firefox\Profiles\qhykbeu8.default -> hxxps://www.youtube.com; hxxps://www.facebook.com
FF NewTabOverride: Mozilla\Firefox\Profiles\qhykbeu8.default -> Enabled: {ea614400-e918-4741-9a97-7a972ff7c30b}
FF Extension: (Add-ons Restricted Domains) - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\qhykbeu8.default\features\{25f25c58-3842-4d8c-8ae1-1368e5563aa1}\addons-restricted-domains@mozilla.com.xpi [2023-06-22]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_207.dll [2019-06-11] (Adobe Inc. -> )
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_207.dll [2019-06-11] (Adobe Inc. -> )
FF Plugin-x32: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2021-12-24] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2021-12-24] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @videolan.org/vlc,version=3.0.18 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2022-10-25] (VideoLAN -> VideoLAN)
FF Plugin HKU\S-1-5-21-2767009719-3010479440-3224241737-1000: @jlgplayer3.julegame.com -> C:\Users\David\AppData\Local\JuleGame\jlgplayer\npjlgplayer3.dll [No File]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-06-11] (Adobe Inc. -> Adobe)
S3 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [190464 2021-05-11] () [File not signed]
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2018-06-17] (ASUSTeK Computer Inc. -> )
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2018-06-17] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2018-06-17] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe [1632256 2018-06-17] (ASUSTeK Computer Inc.) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8901968 2021-03-31] (BattlEye Innovations e.K. -> )
S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1082896 2022-09-12] (Piriform Software Ltd -> Piriform Software Ltd)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9258016 2023-06-27] (Malwarebytes Inc. -> Malwarebytes)
S3 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [15971760 2023-06-22] (ADLICE -> )
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
S4 EasyAntiCheat; "C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2013-01-28] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
R1 amsdk; C:\Windows\system32\drivers\amsdk.sys [232792 2023-06-28] (Zemana D.O.O. Sarajevo -> Copyright 2018.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2018-06-17] (ASUSTeK Computer Inc. -> )
R3 asmthub3; C:\Windows\System32\DRIVERS\asmthub3.sys [129000 2011-09-14] (MCCI Internal Testing Software -> ASMedia Technology Inc)
R3 asmtxhci; C:\Windows\System32\DRIVERS\asmtxhci.sys [394216 2011-09-14] (MCCI Internal Testing Software -> ASMedia Technology Inc)
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2018-06-17] (ASUSTeK Computer Inc. -> )
S3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2018-06-17] (MCCI Corporation -> MCCI Corporation)
S3 ASUSumsc; C:\Windows\System32\DRIVERS\ASUSumsc.sys [151808 2018-06-17] (MCCI Corporation -> MCCI Corporation)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2022-10-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [163644 2018-07-03] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
S3 VOICEMOD_Driver; C:\Windows\System32\drivers\vmdrv.sys [27648 2018-03-15] (Voicemod Sociedad Limitada -> Windows (R) Win 7 DDK provider)
S2 AODDriver4.3.0; \??\C:\Program Files\AMD\Performance Profile Client\amd64\AODDriver2.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-06-29 06:19 - 2023-06-29 06:20 - 000014864 _____ C:\Users\David\Desktop\FRST.txt
2023-06-29 06:17 - 2023-06-29 06:17 - 002383360 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe
2023-06-28 23:01 - 2023-06-28 23:01 - 000232792 _____ (Copyright 2018.) C:\Windows\system32\Drivers\amsdk.sys
2023-06-28 23:01 - 2023-06-28 23:01 - 000003474 _____ C:\Windows\system32\Tasks\AMHelper
2023-06-28 23:01 - 2023-06-28 23:01 - 000002508 _____ C:\Windows\system32\Tasks\AMSkipUAC
2023-06-28 23:01 - 2023-06-28 23:01 - 000001260 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2023-06-28 23:01 - 2023-06-28 23:01 - 000000000 ____D C:\Users\David\AppData\Local\AMSDK
2023-06-28 23:01 - 2023-06-28 23:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2023-06-28 23:01 - 2023-06-28 23:01 - 000000000 ____D C:\Program Files (x86)\Zemana
2023-06-28 22:54 - 2014-02-13 23:59 - 000024064 _____ C:\Windows\zoek-delete.exe
2023-06-28 22:27 - 2023-06-28 22:51 - 000000000 ____D C:\zoek_backup
2023-06-28 16:24 - 2023-06-28 16:24 - 000002759 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2023-06-28 16:24 - 2023-06-28 16:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2023-06-28 16:24 - 2023-06-28 16:24 - 000000000 ____D C:\Program Files (x86)\Sophos
2023-06-28 16:23 - 2020-09-07 00:04 - 002038755 _____ C:\Users\David\Desktop\zoek (1).exe
2023-06-28 16:22 - 2023-06-28 16:22 - 013922376 _____ (Zemana Ltd. ) C:\Users\David\Desktop\Zemana.AntiMalware.Setup.exe
2023-06-28 07:07 - 2023-06-28 07:13 - 000001015 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2023-06-28 07:07 - 2023-06-28 07:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2023-06-28 07:07 - 2023-06-28 07:07 - 000000000 ____D C:\Program Files\RogueKiller
2023-06-27 19:01 - 2023-06-27 19:01 - 000000000 ____D C:\Users\David\AppData\Local\Malwarebytes
2023-06-27 18:57 - 2023-06-27 18:57 - 000001665 _____ C:\mmm.txt
2023-06-27 12:05 - 2023-06-27 12:05 - 000000000 ____D C:\Users\David\AppData\Local\AMD
2023-06-27 12:01 - 2023-06-27 12:01 - 008791352 _____ (Malwarebytes) C:\Users\David\Desktop\AdwCleaner.exe
2023-06-27 12:01 - 2023-06-27 12:01 - 000448512 _____ (OldTimer Tools) C:\Users\David\Desktop\TFC.exe
2023-06-27 12:01 - 2023-06-27 12:01 - 000050688 _____ (Atribune.org) C:\Users\David\Desktop\ATF-Cleaner(1).exe
2023-06-27 11:13 - 2023-06-29 06:05 - 000003112 _____ C:\Windows\system32\Tasks\AMDInstallLauncher
2023-06-25 11:36 - 2023-06-25 11:36 - 000000000 ____D C:\Users\David\Desktop\backups
2023-06-25 11:31 - 2023-06-25 11:31 - 000388608 _____ (Trend Micro Inc.) C:\Users\David\Desktop\hijackthis.exe
2023-06-21 15:20 - 2023-06-23 06:21 - 000000000 ____D C:\Program Files\Mozilla Firefox

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-06-29 06:20 - 2019-08-04 20:29 - 000047568 _____ C:\Windows\ZAM.krnl.trace
2023-06-29 06:19 - 2019-08-09 19:52 - 000000000 ____D C:\FRST
2023-06-29 06:17 - 2022-02-08 18:48 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-06-29 06:15 - 2009-07-14 06:45 - 000024224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2023-06-29 06:15 - 2009-07-14 06:45 - 000024224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2023-06-29 06:07 - 2022-10-15 09:01 - 000003356 _____ C:\Windows\system32\Tasks\CCleanerCrashReporting
2023-06-29 06:07 - 2022-10-15 09:01 - 000000760 _____ C:\Windows\Tasks\CCleanerCrashReporting.job
2023-06-29 06:07 - 2018-07-14 20:43 - 000000000 ____D C:\Program Files\CCleaner
2023-06-29 06:05 - 2023-05-20 09:20 - 000003082 _____ C:\Windows\system32\Tasks\AMDLinkUpdate
2023-06-29 06:05 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-06-28 23:14 - 2018-06-17 12:50 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2023-06-28 22:56 - 2009-07-14 07:08 - 000032624 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2023-06-28 22:51 - 2018-06-16 19:31 - 000000000 ____D C:\Users\David
2023-06-28 07:13 - 2019-08-02 22:41 - 000000000 ____D C:\ProgramData\RogueKiller
2023-06-26 18:24 - 2023-02-12 20:12 - 000000000 ____D C:\Users\David\AppData\Roaming\vlc
2023-06-24 08:53 - 2018-06-17 21:07 - 000000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2023-06-23 06:21 - 2018-06-17 10:42 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-06-22 06:09 - 2021-09-25 09:00 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2023-06-15 21:15 - 2023-04-23 09:02 - 000003718 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-2767009719-3010479440-3224241737-1000UA{5C760954-2F23-49C2-A1B0-2852A08DEFE8}
2023-06-15 21:15 - 2023-04-23 09:02 - 000003650 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-2767009719-3010479440-3224241737-1000Core{B62F3645-F9E0-45AD-9849-132A9773D0C5}
2023-06-14 22:06 - 2018-06-17 11:07 - 000000000 ____D C:\Windows\system32\MRT
2023-06-14 22:03 - 2018-06-17 11:07 - 170078616 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2023-06-14 15:34 - 2023-01-15 20:29 - 000002180 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-06-14 15:34 - 2020-06-26 07:07 - 000002221 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-06-13 19:03 - 2020-06-26 07:06 - 000003540 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-06-13 19:03 - 2020-06-26 07:06 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-06-02 13:10 - 2018-06-17 21:07 - 000000000 ____D C:\Users\David\AppData\Local\Roblox

==================== Files in the root of some directories ========

2021-09-23 09:02 - 2021-10-29 18:07 - 000099384 _____ () C:\Users\David\AppData\Roaming\inst.exe
2021-09-23 09:02 - 2021-10-29 18:07 - 000007859 _____ () C:\Users\David\AppData\Roaming\pcouffin.cat
2021-09-23 09:02 - 2021-10-29 18:07 - 000001167 _____ () C:\Users\David\AppData\Roaming\pcouffin.inf
2021-09-23 09:02 - 2021-10-29 18:07 - 000082816 _____ (VSO Software) C:\Users\David\AppData\Roaming\pcouffin.sys
2019-12-25 20:21 - 2023-01-09 14:18 - 000004608 _____ () C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2019-01-30 21:43 - 2020-06-20 14:53 - 000007601 _____ () C:\Users\David\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2023-06-21 07:16
==================== End of FRST.txt ========================

Příspěvekod **jaro3** » 29 čer 2023 15:32

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CreateRestorePoint:
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-2767009719-3010479440-3224241737-1000_Classes\CLSID\{7C9A348D-C321-47AC-904F-150312A5430F}\InprocServer32 -> C:\Users\David\AppData\Local\Microsoft\EdgeUpdate\1.3.175.27\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2767009719-3010479440-3224241737-1000_Classes\CLSID\{B29F5F83-90DF-479A-BDE7-8A9F4412E394}\InprocServer32 -> C:\Users\David\AppData\Local\Microsoft\EdgeUpdate\1.3.171.39\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2767009719-3010479440-3224241737-1000_Classes\CLSID\{F1CBF5EB-347F-4E4C-90AC-E43339FC34EC}\InprocServer32 -> C:\Users\David\AppData\Local\Microsoft\EdgeUpdate\1.3.173.55\psuser_64.dll => No File
ContextMenuHandlers1: [WinRAR] -> [CC]{B41DB860-64E4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers1: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers6: [WinRAR] -> [CC]{B41DB860-64E4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers6: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
AlternateDataStreams: C:\desktop.ini:CachedTiles [476]
AlternateDataStreams: C:\Users\David\Data aplikací:6699d3ee8dd9cf775caae782c8f44f03 [394]
AlternateDataStreams: C:\Users\David\AppData\Roaming:6699d3ee8dd9cf775caae782c8f44f03 [394]
AlternateDataStreams: C:\Users\Public\AppData:CSM [470]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [482]
FirewallRules: [TCP Query User{56D46C50-316F-4790-A12E-24DC6C675AAA}C:\users\david\appdata\roaming\.tlauncher\jvms\jre1.8.0_51\bin\javaw.exe] => (Allow) C:\users\david\appdata\roaming\.tlauncher\jvms\jre1.8.0_51\bin\javaw.exe => No File
FirewallRules: [UDP Query User{CD52B290-B735-4180-A00C-02869007608C}C:\users\david\appdata\roaming\.tlauncher\jvms\jre1.8.0_51\bin\javaw.exe] => (Allow) C:\users\david\appdata\roaming\.tlauncher\jvms\jre1.8.0_51\bin\javaw.exe => No File
FirewallRules: [TCP Query User{C7FABEB1-6176-4B92-BD0F-0095CE443CF4}C:\users\david\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\users\david\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe => No File
FirewallRules: [UDP Query User{F21DA227-BCAC-4C0A-BC20-FD07CA410C5A}C:\users\david\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\users\david\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe => No File
Task: {2D028B93-EE31-4F13-9A79-ADAD3CFF5642} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (No File)
Task: {49DF9ECD-16F6-4D3A-92FA-24BE9E6B8F7C} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe (No File)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
C:\Users\David\AppData\Local\JuleGame\jlgplayer\npjlgplayer3.dll [No File]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
Virustotal: C:\Windows\pss\tmpB9FB.tmp.vbs

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt

Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

Yelkinson · Příspěvekod **Yelkinson** » 29 čer 2023 16:41

Fix result of Farbar Recovery Scan Tool (x64) Version: 28-06-2023
Ran by David (29-06-2023 16:37:25) Run:2
Running from C:\Users\David\Desktop
Loaded Profiles: David
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-2767009719-3010479440-3224241737-1000_Classes\CLSID\{7C9A348D-C321-47AC-904F-150312A5430F}\InprocServer32 -> C:\Users\David\AppData\Local\Microsoft\EdgeUpdate\1.3.175.27\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2767009719-3010479440-3224241737-1000_Classes\CLSID\{B29F5F83-90DF-479A-BDE7-8A9F4412E394}\InprocServer32 -> C:\Users\David\AppData\Local\Microsoft\EdgeUpdate\1.3.171.39\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2767009719-3010479440-3224241737-1000_Classes\CLSID\{F1CBF5EB-347F-4E4C-90AC-E43339FC34EC}\InprocServer32 -> C:\Users\David\AppData\Local\Microsoft\EdgeUpdate\1.3.173.55\psuser_64.dll => No File
ContextMenuHandlers1: [WinRAR] -> [CC]{B41DB860-64E4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers1: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers6: [WinRAR] -> [CC]{B41DB860-64E4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers6: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
AlternateDataStreams: C:\desktop.ini:CachedTiles [476]
AlternateDataStreams: C:\Users\David\Data aplikac�:6699d3ee8dd9cf775caae782c8f44f03 [394]
AlternateDataStreams: C:\Users\David\AppData\Roaming:6699d3ee8dd9cf775caae782c8f44f03 [394]
AlternateDataStreams: C:\Users\Public\AppData:CSM [470]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [482]
FirewallRules: [TCP Query User{56D46C50-316F-4790-A12E-24DC6C675AAA}C:\users\david\appdata\roaming\.tlauncher\jvms\jre1.8.0_51\bin\javaw.exe] => (Allow) C:\users\david\appdata\roaming\.tlauncher\jvms\jre1.8.0_51\bin\javaw.exe => No File
FirewallRules: [UDP Query User{CD52B290-B735-4180-A00C-02869007608C}C:\users\david\appdata\roaming\.tlauncher\jvms\jre1.8.0_51\bin\javaw.exe] => (Allow) C:\users\david\appdata\roaming\.tlauncher\jvms\jre1.8.0_51\bin\javaw.exe => No File
FirewallRules: [TCP Query User{C7FABEB1-6176-4B92-BD0F-0095CE443CF4}C:\users\david\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\users\david\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe => No File
FirewallRules: [UDP Query User{F21DA227-BCAC-4C0A-BC20-FD07CA410C5A}C:\users\david\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\users\david\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe => No File
Task: {2D028B93-EE31-4F13-9A79-ADAD3CFF5642} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (No File)
Task: {49DF9ECD-16F6-4D3A-92FA-24BE9E6B8F7C} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe (No File)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
C:\Users\David\AppData\Local\JuleGame\jlgplayer\npjlgplayer3.dll [No File]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
Virustotal: C:\Windows\pss\tmpB9FB.tmp.vbs

EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-2767009719-3010479440-3224241737-1000_Classes\CLSID\{7C9A348D-C321-47AC-904F-150312A5430F} => removed successfully
HKU\S-1-5-21-2767009719-3010479440-3224241737-1000_Classes\CLSID\{B29F5F83-90DF-479A-BDE7-8A9F4412E394} => removed successfully
HKU\S-1-5-21-2767009719-3010479440-3224241737-1000_Classes\CLSID\{F1CBF5EB-347F-4E4C-90AC-E43339FC34EC} => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32 => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32 => removed successfully
C:\desktop.ini => ":CachedTiles" ADS removed successfully
"C:\Users\David\Data aplikac�" => ":6699d3ee8dd9cf775caae782c8f44f03" ADS not found.
C:\Users\David\AppData\Roaming => ":6699d3ee8dd9cf775caae782c8f44f03" ADS removed successfully
C:\Users\Public\AppData => ":CSM" ADS removed successfully
C:\Users\Public\Shared Files => ":VersionCache" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{56D46C50-316F-4790-A12E-24DC6C675AAA}C:\users\david\appdata\roaming\.tlauncher\jvms\jre1.8.0_51\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{CD52B290-B735-4180-A00C-02869007608C}C:\users\david\appdata\roaming\.tlauncher\jvms\jre1.8.0_51\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C7FABEB1-6176-4B92-BD0F-0095CE443CF4}C:\users\david\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F21DA227-BCAC-4C0A-BC20-FD07CA410C5A}C:\users\david\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{2D028B93-EE31-4F13-9A79-ADAD3CFF5642}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D028B93-EE31-4F13-9A79-ADAD3CFF5642}" => removed successfully
C:\Windows\System32\Tasks\Avast Emergency Update => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Emergency Update" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{49DF9ECD-16F6-4D3A-92FA-24BE9E6B8F7C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49DF9ECD-16F6-4D3A-92FA-24BE9E6B8F7C}" => removed successfully
C:\Windows\System32\Tasks\ASUS\ASUS Product Register Service => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS\ASUS Product Register Service" => removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
"C:\Users\David\AppData\Local\JuleGame\jlgplayer\npjlgplayer3.dll [No File]" => not found
HKLM\System\CurrentControlSet\Services\xhunter1 => removed successfully
xhunter1 => service removed successfully
"VirusTotal: C:\Windows\pss\tmpB9FB.tmp.vbs" => not found

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6281485 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 240278606 B
Windows/system/drivers => 53 B
Edge => 0 B
Firefox => 1119114231 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 128 B
NetworkService => 128 B
David => 534820 B

RecycleBin => 0 B
EmptyTemp: => 1.3 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 16:38:18 ====

po restartu pc už nic nevyskakuje tak snad už to bude ok.

Příspěvekod **jaro3** » 29 čer 2023 17:27

Podívej se ještě, zda tam není tento soubor ( V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému) :
"VirusTotal: C:\Windows\pss\tmpB9FB.tmp.vbs" => not found

Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Kdo je online