Kde je FRST.txt?
Další zítra.
Prosím o kontrolu Vyřešeno
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43248
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
Re: Prosím o kontrolu
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
Luk4579
- Level 1.5
- Příspěvky: 104
- Registrován: červen 23
- Pohlaví:
Re: Prosím o kontrolu
=======
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.257.463.0_x64__zpdnekdrzrea0\Spotify.exe <6>
(C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe ->) (NVIDIA Corporation -> ) C:\Program Files\NVIDIA Corporation\FrameViewSDK\bin\PresentMon_x64.exe
(C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\FrameViewSDK\FvContainer\FvContainer.exe
(C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\FrameViewSDK\FvContainer\FvContainer.System.exe
(C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe ->) (NVIDIA Corporation -> NVIDIA) C:\Program Files\NVIDIA Corporation\FrameViewSDK\bin\nvrla.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA app\CEF\NVIDIA Overlay.exe <5>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA app\ShadowPlay\nvsphelper64.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_525.1301.30.0_x64__cw5n1h2txyewy\WidgetBoard.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\133.0.3065.69\msedgewebview2.exe <7>
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <4>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_52f3d9d461d3ba3c\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (NVIDIA Corporation -> NVIDIA) C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_2c6939fa3ca49312\RtkAudUService64.exe <2>
(services.exe ->) (Samsung Electronics Co., Ltd. -> Clonix & CottonCandy) C:\Program Files (x86)\Samsung\Samsung Magician\MigrationService\MigrationService.exe
(services.exe ->) (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagicianSVC.exe
(sihost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.25012.50.0_x64__cw5n1h2txyewy\CrossDeviceService.exe
(svchost.exe ->) (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> ) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.257.463.0_x64__zpdnekdrzrea0\SpotifyWidgetProvider.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.StartExperiencesApp_1.1.235.0_x64__8wekyb3d8bbwe\MicrosoftStartFeedProvider\MicrosoftStartFeedProvider.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_525.1301.30.0_x64__cw5n1h2txyewy\WidgetBoard.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
(svchost.exe ->) (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe <4>
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_2c6939fa3ca49312\RtkAudUService64.exe [2117576 2024-06-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKU\S-1-5-21-3977676359-3934739732-2708753334-1001\...\Run: [MicrosoftEdgeAutoLaunch_C2A946453535DAC8E26670192D3842C0] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4088384 2025-02-14] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3977676359-3934739732-2708753334-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [65536 2024-12-15] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\133.0.6943.99\Installer\chrmstp.exe [2025-02-18] (Google LLC -> Google LLC)
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {DF5A2D87-49B6-4036-A051-D9FB10946B3D} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem134.0.6985.0{0BAFE448-88A8-489F-B467-C065CAFB40D6} => C:\Program Files (x86)\Google\GoogleUpdater\134.0.6985.0\updater.exe [5672544 2025-01-28] (Google LLC -> Google LLC)
Task: {C7319FAF-8876-4157-9F5D-ACD985EE033F} - System32\Tasks\GPU Tweak III => C:\Program Files (x86)\ASUS\GPUTweakIII\GPU Tweak III.exe (No File)
Task: {D3C405D4-2F75-4704-A637-C1A65E86C96A} - System32\Tasks\Meta\Messenger-WSP-Helper-S-1-5-21-3977676359-3934739732-2708753334-1001 => MessengerHelper.exe --lassie (No File)
Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (No File)
Task: {C22F5D84-F312-4AC5-A515-FA47E86FE492} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UIEOrchestrator => C:\WINDOWS\system32\UIEOrchestrator.exe [336816 2025-02-07] (Microsoft Windows -> )
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {0E016C64-F80A-423B-8A13-A15F9CBDCA1F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BEF96994-B434-4470-B502-C4DBB5313820} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {931CF19B-24EE-4C18-8049-C20B6B652156} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F759511E-6CAF-4D9A-AAEC-AC9077CDE345} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {485AB705-6F0D-4DED-BA22-4013B5DBC903} - System32\Tasks\NVIDIA app SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA app\CEF\NVIDIA app.exe [3287080 2025-01-25] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7CFDF13D-32DA-434C-8799-01EE2C9F4441} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [140405056 2024-08-23] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) -> C:\Program Files (x86)\Samsung\Samsung Magician\\--disable-gpu-sandbox /AUTOHIDE
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{214b9125-adac-432d-b91c-929e6ab591a3}: [DhcpNameServer] 192.168.1.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\lukin\AppData\Local\Microsoft\Edge\User Data\Default [2025-02-19]
Edge Notifications: Default -> hxxps://www.messenger.com
Edge HomePage: Default -> hxxps://www.google.cz/
Edge StartupUrls: Default -> "hxxp://www.google.cz/?hl=cs"
Edge Extension: (Dokumenty Google offline) - C:\Users\lukin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-02-13]
Edge Extension: (Edge relevant text changes) - C:\Users\lukin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-09-23]
Edge HKU\S-1-5-21-3977676359-3934739732-2708753334-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [kagpabjoboikccfdghpdlaaopmgpgfdc]
Chrome:
=======
CHR Profile: C:\Users\lukin\AppData\Local\Google\Chrome\User Data\Default [2025-02-19]
CHR Notifications: Default -> hxxps://www.facebook.com
CHR HomePage: Default -> hxxps://www.google.cz/
CHR StartupUrls: Default -> "hxxp://www.google.cz/?hl=cs"
CHR Session Restore: Default -> is enabled.
CHR Extension: (Dokumenty Google offline) - C:\Users\lukin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-02-07]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\lukin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-09-23]
CHR HKU\S-1-5-21-3977676359-3934739732-2708753334-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ljglajjnnkapghbckkcmodicjhacbfhk]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AsusUpdateCheck; C:\WINDOWS\System32\AsusUpdateCheck.exe [845256 2025-02-19] (ASUSTeK Computer Inc. -> )
R2 CMigrationService; C:\Program Files (x86)\Samsung\Samsung Magician\MigrationService\MigrationService.exe [763200 2024-08-23] (Samsung Electronics Co., Ltd. -> Clonix & CottonCandy)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934352 2023-08-02] (Epic Games Inc. -> Epic Games, Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9483456 2025-02-17] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [2788304 2025-02-17] (Malwarebytes Inc. -> Malwarebytes)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe [1447680 2024-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_52f3d9d461d3ba3c\Display.NvContainer\NVDisplay.Container.exe [1275008 2025-02-12] (NVIDIA Corporation -> NVIDIA Corporation)
S2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [15926936 2025-02-14] (Adlice (Julien Ascoet) -> )
R2 SamsungMagicianSVC; C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagicianSVC.exe [460096 2024-08-23] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [559304 2024-12-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe [3199672 2024-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe [141952 2024-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 amdgpio3; C:\WINDOWS\System32\drivers\amdgpio3.sys [27920 2024-03-26] (ASMedia Technology Inc. -> Advanced Micro Devices, Inc)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [573440 2024-12-15] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [204800 2024-12-15] (Microsoft Corporation) [File not signed]
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2025-02-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239568 2025-02-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 rt68cx21; C:\WINDOWS\System32\DriverStore\FileRepository\rt68cx21x64.inf_amd64_2708e69601f40462\rt68cx21x64.sys [831448 2024-07-10] (Realtek Semiconductor Corp. -> Realtek)
S3 rtcx21; C:\WINDOWS\System32\DriverStore\FileRepository\rtcx21x64.inf_amd64_feec7a9662e785f0\rtcx21x64.sys [539648 2024-03-28] (Microsoft Windows -> Realtek)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [22104 2024-11-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [606624 2024-11-08] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105888 2024-11-08] (Microsoft Windows -> Microsoft Corporation)
S3 HWiNFO_202; \??\C:\Users\lukin\AppData\Local\Temp\HWiNFO_x64_202.sys [X] <==== ATTENTION
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-02-19 23:08 - 2025-02-19 23:08 - 000015168 _____ C:\Users\lukin\Downloads\FRST.txt
2025-02-19 23:08 - 2025-02-19 23:08 - 000000000 ____D C:\FRST
2025-02-19 23:07 - 2025-02-19 23:07 - 002403840 _____ (Farbar) C:\Users\lukin\Downloads\FRST64.exe
2025-02-19 05:37 - 2025-02-19 05:37 - 000677108 _____ C:\WINDOWS\system32\perfh005.dat
2025-02-19 05:37 - 2025-02-19 05:37 - 000144960 _____ C:\WINDOWS\system32\perfc005.dat
2025-02-18 23:44 - 2025-02-18 23:45 - 000000000 ____D C:\ProgramData\RogueKiller
2025-02-18 23:44 - 2025-02-18 23:44 - 000000913 _____ C:\Users\Public\Desktop\Adlice Protect.lnk
2025-02-18 23:44 - 2025-02-18 23:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2025-02-18 23:44 - 2025-02-18 23:44 - 000000000 ____D C:\Program Files\RogueKiller
2025-02-18 23:43 - 2025-02-18 23:43 - 051457024 _____ (Adlice Software ) C:\Users\lukin\Downloads\RogueKiller_setup.exe
2025-02-18 23:31 - 2025-02-18 23:31 - 000000877 _____ C:\Users\lukin\Desktop\JRT.txt
2025-02-18 23:28 - 2025-02-18 23:28 - 001790024 _____ (Malwarebytes) C:\Users\lukin\Downloads\JRT.exe
2025-02-18 01:54 - 2025-02-18 01:54 - 000001054 _____ C:\Users\Public\Desktop\WinRAR.lnk
2025-02-18 01:54 - 2025-02-18 01:54 - 000000000 ____D C:\Users\lukin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2025-02-18 01:54 - 2025-02-18 01:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2025-02-18 01:54 - 2025-02-18 01:54 - 000000000 ____D C:\Program Files\WinRAR
2025-02-18 01:49 - 2025-02-18 01:49 - 000001223 _____ C:\Users\lukin\Downloads\Malwarebytes Scan Report 2025-02-18 003711.txt
2025-02-18 00:34 - 2025-02-19 05:32 - 000000000 ____D C:\Users\lukin\AppData\Local\Malwarebytes
2025-02-18 00:34 - 2025-02-18 00:34 - 000002107 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2025-02-18 00:34 - 2025-02-18 00:34 - 000002095 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2025-02-18 00:33 - 2025-02-18 00:33 - 000000000 ____D C:\ProgramData\Malwarebytes
2025-02-18 00:33 - 2025-02-18 00:33 - 000000000 ____D C:\Program Files\Malwarebytes
2025-02-18 00:30 - 2025-02-18 00:30 - 000000000 ____D C:\AdwCleaner
2025-02-18 00:25 - 2025-02-18 00:25 - 000000000 ____D C:\Users\lukin\Downloads\HiJackThis
2025-02-16 00:30 - 2025-02-16 00:30 - 018582416 _____ (Martin Malik, REALiX s.r.o. ) C:\Users\lukin\Downloads\hwi64_820.exe
2025-02-14 00:31 - 2025-02-14 00:31 - 000000000 ____D C:\WINDOWS\Panther
2025-02-13 22:40 - 2025-02-13 22:40 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2025-02-13 22:38 - 2025-02-12 19:48 - 002072432 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2025-02-13 22:38 - 2025-02-12 19:48 - 002072432 _____ C:\WINDOWS\system32\vulkaninfo.exe
2025-02-13 22:38 - 2025-02-12 19:48 - 001614200 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2025-02-13 22:38 - 2025-02-12 19:48 - 001614200 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2025-02-13 22:38 - 2025-02-12 19:48 - 001576848 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2025-02-13 22:38 - 2025-02-12 19:48 - 001576848 _____ C:\WINDOWS\system32\vulkan-1.dll
2025-02-13 22:38 - 2025-02-12 19:48 - 001389968 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2025-02-13 22:38 - 2025-02-12 19:48 - 001389968 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2025-02-13 22:38 - 2025-02-12 19:48 - 000477816 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2025-02-13 22:38 - 2025-02-12 19:48 - 000374400 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2025-02-13 22:38 - 2025-02-12 19:44 - 001563768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2025-02-13 22:38 - 2025-02-12 19:44 - 001215632 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2025-02-13 22:38 - 2025-02-12 19:44 - 001183384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2025-02-13 22:38 - 2025-02-12 19:44 - 000670352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvofapi64.dll
2025-02-13 22:38 - 2025-02-12 19:44 - 000506024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvofapi.dll
2025-02-13 22:38 - 2025-02-12 19:43 - 025643128 _____ C:\WINDOWS\system32\nvidia-pcc.exe
2025-02-13 22:38 - 2025-02-12 19:43 - 002194064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2025-02-13 22:38 - 2025-02-12 19:43 - 001641640 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2025-02-13 22:38 - 2025-02-12 19:43 - 001046192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2025-02-13 22:38 - 2025-02-12 19:43 - 000903296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2025-02-13 22:38 - 2025-02-12 19:43 - 000804528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2025-02-13 22:38 - 2025-02-12 19:42 - 019903640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2025-02-13 22:38 - 2025-02-12 19:42 - 019328656 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2025-02-13 22:38 - 2025-02-12 19:42 - 007225008 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2025-02-13 22:38 - 2025-02-12 19:42 - 005500056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcudadebugger.dll
2025-02-13 22:38 - 2025-02-12 19:42 - 003944624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2025-02-13 22:38 - 2025-02-12 19:42 - 000462456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2025-02-13 22:38 - 2025-02-12 19:41 - 005913744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2025-02-13 22:38 - 2025-02-12 19:41 - 000853680 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2025-02-13 22:38 - 2025-02-12 19:40 - 005551224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2025-02-13 22:38 - 2025-02-12 19:40 - 004857504 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2025-02-13 22:38 - 2025-02-12 13:05 - 000137640 _____ C:\WINDOWS\system32\nvinfo.pb
2025-02-13 22:38 - 2025-02-12 13:05 - 000125048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2025-02-12 10:39 - 2025-02-19 07:31 - 000000000 ____D C:\WINDOWS\CbsTemp
2025-02-07 21:20 - 2025-02-07 21:20 - 000027617 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2025-02-07 21:20 - 2025-02-07 21:20 - 000027617 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-02-19 23:05 - 2024-12-15 21:35 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2025-02-19 23:05 - 2024-04-01 08:26 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-02-19 05:59 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\SystemTemp
2025-02-19 05:37 - 2024-12-15 21:39 - 001603798 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2025-02-19 05:37 - 2024-04-01 08:24 - 000000000 ____D C:\WINDOWS\INF
2025-02-19 05:31 - 2024-10-07 18:58 - 000000000 ____D C:\Users\lukin\AppData\Roaming\Samsung Magician
2025-02-19 05:30 - 2024-12-15 21:36 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2025-02-19 05:30 - 2024-12-15 21:35 - 000005986 _____ C:\WINDOWS\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2
2025-02-19 05:30 - 2024-09-23 17:05 - 000000000 ____D C:\ProgramData\NVIDIA
2025-02-19 05:30 - 2024-09-23 13:25 - 000901328 _____ () C:\WINDOWS\system32\wpbbin.exe
2025-02-19 05:30 - 2024-09-23 13:25 - 000845256 _____ C:\WINDOWS\system32\AsusUpdateCheck.exe
2025-02-19 05:30 - 2024-09-23 13:25 - 000012288 ___SH C:\DumpStack.log.tmp
2025-02-19 03:41 - 2024-04-01 08:21 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2025-02-19 01:57 - 2024-04-01 08:26 - 000000000 ___HD C:\Program Files\WindowsApps
2025-02-19 01:57 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\AppReadiness
2025-02-18 23:48 - 2024-09-23 13:53 - 000000000 ____D C:\Users\lukin\AppData\Local\D3DSCache
2025-02-18 23:19 - 2024-09-23 16:33 - 000002261 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2025-02-18 23:19 - 2024-09-23 16:33 - 000002220 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2025-02-18 01:54 - 2024-09-23 13:51 - 000000000 ____D C:\Users\lukin\AppData\Local\Packages
2025-02-18 01:54 - 2024-09-23 13:27 - 000000000 ____D C:\ProgramData\Packages
2025-02-18 00:34 - 2024-04-01 08:26 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2025-02-17 00:03 - 2024-11-18 21:08 - 228619312 _____ (OCCT) C:\Users\lukin\Downloads\OCCT.exe
2025-02-17 00:02 - 2024-09-23 17:07 - 000000000 ____D C:\Users\lukin\AppData\Local\NVIDIA
2025-02-16 23:46 - 2024-09-23 13:26 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-02-16 23:46 - 2024-09-23 13:26 - 000002288 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2025-02-16 00:31 - 2024-09-23 17:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO® 64
2025-02-16 00:31 - 2024-09-23 17:26 - 000000000 ____D C:\Program Files\HWiNFO64
2025-02-14 00:31 - 2024-12-15 21:14 - 000000000 ____D C:\Users\lukin
2025-02-13 22:40 - 2024-09-23 17:06 - 000000000 ____D C:\Users\lukin\AppData\LocalLow\NVIDIA
2025-02-13 22:40 - 2024-09-23 17:05 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2025-02-13 22:40 - 2024-04-01 08:26 - 000000000 ___SD C:\WINDOWS\system32\lxss
2025-02-13 22:36 - 2024-12-15 21:36 - 000003834 _____ C:\WINDOWS\system32\Tasks\NVIDIA app SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2025-02-13 22:36 - 2024-11-18 20:30 - 000001448 _____ C:\Users\Public\Desktop\NVIDIA.lnk
2025-02-13 22:36 - 2024-09-23 17:07 - 000000000 ____D C:\Users\lukin\AppData\Local\NVIDIA Corporation
2025-02-13 22:36 - 2024-09-23 17:06 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2025-02-12 11:11 - 2024-04-01 08:26 - 000000000 ____D C:\ProgramData\USOPrivate
2025-02-12 10:56 - 2024-12-15 21:35 - 000297256 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2025-02-12 10:55 - 2024-04-01 08:26 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2025-02-12 10:55 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\SystemResources
2025-02-12 10:55 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2025-02-12 10:55 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\bcastdvr
2025-02-12 10:33 - 2024-09-23 13:54 - 209365816 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2025-02-12 10:33 - 2024-09-23 13:54 - 000000000 ____D C:\WINDOWS\system32\MRT
2025-02-07 21:26 - 2024-04-01 17:30 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ___SD C:\WINDOWS\system32\UNP
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\UUS
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\system32\oobe
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\system32\migwiz
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\system32\Dism
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\system32\DDFs
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\system32\appraiser
2025-02-07 21:25 - 2024-04-01 17:31 - 000000000 ____D C:\WINDOWS\InboxApps
2025-02-07 21:25 - 2024-04-01 17:31 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2025-02-07 21:25 - 2024-04-01 17:31 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2025-02-07 21:25 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\ShellExperiences
2025-02-07 21:25 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\ShellComponents
2025-02-07 21:25 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2025-02-07 21:25 - 2024-04-01 08:26 - 000000000 ____D C:\Program Files\Common Files\System
2025-02-07 21:25 - 2024-04-01 08:21 - 000000000 ____D C:\WINDOWS\servicing
2025-02-07 21:20 - 2024-12-15 21:35 - 003334656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2025-01-25 13:25 - 2024-11-18 20:30 - 003108904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2025-01-25 13:25 - 2024-11-18 20:30 - 002398760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2025-01-25 13:25 - 2024-09-23 17:07 - 000271912 _____ C:\WINDOWS\system32\FvSDK_x64.dll
2025-01-25 13:25 - 2024-09-23 17:07 - 000245800 _____ C:\WINDOWS\SysWOW64\FvSDK_x86.dll
2025-01-25 13:05 - 2024-09-23 17:07 - 000180760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2025-01-25 13:05 - 2024-09-23 17:07 - 000159768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2025-01-25 13:05 - 2024-09-23 17:07 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.257.463.0_x64__zpdnekdrzrea0\Spotify.exe <6>
(C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe ->) (NVIDIA Corporation -> ) C:\Program Files\NVIDIA Corporation\FrameViewSDK\bin\PresentMon_x64.exe
(C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\FrameViewSDK\FvContainer\FvContainer.exe
(C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\FrameViewSDK\FvContainer\FvContainer.System.exe
(C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe ->) (NVIDIA Corporation -> NVIDIA) C:\Program Files\NVIDIA Corporation\FrameViewSDK\bin\nvrla.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA app\CEF\NVIDIA Overlay.exe <5>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA app\ShadowPlay\nvsphelper64.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_525.1301.30.0_x64__cw5n1h2txyewy\WidgetBoard.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\133.0.3065.69\msedgewebview2.exe <7>
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <4>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_52f3d9d461d3ba3c\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (NVIDIA Corporation -> NVIDIA) C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_2c6939fa3ca49312\RtkAudUService64.exe <2>
(services.exe ->) (Samsung Electronics Co., Ltd. -> Clonix & CottonCandy) C:\Program Files (x86)\Samsung\Samsung Magician\MigrationService\MigrationService.exe
(services.exe ->) (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagicianSVC.exe
(sihost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.25012.50.0_x64__cw5n1h2txyewy\CrossDeviceService.exe
(svchost.exe ->) (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> ) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.257.463.0_x64__zpdnekdrzrea0\SpotifyWidgetProvider.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.StartExperiencesApp_1.1.235.0_x64__8wekyb3d8bbwe\MicrosoftStartFeedProvider\MicrosoftStartFeedProvider.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_525.1301.30.0_x64__cw5n1h2txyewy\WidgetBoard.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
(svchost.exe ->) (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe <4>
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_2c6939fa3ca49312\RtkAudUService64.exe [2117576 2024-06-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKU\S-1-5-21-3977676359-3934739732-2708753334-1001\...\Run: [MicrosoftEdgeAutoLaunch_C2A946453535DAC8E26670192D3842C0] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4088384 2025-02-14] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3977676359-3934739732-2708753334-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [65536 2024-12-15] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\133.0.6943.99\Installer\chrmstp.exe [2025-02-18] (Google LLC -> Google LLC)
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {DF5A2D87-49B6-4036-A051-D9FB10946B3D} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem134.0.6985.0{0BAFE448-88A8-489F-B467-C065CAFB40D6} => C:\Program Files (x86)\Google\GoogleUpdater\134.0.6985.0\updater.exe [5672544 2025-01-28] (Google LLC -> Google LLC)
Task: {C7319FAF-8876-4157-9F5D-ACD985EE033F} - System32\Tasks\GPU Tweak III => C:\Program Files (x86)\ASUS\GPUTweakIII\GPU Tweak III.exe (No File)
Task: {D3C405D4-2F75-4704-A637-C1A65E86C96A} - System32\Tasks\Meta\Messenger-WSP-Helper-S-1-5-21-3977676359-3934739732-2708753334-1001 => MessengerHelper.exe --lassie (No File)
Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (No File)
Task: {C22F5D84-F312-4AC5-A515-FA47E86FE492} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UIEOrchestrator => C:\WINDOWS\system32\UIEOrchestrator.exe [336816 2025-02-07] (Microsoft Windows -> )
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {0E016C64-F80A-423B-8A13-A15F9CBDCA1F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BEF96994-B434-4470-B502-C4DBB5313820} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {931CF19B-24EE-4C18-8049-C20B6B652156} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F759511E-6CAF-4D9A-AAEC-AC9077CDE345} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {485AB705-6F0D-4DED-BA22-4013B5DBC903} - System32\Tasks\NVIDIA app SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA app\CEF\NVIDIA app.exe [3287080 2025-01-25] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7CFDF13D-32DA-434C-8799-01EE2C9F4441} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [140405056 2024-08-23] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) -> C:\Program Files (x86)\Samsung\Samsung Magician\\--disable-gpu-sandbox /AUTOHIDE
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{214b9125-adac-432d-b91c-929e6ab591a3}: [DhcpNameServer] 192.168.1.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\lukin\AppData\Local\Microsoft\Edge\User Data\Default [2025-02-19]
Edge Notifications: Default -> hxxps://www.messenger.com
Edge HomePage: Default -> hxxps://www.google.cz/
Edge StartupUrls: Default -> "hxxp://www.google.cz/?hl=cs"
Edge Extension: (Dokumenty Google offline) - C:\Users\lukin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-02-13]
Edge Extension: (Edge relevant text changes) - C:\Users\lukin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-09-23]
Edge HKU\S-1-5-21-3977676359-3934739732-2708753334-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [kagpabjoboikccfdghpdlaaopmgpgfdc]
Chrome:
=======
CHR Profile: C:\Users\lukin\AppData\Local\Google\Chrome\User Data\Default [2025-02-19]
CHR Notifications: Default -> hxxps://www.facebook.com
CHR HomePage: Default -> hxxps://www.google.cz/
CHR StartupUrls: Default -> "hxxp://www.google.cz/?hl=cs"
CHR Session Restore: Default -> is enabled.
CHR Extension: (Dokumenty Google offline) - C:\Users\lukin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-02-07]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\lukin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-09-23]
CHR HKU\S-1-5-21-3977676359-3934739732-2708753334-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ljglajjnnkapghbckkcmodicjhacbfhk]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AsusUpdateCheck; C:\WINDOWS\System32\AsusUpdateCheck.exe [845256 2025-02-19] (ASUSTeK Computer Inc. -> )
R2 CMigrationService; C:\Program Files (x86)\Samsung\Samsung Magician\MigrationService\MigrationService.exe [763200 2024-08-23] (Samsung Electronics Co., Ltd. -> Clonix & CottonCandy)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934352 2023-08-02] (Epic Games Inc. -> Epic Games, Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9483456 2025-02-17] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [2788304 2025-02-17] (Malwarebytes Inc. -> Malwarebytes)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe [1447680 2024-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_52f3d9d461d3ba3c\Display.NvContainer\NVDisplay.Container.exe [1275008 2025-02-12] (NVIDIA Corporation -> NVIDIA Corporation)
S2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [15926936 2025-02-14] (Adlice (Julien Ascoet) -> )
R2 SamsungMagicianSVC; C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagicianSVC.exe [460096 2024-08-23] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [559304 2024-12-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe [3199672 2024-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe [141952 2024-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 amdgpio3; C:\WINDOWS\System32\drivers\amdgpio3.sys [27920 2024-03-26] (ASMedia Technology Inc. -> Advanced Micro Devices, Inc)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [573440 2024-12-15] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [204800 2024-12-15] (Microsoft Corporation) [File not signed]
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2025-02-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239568 2025-02-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 rt68cx21; C:\WINDOWS\System32\DriverStore\FileRepository\rt68cx21x64.inf_amd64_2708e69601f40462\rt68cx21x64.sys [831448 2024-07-10] (Realtek Semiconductor Corp. -> Realtek)
S3 rtcx21; C:\WINDOWS\System32\DriverStore\FileRepository\rtcx21x64.inf_amd64_feec7a9662e785f0\rtcx21x64.sys [539648 2024-03-28] (Microsoft Windows -> Realtek)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [22104 2024-11-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [606624 2024-11-08] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105888 2024-11-08] (Microsoft Windows -> Microsoft Corporation)
S3 HWiNFO_202; \??\C:\Users\lukin\AppData\Local\Temp\HWiNFO_x64_202.sys [X] <==== ATTENTION
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-02-19 23:08 - 2025-02-19 23:08 - 000015168 _____ C:\Users\lukin\Downloads\FRST.txt
2025-02-19 23:08 - 2025-02-19 23:08 - 000000000 ____D C:\FRST
2025-02-19 23:07 - 2025-02-19 23:07 - 002403840 _____ (Farbar) C:\Users\lukin\Downloads\FRST64.exe
2025-02-19 05:37 - 2025-02-19 05:37 - 000677108 _____ C:\WINDOWS\system32\perfh005.dat
2025-02-19 05:37 - 2025-02-19 05:37 - 000144960 _____ C:\WINDOWS\system32\perfc005.dat
2025-02-18 23:44 - 2025-02-18 23:45 - 000000000 ____D C:\ProgramData\RogueKiller
2025-02-18 23:44 - 2025-02-18 23:44 - 000000913 _____ C:\Users\Public\Desktop\Adlice Protect.lnk
2025-02-18 23:44 - 2025-02-18 23:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2025-02-18 23:44 - 2025-02-18 23:44 - 000000000 ____D C:\Program Files\RogueKiller
2025-02-18 23:43 - 2025-02-18 23:43 - 051457024 _____ (Adlice Software ) C:\Users\lukin\Downloads\RogueKiller_setup.exe
2025-02-18 23:31 - 2025-02-18 23:31 - 000000877 _____ C:\Users\lukin\Desktop\JRT.txt
2025-02-18 23:28 - 2025-02-18 23:28 - 001790024 _____ (Malwarebytes) C:\Users\lukin\Downloads\JRT.exe
2025-02-18 01:54 - 2025-02-18 01:54 - 000001054 _____ C:\Users\Public\Desktop\WinRAR.lnk
2025-02-18 01:54 - 2025-02-18 01:54 - 000000000 ____D C:\Users\lukin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2025-02-18 01:54 - 2025-02-18 01:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2025-02-18 01:54 - 2025-02-18 01:54 - 000000000 ____D C:\Program Files\WinRAR
2025-02-18 01:49 - 2025-02-18 01:49 - 000001223 _____ C:\Users\lukin\Downloads\Malwarebytes Scan Report 2025-02-18 003711.txt
2025-02-18 00:34 - 2025-02-19 05:32 - 000000000 ____D C:\Users\lukin\AppData\Local\Malwarebytes
2025-02-18 00:34 - 2025-02-18 00:34 - 000002107 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2025-02-18 00:34 - 2025-02-18 00:34 - 000002095 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2025-02-18 00:33 - 2025-02-18 00:33 - 000000000 ____D C:\ProgramData\Malwarebytes
2025-02-18 00:33 - 2025-02-18 00:33 - 000000000 ____D C:\Program Files\Malwarebytes
2025-02-18 00:30 - 2025-02-18 00:30 - 000000000 ____D C:\AdwCleaner
2025-02-18 00:25 - 2025-02-18 00:25 - 000000000 ____D C:\Users\lukin\Downloads\HiJackThis
2025-02-16 00:30 - 2025-02-16 00:30 - 018582416 _____ (Martin Malik, REALiX s.r.o. ) C:\Users\lukin\Downloads\hwi64_820.exe
2025-02-14 00:31 - 2025-02-14 00:31 - 000000000 ____D C:\WINDOWS\Panther
2025-02-13 22:40 - 2025-02-13 22:40 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2025-02-13 22:38 - 2025-02-12 19:48 - 002072432 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2025-02-13 22:38 - 2025-02-12 19:48 - 002072432 _____ C:\WINDOWS\system32\vulkaninfo.exe
2025-02-13 22:38 - 2025-02-12 19:48 - 001614200 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2025-02-13 22:38 - 2025-02-12 19:48 - 001614200 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2025-02-13 22:38 - 2025-02-12 19:48 - 001576848 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2025-02-13 22:38 - 2025-02-12 19:48 - 001576848 _____ C:\WINDOWS\system32\vulkan-1.dll
2025-02-13 22:38 - 2025-02-12 19:48 - 001389968 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2025-02-13 22:38 - 2025-02-12 19:48 - 001389968 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2025-02-13 22:38 - 2025-02-12 19:48 - 000477816 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2025-02-13 22:38 - 2025-02-12 19:48 - 000374400 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2025-02-13 22:38 - 2025-02-12 19:44 - 001563768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2025-02-13 22:38 - 2025-02-12 19:44 - 001215632 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2025-02-13 22:38 - 2025-02-12 19:44 - 001183384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2025-02-13 22:38 - 2025-02-12 19:44 - 000670352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvofapi64.dll
2025-02-13 22:38 - 2025-02-12 19:44 - 000506024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvofapi.dll
2025-02-13 22:38 - 2025-02-12 19:43 - 025643128 _____ C:\WINDOWS\system32\nvidia-pcc.exe
2025-02-13 22:38 - 2025-02-12 19:43 - 002194064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2025-02-13 22:38 - 2025-02-12 19:43 - 001641640 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2025-02-13 22:38 - 2025-02-12 19:43 - 001046192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2025-02-13 22:38 - 2025-02-12 19:43 - 000903296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2025-02-13 22:38 - 2025-02-12 19:43 - 000804528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2025-02-13 22:38 - 2025-02-12 19:42 - 019903640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2025-02-13 22:38 - 2025-02-12 19:42 - 019328656 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2025-02-13 22:38 - 2025-02-12 19:42 - 007225008 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2025-02-13 22:38 - 2025-02-12 19:42 - 005500056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcudadebugger.dll
2025-02-13 22:38 - 2025-02-12 19:42 - 003944624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2025-02-13 22:38 - 2025-02-12 19:42 - 000462456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2025-02-13 22:38 - 2025-02-12 19:41 - 005913744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2025-02-13 22:38 - 2025-02-12 19:41 - 000853680 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2025-02-13 22:38 - 2025-02-12 19:40 - 005551224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2025-02-13 22:38 - 2025-02-12 19:40 - 004857504 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2025-02-13 22:38 - 2025-02-12 13:05 - 000137640 _____ C:\WINDOWS\system32\nvinfo.pb
2025-02-13 22:38 - 2025-02-12 13:05 - 000125048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2025-02-12 10:39 - 2025-02-19 07:31 - 000000000 ____D C:\WINDOWS\CbsTemp
2025-02-07 21:20 - 2025-02-07 21:20 - 000027617 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2025-02-07 21:20 - 2025-02-07 21:20 - 000027617 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-02-19 23:05 - 2024-12-15 21:35 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2025-02-19 23:05 - 2024-04-01 08:26 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-02-19 05:59 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\SystemTemp
2025-02-19 05:37 - 2024-12-15 21:39 - 001603798 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2025-02-19 05:37 - 2024-04-01 08:24 - 000000000 ____D C:\WINDOWS\INF
2025-02-19 05:31 - 2024-10-07 18:58 - 000000000 ____D C:\Users\lukin\AppData\Roaming\Samsung Magician
2025-02-19 05:30 - 2024-12-15 21:36 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2025-02-19 05:30 - 2024-12-15 21:35 - 000005986 _____ C:\WINDOWS\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2
2025-02-19 05:30 - 2024-09-23 17:05 - 000000000 ____D C:\ProgramData\NVIDIA
2025-02-19 05:30 - 2024-09-23 13:25 - 000901328 _____ () C:\WINDOWS\system32\wpbbin.exe
2025-02-19 05:30 - 2024-09-23 13:25 - 000845256 _____ C:\WINDOWS\system32\AsusUpdateCheck.exe
2025-02-19 05:30 - 2024-09-23 13:25 - 000012288 ___SH C:\DumpStack.log.tmp
2025-02-19 03:41 - 2024-04-01 08:21 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2025-02-19 01:57 - 2024-04-01 08:26 - 000000000 ___HD C:\Program Files\WindowsApps
2025-02-19 01:57 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\AppReadiness
2025-02-18 23:48 - 2024-09-23 13:53 - 000000000 ____D C:\Users\lukin\AppData\Local\D3DSCache
2025-02-18 23:19 - 2024-09-23 16:33 - 000002261 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2025-02-18 23:19 - 2024-09-23 16:33 - 000002220 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2025-02-18 01:54 - 2024-09-23 13:51 - 000000000 ____D C:\Users\lukin\AppData\Local\Packages
2025-02-18 01:54 - 2024-09-23 13:27 - 000000000 ____D C:\ProgramData\Packages
2025-02-18 00:34 - 2024-04-01 08:26 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2025-02-17 00:03 - 2024-11-18 21:08 - 228619312 _____ (OCCT) C:\Users\lukin\Downloads\OCCT.exe
2025-02-17 00:02 - 2024-09-23 17:07 - 000000000 ____D C:\Users\lukin\AppData\Local\NVIDIA
2025-02-16 23:46 - 2024-09-23 13:26 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-02-16 23:46 - 2024-09-23 13:26 - 000002288 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2025-02-16 00:31 - 2024-09-23 17:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO® 64
2025-02-16 00:31 - 2024-09-23 17:26 - 000000000 ____D C:\Program Files\HWiNFO64
2025-02-14 00:31 - 2024-12-15 21:14 - 000000000 ____D C:\Users\lukin
2025-02-13 22:40 - 2024-09-23 17:06 - 000000000 ____D C:\Users\lukin\AppData\LocalLow\NVIDIA
2025-02-13 22:40 - 2024-09-23 17:05 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2025-02-13 22:40 - 2024-04-01 08:26 - 000000000 ___SD C:\WINDOWS\system32\lxss
2025-02-13 22:36 - 2024-12-15 21:36 - 000003834 _____ C:\WINDOWS\system32\Tasks\NVIDIA app SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2025-02-13 22:36 - 2024-11-18 20:30 - 000001448 _____ C:\Users\Public\Desktop\NVIDIA.lnk
2025-02-13 22:36 - 2024-09-23 17:07 - 000000000 ____D C:\Users\lukin\AppData\Local\NVIDIA Corporation
2025-02-13 22:36 - 2024-09-23 17:06 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2025-02-12 11:11 - 2024-04-01 08:26 - 000000000 ____D C:\ProgramData\USOPrivate
2025-02-12 10:56 - 2024-12-15 21:35 - 000297256 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2025-02-12 10:55 - 2024-04-01 08:26 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2025-02-12 10:55 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\SystemResources
2025-02-12 10:55 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2025-02-12 10:55 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\bcastdvr
2025-02-12 10:33 - 2024-09-23 13:54 - 209365816 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2025-02-12 10:33 - 2024-09-23 13:54 - 000000000 ____D C:\WINDOWS\system32\MRT
2025-02-07 21:26 - 2024-04-01 17:30 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ___SD C:\WINDOWS\system32\UNP
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\UUS
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\system32\oobe
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\system32\migwiz
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\system32\Dism
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\system32\DDFs
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\system32\appraiser
2025-02-07 21:25 - 2024-04-01 17:31 - 000000000 ____D C:\WINDOWS\InboxApps
2025-02-07 21:25 - 2024-04-01 17:31 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2025-02-07 21:25 - 2024-04-01 17:31 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2025-02-07 21:25 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\ShellExperiences
2025-02-07 21:25 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\ShellComponents
2025-02-07 21:25 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2025-02-07 21:25 - 2024-04-01 08:26 - 000000000 ____D C:\Program Files\Common Files\System
2025-02-07 21:25 - 2024-04-01 08:21 - 000000000 ____D C:\WINDOWS\servicing
2025-02-07 21:20 - 2024-12-15 21:35 - 003334656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2025-01-25 13:25 - 2024-11-18 20:30 - 003108904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2025-01-25 13:25 - 2024-11-18 20:30 - 002398760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2025-01-25 13:25 - 2024-09-23 17:07 - 000271912 _____ C:\WINDOWS\system32\FvSDK_x64.dll
2025-01-25 13:25 - 2024-09-23 17:07 - 000245800 _____ C:\WINDOWS\SysWOW64\FvSDK_x86.dll
2025-01-25 13:05 - 2024-09-23 17:07 - 000180760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2025-01-25 13:05 - 2024-09-23 17:07 - 000159768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2025-01-25 13:05 - 2024-09-23 17:07 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43248
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
Re: Prosím o kontrolu
Potřebuji to celé! Se začátkem Farbar Recovery Scan Tools.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
Luk4579
- Level 1.5
- Příspěvky: 104
- Registrován: červen 23
- Pohlaví:
Re: Prosím o kontrolu
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-02-2025
Ran by lukin (19-02-2025 23:09:32)
Running from C:\Users\lukin\Downloads
Microsoft Windows 11 Pro Version 24H2 26100.3194 (X64) (2024-12-15 20:36:58)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-3977676359-3934739732-2708753334-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3977676359-3934739732-2708753334-503 - Limited - Disabled)
Guest (S-1-5-21-3977676359-3934739732-2708753334-501 - Limited - Disabled)
lukin (S-1-5-21-3977676359-3934739732-2708753334-1001 - Administrator - Enabled) => C:\Users\lukin
WDAGUtilityAccount (S-1-5-21-3977676359-3934739732-2708753334-504 - Limited - Disabled)
WsiAccount (S-1-5-21-3977676359-3934739732-2708753334-1002 - Limited - Disabled) => C:\Users\WsiAccount
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adlice Protect version 16.0.3.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 16.0.3.0 - Adlice Software)
AMD GPIO2 Driver (HKLM-x32\...\{E9DD399F-21A3-479E-A7DF-D6CF4B2ADBF3}) (Version: 2.2.0.133 - Advanced Micro Devices, Inc.) Hidden
AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 6.05.16.221 - Advanced Micro Devices, Inc.)
AMD I2C Driver (HKLM-x32\...\{B31D92D9-2914-46B0-9738-F668A563DE73}) (Version: 1.2.0.124 - Advanced Micro Devices, Inc.) Hidden
AMD PCI Driver (HKLM-x32\...\{80EC3CEE-2940-42A1-A776-B5D810D39F1E}) (Version: 1.0.0.90 - Advanced Micro Devices, Inc.) Hidden
AMD PSP Driver (HKLM-x32\...\{988F14B8-79A8-475D-BAC7-83F96AD3D821}) (Version: 5.27.0.0 - Advanced Micro Devices, Inc.) Hidden
AMD Ryzen Balanced Driver (HKLM-x32\...\{A171D320-C42C-4F3B-A2D8-C6A09F6788CC}) (Version: 8.0.0.13 - Advanced Micro Devices, Inc.) Hidden
AMD SBxxx SMBus Driver (HKLM-x32\...\{AAE0E27D-C88A-49BA-8715-77ADCD4286A3}) (Version: 5.12.0.44 - Advanced Micro Devices, Inc.) Hidden
AMD_Chipset_Drivers (HKLM-x32\...\{1ee7f179-da35-4723-a064-99a2a93c80be}) (Version: 6.05.16.221 - Advanced Micro Devices, Inc.) Hidden
Aplikace NVIDIA 11.0.2.312 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NvApp) (Version: 11.0.2.312 - NVIDIA Corporation)
CrystalDiskInfo 9.4.4 (HKLM\...\CrystalDiskInfo_is1) (Version: 9.4.4 - Crystal Dew World)
CrystalDiskMark 8.0.5 (HKLM\...\CrystalDiskMark8_is1) (Version: 8.0.5 - Crystal Dew World)
Epic Games Launcher (HKLM-x32\...\{B85FAA6E-A9AA-4655-9029-E1A4EDC05E1A}) (Version: 1.3.93.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{57A956AB-4BCC-45C6-9B40-957E4E125568}) (Version: 2.0.44.0 - Epic Games, Inc.)
Google Earth Pro (HKLM\...\{AE3261A9-F9D9-4410-BB38-7FA1D6B54BDE}) (Version: 7.3.6.10201 - Google)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 133.0.6943.99 - Google LLC)
HWiNFO® 64 (HKLM\...\HWiNFO® 64_is1) (Version: 8.20 - Martin Malik, REALiX s.r.o.)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 5.2.6.163 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.2.6.163 - Malwarebytes)
Messenger (HKU\S-1-5-21-3977676359-3934739732-2708753334-1001\...\0a93669aced325d6c1991ebd989628f4) (Version: 1.0 - Messenger)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 133.0.3065.69 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 133.0.3065.69 - Microsoft Corporation) Hidden
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.40.33810 (HKLM-x32\...\{5af95fd8-a22e-458f-acee-c61bd787178e}) (Version: 14.40.33810.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.40.33810 (HKLM-x32\...\{47109d57-d746-4f8b-9618-ed6a17cc922b}) (Version: 14.40.33810.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.40.33810 (HKLM\...\{59CED48F-EBFE-480C-8A38-FC079C2BEC0F}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.40.33810 (HKLM\...\{B8B3BB4A-A10D-4F51-91B7-A64FFAC31EA7}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.40.33810 (HKLM-x32\...\{5EA6C998-D5AC-4ED9-89C3-9F25B17CCD3D}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.40.33810 (HKLM-x32\...\{0C3457A0-3DCE-4A33-BEF0-9B528C557771}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
NVIDIA FrameView SDK 1.5.10819.35301613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.5.10819.35301613 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.4.3.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.4.3.2 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 572.42 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 572.42 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.23.1019 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.23.1019 - NVIDIA Corporation)
Promontory_GPIO Driver (HKLM-x32\...\{B5512BCC-F4CD-4159-86A4-B2AD7D38FFA9}) (Version: 3.0.1.0 - Advanced Micro Devices, Inc.) Hidden
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9700.1 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 11.19.0704.2024 - Realtek)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 8.2.0.880 - Samsung Electronics)
Speedtest by Ookla (HKLM\...\{49DC746F-BFC1-41CC-B5B1-AE3721829A3A}) (Version: 1.13.194.001 - Ookla)
WinRAR 7.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 7.01.0 - win.rar GmbH)
Packages:
=========
Bending Light PREMIUM -> C:\Program Files\WindowsApps\Microsoft.BendingLightPREMIUM_1.0.0.0_neutral__8wekyb3d8bbwe [2024-12-21] (Microsoft Corporation)
Color Explosion -> C:\Program Files\WindowsApps\Microsoft.ColorExplosion_1.0.0.0_neutral__8wekyb3d8bbwe [2024-10-10] (Microsoft Corporation)
Fish and Corals -> C:\Program Files\WindowsApps\Microsoft.FishandCorals_1.0.0.0_neutral__8wekyb3d8bbwe [2024-10-07] (Microsoft Corporation)
London Architecture by Imran Mirza -> C:\Program Files\WindowsApps\Microsoft.LondonArchitecturebyImranMirza_1.0.0.0_neutral__8wekyb3d8bbwe [2024-10-04] (Microsoft Corporation)
Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_2250.0.0.0_x64__8xx8rvfyw5nnt [2024-12-09] (Meta)
Microsoft.StartExperiencesApp -> C:\Program Files\WindowsApps\Microsoft.StartExperiencesApp_1.1.235.0_x64__8wekyb3d8bbwe [2025-01-28] (Microsoft Corporation)
Nightfall Camo Special Edition -> C:\Program Files\WindowsApps\Microsoft.37199B0E2AC7E_1.0.0.0_neutral__8wekyb3d8bbwe [2024-10-10] (Microsoft Corporation)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.967.0_x64__56jybvy8sckqj [2025-01-11] (NVIDIA Corp.)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.51.339.0_x64__dt26b99r8h8gj [2024-09-24] (Realtek Semiconductor Corp)
Spiraling Fractals PREMIUM -> C:\Program Files\WindowsApps\Microsoft.SpiralingFractalsPREMIUM_1.0.0.0_neutral__8wekyb3d8bbwe [2024-10-04] (Microsoft Corporation)
SpotifyAB.SpotifyMusic -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.257.463.0_x64__zpdnekdrzrea0 [2025-02-12] (Spotify AB) [Startup Task]
WinRAR -> C:\Program Files\WinRAR [2025-02-18] (win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3977676359-3934739732-2708753334-1001_Classes\CLSID\{23B3E3D8-C162-4A8B-AB0C-0905DCB1DF19}\InprocServer32 -> C:\Users\lukin\AppData\Local\Packages\Microsoft.PowerAutomateDesktop_8wekyb3d8bbwe\TempState\RDP\DVCPlugin\x64\Microsoft.Flow.RPA.Desktop.UIAutomation.RDP.DVC.Plugin.dll (Microsoft Corporation -> )
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-02-17] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_52f3d9d461d3ba3c\nvshext.dll [2025-02-12] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-02-17] (Malwarebytes Inc. -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2024-10-07 18:58 - 2024-08-23 20:06 - 002574336 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung Magician\ffmpeg.dll
2024-10-07 18:58 - 2024-08-23 20:06 - 000379392 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung Magician\libegl.dll
2024-10-07 18:58 - 2024-08-23 20:06 - 006585344 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung Magician\libglesv2.dll
2024-10-07 18:58 - 2024-08-23 20:05 - 000143360 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung Magician\resources\app\dist\magutils-napi.node
2024-10-07 18:58 - 2024-08-23 20:05 - 000087040 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung Magician\resources\app\dist\magvibrancy-napi.node
2024-10-07 18:58 - 2024-08-23 20:05 - 000646656 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung Magician\resources\app\dist\uimpewrapper-napi.node
2024-10-07 18:58 - 2024-08-23 20:06 - 004512256 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung Magician\vk_swiftshader.dll
2024-10-07 18:58 - 2024-08-23 20:06 - 000815104 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung Magician\vulkan-1.dll
2025-02-13 22:36 - 2025-02-13 22:36 - 000000000 ____L (NVIDIA Corporation) [symlink -> C:\Program Files\NVIDIA Corporation\NVIDIA app\CEF\PlugIns\NVIDIA app\MessageBusRouter.dll] C:\Program Files\NVIDIA Corporation\NVIDIA App\CEF\PlugIns\NVIDIA Overlay\MessageBusRouter.dll
2024-11-18 20:30 - 2025-02-13 22:36 - 000000000 ____L (NVIDIA Corporation) [symlink -> C:\Program Files\NVIDIA Corporation\NVIDIA app\MessageBus\NvMessageBusBroadcast.dll] C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\NvMessageBusBroadcast.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) =============
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2022-05-07 06:24 - 2022-05-07 06:22 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3977676359-3934739732-2708753334-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\lukin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-3977676359-3934739732-2708753334-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
Network Binding:
=============
Ethernet: Realtek PCIe GbE Family Controller -> rt68cx21x64.sys
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKU\S-1-5-21-3977676359-3934739732-2708753334-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_C2A946453535DAC8E26670192D3842C0"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{6632D829-91FE-498F-AE5E-681FA728F5F4}D:\riseofthetombraider\rottr.exe] => (Block) D:\riseofthetombraider\rottr.exe (Square Enix LTD -> Eidos Inc.)
FirewallRules: [TCP Query User{947C2DEE-0074-42E5-BAD2-DBA2AC2CE189}D:\riseofthetombraider\rottr.exe] => (Block) D:\riseofthetombraider\rottr.exe (Square Enix LTD -> Eidos Inc.)
FirewallRules: [UDP Query User{BB296308-368E-4170-9736-70967D79388D}C:\program files (x86)\asus\gputweakiii\gt3 mobile service.exe] => (Block) C:\program files (x86)\asus\gputweakiii\gt3 mobile service.exe => No File
FirewallRules: [TCP Query User{4D482A87-EF1D-4BA3-A3D1-C67F83233F18}C:\program files (x86)\asus\gputweakiii\gt3 mobile service.exe] => (Block) C:\program files (x86)\asus\gputweakiii\gt3 mobile service.exe => No File
FirewallRules: [{3ABB5109-AD0E-447B-BFD3-7C5919B1B656}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24295.605.3225.8804_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4D699AE6-07B8-4488-87C9-4B1BE36E9ADB}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24295.605.3225.8804_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{73F80E3D-26A0-49EA-875D-213C0B8092CE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.257.463.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{BEFCAE88-FFF0-46DB-8D6E-4936294C180C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.257.463.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{EB1FB811-0F42-498D-8C84-5A3C7B870E98}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.257.463.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{C91036E2-D6B7-4598-A9A1-BFBD4DA67E01}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.257.463.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{B996B346-81A7-4645-BA1B-0E8CE6A64FFF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.257.463.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{89B01185-0575-4B58-A24C-E77D42C8D7D3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.257.463.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{189D6BCA-3705-4191-B607-22AA9EC8427A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.257.463.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{2D42552C-0F88-4D7F-AA51-3F0B2A277B65}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.257.463.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{C45E07FF-8D96-4BD2-A41B-4700A687E86B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.257.463.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{7CA03C37-5FC1-4A9F-B560-ED55AD8BFCE2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.257.463.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{3FCD9F35-8CA2-4DF7-A8EC-C279C9BAAF3B}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\133.0.3065.69\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3A77D3C9-3CC2-466B-9E1B-C0459491F78D}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
14-02-2025 00:28:23 Windows Update
18-02-2025 23:30:15 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (02/19/2025 05:31:00 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\LUKAS$ přes https://AMD-KeyId-52fb59e29aa83a962fb9e ... s/Aik/scep se nepovedla:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Wed, 19 Feb 2025 04:30:54 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: d7324ea0-f4dd-4cab-98eb-a409b707d8c5
Metoda: GET(265ms)
Fáze: GetCACaps
Nenalezeno (404) 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (02/19/2025 05:31:00 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro Místní systém přes https://AMD-KeyId-52fb59e29aa83a962fb9e ... s/Aik/scep se nepovedla:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Wed, 19 Feb 2025 04:30:53 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 7bfb5d14-41a2-4013-84c9-6f6522fb80a2
Metoda: GET(281ms)
Fáze: GetCACaps
Nenalezeno (404) 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (02/19/2025 05:31:00 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\LUKAS$ přes https://AMD-KeyId-52fb59e29aa83a962fb9e ... s/Aik/scep se nepovedla:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Wed, 19 Feb 2025 04:30:53 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 8c7ddc32-73d2-4449-9cc7-4851179979a1
Metoda: GET(328ms)
Fáze: GetCACaps
Nenalezeno (404) 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (02/19/2025 02:27:06 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\LUKAS$ přes https://AMD-KeyId-52fb59e29aa83a962fb9e ... s/Aik/scep se nepovedla:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Wed, 19 Feb 2025 01:26:59 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: a06ec246-1fcb-4b11-8b21-3df313986999
Metoda: GET(312ms)
Fáze: GetCACaps
Nenalezeno (404) 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (02/18/2025 11:56:10 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\LUKAS$ přes https://AMD-KeyId-52fb59e29aa83a962fb9e ... s/Aik/scep se nepovedla:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Tue, 18 Feb 2025 22:56:03 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 5dc55221-833b-4224-955f-5bccf18d3973
Metoda: GET(281ms)
Fáze: GetCACaps
Nenalezeno (404) 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (02/18/2025 11:56:10 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro Místní systém přes https://AMD-KeyId-52fb59e29aa83a962fb9e ... s/Aik/scep se nepovedla:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Tue, 18 Feb 2025 22:56:02 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: adda81bb-706c-4db3-92e5-e7903638fe79
Metoda: GET(313ms)
Fáze: GetCACaps
Nenalezeno (404) 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (02/18/2025 11:56:10 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\LUKAS$ přes https://AMD-KeyId-52fb59e29aa83a962fb9e ... s/Aik/scep se nepovedla:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Tue, 18 Feb 2025 22:56:02 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: f384e48a-d817-4edb-932f-2735f427d79c
Metoda: GET(313ms)
Fáze: GetCACaps
Nenalezeno (404) 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (02/18/2025 11:27:05 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro Místní systém přes https://AMD-KeyId-52fb59e29aa83a962fb9e ... s/Aik/scep se nepovedla:
GetCACaps
Metoda: GET(31ms)
Fáze: GetCACaps
Nelze rozpoznat název nebo adresu serveru. 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)
System errors:
=============
Error: (02/19/2025 11:05:46 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error (-2147020471 = Zabezpečené spouštění není v tomto počítači zapnuto.). For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931
Error: (02/19/2025 05:35:52 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error (-2147020471 = Zabezpečené spouštění není v tomto počítači zapnuto.). For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931
Error: (02/19/2025 12:00:57 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error (-2147020471 = Zabezpečené spouštění není v tomto počítači zapnuto.). For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931
Error: (02/18/2025 11:31:58 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error (-2147020471 = Zabezpečené spouštění není v tomto počítači zapnuto.). For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931
Error: (02/18/2025 11:30:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Realtek Audio Universal Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.
Error: (02/18/2025 11:30:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA LocalSystem Container byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 6000 milisekund: Restartovat službu.
Error: (02/18/2025 11:30:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA Display Container LS byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 6000 milisekund: Restartovat službu.
Error: (02/18/2025 11:24:17 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error (-2147020471 = Zabezpečené spouštění není v tomto počítači zapnuto.). For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931
Windows Defender:
================
Date: 2025-02-18 00:04:58
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {6D5B9719-8596-4510-8C43-41C2B0892076}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2025-02-15 02:17:42
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {21B3FA49-E37C-478C-8A8D-5B434527655E}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2025-02-12 10:38:51
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {C5977E8A-5F38-48AB-8F9D-5DC700A6A40C}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2025-02-09 09:20:52
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {1ED5F336-7454-4D72-AADE-E8E4D7AA41C6}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2025-01-13 00:11:21
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {F4842DC2-5A4F-4A6D-8ACA-80DA2941B162}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Event[0]
Date: 2025-02-07 21:12:28
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.421.1569.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.24090.11
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.
Date: 2025-02-07 21:12:28
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.421.1569.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.24090.11
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.
Date: 2025-02-07 21:12:28
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.421.1569.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.24090.11
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.
Date: 2025-02-07 21:12:28
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.421.1569.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.24090.11
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.
Date: 2025-02-07 21:12:28
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.421.1569.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.24090.11
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.
CodeIntegrity:
===============
Date: 2025-02-18 01:41:17
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Windows signing level requirements.
Date: 2025-02-18 01:37:11
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends Inc. 3611 09/29/2024
Motherboard: ASUSTeK COMPUTER INC. PRIME B550-PLUS
Processor: AMD Ryzen 7 5700G with Radeon Graphics
Percentage of memory in use: 17%
Total physical RAM: 32563.54 MB
Available physical RAM: 26926.82 MB
Total Virtual: 34611.54 MB
Available Virtual: 27881.82 MB
==================== Drives ================================
Drive c: (LUKÁŠ - SYSTÉM) (Fixed) (Total:232.02 GB) (Free:164.66 GB) (Model: Samsung SSD 860 EVO 250GB) NTFS
Drive d: (LUKÁŠ -DATA) (Fixed) (Total:465.75 GB) (Free:429.7 GB) (Model: WDC WD5000AZLX-60K2TA0) NTFS
\\?\Volume{07df9653-f4de-4055-b590-9fffa046b12d}\ () (Fixed) (Total:0.75 GB) (Free:0.22 GB) NTFS
\\?\Volume{68259ca7-cfab-48d2-be6b-e62d150399dd}\ () (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Protective MBR) (Size: 232.9 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 1 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt =======================
Ran by lukin (19-02-2025 23:09:32)
Running from C:\Users\lukin\Downloads
Microsoft Windows 11 Pro Version 24H2 26100.3194 (X64) (2024-12-15 20:36:58)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-3977676359-3934739732-2708753334-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3977676359-3934739732-2708753334-503 - Limited - Disabled)
Guest (S-1-5-21-3977676359-3934739732-2708753334-501 - Limited - Disabled)
lukin (S-1-5-21-3977676359-3934739732-2708753334-1001 - Administrator - Enabled) => C:\Users\lukin
WDAGUtilityAccount (S-1-5-21-3977676359-3934739732-2708753334-504 - Limited - Disabled)
WsiAccount (S-1-5-21-3977676359-3934739732-2708753334-1002 - Limited - Disabled) => C:\Users\WsiAccount
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adlice Protect version 16.0.3.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 16.0.3.0 - Adlice Software)
AMD GPIO2 Driver (HKLM-x32\...\{E9DD399F-21A3-479E-A7DF-D6CF4B2ADBF3}) (Version: 2.2.0.133 - Advanced Micro Devices, Inc.) Hidden
AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 6.05.16.221 - Advanced Micro Devices, Inc.)
AMD I2C Driver (HKLM-x32\...\{B31D92D9-2914-46B0-9738-F668A563DE73}) (Version: 1.2.0.124 - Advanced Micro Devices, Inc.) Hidden
AMD PCI Driver (HKLM-x32\...\{80EC3CEE-2940-42A1-A776-B5D810D39F1E}) (Version: 1.0.0.90 - Advanced Micro Devices, Inc.) Hidden
AMD PSP Driver (HKLM-x32\...\{988F14B8-79A8-475D-BAC7-83F96AD3D821}) (Version: 5.27.0.0 - Advanced Micro Devices, Inc.) Hidden
AMD Ryzen Balanced Driver (HKLM-x32\...\{A171D320-C42C-4F3B-A2D8-C6A09F6788CC}) (Version: 8.0.0.13 - Advanced Micro Devices, Inc.) Hidden
AMD SBxxx SMBus Driver (HKLM-x32\...\{AAE0E27D-C88A-49BA-8715-77ADCD4286A3}) (Version: 5.12.0.44 - Advanced Micro Devices, Inc.) Hidden
AMD_Chipset_Drivers (HKLM-x32\...\{1ee7f179-da35-4723-a064-99a2a93c80be}) (Version: 6.05.16.221 - Advanced Micro Devices, Inc.) Hidden
Aplikace NVIDIA 11.0.2.312 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NvApp) (Version: 11.0.2.312 - NVIDIA Corporation)
CrystalDiskInfo 9.4.4 (HKLM\...\CrystalDiskInfo_is1) (Version: 9.4.4 - Crystal Dew World)
CrystalDiskMark 8.0.5 (HKLM\...\CrystalDiskMark8_is1) (Version: 8.0.5 - Crystal Dew World)
Epic Games Launcher (HKLM-x32\...\{B85FAA6E-A9AA-4655-9029-E1A4EDC05E1A}) (Version: 1.3.93.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{57A956AB-4BCC-45C6-9B40-957E4E125568}) (Version: 2.0.44.0 - Epic Games, Inc.)
Google Earth Pro (HKLM\...\{AE3261A9-F9D9-4410-BB38-7FA1D6B54BDE}) (Version: 7.3.6.10201 - Google)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 133.0.6943.99 - Google LLC)
HWiNFO® 64 (HKLM\...\HWiNFO® 64_is1) (Version: 8.20 - Martin Malik, REALiX s.r.o.)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 5.2.6.163 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.2.6.163 - Malwarebytes)
Messenger (HKU\S-1-5-21-3977676359-3934739732-2708753334-1001\...\0a93669aced325d6c1991ebd989628f4) (Version: 1.0 - Messenger)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 133.0.3065.69 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 133.0.3065.69 - Microsoft Corporation) Hidden
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.40.33810 (HKLM-x32\...\{5af95fd8-a22e-458f-acee-c61bd787178e}) (Version: 14.40.33810.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.40.33810 (HKLM-x32\...\{47109d57-d746-4f8b-9618-ed6a17cc922b}) (Version: 14.40.33810.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.40.33810 (HKLM\...\{59CED48F-EBFE-480C-8A38-FC079C2BEC0F}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.40.33810 (HKLM\...\{B8B3BB4A-A10D-4F51-91B7-A64FFAC31EA7}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.40.33810 (HKLM-x32\...\{5EA6C998-D5AC-4ED9-89C3-9F25B17CCD3D}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.40.33810 (HKLM-x32\...\{0C3457A0-3DCE-4A33-BEF0-9B528C557771}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
NVIDIA FrameView SDK 1.5.10819.35301613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.5.10819.35301613 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.4.3.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.4.3.2 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 572.42 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 572.42 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.23.1019 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.23.1019 - NVIDIA Corporation)
Promontory_GPIO Driver (HKLM-x32\...\{B5512BCC-F4CD-4159-86A4-B2AD7D38FFA9}) (Version: 3.0.1.0 - Advanced Micro Devices, Inc.) Hidden
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9700.1 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 11.19.0704.2024 - Realtek)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 8.2.0.880 - Samsung Electronics)
Speedtest by Ookla (HKLM\...\{49DC746F-BFC1-41CC-B5B1-AE3721829A3A}) (Version: 1.13.194.001 - Ookla)
WinRAR 7.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 7.01.0 - win.rar GmbH)
Packages:
=========
Bending Light PREMIUM -> C:\Program Files\WindowsApps\Microsoft.BendingLightPREMIUM_1.0.0.0_neutral__8wekyb3d8bbwe [2024-12-21] (Microsoft Corporation)
Color Explosion -> C:\Program Files\WindowsApps\Microsoft.ColorExplosion_1.0.0.0_neutral__8wekyb3d8bbwe [2024-10-10] (Microsoft Corporation)
Fish and Corals -> C:\Program Files\WindowsApps\Microsoft.FishandCorals_1.0.0.0_neutral__8wekyb3d8bbwe [2024-10-07] (Microsoft Corporation)
London Architecture by Imran Mirza -> C:\Program Files\WindowsApps\Microsoft.LondonArchitecturebyImranMirza_1.0.0.0_neutral__8wekyb3d8bbwe [2024-10-04] (Microsoft Corporation)
Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_2250.0.0.0_x64__8xx8rvfyw5nnt [2024-12-09] (Meta)
Microsoft.StartExperiencesApp -> C:\Program Files\WindowsApps\Microsoft.StartExperiencesApp_1.1.235.0_x64__8wekyb3d8bbwe [2025-01-28] (Microsoft Corporation)
Nightfall Camo Special Edition -> C:\Program Files\WindowsApps\Microsoft.37199B0E2AC7E_1.0.0.0_neutral__8wekyb3d8bbwe [2024-10-10] (Microsoft Corporation)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.967.0_x64__56jybvy8sckqj [2025-01-11] (NVIDIA Corp.)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.51.339.0_x64__dt26b99r8h8gj [2024-09-24] (Realtek Semiconductor Corp)
Spiraling Fractals PREMIUM -> C:\Program Files\WindowsApps\Microsoft.SpiralingFractalsPREMIUM_1.0.0.0_neutral__8wekyb3d8bbwe [2024-10-04] (Microsoft Corporation)
SpotifyAB.SpotifyMusic -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.257.463.0_x64__zpdnekdrzrea0 [2025-02-12] (Spotify AB) [Startup Task]
WinRAR -> C:\Program Files\WinRAR [2025-02-18] (win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3977676359-3934739732-2708753334-1001_Classes\CLSID\{23B3E3D8-C162-4A8B-AB0C-0905DCB1DF19}\InprocServer32 -> C:\Users\lukin\AppData\Local\Packages\Microsoft.PowerAutomateDesktop_8wekyb3d8bbwe\TempState\RDP\DVCPlugin\x64\Microsoft.Flow.RPA.Desktop.UIAutomation.RDP.DVC.Plugin.dll (Microsoft Corporation -> )
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-02-17] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_52f3d9d461d3ba3c\nvshext.dll [2025-02-12] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-02-17] (Malwarebytes Inc. -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2024-10-07 18:58 - 2024-08-23 20:06 - 002574336 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung Magician\ffmpeg.dll
2024-10-07 18:58 - 2024-08-23 20:06 - 000379392 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung Magician\libegl.dll
2024-10-07 18:58 - 2024-08-23 20:06 - 006585344 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung Magician\libglesv2.dll
2024-10-07 18:58 - 2024-08-23 20:05 - 000143360 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung Magician\resources\app\dist\magutils-napi.node
2024-10-07 18:58 - 2024-08-23 20:05 - 000087040 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung Magician\resources\app\dist\magvibrancy-napi.node
2024-10-07 18:58 - 2024-08-23 20:05 - 000646656 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung Magician\resources\app\dist\uimpewrapper-napi.node
2024-10-07 18:58 - 2024-08-23 20:06 - 004512256 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung Magician\vk_swiftshader.dll
2024-10-07 18:58 - 2024-08-23 20:06 - 000815104 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung Magician\vulkan-1.dll
2025-02-13 22:36 - 2025-02-13 22:36 - 000000000 ____L (NVIDIA Corporation) [symlink -> C:\Program Files\NVIDIA Corporation\NVIDIA app\CEF\PlugIns\NVIDIA app\MessageBusRouter.dll] C:\Program Files\NVIDIA Corporation\NVIDIA App\CEF\PlugIns\NVIDIA Overlay\MessageBusRouter.dll
2024-11-18 20:30 - 2025-02-13 22:36 - 000000000 ____L (NVIDIA Corporation) [symlink -> C:\Program Files\NVIDIA Corporation\NVIDIA app\MessageBus\NvMessageBusBroadcast.dll] C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\NvMessageBusBroadcast.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) =============
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2022-05-07 06:24 - 2022-05-07 06:22 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3977676359-3934739732-2708753334-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\lukin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-3977676359-3934739732-2708753334-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
Network Binding:
=============
Ethernet: Realtek PCIe GbE Family Controller -> rt68cx21x64.sys
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKU\S-1-5-21-3977676359-3934739732-2708753334-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_C2A946453535DAC8E26670192D3842C0"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{6632D829-91FE-498F-AE5E-681FA728F5F4}D:\riseofthetombraider\rottr.exe] => (Block) D:\riseofthetombraider\rottr.exe (Square Enix LTD -> Eidos Inc.)
FirewallRules: [TCP Query User{947C2DEE-0074-42E5-BAD2-DBA2AC2CE189}D:\riseofthetombraider\rottr.exe] => (Block) D:\riseofthetombraider\rottr.exe (Square Enix LTD -> Eidos Inc.)
FirewallRules: [UDP Query User{BB296308-368E-4170-9736-70967D79388D}C:\program files (x86)\asus\gputweakiii\gt3 mobile service.exe] => (Block) C:\program files (x86)\asus\gputweakiii\gt3 mobile service.exe => No File
FirewallRules: [TCP Query User{4D482A87-EF1D-4BA3-A3D1-C67F83233F18}C:\program files (x86)\asus\gputweakiii\gt3 mobile service.exe] => (Block) C:\program files (x86)\asus\gputweakiii\gt3 mobile service.exe => No File
FirewallRules: [{3ABB5109-AD0E-447B-BFD3-7C5919B1B656}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24295.605.3225.8804_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4D699AE6-07B8-4488-87C9-4B1BE36E9ADB}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24295.605.3225.8804_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{73F80E3D-26A0-49EA-875D-213C0B8092CE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.257.463.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{BEFCAE88-FFF0-46DB-8D6E-4936294C180C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.257.463.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{EB1FB811-0F42-498D-8C84-5A3C7B870E98}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.257.463.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{C91036E2-D6B7-4598-A9A1-BFBD4DA67E01}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.257.463.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{B996B346-81A7-4645-BA1B-0E8CE6A64FFF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.257.463.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{89B01185-0575-4B58-A24C-E77D42C8D7D3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.257.463.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{189D6BCA-3705-4191-B607-22AA9EC8427A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.257.463.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{2D42552C-0F88-4D7F-AA51-3F0B2A277B65}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.257.463.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{C45E07FF-8D96-4BD2-A41B-4700A687E86B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.257.463.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{7CA03C37-5FC1-4A9F-B560-ED55AD8BFCE2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.257.463.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{3FCD9F35-8CA2-4DF7-A8EC-C279C9BAAF3B}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\133.0.3065.69\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3A77D3C9-3CC2-466B-9E1B-C0459491F78D}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
14-02-2025 00:28:23 Windows Update
18-02-2025 23:30:15 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (02/19/2025 05:31:00 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\LUKAS$ přes https://AMD-KeyId-52fb59e29aa83a962fb9e ... s/Aik/scep se nepovedla:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Wed, 19 Feb 2025 04:30:54 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: d7324ea0-f4dd-4cab-98eb-a409b707d8c5
Metoda: GET(265ms)
Fáze: GetCACaps
Nenalezeno (404) 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (02/19/2025 05:31:00 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro Místní systém přes https://AMD-KeyId-52fb59e29aa83a962fb9e ... s/Aik/scep se nepovedla:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Wed, 19 Feb 2025 04:30:53 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 7bfb5d14-41a2-4013-84c9-6f6522fb80a2
Metoda: GET(281ms)
Fáze: GetCACaps
Nenalezeno (404) 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (02/19/2025 05:31:00 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\LUKAS$ přes https://AMD-KeyId-52fb59e29aa83a962fb9e ... s/Aik/scep se nepovedla:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Wed, 19 Feb 2025 04:30:53 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 8c7ddc32-73d2-4449-9cc7-4851179979a1
Metoda: GET(328ms)
Fáze: GetCACaps
Nenalezeno (404) 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (02/19/2025 02:27:06 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\LUKAS$ přes https://AMD-KeyId-52fb59e29aa83a962fb9e ... s/Aik/scep se nepovedla:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Wed, 19 Feb 2025 01:26:59 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: a06ec246-1fcb-4b11-8b21-3df313986999
Metoda: GET(312ms)
Fáze: GetCACaps
Nenalezeno (404) 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (02/18/2025 11:56:10 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\LUKAS$ přes https://AMD-KeyId-52fb59e29aa83a962fb9e ... s/Aik/scep se nepovedla:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Tue, 18 Feb 2025 22:56:03 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 5dc55221-833b-4224-955f-5bccf18d3973
Metoda: GET(281ms)
Fáze: GetCACaps
Nenalezeno (404) 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (02/18/2025 11:56:10 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro Místní systém přes https://AMD-KeyId-52fb59e29aa83a962fb9e ... s/Aik/scep se nepovedla:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Tue, 18 Feb 2025 22:56:02 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: adda81bb-706c-4db3-92e5-e7903638fe79
Metoda: GET(313ms)
Fáze: GetCACaps
Nenalezeno (404) 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (02/18/2025 11:56:10 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\LUKAS$ přes https://AMD-KeyId-52fb59e29aa83a962fb9e ... s/Aik/scep se nepovedla:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-52fb59e29aa83a962fb9eef0fe5b4811de6b751e.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Tue, 18 Feb 2025 22:56:02 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: f384e48a-d817-4edb-932f-2735f427d79c
Metoda: GET(313ms)
Fáze: GetCACaps
Nenalezeno (404) 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (02/18/2025 11:27:05 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro Místní systém přes https://AMD-KeyId-52fb59e29aa83a962fb9e ... s/Aik/scep se nepovedla:
GetCACaps
Metoda: GET(31ms)
Fáze: GetCACaps
Nelze rozpoznat název nebo adresu serveru. 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)
System errors:
=============
Error: (02/19/2025 11:05:46 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error (-2147020471 = Zabezpečené spouštění není v tomto počítači zapnuto.). For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931
Error: (02/19/2025 05:35:52 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error (-2147020471 = Zabezpečené spouštění není v tomto počítači zapnuto.). For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931
Error: (02/19/2025 12:00:57 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error (-2147020471 = Zabezpečené spouštění není v tomto počítači zapnuto.). For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931
Error: (02/18/2025 11:31:58 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error (-2147020471 = Zabezpečené spouštění není v tomto počítači zapnuto.). For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931
Error: (02/18/2025 11:30:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Realtek Audio Universal Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.
Error: (02/18/2025 11:30:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA LocalSystem Container byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 6000 milisekund: Restartovat službu.
Error: (02/18/2025 11:30:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA Display Container LS byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 6000 milisekund: Restartovat službu.
Error: (02/18/2025 11:24:17 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error (-2147020471 = Zabezpečené spouštění není v tomto počítači zapnuto.). For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931
Windows Defender:
================
Date: 2025-02-18 00:04:58
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {6D5B9719-8596-4510-8C43-41C2B0892076}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2025-02-15 02:17:42
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {21B3FA49-E37C-478C-8A8D-5B434527655E}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2025-02-12 10:38:51
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {C5977E8A-5F38-48AB-8F9D-5DC700A6A40C}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2025-02-09 09:20:52
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {1ED5F336-7454-4D72-AADE-E8E4D7AA41C6}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2025-01-13 00:11:21
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {F4842DC2-5A4F-4A6D-8ACA-80DA2941B162}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Event[0]
Date: 2025-02-07 21:12:28
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.421.1569.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.24090.11
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.
Date: 2025-02-07 21:12:28
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.421.1569.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.24090.11
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.
Date: 2025-02-07 21:12:28
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.421.1569.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.24090.11
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.
Date: 2025-02-07 21:12:28
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.421.1569.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.24090.11
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.
Date: 2025-02-07 21:12:28
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.421.1569.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.24090.11
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.
CodeIntegrity:
===============
Date: 2025-02-18 01:41:17
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Windows signing level requirements.
Date: 2025-02-18 01:37:11
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends Inc. 3611 09/29/2024
Motherboard: ASUSTeK COMPUTER INC. PRIME B550-PLUS
Processor: AMD Ryzen 7 5700G with Radeon Graphics
Percentage of memory in use: 17%
Total physical RAM: 32563.54 MB
Available physical RAM: 26926.82 MB
Total Virtual: 34611.54 MB
Available Virtual: 27881.82 MB
==================== Drives ================================
Drive c: (LUKÁŠ - SYSTÉM) (Fixed) (Total:232.02 GB) (Free:164.66 GB) (Model: Samsung SSD 860 EVO 250GB) NTFS
Drive d: (LUKÁŠ -DATA) (Fixed) (Total:465.75 GB) (Free:429.7 GB) (Model: WDC WD5000AZLX-60K2TA0) NTFS
\\?\Volume{07df9653-f4de-4055-b590-9fffa046b12d}\ () (Fixed) (Total:0.75 GB) (Free:0.22 GB) NTFS
\\?\Volume{68259ca7-cfab-48d2-be6b-e62d150399dd}\ () (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Protective MBR) (Size: 232.9 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 1 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt =======================
-
Luk4579
- Level 1.5
- Příspěvky: 104
- Registrován: červen 23
- Pohlaví:
Re: Prosím o kontrolu
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-02-2025
Ran by lukin (administrator) on LUKAS (ASUS System Product Name) (19-02-2025 23:08:25)
Running from C:\Users\lukin\Downloads\FRST64.exe
Loaded Profiles: lukin
Platform: Microsoft Windows 11 Pro Version 24H2 26100.3194 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.257.463.0_x64__zpdnekdrzrea0\Spotify.exe <6>
(C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe ->) (NVIDIA Corporation -> ) C:\Program Files\NVIDIA Corporation\FrameViewSDK\bin\PresentMon_x64.exe
(C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\FrameViewSDK\FvContainer\FvContainer.exe
(C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\FrameViewSDK\FvContainer\FvContainer.System.exe
(C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe ->) (NVIDIA Corporation -> NVIDIA) C:\Program Files\NVIDIA Corporation\FrameViewSDK\bin\nvrla.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA app\CEF\NVIDIA Overlay.exe <5>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA app\ShadowPlay\nvsphelper64.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_525.1301.30.0_x64__cw5n1h2txyewy\WidgetBoard.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\133.0.3065.69\msedgewebview2.exe <7>
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <4>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_52f3d9d461d3ba3c\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (NVIDIA Corporation -> NVIDIA) C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_2c6939fa3ca49312\RtkAudUService64.exe <2>
(services.exe ->) (Samsung Electronics Co., Ltd. -> Clonix & CottonCandy) C:\Program Files (x86)\Samsung\Samsung Magician\MigrationService\MigrationService.exe
(services.exe ->) (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagicianSVC.exe
(sihost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.25012.50.0_x64__cw5n1h2txyewy\CrossDeviceService.exe
(svchost.exe ->) (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> ) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.257.463.0_x64__zpdnekdrzrea0\SpotifyWidgetProvider.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.StartExperiencesApp_1.1.235.0_x64__8wekyb3d8bbwe\MicrosoftStartFeedProvider\MicrosoftStartFeedProvider.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_525.1301.30.0_x64__cw5n1h2txyewy\WidgetBoard.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
(svchost.exe ->) (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe <4>
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_2c6939fa3ca49312\RtkAudUService64.exe [2117576 2024-06-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKU\S-1-5-21-3977676359-3934739732-2708753334-1001\...\Run: [MicrosoftEdgeAutoLaunch_C2A946453535DAC8E26670192D3842C0] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4088384 2025-02-14] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3977676359-3934739732-2708753334-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [65536 2024-12-15] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\133.0.6943.99\Installer\chrmstp.exe [2025-02-18] (Google LLC -> Google LLC)
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {DF5A2D87-49B6-4036-A051-D9FB10946B3D} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem134.0.6985.0{0BAFE448-88A8-489F-B467-C065CAFB40D6} => C:\Program Files (x86)\Google\GoogleUpdater\134.0.6985.0\updater.exe [5672544 2025-01-28] (Google LLC -> Google LLC)
Task: {C7319FAF-8876-4157-9F5D-ACD985EE033F} - System32\Tasks\GPU Tweak III => C:\Program Files (x86)\ASUS\GPUTweakIII\GPU Tweak III.exe (No File)
Task: {D3C405D4-2F75-4704-A637-C1A65E86C96A} - System32\Tasks\Meta\Messenger-WSP-Helper-S-1-5-21-3977676359-3934739732-2708753334-1001 => MessengerHelper.exe --lassie (No File)
Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (No File)
Task: {C22F5D84-F312-4AC5-A515-FA47E86FE492} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UIEOrchestrator => C:\WINDOWS\system32\UIEOrchestrator.exe [336816 2025-02-07] (Microsoft Windows -> )
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {0E016C64-F80A-423B-8A13-A15F9CBDCA1F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BEF96994-B434-4470-B502-C4DBB5313820} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {931CF19B-24EE-4C18-8049-C20B6B652156} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F759511E-6CAF-4D9A-AAEC-AC9077CDE345} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {485AB705-6F0D-4DED-BA22-4013B5DBC903} - System32\Tasks\NVIDIA app SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA app\CEF\NVIDIA app.exe [3287080 2025-01-25] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7CFDF13D-32DA-434C-8799-01EE2C9F4441} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [140405056 2024-08-23] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) -> C:\Program Files (x86)\Samsung\Samsung Magician\\--disable-gpu-sandbox /AUTOHIDE
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{214b9125-adac-432d-b91c-929e6ab591a3}: [DhcpNameServer] 192.168.1.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\lukin\AppData\Local\Microsoft\Edge\User Data\Default [2025-02-19]
Edge Notifications: Default -> hxxps://www.messenger.com
Edge HomePage: Default -> hxxps://www.google.cz/
Edge StartupUrls: Default -> "hxxp://www.google.cz/?hl=cs"
Edge Extension: (Dokumenty Google offline) - C:\Users\lukin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-02-13]
Edge Extension: (Edge relevant text changes) - C:\Users\lukin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-09-23]
Edge HKU\S-1-5-21-3977676359-3934739732-2708753334-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [kagpabjoboikccfdghpdlaaopmgpgfdc]
Chrome:
=======
CHR Profile: C:\Users\lukin\AppData\Local\Google\Chrome\User Data\Default [2025-02-19]
CHR Notifications: Default -> hxxps://www.facebook.com
CHR HomePage: Default -> hxxps://www.google.cz/
CHR StartupUrls: Default -> "hxxp://www.google.cz/?hl=cs"
CHR Session Restore: Default -> is enabled.
CHR Extension: (Dokumenty Google offline) - C:\Users\lukin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-02-07]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\lukin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-09-23]
CHR HKU\S-1-5-21-3977676359-3934739732-2708753334-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ljglajjnnkapghbckkcmodicjhacbfhk]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AsusUpdateCheck; C:\WINDOWS\System32\AsusUpdateCheck.exe [845256 2025-02-19] (ASUSTeK Computer Inc. -> )
R2 CMigrationService; C:\Program Files (x86)\Samsung\Samsung Magician\MigrationService\MigrationService.exe [763200 2024-08-23] (Samsung Electronics Co., Ltd. -> Clonix & CottonCandy)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934352 2023-08-02] (Epic Games Inc. -> Epic Games, Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9483456 2025-02-17] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [2788304 2025-02-17] (Malwarebytes Inc. -> Malwarebytes)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe [1447680 2024-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_52f3d9d461d3ba3c\Display.NvContainer\NVDisplay.Container.exe [1275008 2025-02-12] (NVIDIA Corporation -> NVIDIA Corporation)
S2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [15926936 2025-02-14] (Adlice (Julien Ascoet) -> )
R2 SamsungMagicianSVC; C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagicianSVC.exe [460096 2024-08-23] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [559304 2024-12-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe [3199672 2024-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe [141952 2024-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 amdgpio3; C:\WINDOWS\System32\drivers\amdgpio3.sys [27920 2024-03-26] (ASMedia Technology Inc. -> Advanced Micro Devices, Inc)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [573440 2024-12-15] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [204800 2024-12-15] (Microsoft Corporation) [File not signed]
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2025-02-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239568 2025-02-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 rt68cx21; C:\WINDOWS\System32\DriverStore\FileRepository\rt68cx21x64.inf_amd64_2708e69601f40462\rt68cx21x64.sys [831448 2024-07-10] (Realtek Semiconductor Corp. -> Realtek)
S3 rtcx21; C:\WINDOWS\System32\DriverStore\FileRepository\rtcx21x64.inf_amd64_feec7a9662e785f0\rtcx21x64.sys [539648 2024-03-28] (Microsoft Windows -> Realtek)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [22104 2024-11-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [606624 2024-11-08] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105888 2024-11-08] (Microsoft Windows -> Microsoft Corporation)
S3 HWiNFO_202; \??\C:\Users\lukin\AppData\Local\Temp\HWiNFO_x64_202.sys [X] <==== ATTENTION
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-02-19 23:08 - 2025-02-19 23:08 - 000015168 _____ C:\Users\lukin\Downloads\FRST.txt
2025-02-19 23:08 - 2025-02-19 23:08 - 000000000 ____D C:\FRST
2025-02-19 23:07 - 2025-02-19 23:07 - 002403840 _____ (Farbar) C:\Users\lukin\Downloads\FRST64.exe
2025-02-19 05:37 - 2025-02-19 05:37 - 000677108 _____ C:\WINDOWS\system32\perfh005.dat
2025-02-19 05:37 - 2025-02-19 05:37 - 000144960 _____ C:\WINDOWS\system32\perfc005.dat
2025-02-18 23:44 - 2025-02-18 23:45 - 000000000 ____D C:\ProgramData\RogueKiller
2025-02-18 23:44 - 2025-02-18 23:44 - 000000913 _____ C:\Users\Public\Desktop\Adlice Protect.lnk
2025-02-18 23:44 - 2025-02-18 23:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2025-02-18 23:44 - 2025-02-18 23:44 - 000000000 ____D C:\Program Files\RogueKiller
2025-02-18 23:43 - 2025-02-18 23:43 - 051457024 _____ (Adlice Software ) C:\Users\lukin\Downloads\RogueKiller_setup.exe
2025-02-18 23:31 - 2025-02-18 23:31 - 000000877 _____ C:\Users\lukin\Desktop\JRT.txt
2025-02-18 23:28 - 2025-02-18 23:28 - 001790024 _____ (Malwarebytes) C:\Users\lukin\Downloads\JRT.exe
2025-02-18 01:54 - 2025-02-18 01:54 - 000001054 _____ C:\Users\Public\Desktop\WinRAR.lnk
2025-02-18 01:54 - 2025-02-18 01:54 - 000000000 ____D C:\Users\lukin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2025-02-18 01:54 - 2025-02-18 01:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2025-02-18 01:54 - 2025-02-18 01:54 - 000000000 ____D C:\Program Files\WinRAR
2025-02-18 01:49 - 2025-02-18 01:49 - 000001223 _____ C:\Users\lukin\Downloads\Malwarebytes Scan Report 2025-02-18 003711.txt
2025-02-18 00:34 - 2025-02-19 05:32 - 000000000 ____D C:\Users\lukin\AppData\Local\Malwarebytes
2025-02-18 00:34 - 2025-02-18 00:34 - 000002107 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2025-02-18 00:34 - 2025-02-18 00:34 - 000002095 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2025-02-18 00:33 - 2025-02-18 00:33 - 000000000 ____D C:\ProgramData\Malwarebytes
2025-02-18 00:33 - 2025-02-18 00:33 - 000000000 ____D C:\Program Files\Malwarebytes
2025-02-18 00:30 - 2025-02-18 00:30 - 000000000 ____D C:\AdwCleaner
2025-02-18 00:25 - 2025-02-18 00:25 - 000000000 ____D C:\Users\lukin\Downloads\HiJackThis
2025-02-16 00:30 - 2025-02-16 00:30 - 018582416 _____ (Martin Malik, REALiX s.r.o. ) C:\Users\lukin\Downloads\hwi64_820.exe
2025-02-14 00:31 - 2025-02-14 00:31 - 000000000 ____D C:\WINDOWS\Panther
2025-02-13 22:40 - 2025-02-13 22:40 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2025-02-13 22:38 - 2025-02-12 19:48 - 002072432 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2025-02-13 22:38 - 2025-02-12 19:48 - 002072432 _____ C:\WINDOWS\system32\vulkaninfo.exe
2025-02-13 22:38 - 2025-02-12 19:48 - 001614200 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2025-02-13 22:38 - 2025-02-12 19:48 - 001614200 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2025-02-13 22:38 - 2025-02-12 19:48 - 001576848 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2025-02-13 22:38 - 2025-02-12 19:48 - 001576848 _____ C:\WINDOWS\system32\vulkan-1.dll
2025-02-13 22:38 - 2025-02-12 19:48 - 001389968 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2025-02-13 22:38 - 2025-02-12 19:48 - 001389968 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2025-02-13 22:38 - 2025-02-12 19:48 - 000477816 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2025-02-13 22:38 - 2025-02-12 19:48 - 000374400 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2025-02-13 22:38 - 2025-02-12 19:44 - 001563768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2025-02-13 22:38 - 2025-02-12 19:44 - 001215632 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2025-02-13 22:38 - 2025-02-12 19:44 - 001183384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2025-02-13 22:38 - 2025-02-12 19:44 - 000670352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvofapi64.dll
2025-02-13 22:38 - 2025-02-12 19:44 - 000506024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvofapi.dll
2025-02-13 22:38 - 2025-02-12 19:43 - 025643128 _____ C:\WINDOWS\system32\nvidia-pcc.exe
2025-02-13 22:38 - 2025-02-12 19:43 - 002194064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2025-02-13 22:38 - 2025-02-12 19:43 - 001641640 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2025-02-13 22:38 - 2025-02-12 19:43 - 001046192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2025-02-13 22:38 - 2025-02-12 19:43 - 000903296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2025-02-13 22:38 - 2025-02-12 19:43 - 000804528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2025-02-13 22:38 - 2025-02-12 19:42 - 019903640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2025-02-13 22:38 - 2025-02-12 19:42 - 019328656 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2025-02-13 22:38 - 2025-02-12 19:42 - 007225008 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2025-02-13 22:38 - 2025-02-12 19:42 - 005500056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcudadebugger.dll
2025-02-13 22:38 - 2025-02-12 19:42 - 003944624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2025-02-13 22:38 - 2025-02-12 19:42 - 000462456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2025-02-13 22:38 - 2025-02-12 19:41 - 005913744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2025-02-13 22:38 - 2025-02-12 19:41 - 000853680 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2025-02-13 22:38 - 2025-02-12 19:40 - 005551224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2025-02-13 22:38 - 2025-02-12 19:40 - 004857504 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2025-02-13 22:38 - 2025-02-12 13:05 - 000137640 _____ C:\WINDOWS\system32\nvinfo.pb
2025-02-13 22:38 - 2025-02-12 13:05 - 000125048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2025-02-12 10:39 - 2025-02-19 07:31 - 000000000 ____D C:\WINDOWS\CbsTemp
2025-02-07 21:20 - 2025-02-07 21:20 - 000027617 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2025-02-07 21:20 - 2025-02-07 21:20 - 000027617 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-02-19 23:05 - 2024-12-15 21:35 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2025-02-19 23:05 - 2024-04-01 08:26 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-02-19 05:59 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\SystemTemp
2025-02-19 05:37 - 2024-12-15 21:39 - 001603798 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2025-02-19 05:37 - 2024-04-01 08:24 - 000000000 ____D C:\WINDOWS\INF
2025-02-19 05:31 - 2024-10-07 18:58 - 000000000 ____D C:\Users\lukin\AppData\Roaming\Samsung Magician
2025-02-19 05:30 - 2024-12-15 21:36 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2025-02-19 05:30 - 2024-12-15 21:35 - 000005986 _____ C:\WINDOWS\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2
2025-02-19 05:30 - 2024-09-23 17:05 - 000000000 ____D C:\ProgramData\NVIDIA
2025-02-19 05:30 - 2024-09-23 13:25 - 000901328 _____ () C:\WINDOWS\system32\wpbbin.exe
2025-02-19 05:30 - 2024-09-23 13:25 - 000845256 _____ C:\WINDOWS\system32\AsusUpdateCheck.exe
2025-02-19 05:30 - 2024-09-23 13:25 - 000012288 ___SH C:\DumpStack.log.tmp
2025-02-19 03:41 - 2024-04-01 08:21 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2025-02-19 01:57 - 2024-04-01 08:26 - 000000000 ___HD C:\Program Files\WindowsApps
2025-02-19 01:57 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\AppReadiness
2025-02-18 23:48 - 2024-09-23 13:53 - 000000000 ____D C:\Users\lukin\AppData\Local\D3DSCache
2025-02-18 23:19 - 2024-09-23 16:33 - 000002261 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2025-02-18 23:19 - 2024-09-23 16:33 - 000002220 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2025-02-18 01:54 - 2024-09-23 13:51 - 000000000 ____D C:\Users\lukin\AppData\Local\Packages
2025-02-18 01:54 - 2024-09-23 13:27 - 000000000 ____D C:\ProgramData\Packages
2025-02-18 00:34 - 2024-04-01 08:26 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2025-02-17 00:03 - 2024-11-18 21:08 - 228619312 _____ (OCCT) C:\Users\lukin\Downloads\OCCT.exe
2025-02-17 00:02 - 2024-09-23 17:07 - 000000000 ____D C:\Users\lukin\AppData\Local\NVIDIA
2025-02-16 23:46 - 2024-09-23 13:26 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-02-16 23:46 - 2024-09-23 13:26 - 000002288 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2025-02-16 00:31 - 2024-09-23 17:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO® 64
2025-02-16 00:31 - 2024-09-23 17:26 - 000000000 ____D C:\Program Files\HWiNFO64
2025-02-14 00:31 - 2024-12-15 21:14 - 000000000 ____D C:\Users\lukin
2025-02-13 22:40 - 2024-09-23 17:06 - 000000000 ____D C:\Users\lukin\AppData\LocalLow\NVIDIA
2025-02-13 22:40 - 2024-09-23 17:05 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2025-02-13 22:40 - 2024-04-01 08:26 - 000000000 ___SD C:\WINDOWS\system32\lxss
2025-02-13 22:36 - 2024-12-15 21:36 - 000003834 _____ C:\WINDOWS\system32\Tasks\NVIDIA app SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2025-02-13 22:36 - 2024-11-18 20:30 - 000001448 _____ C:\Users\Public\Desktop\NVIDIA.lnk
2025-02-13 22:36 - 2024-09-23 17:07 - 000000000 ____D C:\Users\lukin\AppData\Local\NVIDIA Corporation
2025-02-13 22:36 - 2024-09-23 17:06 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2025-02-12 11:11 - 2024-04-01 08:26 - 000000000 ____D C:\ProgramData\USOPrivate
2025-02-12 10:56 - 2024-12-15 21:35 - 000297256 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2025-02-12 10:55 - 2024-04-01 08:26 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2025-02-12 10:55 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\SystemResources
2025-02-12 10:55 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2025-02-12 10:55 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\bcastdvr
2025-02-12 10:33 - 2024-09-23 13:54 - 209365816 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2025-02-12 10:33 - 2024-09-23 13:54 - 000000000 ____D C:\WINDOWS\system32\MRT
2025-02-07 21:26 - 2024-04-01 17:30 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ___SD C:\WINDOWS\system32\UNP
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\UUS
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\system32\oobe
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\system32\migwiz
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\system32\Dism
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\system32\DDFs
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\system32\appraiser
2025-02-07 21:25 - 2024-04-01 17:31 - 000000000 ____D C:\WINDOWS\InboxApps
2025-02-07 21:25 - 2024-04-01 17:31 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2025-02-07 21:25 - 2024-04-01 17:31 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2025-02-07 21:25 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\ShellExperiences
2025-02-07 21:25 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\ShellComponents
2025-02-07 21:25 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2025-02-07 21:25 - 2024-04-01 08:26 - 000000000 ____D C:\Program Files\Common Files\System
2025-02-07 21:25 - 2024-04-01 08:21 - 000000000 ____D C:\WINDOWS\servicing
2025-02-07 21:20 - 2024-12-15 21:35 - 003334656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2025-01-25 13:25 - 2024-11-18 20:30 - 003108904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2025-01-25 13:25 - 2024-11-18 20:30 - 002398760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2025-01-25 13:25 - 2024-09-23 17:07 - 000271912 _____ C:\WINDOWS\system32\FvSDK_x64.dll
2025-01-25 13:25 - 2024-09-23 17:07 - 000245800 _____ C:\WINDOWS\SysWOW64\FvSDK_x86.dll
2025-01-25 13:05 - 2024-09-23 17:07 - 000180760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2025-01-25 13:05 - 2024-09-23 17:07 - 000159768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2025-01-25 13:05 - 2024-09-23 17:07 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Ran by lukin (administrator) on LUKAS (ASUS System Product Name) (19-02-2025 23:08:25)
Running from C:\Users\lukin\Downloads\FRST64.exe
Loaded Profiles: lukin
Platform: Microsoft Windows 11 Pro Version 24H2 26100.3194 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.257.463.0_x64__zpdnekdrzrea0\Spotify.exe <6>
(C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe ->) (NVIDIA Corporation -> ) C:\Program Files\NVIDIA Corporation\FrameViewSDK\bin\PresentMon_x64.exe
(C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\FrameViewSDK\FvContainer\FvContainer.exe
(C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\FrameViewSDK\FvContainer\FvContainer.System.exe
(C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe ->) (NVIDIA Corporation -> NVIDIA) C:\Program Files\NVIDIA Corporation\FrameViewSDK\bin\nvrla.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA app\CEF\NVIDIA Overlay.exe <5>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA app\ShadowPlay\nvsphelper64.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_525.1301.30.0_x64__cw5n1h2txyewy\WidgetBoard.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\133.0.3065.69\msedgewebview2.exe <7>
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <4>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_52f3d9d461d3ba3c\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (NVIDIA Corporation -> NVIDIA) C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_2c6939fa3ca49312\RtkAudUService64.exe <2>
(services.exe ->) (Samsung Electronics Co., Ltd. -> Clonix & CottonCandy) C:\Program Files (x86)\Samsung\Samsung Magician\MigrationService\MigrationService.exe
(services.exe ->) (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagicianSVC.exe
(sihost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.25012.50.0_x64__cw5n1h2txyewy\CrossDeviceService.exe
(svchost.exe ->) (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> ) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.257.463.0_x64__zpdnekdrzrea0\SpotifyWidgetProvider.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.StartExperiencesApp_1.1.235.0_x64__8wekyb3d8bbwe\MicrosoftStartFeedProvider\MicrosoftStartFeedProvider.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_525.1301.30.0_x64__cw5n1h2txyewy\WidgetBoard.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
(svchost.exe ->) (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe <4>
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_2c6939fa3ca49312\RtkAudUService64.exe [2117576 2024-06-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKU\S-1-5-21-3977676359-3934739732-2708753334-1001\...\Run: [MicrosoftEdgeAutoLaunch_C2A946453535DAC8E26670192D3842C0] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4088384 2025-02-14] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3977676359-3934739732-2708753334-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [65536 2024-12-15] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\133.0.6943.99\Installer\chrmstp.exe [2025-02-18] (Google LLC -> Google LLC)
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {DF5A2D87-49B6-4036-A051-D9FB10946B3D} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem134.0.6985.0{0BAFE448-88A8-489F-B467-C065CAFB40D6} => C:\Program Files (x86)\Google\GoogleUpdater\134.0.6985.0\updater.exe [5672544 2025-01-28] (Google LLC -> Google LLC)
Task: {C7319FAF-8876-4157-9F5D-ACD985EE033F} - System32\Tasks\GPU Tweak III => C:\Program Files (x86)\ASUS\GPUTweakIII\GPU Tweak III.exe (No File)
Task: {D3C405D4-2F75-4704-A637-C1A65E86C96A} - System32\Tasks\Meta\Messenger-WSP-Helper-S-1-5-21-3977676359-3934739732-2708753334-1001 => MessengerHelper.exe --lassie (No File)
Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (No File)
Task: {C22F5D84-F312-4AC5-A515-FA47E86FE492} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UIEOrchestrator => C:\WINDOWS\system32\UIEOrchestrator.exe [336816 2025-02-07] (Microsoft Windows -> )
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {0E016C64-F80A-423B-8A13-A15F9CBDCA1F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BEF96994-B434-4470-B502-C4DBB5313820} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {931CF19B-24EE-4C18-8049-C20B6B652156} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F759511E-6CAF-4D9A-AAEC-AC9077CDE345} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {485AB705-6F0D-4DED-BA22-4013B5DBC903} - System32\Tasks\NVIDIA app SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA app\CEF\NVIDIA app.exe [3287080 2025-01-25] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7CFDF13D-32DA-434C-8799-01EE2C9F4441} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [140405056 2024-08-23] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) -> C:\Program Files (x86)\Samsung\Samsung Magician\\--disable-gpu-sandbox /AUTOHIDE
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{214b9125-adac-432d-b91c-929e6ab591a3}: [DhcpNameServer] 192.168.1.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\lukin\AppData\Local\Microsoft\Edge\User Data\Default [2025-02-19]
Edge Notifications: Default -> hxxps://www.messenger.com
Edge HomePage: Default -> hxxps://www.google.cz/
Edge StartupUrls: Default -> "hxxp://www.google.cz/?hl=cs"
Edge Extension: (Dokumenty Google offline) - C:\Users\lukin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-02-13]
Edge Extension: (Edge relevant text changes) - C:\Users\lukin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-09-23]
Edge HKU\S-1-5-21-3977676359-3934739732-2708753334-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [kagpabjoboikccfdghpdlaaopmgpgfdc]
Chrome:
=======
CHR Profile: C:\Users\lukin\AppData\Local\Google\Chrome\User Data\Default [2025-02-19]
CHR Notifications: Default -> hxxps://www.facebook.com
CHR HomePage: Default -> hxxps://www.google.cz/
CHR StartupUrls: Default -> "hxxp://www.google.cz/?hl=cs"
CHR Session Restore: Default -> is enabled.
CHR Extension: (Dokumenty Google offline) - C:\Users\lukin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-02-07]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\lukin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-09-23]
CHR HKU\S-1-5-21-3977676359-3934739732-2708753334-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ljglajjnnkapghbckkcmodicjhacbfhk]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AsusUpdateCheck; C:\WINDOWS\System32\AsusUpdateCheck.exe [845256 2025-02-19] (ASUSTeK Computer Inc. -> )
R2 CMigrationService; C:\Program Files (x86)\Samsung\Samsung Magician\MigrationService\MigrationService.exe [763200 2024-08-23] (Samsung Electronics Co., Ltd. -> Clonix & CottonCandy)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934352 2023-08-02] (Epic Games Inc. -> Epic Games, Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9483456 2025-02-17] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [2788304 2025-02-17] (Malwarebytes Inc. -> Malwarebytes)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe [1447680 2024-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_52f3d9d461d3ba3c\Display.NvContainer\NVDisplay.Container.exe [1275008 2025-02-12] (NVIDIA Corporation -> NVIDIA Corporation)
S2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [15926936 2025-02-14] (Adlice (Julien Ascoet) -> )
R2 SamsungMagicianSVC; C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagicianSVC.exe [460096 2024-08-23] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [559304 2024-12-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe [3199672 2024-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe [141952 2024-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 amdgpio3; C:\WINDOWS\System32\drivers\amdgpio3.sys [27920 2024-03-26] (ASMedia Technology Inc. -> Advanced Micro Devices, Inc)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [573440 2024-12-15] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [204800 2024-12-15] (Microsoft Corporation) [File not signed]
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2025-02-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239568 2025-02-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 rt68cx21; C:\WINDOWS\System32\DriverStore\FileRepository\rt68cx21x64.inf_amd64_2708e69601f40462\rt68cx21x64.sys [831448 2024-07-10] (Realtek Semiconductor Corp. -> Realtek)
S3 rtcx21; C:\WINDOWS\System32\DriverStore\FileRepository\rtcx21x64.inf_amd64_feec7a9662e785f0\rtcx21x64.sys [539648 2024-03-28] (Microsoft Windows -> Realtek)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [22104 2024-11-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [606624 2024-11-08] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105888 2024-11-08] (Microsoft Windows -> Microsoft Corporation)
S3 HWiNFO_202; \??\C:\Users\lukin\AppData\Local\Temp\HWiNFO_x64_202.sys [X] <==== ATTENTION
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-02-19 23:08 - 2025-02-19 23:08 - 000015168 _____ C:\Users\lukin\Downloads\FRST.txt
2025-02-19 23:08 - 2025-02-19 23:08 - 000000000 ____D C:\FRST
2025-02-19 23:07 - 2025-02-19 23:07 - 002403840 _____ (Farbar) C:\Users\lukin\Downloads\FRST64.exe
2025-02-19 05:37 - 2025-02-19 05:37 - 000677108 _____ C:\WINDOWS\system32\perfh005.dat
2025-02-19 05:37 - 2025-02-19 05:37 - 000144960 _____ C:\WINDOWS\system32\perfc005.dat
2025-02-18 23:44 - 2025-02-18 23:45 - 000000000 ____D C:\ProgramData\RogueKiller
2025-02-18 23:44 - 2025-02-18 23:44 - 000000913 _____ C:\Users\Public\Desktop\Adlice Protect.lnk
2025-02-18 23:44 - 2025-02-18 23:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2025-02-18 23:44 - 2025-02-18 23:44 - 000000000 ____D C:\Program Files\RogueKiller
2025-02-18 23:43 - 2025-02-18 23:43 - 051457024 _____ (Adlice Software ) C:\Users\lukin\Downloads\RogueKiller_setup.exe
2025-02-18 23:31 - 2025-02-18 23:31 - 000000877 _____ C:\Users\lukin\Desktop\JRT.txt
2025-02-18 23:28 - 2025-02-18 23:28 - 001790024 _____ (Malwarebytes) C:\Users\lukin\Downloads\JRT.exe
2025-02-18 01:54 - 2025-02-18 01:54 - 000001054 _____ C:\Users\Public\Desktop\WinRAR.lnk
2025-02-18 01:54 - 2025-02-18 01:54 - 000000000 ____D C:\Users\lukin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2025-02-18 01:54 - 2025-02-18 01:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2025-02-18 01:54 - 2025-02-18 01:54 - 000000000 ____D C:\Program Files\WinRAR
2025-02-18 01:49 - 2025-02-18 01:49 - 000001223 _____ C:\Users\lukin\Downloads\Malwarebytes Scan Report 2025-02-18 003711.txt
2025-02-18 00:34 - 2025-02-19 05:32 - 000000000 ____D C:\Users\lukin\AppData\Local\Malwarebytes
2025-02-18 00:34 - 2025-02-18 00:34 - 000002107 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2025-02-18 00:34 - 2025-02-18 00:34 - 000002095 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2025-02-18 00:33 - 2025-02-18 00:33 - 000000000 ____D C:\ProgramData\Malwarebytes
2025-02-18 00:33 - 2025-02-18 00:33 - 000000000 ____D C:\Program Files\Malwarebytes
2025-02-18 00:30 - 2025-02-18 00:30 - 000000000 ____D C:\AdwCleaner
2025-02-18 00:25 - 2025-02-18 00:25 - 000000000 ____D C:\Users\lukin\Downloads\HiJackThis
2025-02-16 00:30 - 2025-02-16 00:30 - 018582416 _____ (Martin Malik, REALiX s.r.o. ) C:\Users\lukin\Downloads\hwi64_820.exe
2025-02-14 00:31 - 2025-02-14 00:31 - 000000000 ____D C:\WINDOWS\Panther
2025-02-13 22:40 - 2025-02-13 22:40 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2025-02-13 22:38 - 2025-02-12 19:48 - 002072432 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2025-02-13 22:38 - 2025-02-12 19:48 - 002072432 _____ C:\WINDOWS\system32\vulkaninfo.exe
2025-02-13 22:38 - 2025-02-12 19:48 - 001614200 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2025-02-13 22:38 - 2025-02-12 19:48 - 001614200 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2025-02-13 22:38 - 2025-02-12 19:48 - 001576848 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2025-02-13 22:38 - 2025-02-12 19:48 - 001576848 _____ C:\WINDOWS\system32\vulkan-1.dll
2025-02-13 22:38 - 2025-02-12 19:48 - 001389968 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2025-02-13 22:38 - 2025-02-12 19:48 - 001389968 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2025-02-13 22:38 - 2025-02-12 19:48 - 000477816 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2025-02-13 22:38 - 2025-02-12 19:48 - 000374400 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2025-02-13 22:38 - 2025-02-12 19:44 - 001563768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2025-02-13 22:38 - 2025-02-12 19:44 - 001215632 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2025-02-13 22:38 - 2025-02-12 19:44 - 001183384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2025-02-13 22:38 - 2025-02-12 19:44 - 000670352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvofapi64.dll
2025-02-13 22:38 - 2025-02-12 19:44 - 000506024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvofapi.dll
2025-02-13 22:38 - 2025-02-12 19:43 - 025643128 _____ C:\WINDOWS\system32\nvidia-pcc.exe
2025-02-13 22:38 - 2025-02-12 19:43 - 002194064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2025-02-13 22:38 - 2025-02-12 19:43 - 001641640 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2025-02-13 22:38 - 2025-02-12 19:43 - 001046192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2025-02-13 22:38 - 2025-02-12 19:43 - 000903296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2025-02-13 22:38 - 2025-02-12 19:43 - 000804528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2025-02-13 22:38 - 2025-02-12 19:42 - 019903640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2025-02-13 22:38 - 2025-02-12 19:42 - 019328656 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2025-02-13 22:38 - 2025-02-12 19:42 - 007225008 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2025-02-13 22:38 - 2025-02-12 19:42 - 005500056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcudadebugger.dll
2025-02-13 22:38 - 2025-02-12 19:42 - 003944624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2025-02-13 22:38 - 2025-02-12 19:42 - 000462456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2025-02-13 22:38 - 2025-02-12 19:41 - 005913744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2025-02-13 22:38 - 2025-02-12 19:41 - 000853680 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2025-02-13 22:38 - 2025-02-12 19:40 - 005551224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2025-02-13 22:38 - 2025-02-12 19:40 - 004857504 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2025-02-13 22:38 - 2025-02-12 13:05 - 000137640 _____ C:\WINDOWS\system32\nvinfo.pb
2025-02-13 22:38 - 2025-02-12 13:05 - 000125048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2025-02-12 10:39 - 2025-02-19 07:31 - 000000000 ____D C:\WINDOWS\CbsTemp
2025-02-07 21:20 - 2025-02-07 21:20 - 000027617 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2025-02-07 21:20 - 2025-02-07 21:20 - 000027617 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-02-19 23:05 - 2024-12-15 21:35 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2025-02-19 23:05 - 2024-04-01 08:26 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-02-19 05:59 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\SystemTemp
2025-02-19 05:37 - 2024-12-15 21:39 - 001603798 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2025-02-19 05:37 - 2024-04-01 08:24 - 000000000 ____D C:\WINDOWS\INF
2025-02-19 05:31 - 2024-10-07 18:58 - 000000000 ____D C:\Users\lukin\AppData\Roaming\Samsung Magician
2025-02-19 05:30 - 2024-12-15 21:36 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2025-02-19 05:30 - 2024-12-15 21:35 - 000005986 _____ C:\WINDOWS\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2
2025-02-19 05:30 - 2024-09-23 17:05 - 000000000 ____D C:\ProgramData\NVIDIA
2025-02-19 05:30 - 2024-09-23 13:25 - 000901328 _____ () C:\WINDOWS\system32\wpbbin.exe
2025-02-19 05:30 - 2024-09-23 13:25 - 000845256 _____ C:\WINDOWS\system32\AsusUpdateCheck.exe
2025-02-19 05:30 - 2024-09-23 13:25 - 000012288 ___SH C:\DumpStack.log.tmp
2025-02-19 03:41 - 2024-04-01 08:21 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2025-02-19 01:57 - 2024-04-01 08:26 - 000000000 ___HD C:\Program Files\WindowsApps
2025-02-19 01:57 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\AppReadiness
2025-02-18 23:48 - 2024-09-23 13:53 - 000000000 ____D C:\Users\lukin\AppData\Local\D3DSCache
2025-02-18 23:19 - 2024-09-23 16:33 - 000002261 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2025-02-18 23:19 - 2024-09-23 16:33 - 000002220 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2025-02-18 01:54 - 2024-09-23 13:51 - 000000000 ____D C:\Users\lukin\AppData\Local\Packages
2025-02-18 01:54 - 2024-09-23 13:27 - 000000000 ____D C:\ProgramData\Packages
2025-02-18 00:34 - 2024-04-01 08:26 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2025-02-17 00:03 - 2024-11-18 21:08 - 228619312 _____ (OCCT) C:\Users\lukin\Downloads\OCCT.exe
2025-02-17 00:02 - 2024-09-23 17:07 - 000000000 ____D C:\Users\lukin\AppData\Local\NVIDIA
2025-02-16 23:46 - 2024-09-23 13:26 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-02-16 23:46 - 2024-09-23 13:26 - 000002288 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2025-02-16 00:31 - 2024-09-23 17:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO® 64
2025-02-16 00:31 - 2024-09-23 17:26 - 000000000 ____D C:\Program Files\HWiNFO64
2025-02-14 00:31 - 2024-12-15 21:14 - 000000000 ____D C:\Users\lukin
2025-02-13 22:40 - 2024-09-23 17:06 - 000000000 ____D C:\Users\lukin\AppData\LocalLow\NVIDIA
2025-02-13 22:40 - 2024-09-23 17:05 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2025-02-13 22:40 - 2024-04-01 08:26 - 000000000 ___SD C:\WINDOWS\system32\lxss
2025-02-13 22:36 - 2024-12-15 21:36 - 000003834 _____ C:\WINDOWS\system32\Tasks\NVIDIA app SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2025-02-13 22:36 - 2024-11-18 20:30 - 000001448 _____ C:\Users\Public\Desktop\NVIDIA.lnk
2025-02-13 22:36 - 2024-09-23 17:07 - 000000000 ____D C:\Users\lukin\AppData\Local\NVIDIA Corporation
2025-02-13 22:36 - 2024-09-23 17:06 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2025-02-12 11:11 - 2024-04-01 08:26 - 000000000 ____D C:\ProgramData\USOPrivate
2025-02-12 10:56 - 2024-12-15 21:35 - 000297256 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2025-02-12 10:55 - 2024-04-01 08:26 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2025-02-12 10:55 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\SystemResources
2025-02-12 10:55 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2025-02-12 10:55 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\bcastdvr
2025-02-12 10:33 - 2024-09-23 13:54 - 209365816 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2025-02-12 10:33 - 2024-09-23 13:54 - 000000000 ____D C:\WINDOWS\system32\MRT
2025-02-07 21:26 - 2024-04-01 17:30 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ___SD C:\WINDOWS\system32\UNP
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\UUS
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\system32\oobe
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\system32\migwiz
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\system32\Dism
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\system32\DDFs
2025-02-07 21:26 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\system32\appraiser
2025-02-07 21:25 - 2024-04-01 17:31 - 000000000 ____D C:\WINDOWS\InboxApps
2025-02-07 21:25 - 2024-04-01 17:31 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2025-02-07 21:25 - 2024-04-01 17:31 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2025-02-07 21:25 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\ShellExperiences
2025-02-07 21:25 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\ShellComponents
2025-02-07 21:25 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2025-02-07 21:25 - 2024-04-01 08:26 - 000000000 ____D C:\Program Files\Common Files\System
2025-02-07 21:25 - 2024-04-01 08:21 - 000000000 ____D C:\WINDOWS\servicing
2025-02-07 21:20 - 2024-12-15 21:35 - 003334656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2025-01-25 13:25 - 2024-11-18 20:30 - 003108904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2025-01-25 13:25 - 2024-11-18 20:30 - 002398760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2025-01-25 13:25 - 2024-09-23 17:07 - 000271912 _____ C:\WINDOWS\system32\FvSDK_x64.dll
2025-01-25 13:25 - 2024-09-23 17:07 - 000245800 _____ C:\WINDOWS\SysWOW64\FvSDK_x86.dll
2025-01-25 13:05 - 2024-09-23 17:07 - 000180760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2025-01-25 13:05 - 2024-09-23 17:07 - 000159768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2025-01-25 13:05 - 2024-09-23 17:07 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43248
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
Re: Prosím o kontrolu
Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.
(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).
Ulož jej na na plochu jako fixlist.txt
Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.
Error: (02/19/2025 11:05:46 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error (-2147020471 = Zabezpečené spouštění není v tomto počítači zapnuto.). For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931
Viz:
https://www.google.com/search?client=fi ... ith+error+
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.
Kód: Vybrat vše
Start
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-02-17] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-02-17] (Malwarebytes Inc. -> Malwarebytes)
FirewallRules: [UDP Query User{BB296308-368E-4170-9736-70967D79388D}C:\program files (x86)\asus\gputweakiii\gt3 mobile service.exe] => (Block) C:\program files (x86)\asus\gputweakiii\gt3 mobile service.exe => No File
FirewallRules: [TCP Query User{4D482A87-EF1D-4BA3-A3D1-C67F83233F18}C:\program files (x86)\asus\gputweakiii\gt3 mobile service.exe] => (Block) C:\program files (x86)\asus\gputweakiii\gt3 mobile service.exe => No File
Task: {DF5A2D87-49B6-4036-A051-D9FB10946B3D} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem134.0.6985.0{0BAFE448-88A8-489F-B467-C065CAFB40D6} => C:\Program Files (x86)\Google\GoogleUpdater\134.0.6985.0\updater.exe [5672544 2025-01-28] (Google LLC -> Google LLC)
Task: {C7319FAF-8876-4157-9F5D-ACD985EE033F} - System32\Tasks\GPU Tweak III => C:\Program Files (x86)\ASUS\GPUTweakIII\GPU Tweak III.exe (No File)
Task: {D3C405D4-2F75-4704-A637-C1A65E86C96A} - System32\Tasks\Meta\Messenger-WSP-Helper-S-1-5-21-3977676359-3934739732-2708753334-1001 => MessengerHelper.exe --lassie (No File)
Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (No File)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
EmptyTemp:
End(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).
Ulož jej na na plochu jako fixlist.txt
Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.
Error: (02/19/2025 11:05:46 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error (-2147020471 = Zabezpečené spouštění není v tomto počítači zapnuto.). For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931
Viz:
https://www.google.com/search?client=fi ... ith+error+
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
Luk4579
- Level 1.5
- Příspěvky: 104
- Registrován: červen 23
- Pohlaví:
Re: Prosím o kontrolu
Start
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-02-17] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-02-17] (Malwarebytes Inc. -> Malwarebytes)
FirewallRules: [UDP Query User{BB296308-368E-4170-9736-70967D79388D}C:\program files (x86)\asus\gputweakiii\gt3 mobile service.exe] => (Block) C:\program files (x86)\asus\gputweakiii\gt3 mobile service.exe => No File
FirewallRules: [TCP Query User{4D482A87-EF1D-4BA3-A3D1-C67F83233F18}C:\program files (x86)\asus\gputweakiii\gt3 mobile service.exe] => (Block) C:\program files (x86)\asus\gputweakiii\gt3 mobile service.exe => No File
Task: {DF5A2D87-49B6-4036-A051-D9FB10946B3D} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem134.0.6985.0{0BAFE448-88A8-489F-B467-C065CAFB40D6} => C:\Program Files (x86)\Google\GoogleUpdater\134.0.6985.0\updater.exe [5672544 2025-01-28] (Google LLC -> Google LLC)
Task: {C7319FAF-8876-4157-9F5D-ACD985EE033F} - System32\Tasks\GPU Tweak III => C:\Program Files (x86)\ASUS\GPUTweakIII\GPU Tweak III.exe (No File)
Task: {D3C405D4-2F75-4704-A637-C1A65E86C96A} - System32\Tasks\Meta\Messenger-WSP-Helper-S-1-5-21-3977676359-3934739732-2708753334-1001 => MessengerHelper.exe --lassie (No File)
Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (No File)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
EmptyTemp:
End
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-02-17] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-02-17] (Malwarebytes Inc. -> Malwarebytes)
FirewallRules: [UDP Query User{BB296308-368E-4170-9736-70967D79388D}C:\program files (x86)\asus\gputweakiii\gt3 mobile service.exe] => (Block) C:\program files (x86)\asus\gputweakiii\gt3 mobile service.exe => No File
FirewallRules: [TCP Query User{4D482A87-EF1D-4BA3-A3D1-C67F83233F18}C:\program files (x86)\asus\gputweakiii\gt3 mobile service.exe] => (Block) C:\program files (x86)\asus\gputweakiii\gt3 mobile service.exe => No File
Task: {DF5A2D87-49B6-4036-A051-D9FB10946B3D} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem134.0.6985.0{0BAFE448-88A8-489F-B467-C065CAFB40D6} => C:\Program Files (x86)\Google\GoogleUpdater\134.0.6985.0\updater.exe [5672544 2025-01-28] (Google LLC -> Google LLC)
Task: {C7319FAF-8876-4157-9F5D-ACD985EE033F} - System32\Tasks\GPU Tweak III => C:\Program Files (x86)\ASUS\GPUTweakIII\GPU Tweak III.exe (No File)
Task: {D3C405D4-2F75-4704-A637-C1A65E86C96A} - System32\Tasks\Meta\Messenger-WSP-Helper-S-1-5-21-3977676359-3934739732-2708753334-1001 => MessengerHelper.exe --lassie (No File)
Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (No File)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
EmptyTemp:
End
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43248
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
Re: Prosím o kontrolu
Kde je log po exekuci frst? Tohle je jen script.
Dodej a napiš zda jsou problémy.
Dodej a napiš zda jsou problémy.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
Luk4579
- Level 1.5
- Příspěvky: 104
- Registrován: červen 23
- Pohlaví:
Re: Prosím o kontrolu
Tak asi dělám něco špatně log se nevytvoří
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43248
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
Re: Prosím o kontrolu
Tak to zkus znovu podle toho návodu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
Luk4579
- Level 1.5
- Příspěvky: 104
- Registrován: červen 23
- Pohlaví:
Re: Prosím o kontrolu
Fix result of Farbar Recovery Scan Tool (x64) Version: 22-02-2025
Ran by lukin (22-02-2025 12:06:39) Run:1
Running from C:\Users\lukin\Desktop
Loaded Profiles: lukin & WsiAccount
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-02-17] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-02-17] (Malwarebytes Inc. -> Malwarebytes)
FirewallRules: [UDP Query User{BB296308-368E-4170-9736-70967D79388D}C:\program files (x86)\asus\gputweakiii\gt3 mobile service.exe] => (Block) C:\program files (x86)\asus\gputweakiii\gt3 mobile service.exe => No File
FirewallRules: [TCP Query User{4D482A87-EF1D-4BA3-A3D1-C67F83233F18}C:\program files (x86)\asus\gputweakiii\gt3 mobile service.exe] => (Block) C:\program files (x86)\asus\gputweakiii\gt3 mobile service.exe => No File
Task: {DF5A2D87-49B6-4036-A051-D9FB10946B3D} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem134.0.6985.0{0BAFE448-88A8-489F-B467-C065CAFB40D6} => C:\Program Files (x86)\Google\GoogleUpdater\134.0.6985.0\updater.exe [5672544 2025-01-28] (Google LLC -> Google LLC)
Task: {C7319FAF-8876-4157-9F5D-ACD985EE033F} - System32\Tasks\GPU Tweak III => C:\Program Files (x86)\ASUS\GPUTweakIII\GPU Tweak III.exe (No File)
Task: {D3C405D4-2F75-4704-A637-C1A65E86C96A} - System32\Tasks\Meta\Messenger-WSP-Helper-S-1-5-21-3977676359-3934739732-2708753334-1001 => MessengerHelper.exe --lassie (No File)
Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (No File)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
EmptyTemp:
End
*****************
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\MBAMShlExt => removed successfully
HKLM\Software\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3} => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\MBAMShlExt => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{BB296308-368E-4170-9736-70967D79388D}C:\program files (x86)\asus\gputweakiii\gt3 mobile service.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{4D482A87-EF1D-4BA3-A3D1-C67F83233F18}C:\program files (x86)\asus\gputweakiii\gt3 mobile service.exe" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DF5A2D87-49B6-4036-A051-D9FB10946B3D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF5A2D87-49B6-4036-A051-D9FB10946B3D}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem134.0.6985.0{0BAFE448-88A8-489F-B467-C065CAFB40D6} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem134.0.6985.0{0BAFE448-88A8-489F-B467-C065CAFB40D6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C7319FAF-8876-4157-9F5D-ACD985EE033F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7319FAF-8876-4157-9F5D-ACD985EE033F}" => removed successfully
C:\WINDOWS\System32\Tasks\GPU Tweak III => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GPU Tweak III" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D3C405D4-2F75-4704-A637-C1A65E86C96A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3C405D4-2F75-4704-A637-C1A65E86C96A}" => removed successfully
C:\WINDOWS\System32\Tasks\Meta\Messenger-WSP-Helper-S-1-5-21-3977676359-3934739732-2708753334-1001 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Meta\Messenger-WSP-Helper-S-1-5-21-3977676359-3934739732-2708753334-1001" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{077BA067-7C15-40F0-B22E-C9DC2A54B4A2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{077BA067-7C15-40F0-B22E-C9DC2A54B4A2}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Location\Notifications => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Location\Notifications" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3E6E7ED-A196-4E44-8803-55FAB3AD4E29}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3E6E7ED-A196-4E44-8803-55FAB3AD4E29}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully
=========== EmptyTemp: ==========
FlushDNS => completed
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 18137721 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 18807 B
Edge => 0 B
Chrome => 311073717 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 18684 B
NetworkService => 46764 B
lukin => 2790221 B
WsiAccount => 2790221 B
RecycleBin => 0 B
EmptyTemp: => 320.6 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 12:06:49 ====
Ran by lukin (22-02-2025 12:06:39) Run:1
Running from C:\Users\lukin\Desktop
Loaded Profiles: lukin & WsiAccount
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-02-17] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-02-17] (Malwarebytes Inc. -> Malwarebytes)
FirewallRules: [UDP Query User{BB296308-368E-4170-9736-70967D79388D}C:\program files (x86)\asus\gputweakiii\gt3 mobile service.exe] => (Block) C:\program files (x86)\asus\gputweakiii\gt3 mobile service.exe => No File
FirewallRules: [TCP Query User{4D482A87-EF1D-4BA3-A3D1-C67F83233F18}C:\program files (x86)\asus\gputweakiii\gt3 mobile service.exe] => (Block) C:\program files (x86)\asus\gputweakiii\gt3 mobile service.exe => No File
Task: {DF5A2D87-49B6-4036-A051-D9FB10946B3D} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem134.0.6985.0{0BAFE448-88A8-489F-B467-C065CAFB40D6} => C:\Program Files (x86)\Google\GoogleUpdater\134.0.6985.0\updater.exe [5672544 2025-01-28] (Google LLC -> Google LLC)
Task: {C7319FAF-8876-4157-9F5D-ACD985EE033F} - System32\Tasks\GPU Tweak III => C:\Program Files (x86)\ASUS\GPUTweakIII\GPU Tweak III.exe (No File)
Task: {D3C405D4-2F75-4704-A637-C1A65E86C96A} - System32\Tasks\Meta\Messenger-WSP-Helper-S-1-5-21-3977676359-3934739732-2708753334-1001 => MessengerHelper.exe --lassie (No File)
Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (No File)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
EmptyTemp:
End
*****************
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\MBAMShlExt => removed successfully
HKLM\Software\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3} => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\MBAMShlExt => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{BB296308-368E-4170-9736-70967D79388D}C:\program files (x86)\asus\gputweakiii\gt3 mobile service.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{4D482A87-EF1D-4BA3-A3D1-C67F83233F18}C:\program files (x86)\asus\gputweakiii\gt3 mobile service.exe" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DF5A2D87-49B6-4036-A051-D9FB10946B3D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF5A2D87-49B6-4036-A051-D9FB10946B3D}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem134.0.6985.0{0BAFE448-88A8-489F-B467-C065CAFB40D6} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem134.0.6985.0{0BAFE448-88A8-489F-B467-C065CAFB40D6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C7319FAF-8876-4157-9F5D-ACD985EE033F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7319FAF-8876-4157-9F5D-ACD985EE033F}" => removed successfully
C:\WINDOWS\System32\Tasks\GPU Tweak III => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GPU Tweak III" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D3C405D4-2F75-4704-A637-C1A65E86C96A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3C405D4-2F75-4704-A637-C1A65E86C96A}" => removed successfully
C:\WINDOWS\System32\Tasks\Meta\Messenger-WSP-Helper-S-1-5-21-3977676359-3934739732-2708753334-1001 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Meta\Messenger-WSP-Helper-S-1-5-21-3977676359-3934739732-2708753334-1001" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{077BA067-7C15-40F0-B22E-C9DC2A54B4A2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{077BA067-7C15-40F0-B22E-C9DC2A54B4A2}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Location\Notifications => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Location\Notifications" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3E6E7ED-A196-4E44-8803-55FAB3AD4E29}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3E6E7ED-A196-4E44-8803-55FAB3AD4E29}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully
=========== EmptyTemp: ==========
FlushDNS => completed
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 18137721 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 18807 B
Edge => 0 B
Chrome => 311073717 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 18684 B
NetworkService => 46764 B
lukin => 2790221 B
WsiAccount => 2790221 B
RecycleBin => 0 B
EmptyTemp: => 320.6 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 12:06:49 ====
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43248
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
Re: Prosím o kontrolu
OK. Jsou nějaké problémy?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: CommonCrawl [Bot] a 22 hostů