my Micorosoft account got hacked/stolen/deleted

[HEADING=1]Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-08-2022
Ran by Uporabnik (28-08-2022 15:38:29)
Running from C:\Users\Uporabnik\Downloads
Microsoft Windows 10 Pro Version 21H1 19043.1889 (X64) (2022-04-26 11:02:11)
Boot Mode: Normal[/HEADING]
==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3134029656-847882931-1988809457-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3134029656-847882931-1988809457-503 - Limited - Disabled)
Guest (S-1-5-21-3134029656-847882931-1988809457-501 - Limited - Disabled)
Uporabnik (S-1-5-21-3134029656-847882931-1988809457-1001 - Administrator - Enabled) => C:\Users\Uporabnik
WDAGUtilityAccount (S-1-5-21-3134029656-847882931-1988809457-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Total AV (Disabled - Out of date) {0567E33F-93C9-11B5-891D-90A37AEB2766}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 21.07 (x64) (HKLM...\7-Zip) (Version: 21.07 - Igor Pavlov)
Adobe Creative Cloud (HKLM-x32...\Adobe Creative Cloud) (Version: 5.7.1.1 - Adobe Inc.)
blender (HKLM...{7CD438BB-E07C-4EF7-8DDD-FD083242FC11}) (Version: 3.1.2 - Blender Foundation)
BlueStacks 5 (HKLM...\BlueStacks_nxt) (Version: 5.7.110.1003 - BlueStack Systems, Inc.)
BlueStacks X (HKU\S-1-5-21-3134029656-847882931-1988809457-1001...\BlueStacks X) (Version: 0.15.2.3 - BlueStack Systems, Inc.)
Combined Community Codec Pack 64bit 2015-10-18 (HKLM...\Combined Community Codec Pack 64bit_is1) (Version: 2015.10.19.0 - CCCP Project)
CurseForge (HKU\S-1-5-21-3134029656-847882931-1988809457-1001...\Overwolf_cchhcaiapeikjbdbpfplgmpobbcdkdaph clbmkbj) (Version: 0.202.1.4890 - Overwolf app)
Discord (HKU\S-1-5-21-3134029656-847882931-1988809457-1001...\Discord) (Version: 1.0.9003 - Discord Inc.)
Epic Games Launcher (HKLM-x32...{FAC47927-1A6A-4C6E-AD7D-E9756794A4BC}) (Version: 1.3.23.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM...{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32...{758842D2-1538-4008-A8E3-66F65A061C52}) (Version: 2.0.33.0 - Epic Games, Inc.)
Foxit PDF Reader (HKLM-x32...\Foxit Reader_is1) (Version: 11.2.1.53537 - Foxit Software Inc.)
Google Chrome (HKLM...{D209B3BE-785A-3C2F-B5DA-0EE3C6DF5C2E}) (Version: 104.0.5112.102 - Google LLC)
Intel(R) Processor Graphics (HKLM-x32...{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4624 - Intel Corporation)
Java 8 Update 333 (HKLM-x32...{26A24AE4-039D-4CA4-87B4-2F32180333F0}) (Version: 8.0.3330.2 - Oracle Corporation)
Krita (x64) 5.0.6 (HKLM...\Krita_x64) (Version: 5.0.6.0 - Krita Foundation)
Launcher Prerequisites (x64) (HKLM-x32...{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Microsoft Edge (HKLM-x32...\Microsoft Edge) (Version: 104.0.1293.70 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32...\Microsoft EdgeWebView) (Version: 104.0.1293.70 - Microsoft Corporation)
Microsoft GameInput (HKLM-x32...{A9CFD6A1-C0D3-7F37-C220-8B104867EF15}) (Version: 10.1.22621.1011 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - sl-si (HKLM...\ProPlus2019Volume - sl-si) (Version: 16.0.10389.20033 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3134029656-847882931-1988809457-1001...\OneDriveSetup.exe) (Version: 22.161.0731.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM...{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM...{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32...{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32...{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32...{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM...{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM...{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32...{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32...{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32...{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32...{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32...{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32...{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM...{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM...{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32...{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32...{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32...{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29914 (HKLM-x32...{1b5476d9-ab8e-4b0d-b004-059a1bd5568b}) (Version: 14.28.29914.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.28.29334 (HKLM...{2E11EF4E-901F-4B2D-B68E-3DB2A566C857}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.28.29334 (HKLM...{8A3F7D5B-422D-49D9-84F7-8DC1B7782967}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.28.29914 (HKLM-x32...{BD8C6100-7C7D-48DD-93BA-69F6828213FE}) (Version: 14.28.29914 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.28.29914 (HKLM-x32...{42365A3A-622A-4EED-A727-FE192A794AFD}) (Version: 14.28.29914 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32...{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Movavi Video Editor Plus 2022 (HKU\S-1-5-21-3134029656-847882931-1988809457-1001...\Movavi Video Editor Plus 2022) (Version: 22.2.1 - Movavi)
NVIDIA Canvas 1.2.138 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Canvas) (Version: 1.2.138 - NVIDIA Corporation)
NVIDIA FrameView SDK 1.2.7521.31103277 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.2.7521.31103277 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.25.1.27 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.25.1.27 - NVIDIA Corporation)
NVIDIA Grafični gonilnik 512.59 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 512.59 - NVIDIA Corporation)
NVIDIA HD avdio gonilnika 1.3.39.3 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.39.3 - NVIDIA Corporation)
NVIDIA Sistemske opreme PhysX 9.21.0713 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM...{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.10389.20033 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM...{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.10389.20033 - Microsoft Corporation) Hidden
Opera GX Stable 89.0.4447.64 (HKU\S-1-5-21-3134029656-847882931-1988809457-1001...\Opera GX 89.0.4447.64) (Version: 89.0.4447.64 - Opera Software)
Origin (HKLM-x32...\Origin) (Version: 10.5.114.51455 - Electronic Arts, Inc.)
Overwolf (HKLM-x32...\Overwolf) (Version: 0.204.0.1 - Overwolf Ltd.)
Preverjanje ustreznosti stanja računalnika Windows (HKLM...{1EE44D00-E6D1-4FBF-B32C-AB43A7F519DC}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Razer Cortex (HKLM-x32...\Razer Cortex_is1) (Version: 10.2.5.0 - Razer Inc.)
Razer Synapse (HKLM-x32...\Razer Synapse) (Version: 3.7.0731.072516 - Razer Inc.)
Razer Virtual Ring Light (HKLM-x32...\Razer Virtual Ring Light) (Version: 2.0.0.23 - Razer Inc.)
Roblox Player for Uporabnik (HKU\S-1-5-21-3134029656-847882931-1988809457-1001...\roblox-player) (Version: - Roblox Corporation)
Roblox Studio for Uporabnik (HKU\S-1-5-21-3134029656-847882931-1988809457-1001...\roblox-studio) (Version: - Roblox Corporation)
SignalRgb (HKU\S-1-5-21-3134029656-847882931-1988809457-1001...\VortxEngine) (Version: 2.2.22 - WhirlwindFX)
Skype različica 8.83 (HKLM-x32...\Skype_is1) (Version: 8.83 - Skype Technologies S.A.)
Steam (HKLM-x32...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Streamer Companion App (HKLM-x32...\Streamer Companion App) (Version: 2.0.1.3 - Razer Inc.)
The Crew 2 (HKLM-x32...\Uplay Install 2855) (Version: - Ubisoft)
THX Spatial Audio (HKLM-x32...\THX Spatial Audio) (Version: 2.0.1.11 - Razer Inc.)
TotalAV (HKLM-x32...\TotalAV) (Version: 5.17.470 - TotalAV) <==== ATTENTION
Ubisoft Connect (HKLM-x32...\Uplay) (Version: 131.0.10667 - Ubisoft)
Voicemod (HKLM...{8435A407-F778-4647-9CDB-46E5EC50BAD0}_is1) (Version: 2.34.2.0 - Voicemod S.L.)
Zoom(64bit) (HKLM...{10F9C1AD-E615-47A6-B3E6-A66308D01F65}) (Version: 5.10.5035 - Zoom)
[HEADING=1]Packages:[/HEADING]
Adobe Notification Client → C:\Program Files\WindowsApps\AdobeNotificationClient_3.0.1.1_ x86__enpm4xejd91yc [2022-07-01] (Adobe Systems Incorporated)
BreeZip → C:\Program Files\WindowsApps\3138AweZip.AweZip_1.4.17.0_x86__ ffd303wmbhcjt [2022-08-28] (BreeZip)
Lively Wallpaper → C:\Program Files\WindowsApps\12030rocksdanister.LivelyWallpap er_1.0.125.0_x86__97hta09mmv6hy [2022-08-18] (rocksdanister) [Startup Task]
Microsoft Advertising SDK for XAML → C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.18 11.1.0_x64__8wekyb3d8bbwe [2022-05-03] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML → C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.18 11.1.0_x86__8wekyb3d8bbwe [2022-05-03] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection → C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireColl ection_4.13.7180.0_x64__8wekyb3d8bbwe [2022-07-31] (Microsoft Studios) [MS Ad]
Minecraft Launcher → C:\Program Files\WindowsApps\Microsoft.4297127D64EC6_1.1.28.0 _x64__8wekyb3d8bbwe [2022-08-28] (Microsoft Studios)
NVIDIA Control Panel → C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8. 1.962.0_x64__56jybvy8sckqj [2022-05-02] (NVIDIA Corp.)
Photos Media Engine Add-on → C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_ 1.0.0.0_x64__8wekyb3d8bbwe [2022-05-29] (Microsoft Corporation)
Roblox → C:\Program Files\WindowsApps\ROBLOXCORPORATION.ROBLOX_2.541.4 22.0_x86__55nm5eh3cm0pr [2022-08-28] (ROBLOX Corporation)
Spotify Music → C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.192.647 .0_x86__zpdnekdrzrea0 [2022-08-28] (Spotify AB) [Startup Task]
WindowsAppRuntime.1.0 → C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.0_ 3.469.1654.0_x64__8wekyb3d8bbwe [2022-04-28] (Microsoft Corporation)
WindowsAppRuntime.1.0 → C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.0_ 3.469.1654.0_x86__8wekyb3d8bbwe [2022-04-28] (Microsoft Corporation)
WindowsAppRuntime.1.1 → C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.1_ 1001.524.1918.0_x86__8wekyb3d8bbwe [2022-06-16] (Microsoft Corporation)
WindowsAppRuntime.1.1 → C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.1_ 1003.565.600.0_x86__8wekyb3d8bbwe [2022-07-22] (Microsoft Corporation)
WindowsAppRuntime.1.1 → C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.1_ 1004.584.2120.0_x64__8wekyb3d8bbwe [2022-08-17] (Microsoft Corporation)
WindowsAppRuntime.1.1 → C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.1_ 1004.584.2120.0_x86__8wekyb3d8bbwe [2022-08-17] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3134029656-847882931-1988809457-1001_Classes\CLSID{0E270DAA-1BE6-48F2-AC49-906D8216F0F0} → [Creative Cloud Files] => C:\Users\Uporabnik\Creative Cloud Files [2022-07-01 21:12]
CustomCLSID: HKU\S-1-5-21-3134029656-847882931-1988809457-1001_Classes\CLSID{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 → C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. → Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-3134029656-847882931-1988809457-1001_Classes\CLSID{89b2b650-c4dd-d68b-46e7-3176f1973c8b}\localserver32 → C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe (Voicemod Sociedad Limitada → Voicemod)
CustomCLSID: HKU\S-1-5-21-3134029656-847882931-1988809457-1001_Classes\CLSID{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 → C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. → Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] → {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-05-24] (Adobe Inc. → )
ShellIconOverlayIdentifiers: [ AccExtIco2] → {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-05-24] (Adobe Inc. → )
ShellIconOverlayIdentifiers: [ AccExtIco3] → {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-05-24] (Adobe Inc. → )
ContextMenuHandlers1: [7-Zip] → {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-12-26] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AccExt] → {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-05-24] (Adobe Inc. → )
ContextMenuHandlers4: [7-Zip] → {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-12-26] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [igfxcui] → {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => → No File
ContextMenuHandlers5: [igfxDTCM] → {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2017-03-17] (Microsoft Windows Hardware Compatibility Publisher → Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] → {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_ dispi.inf_amd64_4d7400884d0d52e3\nvshext.dll [2022-04-21] (Nvidia Corporation → NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] → {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-12-26] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [AccExt] → {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-05-24] (Adobe Inc. → )

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2022-04-28 10:37 - 2022-04-28 10:38 - 000057344 _____ (Google) [File not signed] [File is in use] C:\Program Files\WindowsApps\12030rocksdanister.LivelyWallpap er_1.0.125.0_x86__97hta09mmv6hy\Build\GrpcDotNetNa medPipes.dll
2022-04-26 13:19 - 2021-12-26 16:00 - 000093696 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2022-04-28 10:37 - 2022-04-28 10:42 - 000056832 _____ (Linearstar) [File not signed] [File is in use] C:\Program Files\WindowsApps\12030rocksdanister.LivelyWallpap er_1.0.125.0_x86__97hta09mmv6hy\Build\RawInput.Sha rp.dll
2022-08-17 20:31 - 2022-08-17 20:31 - 000446464 _____ (Lively) [File not signed] [File is in use] C:\Program Files\WindowsApps\12030rocksdanister.LivelyWallpap er_1.0.125.0_x86__97hta09mmv6hy\Build\Lively.dll
2022-08-17 20:31 - 2022-08-17 20:31 - 000115712 _____ (Lively.Common) [File not signed] [File is in use] C:\Program Files\WindowsApps\12030rocksdanister.LivelyWallpap er_1.0.125.0_x86__97hta09mmv6hy\Build\Lively.Commo n.dll
2022-08-17 20:31 - 2022-08-17 20:31 - 000152576 _____ (Lively.Grpc.Common) [File not signed] [File is in use] C:\Program Files\WindowsApps\12030rocksdanister.LivelyWallpap er_1.0.125.0_x86__97hta09mmv6hy\Build\Lively.Grpc. Common.dll
2022-08-17 20:31 - 2022-08-17 20:31 - 000052736 _____ (Lively.Models) [File not signed] [File is in use] C:\Program Files\WindowsApps\12030rocksdanister.LivelyWallpap er_1.0.125.0_x86__97hta09mmv6hy\Build\Lively.Model s.dll
2022-04-28 10:37 - 2022-04-28 10:38 - 000005120 _____ (Matteo Pagani) [File not signed] [File is in use] C:\Program Files\WindowsApps\12030rocksdanister.LivelyWallpap er_1.0.125.0_x86__97hta09mmv6hy\Build\DesktopBridg e.Helpers.dll
2022-08-17 20:31 - 2022-08-17 20:32 - 000831488 _____ (NLog) [File not signed] [File is in use] C:\Program Files\WindowsApps\12030rocksdanister.LivelyWallpap er_1.0.125.0_x86__97hta09mmv6hy\Build\NLog.dll
2022-04-28 10:37 - 2022-04-28 10:42 - 000032768 _____ (Soroush Falahati (falahati.net)) [File not signed] [File is in use] C:\Program Files\WindowsApps\12030rocksdanister.LivelyWallpap er_1.0.125.0_x86__97hta09mmv6hy\Build\UACHelper.dl l
2022-08-10 10:36 - 2022-06-05 12:20 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] D:\Origin\LIBEAY32.dll
2022-08-10 10:36 - 2022-06-05 12:20 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] D:\Origin\ssleay32.dll
2022-08-10 10:36 - 2022-06-05 12:20 - 001611264 _____ (The Qt Company Ltd) [File not signed] D:\Origin\platforms\qwindows.dll
2022-08-10 10:36 - 2022-06-05 12:20 - 005487104 _____ (The Qt Company Ltd) [File not signed] D:\Origin\Qt5Core.dll
2022-08-10 10:36 - 2022-06-05 12:20 - 005841920 _____ (The Qt Company Ltd) [File not signed] D:\Origin\Qt5Gui.dll
2022-08-10 10:36 - 2022-06-05 12:20 - 001179136 _____ (The Qt Company Ltd) [File not signed] D:\Origin\Qt5Network.dll
2022-08-10 10:36 - 2022-06-05 12:20 - 000146432 _____ (The Qt Company Ltd) [File not signed] D:\Origin\Qt5WebSockets.dll
2022-08-10 10:36 - 2022-06-05 12:20 - 005089792 _____ (The Qt Company Ltd) [File not signed] D:\Origin\Qt5Widgets.dll
2022-08-10 10:36 - 2022-06-05 12:20 - 000184832 _____ (The Qt Company Ltd) [File not signed] D:\Origin\Qt5Xml.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [5300]
AlternateDataStreams: C:\Users\Uporabnik\AppData\Local\Temp:$DATA [16]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO-x32: Skype for Business Browser Helper → {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} → C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-04-26] (Microsoft Corporation → Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper → {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} → C:\Program Files (x86)\Java\jre1.8.0_333\bin\ssv.dll [2022-05-03] (Oracle America, Inc. → Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper → {DBC80044-A445-435b-BC74-9C25C1C588A9} → C:\Program Files (x86)\Java\jre1.8.0_333\bin\jp2ssv.dll [2022-05-03] (Oracle America, Inc. → Oracle Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-29] (Microsoft Corporation → Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-04-29] (Microsoft Corporation → Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-29] (Microsoft Corporation → Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-04-29] (Microsoft Corporation → Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-29] (Microsoft Corporation → Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-04-29] (Microsoft Corporation → Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-29] (Microsoft Corporation → Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-04-29] (Microsoft Corporation → Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 11:14 - 2019-12-07 11:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\Path → C:\Program Files (x86)\Razer Chroma SDK\bin;C:\Program Files\Razer Chroma SDK\bin;C:\Program Files (x86)\Razer\ChromaBroadcast\bin;C:\Program Files\Razer\ChromaBroadcast\bin;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\ Windows;C:\Windows\System32\Wbem;C:\Windows\System 32\WindowsPowerShell\v1.0;C:\Windows\System32\Open SSH;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Windows\system32\confi g\systemprofile\AppData\Local\Microsoft\WindowsApp s;
HKU\S-1-5-21-3134029656-847882931-1988809457-1001\Control Panel\Desktop\Wallpaper → C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM...\StartupApproved\Run32: => “SunJavaUpdateSched”
HKLM...\StartupApproved\Run32: => “Adobe CCXProcess”
HKLM...\StartupApproved\Run32: => “Adobe Creative Cloud”
HKU\S-1-5-21-3134029656-847882931-1988809457-1001...\StartupApproved\Run: => “Opera GX Browser Assistant”
HKU\S-1-5-21-3134029656-847882931-1988809457-1001...\StartupApproved\Run: => “Opera GX Stable”
HKU\S-1-5-21-3134029656-847882931-1988809457-1001...\StartupApproved\Run: => “SignalRgb”
HKU\S-1-5-21-3134029656-847882931-1988809457-1001...\StartupApproved\Run: => “EpicGamesLauncher”
HKU\S-1-5-21-3134029656-847882931-1988809457-1001...\StartupApproved\Run: => “OneDrive”
HKU\S-1-5-21-3134029656-847882931-1988809457-1001...\StartupApproved\Run: => “Voicemod”
HKU\S-1-5-21-3134029656-847882931-1988809457-1001...\StartupApproved\Run: => “EADM”
HKU\S-1-5-21-3134029656-847882931-1988809457-1001...\StartupApproved\Run: => “Overwolf”

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{59C62C45-4C60-4AA6-B7A0-95097AAB65FF}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{E12D4DFD-D19C-4704-8B37-FF982F806B42}] => (Allow) C:\Program Files\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. → Zoom Video Communications, Inc.)
FirewallRules: [{0F32F8D6-4562-405B-9208-12EF1FBA2C22}] => (Allow) C:\Program Files\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. → Zoom Video Communications, Inc.)
FirewallRules: [{0C4112FC-3148-4730-95E0-9D8B3508B76E}] => (Allow) C:\Program Files\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. → Zoom Video Communications, Inc.)
FirewallRules: [{1B36D520-1A44-48AF-9D31-2425EFA23201}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{B2098FCE-22AF-46CD-A2DF-41733211C890}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{4C16443D-2555-48E3-8107-391DAFF896C9}] => (Allow) C:\Program Files\Razer\RzAppEngine\rzappengine.exe (Razer USA Ltd. → Razer Inc.)
FirewallRules: [{257108BA-4744-42EF-B3EA-047FCB5FF9A8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. → Valve Corporation)
FirewallRules: [{3BD93512-692B-4CC6-833D-3347285EEB0F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. → Valve Corporation)
FirewallRules: [{54B8DCB9-3582-4E30-8D1E-2A56F4F2C48E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. → Valve Corporation)
FirewallRules: [{E07B637C-FE1B-47C8-A429-F7F66B8C1C25}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. → Valve Corporation)
FirewallRules: [{32DFC5A2-41A3-4E61-8987-B9A599F6DC2A}] => (Allow) D:\SteamLibrary\steamapps\common\Destiny 2\destiny2launcher.exe (BattlEye Innovations e.K. → BattlEye Innovations)
FirewallRules: [{2F8DC649-578A-4CD3-86FD-BE3FB26FA8A8}] => (Allow) D:\SteamLibrary\steamapps\common\Destiny 2\destiny2launcher.exe (BattlEye Innovations e.K. → BattlEye Innovations)
FirewallRules: [TCP Query User{C9F7FBE5-A7E4-4279-8D03-72FF9214F5CB}C:\users\uporabnik\appdata\local\pack ages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localca che\local\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe] => (Allow) C:\users\uporabnik\appdata\local\packages\microsof t.4297127d64ec6_8wekyb3d8bbwe\localcache\local\run time\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe
FirewallRules: [UDP Query User{6284C3D2-F8D6-46C3-B826-8C2EDE4296F4}C:\users\uporabnik\appdata\local\pack ages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localca che\local\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe] => (Allow) C:\users\uporabnik\appdata\local\packages\microsof t.4297127d64ec6_8wekyb3d8bbwe\localcache\local\run time\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe
FirewallRules: [TCP Query User{A2D82924-C244-4D42-8B30-BF5888B88732}D:\steamlibrary\steamapps\common\dest iny 2\destiny2.exe] => (Allow) D:\steamlibrary\steamapps\common\destiny 2\destiny2.exe (Bungie Inc. → Bungie)
FirewallRules: [UDP Query User{426833A4-506D-49F8-82CB-258E5CABEFD5}D:\steamlibrary\steamapps\common\dest iny 2\destiny2.exe] => (Allow) D:\steamlibrary\steamapps\common\destiny 2\destiny2.exe (Bungie Inc. → Bungie)
FirewallRules: [{9CC43541-E781-4A8D-BD3C-384EED7F80AC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation → NVIDIA Corporation)
FirewallRules: [{0A1AB5EF-E7B6-474A-9EF4-F91FC37DF7C4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation → NVIDIA Corporation)
FirewallRules: [{97B5D372-F30F-40DA-8981-7830DAEE6FEF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation → NVIDIA Corporation)
FirewallRules: [{18D0EC6B-0AD1-4A8D-85D8-D0D9073B6116}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation → NVIDIA Corporation)
FirewallRules: [{E8EF60AE-36E8-4FA7-A421-5E505520A6B0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation → NVIDIA Corporation)
FirewallRules: [{ED46CE8E-C95C-4BB8-A561-6454DC4D2D3F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation → NVIDIA Corporation)
FirewallRules: [TCP Query User{212437BD-A1A6-455F-8E5C-00BCABB3660C}D:\steamlibrary\steamapps\common\dest iny 2\destiny2.exe] => (Allow) D:\steamlibrary\steamapps\common\destiny 2\destiny2.exe (Bungie Inc. → Bungie)
FirewallRules: [UDP Query User{D3C80980-0027-4CF2-9A49-F68951214A17}D:\steamlibrary\steamapps\common\dest iny 2\destiny2.exe] => (Allow) D:\steamlibrary\steamapps\common\destiny 2\destiny2.exe (Bungie Inc. → Bungie)
FirewallRules: [TCP Query User{7B7711FE-C51B-4FDC-85C9-38EC1E352599}C:\users\uporabnik\appdata\local\pack ages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localca che\local\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe] => (Allow) C:\users\uporabnik\appdata\local\packages\microsof t.4297127d64ec6_8wekyb3d8bbwe\localcache\local\run time\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe
FirewallRules: [UDP Query User{1EB82CB4-FD57-4DD8-B6F9-C2F54EFE808A}C:\users\uporabnik\appdata\local\pack ages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localca che\local\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe] => (Allow) C:\users\uporabnik\appdata\local\packages\microsof t.4297127d64ec6_8wekyb3d8bbwe\localcache\local\run time\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe
FirewallRules: [{F0959F85-FC0B-4802-8428-83A1B12FBE75}] => (Allow) D:\SteamLibrary\steamapps\common\ForzaHorizon5\For zaHorizon5.exe (Microsoft Corporation → )
FirewallRules: [{E04481B6-4488-4516-B824-8D4E25442118}] => (Allow) D:\SteamLibrary\steamapps\common\ForzaHorizon5\For zaHorizon5.exe (Microsoft Corporation → )
FirewallRules: [TCP Query User{3F12B428-7681-47EC-8FBD-A6F60E9229FB}C:\users\uporabnik\appdata\local\vort xengine\app-2.2.20\signal-x64\signalrgb.exe] => (Allow) C:\users\uporabnik\appdata\local\vortxengine\app-2.2.20\signal-x64\signalrgb.exe (WhirlwindFX) [File not signed]
FirewallRules: [UDP Query User{B49A8043-AC49-484F-A746-E842337A557F}C:\users\uporabnik\appdata\local\vort xengine\app-2.2.20\signal-x64\signalrgb.exe] => (Allow) C:\users\uporabnik\appdata\local\vortxengine\app-2.2.20\signal-x64\signalrgb.exe (WhirlwindFX) [File not signed]
FirewallRules: [TCP Query User{493579AF-5966-409B-9F89-D872FEF9220C}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper .exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper .exe (Epic Games Inc. → Epic Games, Inc.)
FirewallRules: [UDP Query User{5F4C9523-D988-45CA-A34A-F5AB9375BABB}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper .exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper .exe (Epic Games Inc. → Epic Games, Inc.)
FirewallRules: [TCP Query User{1245ABBD-A905-455F-9A3A-8FC6BFAF65DB}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper .exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper .exe (Epic Games Inc. → Epic Games, Inc.)
FirewallRules: [UDP Query User{C9E42966-A154-44C3-A7AD-D3F4C4B06543}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper .exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper .exe (Epic Games Inc. → Epic Games, Inc.)
FirewallRules: [TCP Query User{C2538D78-F05F-4361-9DC6-ABDCE5BEC668}D:\epic games\saintsrowthethird\srttr.exe] => (Allow) D:\epic games\saintsrowthethird\srttr.exe (Koch Media GmbH, Austria) [File not signed]
FirewallRules: [UDP Query User{047B7F76-BC82-40A3-8766-70B28A9FF0E1}D:\epic games\saintsrowthethird\srttr.exe] => (Allow) D:\epic games\saintsrowthethird\srttr.exe (Koch Media GmbH, Austria) [File not signed]
FirewallRules: [{7E9F7878-3389-4827-B228-8B3D9611A8AC}] => (Allow) D:\SteamLibrary\steamapps\common\Terraria\Terraria .exe (Re-Logic) [File not signed]
FirewallRules: [{ABCBB2BF-3A8B-46BF-BF87-F3C84D4142B3}] => (Allow) D:\SteamLibrary\steamapps\common\Terraria\Terraria .exe (Re-Logic) [File not signed]
FirewallRules: [TCP Query User{898A9DEE-1A13-42A7-B668-68346FD228DF}D:\epic games\saintsrowthethird\srttr.exe] => (Allow) D:\epic games\saintsrowthethird\srttr.exe (Koch Media GmbH, Austria) [File not signed]
FirewallRules: [UDP Query User{4A4752F5-49E5-4124-B7C7-9BCD17FC9FBA}D:\epic games\saintsrowthethird\srttr.exe] => (Allow) D:\epic games\saintsrowthethird\srttr.exe (Koch Media GmbH, Austria) [File not signed]
FirewallRules: [TCP Query User{D2F34158-E6D8-4726-BE6C-13C6272524BF}D:\steamlibrary\steamapps\common\terr aria\terrariaserver.exe] => (Allow) D:\steamlibrary\steamapps\common\terraria\terraria server.exe (Re-Logic) [File not signed]
FirewallRules: [UDP Query User{E34D5037-8480-45CD-942C-072811CF11BF}D:\steamlibrary\steamapps\common\terr aria\terrariaserver.exe] => (Allow) D:\steamlibrary\steamapps\common\terraria\terraria server.exe (Re-Logic) [File not signed]
FirewallRules: [TCP Query User{BAEE7156-22FF-4313-889B-DA47253753B9}C:\users\uporabnik\appdata\local\vort xengine\app-2.2.22\signal-x64\signalrgb.exe] => (Block) C:\users\uporabnik\appdata\local\vortxengine\app-2.2.22\signal-x64\signalrgb.exe (WhirlwindFX) [File not signed]
FirewallRules: [UDP Query User{51DA6823-FE76-4BAC-B6FB-9D48E3EB988F}C:\users\uporabnik\appdata\local\vort xengine\app-2.2.22\signal-x64\signalrgb.exe] => (Block) C:\users\uporabnik\appdata\local\vortxengine\app-2.2.22\signal-x64\signalrgb.exe (WhirlwindFX) [File not signed]
FirewallRules: [TCP Query User{0D70E0DF-7DB1-4982-953E-1277587DD495}D:\steamlibrary\steamapps\common\terr aria\terrariaserver.exe] => (Allow) D:\steamlibrary\steamapps\common\terraria\terraria server.exe (Re-Logic) [File not signed]
FirewallRules: [UDP Query User{AF85B4E6-B827-4B2C-BFB5-C65A5EA1B65D}D:\steamlibrary\steamapps\common\terr aria\terrariaserver.exe] => (Allow) D:\steamlibrary\steamapps\common\terraria\terraria server.exe (Re-Logic) [File not signed]
FirewallRules: [{6928CB09-82C0-4B38-BB0D-8BA13F9FF8AB}] => (Allow) D:\SteamLibrary\steamapps\common\Yu-Gi-Oh! Master Duel\masterduel.exe () [File not signed]
FirewallRules: [{D285F4C2-7D98-4300-98AF-0F39D2A035E8}] => (Allow) D:\SteamLibrary\steamapps\common\Yu-Gi-Oh! Master Duel\masterduel.exe () [File not signed]
FirewallRules: [TCP Query User{CE89EA60-A66A-4ECA-8433-03785A6BCB40}C:\users\uporabnik\appdata\local\vort xengine\app-2.2.22\signal-x64\signalrgb.exe] => (Block) C:\users\uporabnik\appdata\local\vortxengine\app-2.2.22\signal-x64\signalrgb.exe (WhirlwindFX) [File not signed]
FirewallRules: [UDP Query User{12067AAA-2035-462B-8D24-766A60A1F121}C:\users\uporabnik\appdata\local\vort xengine\app-2.2.22\signal-x64\signalrgb.exe] => (Block) C:\users\uporabnik\appdata\local\vortxengine\app-2.2.22\signal-x64\signalrgb.exe (WhirlwindFX) [File not signed]
FirewallRules: [{4FD9F56F-5724-4FE4-B6CE-25506BC85798}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe (Bluestack Systems, Inc → Bluestack Systems, Inc.)
FirewallRules: [{50E307D7-DC83-4C2C-90E1-5FB09C79C43E}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe (Bluestack Systems, Inc → Bluestack Systems, Inc.)
FirewallRules: [TCP Query User{821BF338-739F-47DF-A938-23057E0BA5C7}C:\program files (x86)\ubisoft\ubisoft game launcher\uplaywebcore.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\uplaywebcore.exe (Ubisoft Entertainment Sweden AB → Ubisoft)
FirewallRules: [UDP Query User{A05545B3-4464-491A-ACA1-B5680AB306C6}C:\program files (x86)\ubisoft\ubisoft game launcher\uplaywebcore.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\uplaywebcore.exe (Ubisoft Entertainment Sweden AB → Ubisoft)
FirewallRules: [{A5F86BCE-B00B-49EA-ACD4-A671F3118F18}] => (Allow) D:\Nova mapa\The Crew 2\TheCrew2.exe (UBISOFT ENTERTAINMENT INC. → UBISoft) [File not signed]
FirewallRules: [{070C772F-DDD7-4B94-8753-960C6BC33720}] => (Allow) C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe (Voicemod Sociedad Limitada → Voicemod)
FirewallRules: [TCP Query User{AE764BC6-E886-43B9-8059-446E480672D1}C:\users\uporabnik\appdata\local\pack ages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localca che\local\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\uporabnik\appdata\local\packages\microsof t.4297127d64ec6_8wekyb3d8bbwe\localcache\local\run time\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe
FirewallRules: [UDP Query User{96CC84B6-A3D1-4D5E-86BA-EBC1F74FC0EA}C:\users\uporabnik\appdata\local\pack ages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localca che\local\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\uporabnik\appdata\local\packages\microsof t.4297127d64ec6_8wekyb3d8bbwe\localcache\local\run time\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe
FirewallRules: [TCP Query User{287503B7-130A-44D1-946A-4439D18A023F}C:\users\uporabnik\appdata\local\pack ages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localca che\local\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\uporabnik\appdata\local\packages\microsof t.4297127d64ec6_8wekyb3d8bbwe\localcache\local\run time\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe
FirewallRules: [UDP Query User{543CE8CC-5C3B-401F-8F9B-C90097C2B043}C:\users\uporabnik\appdata\local\pack ages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localca che\local\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\uporabnik\appdata\local\packages\microsof t.4297127d64ec6_8wekyb3d8bbwe\localcache\local\run time\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe
FirewallRules: [{347D413A-8E26-47C8-9C82-6D25C8FF7348}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe (Bluestack Systems, Inc → BlueStack Systems)
FirewallRules: [{69E78C47-B01D-4EA7-B4EF-A625D1537BEB}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Tools\La uncher.exe (Digital Extremes Ltd. → Digital Extremes)
FirewallRules: [{B31AFF5A-6B08-42C5-9A69-EF31899B244D}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe .x64.exe (Digital Extremes Ltd. → Digital Extremes)
FirewallRules: [{A886586C-D9A6-4F1F-A17D-8F3C4B3FD6EB}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe .x64.exe (Digital Extremes Ltd. → Digital Extremes)
FirewallRules: [{2AFCDFBD-1109-47A5-9DC1-6710D09F7F13}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Tools\Re moteCrashSender.exe (Digital Extremes Ltd. → )
FirewallRules: [{976C95F5-4F1A-4D14-BCC5-3BBCCF104396}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Tools\La uncher.exe (Digital Extremes Ltd. → Digital Extremes)
FirewallRules: [{B1FD0D12-CB28-4CCA-B092-9472C1E76F11}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe .x64.exe (Digital Extremes Ltd. → Digital Extremes)
FirewallRules: [{577077D4-A279-4E36-819E-68B4B4036A89}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe .x64.exe (Digital Extremes Ltd. → Digital Extremes)
FirewallRules: [{49B6595B-16D6-4003-8B41-885DF7C7DD22}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Tools\Re moteCrashSender.exe (Digital Extremes Ltd. → )
FirewallRules: [TCP Query User{08909C38-DF68-4D3E-B162-0800173A044C}D:\epic games\justdiealready\jdgame\binaries\win64\jdgame-win64-shipping.exe] => (Allow) D:\epic games\justdiealready\jdgame\binaries\win64\jdgame-win64-shipping.exe (DoubleMoose) [File not signed]
FirewallRules: [UDP Query User{8E1C4A35-C2D7-4D48-A287-79106FB9AE65}D:\epic games\justdiealready\jdgame\binaries\win64\jdgame-win64-shipping.exe] => (Allow) D:\epic games\justdiealready\jdgame\binaries\win64\jdgame-win64-shipping.exe (DoubleMoose) [File not signed]
FirewallRules: [TCP Query User{F9B98F5B-8B4C-4945-B11E-FC85BED977FF}D:\epic games\fallguys\fallguys_client_game.exe] => (Allow) D:\epic games\fallguys\fallguys_client_game.exe () [File not signed]
FirewallRules: [UDP Query User{55CD3772-C288-459A-BEC8-D18928CC4E7F}D:\epic games\fallguys\fallguys_client_game.exe] => (Allow) D:\epic games\fallguys\fallguys_client_game.exe () [File not signed]
FirewallRules: [{C486A144-9C13-46A5-A3AF-C088A2E23AD2}] => (Allow) D:\SteamLibrary\steamapps\common\StickFightTheGame \StickFight.exe () [File not signed]
FirewallRules: [{66C4CFFF-0A47-4940-AB58-55EB9A1DB277}] => (Allow) D:\SteamLibrary\steamapps\common\StickFightTheGame \StickFight.exe () [File not signed]
FirewallRules: [{44F207CB-11C9-4B63-908D-53B23754B03A}] => (Allow) D:\SteamLibrary\steamapps\common\ARK\ShooterGame\B inaries\Win64\ShooterGame_BE.exe (BattlEye Innovations e.K. → BattlEye Innovations)
FirewallRules: [{7E65DE5A-ED99-4BE1-89B8-A97D8B14D93F}] => (Allow) D:\SteamLibrary\steamapps\common\ARK\ShooterGame\B inaries\Win64\ShooterGame_BE.exe (BattlEye Innovations e.K. → BattlEye Innovations)
FirewallRules: [{28EC568F-FBA9-4F0F-A856-19E6046EA200}] => (Allow) D:\SteamLibrary\steamapps\common\ARK\ShooterGame\B inaries\Win64\ShooterGame.exe (Wildcard Properties LLC → Epic Games, Inc.)
FirewallRules: [{A48AF286-FE77-4F9D-B803-197637DA88D4}] => (Allow) D:\SteamLibrary\steamapps\common\ARK\ShooterGame\B inaries\Win64\ShooterGame.exe (Wildcard Properties LLC → Epic Games, Inc.)
FirewallRules: [TCP Query User{1CEFBD87-B357-4C63-A392-1FDACF40EDFE}C:\users\uporabnik\appdata\local\pack ages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localca che\local\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\users\uporabnik\appdata\local\packages\microsof t.4297127d64ec6_8wekyb3d8bbwe\localcache\local\run time\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [UDP Query User{0BEECCA2-EFEF-4927-84E3-C7BE0FF62F1C}C:\users\uporabnik\appdata\local\pack ages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localca che\local\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\users\uporabnik\appdata\local\packages\microsof t.4297127d64ec6_8wekyb3d8bbwe\localcache\local\run time\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [TCP Query User{DA5B9957-6ECD-40F7-8408-EBF463E78EFA}C:\users\uporabnik\appdata\local\pack ages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localca che\local\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\users\uporabnik\appdata\local\packages\microsof t.4297127d64ec6_8wekyb3d8bbwe\localcache\local\run time\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [UDP Query User{3A47B432-E9B8-4CF7-9D66-8C2D7F0FDADA}C:\users\uporabnik\appdata\local\pack ages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localca che\local\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\users\uporabnik\appdata\local\packages\microsof t.4297127d64ec6_8wekyb3d8bbwe\localcache\local\run time\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [TCP Query User{408A7ADF-4334-4558-A4BD-AD1F125B33A9}C:\users\uporabnik\appdata\local\disc ord\app-1.0.9006\discord.exe] => (Allow) C:\users\uporabnik\appdata\local\discord\app-1.0.9006\discord.exe (Discord Inc. → Discord Inc.)
FirewallRules: [UDP Query User{65040ECE-B849-468A-B651-31E0EB619C80}C:\users\uporabnik\appdata\local\disc ord\app-1.0.9006\discord.exe] => (Allow) C:\users\uporabnik\appdata\local\discord\app-1.0.9006\discord.exe (Discord Inc. → Discord Inc.)
FirewallRules: [{FBD38859-2F3B-4AE3-A090-015025713552}] => (Allow) C:\Program Files (x86)\Overwolf\0.203.1.12\OverwolfBrowser.exe (Overwolf Ltd → Overwolf LTD)
FirewallRules: [{A6D81CA6-E04F-4CD9-A36D-45FEE7F9B53B}] => (Allow) C:\Program Files (x86)\Overwolf\0.203.1.12\OverwolfBrowser.exe (Overwolf Ltd → Overwolf LTD)
FirewallRules: [{FC77A75F-F7F8-4D2D-B9B3-30BA500022FA}] => (Block) C:\Program Files (x86)\Overwolf\0.203.1.12\OverwolfBrowser.exe (Overwolf Ltd → Overwolf LTD)
FirewallRules: [{65CFE4A0-3FA6-4656-AE7F-708BAB7F7CD6}] => (Block) C:\Program Files (x86)\Overwolf\0.203.1.12\OverwolfBrowser.exe (Overwolf Ltd → Overwolf LTD)
FirewallRules: [{A4400A20-6430-439D-B0F6-7AA4C8C49933}] => (Allow) C:\Program Files (x86)\Overwolf\0.204.0.1\OverwolfBrowser.exe (Overwolf Ltd → Overwolf LTD)
FirewallRules: [{DA7EED26-3C78-40FD-9E9D-94B01496076A}] => (Allow) C:\Program Files (x86)\Overwolf\0.204.0.1\OverwolfBrowser.exe (Overwolf Ltd → Overwolf LTD)
FirewallRules: [{E6E2BB9D-3B1A-493A-BAD3-8FDBE74B4527}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.87.3406.0_ x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{61CD093B-79CE-491C-9B53-82F605822F29}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.87.3406.0_ x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{76ACAFE8-474A-4FCE-8017-0B90C735841A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.87.3406.0_ x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{0895B6F9-CE63-493F-AED9-DAE726C46CCB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.87.3406.0_ x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{8CDC800A-E65D-4109-B65A-A283B37A35F7}] => (Allow) C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe (Voicemod Sociedad Limitada → Voicemod)
FirewallRules: [{537CDD6A-9104-425A-BCA3-800E0EAB5CC7}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293 .70\msedgewebview2.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{66043EBD-BA8E-45BA-BA31-04413B514A12}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.192.647 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB → Spotify Ltd)
FirewallRules: [{ECCCEA31-7748-4FF6-B4BC-D6AE7215A2A6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.192.647 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB → Spotify Ltd)
FirewallRules: [{853CEA0D-729B-47CE-86D4-B7E55DD678D6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.192.647 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB → Spotify Ltd)
FirewallRules: [{BBB0CA93-061F-40F5-A2E8-559060094109}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.192.647 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB → Spotify Ltd)
FirewallRules: [{8B61D218-9B0B-4944-B720-12012E2BB967}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.192.647 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB → Spotify Ltd)
FirewallRules: [{5B5E189B-5EDC-4D29-A85C-621430F40F50}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.192.647 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB → Spotify Ltd)
FirewallRules: [{2F597AC7-7CB8-4BEF-89D3-048B4E1D5BA9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.192.647 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB → Spotify Ltd)
FirewallRules: [{899F9126-DCB3-4F6B-93FF-B5F8A02F9084}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.192.647 .0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB → Spotify Ltd)
FirewallRules: [{3E65F390-E7DC-4288-91DF-536006F85EE8}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC → Google LLC)

==================== Restore Points =========================

12-08-2022 14:58:01 Windows Modules Installer
18-08-2022 14:41:26 TotalAV Install

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================
[HEADING=1]Application errors:[/HEADING]
Error: (08/18/2022 04:14:37 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: ChromaVisualizer.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 7943E83E

Error: (08/17/2022 01:24:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Napačno ime programa: RazerCortex.exe, različica: 10.1.3.0, časovni žig: 0x6283df13
Napačno ime modula: ucrtbase.dll, različica: 10.0.19041.789, časovni žig: 0x82dc99a2
Koda izjeme: 0xc0000409
Napačen odmik: 0x0009eddb
Napačen id procesa: 0x2d08
Napačen začetni čas programa: 0x01d8b22be050fdfa
Napačna programska pot: C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe
Napačna pot modula: C:\Windows\System32\ucrtbase.dll
Id poročila: fba4841c-8845-4e35-b5d5-cc646372d037
Napačno polno ime paketa:
Napačen ID programa, sorodnega paketu:

Error: (08/17/2022 10:20:19 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: ChromaVisualizer.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 79EDE88D

Error: (08/16/2022 04:49:38 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: ChromaVisualizer.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 7C01E83E

Error: (08/15/2022 08:28:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Napačno ime programa: RazerCortex.exe, različica: 10.0.251.0, časovni žig: 0x62571150
Napačno ime modula: ucrtbase.dll, različica: 10.0.19041.789, časovni žig: 0x82dc99a2
Koda izjeme: 0xc0000409
Napačen odmik: 0x0009eddb
Napačen id procesa: 0x253c
Napačen začetni čas programa: 0x01d8b0d4c51ac2eb
Napačna programska pot: C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe
Napačna pot modula: C:\Windows\System32\ucrtbase.dll
Id poročila: 5ab0fd51-c87e-43cf-ad0e-a128ad12fcc2
Napačno polno ime paketa:
Napačen ID programa, sorodnega paketu:

Error: (08/11/2022 10:47:31 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: ChromaVisualizer.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 7A9DE896

Error: (08/08/2022 02:50:05 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Mehanizem za optimiranje shrambe ne more dokončati znova obreži (\?\Volume{19c0c6cf-4c0d-97a3-0d37-e79c8c13d025}) zaradi naslednjega razloga: Strojna oprema, ki podpira nosilec, ne podpira zahtevanega postopka. (0x8900002A)

Error: (08/08/2022 02:50:04 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Mehanizem za optimiranje shrambe ne more dokončati znova obreži (Nov nosilec (D) zaradi naslednjega razloga: Strojna oprema, ki podpira nosilec, ne podpira zahtevanega postopka. (0x8900002A)
[HEADING=1]System errors:[/HEADING]
Error: (08/28/2022 03:27:12 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Napaka pri namestitvi: Windows ni namestil te posodobitve z napako 0x80248007: 9NBLGGGZM6WM-ROBLOXCORPORATION.ROBLOX.

Error: (08/28/2022 03:22:51 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:54:34 on ‎20. ‎08. ‎2022 was unexpected.

Error: (08/28/2022 03:22:36 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 3221225684A fatal error occurred processing the restoration data.

Error: (08/20/2022 11:25:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Storitev »Steam Client Service« se ni uspela zagnati zaradi te napake:
The service did not respond to the start or control request in a timely fashion.

Error: (08/20/2022 11:25:59 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Pri čakanju, da storitev Steam Client Service vzpostavi povezavo, je bila dosežena časovna omejitev (30000 milisekund).

Error: (08/17/2022 08:34:49 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Napaka pri namestitvi: Windows ni namestil te posodobitve z napako 0x80073d02: 9NTM2QC6QWS7-12030rocksdanister.LivelyWallpaper.

Error: (08/17/2022 03:00:40 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-E9TUOMA)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.

Error: (08/17/2022 03:00:40 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-E9TUOMA)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.
[HEADING=1]Windows Defender:[/HEADING]
Date: 2022-08-16 22:20:21
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:

Name: Trojan:Win32/ClipBanker.DK!MTB
Severity: Resna
Category: Trojanec
Path: file:_C:\Users\Uporabnik\AppData\Local\Temp\svhost .exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\UPORAB~1\AppData\Local\Temp\7zO01ADEDC3\I nstall.exe
Security intelligence Version: AV: 1.373.452.0, AS: 1.373.452.0, NIS: 1.373.452.0
Engine Version: AM: 1.1.19500.2, NIS: 1.1.19500.2

Date: 2022-08-16 22:20:20
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:

Name: Trojan:MSIL/CoinMiner!MSR
Severity: Resna
Category: Trojanec
Path: file:_C:\Users\Uporabnik\AppData\Local\Temp\conhos t.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\UPORAB~1\AppData\Local\Temp\7zO01ADEDC3\I nstall.exe
Security intelligence Version: AV: 1.373.452.0, AS: 1.373.452.0, NIS: 1.373.452.0
Engine Version: AM: 1.1.19500.2, NIS: 1.1.19500.2

Date: 2022-08-08 20:18:52
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-08-08 15:38:12
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:

Name: Trojan:Win32/Sabsik.FL.B!ml
Severity: Resna
Category: Trojanec
Path: file:_C:\Users\Uporabnik\AppData\Local\Temp\7zOCC6 887DA\Setup 2.0.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Program Files\7-Zip\7zFM.exe
Security intelligence Version: AV: 1.371.1651.0, AS: 1.371.1651.0, NIS: 1.371.1651.0
Engine Version: AM: 1.1.19400.3, NIS: 1.1.19400.3

Date: 2022-07-23 09:20:40
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
[HEADING=1]CodeIntegrity:[/HEADING]
Date: 2022-08-28 15:24:35
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\TotalAV\wscf.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: American Megatrends Inc. F5 05/30/2014
Motherboard: Gigabyte Technology Co., Ltd. Z97X-Gaming 5
Processor: Intel(R) Core™ i5-4690K CPU @ 3.50GHz
Percentage of memory in use: 38%
Total physical RAM: 16245.04 MB
Available physical RAM: 9998.05 MB
Total Virtual: 18677.04 MB
Available Virtual: 11266.03 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.27 GB) (Free:94.85 GB) (Model: Samsung SSD 870 EVO 250GB) NTFS
Drive d: (Nov nosilec) (Fixed) (Total:1863 GB) (Free:1186.09 GB) (Model: TOSHIBA HDWD220) NTFS

\?\Volume{f4c4cfe3-535e-4f33-9379-ce2507cd3c69}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS
\?\Volume{3a67c860-4f4a-07bf-1000-5763d3e2c1e4}\ () (Fixed) (Total:0.01 GB) (Free:0 GB) NTFS
\?\Volume{b28afe1d-e026-4917-a6de-d3722847cee8}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

================================================== ========
Disk: 0 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT.

================================================== ========
Disk: 1 (Protective MBR) (Size: 232.9 GB) (Disk ID: 00000000)

Partition: GPT.
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 2.

==================== End of Addition.txt =======================

That is the addition.txt I also need FRST.txt

i have problem most of things are in slovene
google translate is probably translate well

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-08-2022
Ran by Uporabnik (administrator) on DESKTOP-E9TUOMA (Gigabyte Technology Co., Ltd. Z97X-Gaming 5) (28-08-2022 15:37:15)
Running from C:\Users\Uporabnik\Downloads
Loaded Profiles: Uporabnik
Platform: Microsoft Windows 10 Pro Version 21H1 19043.1889 (X64) Language: slovenščina (Slovenija)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files (x86)\Razer\Razer Cortex\CortexLauncherService.exe ->) (Razer USA Ltd. → Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe
(C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe ->) (Razer USA Ltd. → The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.exe <2>
(C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe ->) (Razer USA Ltd. → Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe
(C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe ->) (Razer USA Ltd. → ) C:\Program Files (x86)\Razer\Synapse3\AudioVisualizer\ChromaVisuali zer.exe
(C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe ->) (Razer USA Ltd. → ) C:\Program Files (x86)\Razer\Synapse3\UserProcess\Razer Synapse Service Process.exe
(C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe ->) (Razer USA Ltd. → The CefSharp Authors) C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\CefSharp.BrowserSubprocess.exe <2>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\rundll32.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation → NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation → NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(C:\Program Files\WindowsApps\12030rocksdanister.LivelyWallpap er_1.0.125.0_x86__97hta09mmv6hy\Build\Lively.exe ->) (rocksdanister) C:\Program Files\WindowsApps\12030rocksdanister.LivelyWallpap er_1.0.125.0_x86__97hta09mmv6hy\Build\Plugins\Mpv\ mpv.exe
(C:\Program Files\WindowsApps\12030rocksdanister.LivelyWallpap er_1.0.125.0_x86__97hta09mmv6hy\Build\Lively.exe ->) (rocksdanister) C:\Program Files\WindowsApps\12030rocksdanister.LivelyWallpap er_1.0.125.0_x86__97hta09mmv6hy\Build\Plugins\Watc hdog\Lively.Watchdog.exe
(Discord Inc. → Discord Inc.) C:\Users\Uporabnik\AppData\Local\Discord\app-1.0.9006\Discord.exe <2>
(explorer.exe ->) (Google LLC → Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <11>
(explorer.exe ->) (Razer USA Ltd. → ) C:\Windows\System32\RZTHXHelper.exe
(explorer.exe ->) (Razer USA Ltd. → Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe
(explorer.exe ->) (rocksdanister) C:\Program Files\WindowsApps\12030rocksdanister.LivelyWallpap er_1.0.125.0_x86__97hta09mmv6hy\Build\Lively.exe
(Intel(R) pGFX → Intel Corporation) C:\Windows\System32\igfxEM.exe
(Nvidia Corporation → Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(services.exe ->) (Adobe Inc. → Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(services.exe ->) (Electronic Arts, Inc. → Electronic Arts) D:\Origin\OriginWebHelperService.exe
(services.exe ->) (FOXIT SOFTWARE INC. → Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe
(services.exe ->) (Intel(R) pGFX → Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\Pres entationFontCache.exe
(services.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_4.67.21 001.0_x64__8wekyb3d8bbwe\gamingservices.exe
(services.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_4.67.21 001.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
(services.exe ->) (Microsoft Windows Publisher → Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher → Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe
(services.exe ->) (Nvidia Corporation → NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (Nvidia Corporation → NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_ dispi.inf_amd64_4d7400884d0d52e3\Display.NvContain er\NVDisplay.Container.exe <2>
(services.exe ->) (Protected Antivirus Limited → TotalAV) C:\Program Files (x86)\TotalAV\SecurityService.exe <2>
(services.exe ->) (Razer USA Ltd. → Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
(services.exe ->) (Razer USA Ltd. → Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS3\GameManagerService3.exe
(services.exe ->) (Razer USA Ltd. → Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzChromaStreamServer.exe
(services.exe ->) (Razer USA Ltd. → Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe
(services.exe ->) (Razer USA Ltd. → Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(services.exe ->) (Razer USA Ltd. → Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\CortexLauncherService.exe
(services.exe ->) (Razer USA Ltd. → Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
(services.exe ->) (Razer USA Ltd. → Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
(services.exe ->) (Razer USA Ltd. → Razer) C:\Program Files (x86)\Razer\RzUpdateEngineService\RzUpdateEngineSe rvice.exe
(services.exe ->) (Razer USA Ltd. → Razer) C:\Windows\System32\RZTHXService.exe
(services.exe ->) (Zoom Video Communications, Inc. → Zoom Video Communications, Inc.) C:\Program Files\Common Files\Zoom\Support\CptService.exe
(sihost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MSPaint_6.2203.1037.0_ x64__8wekyb3d8bbwe\PaintStudio.View.exe
(svchost.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.ex e
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM...\Run: [RZTHXHelper] => C:\Windows\system32\RZTHXHelper.exe [385264 2020-04-26] (Razer USA Ltd. → )
HKLM-x32...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [82973864 2022-04-26] (Discord Inc. → Discord Inc.)
HKLM-x32...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [708840 2022-04-26] (Oracle America, Inc. → Oracle Corporation)
HKLM-x32...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe [543744 2022-08-15] (Razer USA Ltd. → Razer Inc.)
HKLM-x32...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [850208 2022-07-01] (Adobe Inc. → Adobe Inc.)
HKLM-x32...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. → )
HKU\S-1-5-21-3134029656-847882931-1988809457-1001...\Run: [Discord] => C:\Users\Uporabnik\AppData\Local\Discord\Update.ex e [1512608 2021-09-21] (Discord Inc. → GitHub)
HKU\S-1-5-21-3134029656-847882931-1988809457-1001...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3535416 2022-07-25] (Razer USA Ltd. → Razer Inc.)
HKU\S-1-5-21-3134029656-847882931-1988809457-1001...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4234600 2022-08-20] (Valve Corp. → Valve Corporation)
HKU\S-1-5-21-3134029656-847882931-1988809457-1001...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLaun cher.exe [32706512 2022-08-19] (Epic Games Inc. → Epic Games, Inc.)
HKU\S-1-5-21-3134029656-847882931-1988809457-1001...\Run: [SignalRgb] => C:\Users\Uporabnik\AppData\Local\VortxEngine\Signa lRgbLauncher.exe [498688 2022-05-05] () [File not signed]
HKU\S-1-5-21-3134029656-847882931-1988809457-1001...\Run: [Opera GX Stable] => C:\Users\Uporabnik\AppData\Local\Programs\Opera GX\launcher.exe [2462712 2022-07-25] (Opera Norway AS → Opera Software)
HKU\S-1-5-21-3134029656-847882931-1988809457-1001...\Run: [Opera GX Browser Assistant] => C:\Users\Uporabnik\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe [3291288 2021-02-01] (Opera Software AS → Opera Software)
HKU\S-1-5-21-3134029656-847882931-1988809457-1001...\Run: [Voicemod] => C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe [7395712 2022-07-15] (Voicemod Sociedad Limitada → Voicemod)
HKU\S-1-5-21-3134029656-847882931-1988809457-1001...\Run: [EADM] => D:\Origin\Origin.exe [3149648 2022-07-27] (Electronic Arts, Inc. → Electronic Arts)
HKU\S-1-5-21-3134029656-847882931-1988809457-1001...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1802584 2022-08-04] (Overwolf Ltd → Overwolf Ltd.)
HKU\S-1-5-21-3134029656-847882931-1988809457-1001...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q “C:\Users\Uporabnik\AppData\Local\Microsoft\OneDri ve\Update\OneDriveSetup.exe” (No File)
HKU\S-1-5-21-3134029656-847882931-1988809457-1001...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q “C:\Users\Uporabnik\AppData\Local\Microsoft\OneDri ve\StandaloneUpdater\OneDriveSetup.exe” (No File)
HKU\S-1-5-21-3134029656-847882931-1988809457-1001...\RunOnce: [Uninstall 22.151.0717.0001] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q “C:\Users\Uporabnik\AppData\Local\Microsoft\OneDri ve\22.151.0717.0001” (No File)
HKU\S-1-5-18...\Run: [RzAppEngine] => C:\Program Files\Razer\RzAppEngine\rzappengine.exe [1641840 2021-10-06] (Razer USA Ltd. → Razer Inc.)
HKU\S-1-5-18...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3535416 2022-07-25] (Razer USA Ltd. → Razer Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}] → C:\Program Files\Razer\RzAppEngine\1.49.0.0\Installer\chrmstp .exe [2022-04-28] (Razer USA Ltd. → Razer Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] → C:\Program Files\Google\Chrome\Application\104.0.5112.102\Ins taller\chrmstp.exe [2022-08-28] (Google LLC → Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E5987A3-FBDB-4FA4-A759-1F00B5732294} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-03-30] (Nvidia Corporation → NVIDIA Corporation)
Task: {17C8A410-70BD-44D1-886D-DF9901C33988} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3342080 2022-03-30] (Nvidia Corporation → NVIDIA Corporation)
Task: {1EF03013-9E99-4684-B83C-A96B965C88C6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAge ntLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [3513776 2022-08-15] (Microsoft Corporation → Microsoft Corporation)
Task: {21C28809-BCC3-4A1A-832C-57BBD2F2E6CF} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906752 2022-03-30] (Nvidia Corporation → NVIDIA Corporation)
Task: {2513F7C9-9B9E-4620-BD3B-749934774125} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2577752 2022-08-04] (Overwolf Ltd → Overwolf LTD)
Task: {26B41C0D-0189-401A-B26E-24875FCBADC2} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646344 2022-03-30] (Nvidia Corporation → NVIDIA Corporation)
Task: {2B8BAD8B-7B42-4E8E-8662-135AAC276EAF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-23] (Microsoft Windows Publisher → Microsoft Corporation)
Task: {2DE346E4-6EC6-48D1-8104-8652381CB02F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAge ntFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [3513776 2022-08-15] (Microsoft Corporation → Microsoft Corporation)
Task: {43D22B3D-AD8F-4BBE-A055-4FF1387B99AF} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906752 2022-03-30] (Nvidia Corporation → NVIDIA Corporation)
Task: {4C09037D-4FD6-4808-A882-BAFE43089ADE} - System32\Tasks\RazerCortexScheduleClean => C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe [543744 2022-08-15] (Razer USA Ltd. → Razer Inc.)
Task: {4F586750-D36B-451E-ACD5-95CE4E7627ED} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23564752 2022-08-05] (Microsoft Corporation → Microsoft Corporation)
Task: {52CBFA30-9B2C-4C13-BAE5-E29096FFC425} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23564752 2022-08-05] (Microsoft Corporation → Microsoft Corporation)
Task: {6A68F506-6CE1-466F-8BC7-3C30746546E9} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-03-30] (Nvidia Corporation → NVIDIA Corporation)
Task: {76339287-49A0-49BC-91CF-E9AC64F0CB8C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-23] (Microsoft Windows Publisher → Microsoft Corporation)
Task: {829EA23F-D50F-48F8-9B95-0830F909A4FA} - System32\Tasks\BlueStacksHelper_nxt => C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe [275136 2022-05-18] (Bluestack Systems, Inc → BlueStack Systems, Inc.)
Task: {A044EE4E-7B6D-4B0E-8770-073B3A46D511} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-03-30] (Nvidia Corporation → NVIDIA Corporation)
Task: {A7DC645B-0E63-4300-B22A-3663BFD2B55E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-23] (Microsoft Windows Publisher → Microsoft Corporation)
Task: {ADBA2B60-6D09-4AF7-845A-FE1961B0A2F0} - System32\Tasks\GoogleUpdateTaskMachineUA{093A0E87-F1C2-4462-B37B-613FF1EA3761} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-04-26] (Google LLC → Google LLC)
Task: {BA1FC9BA-DEE2-4231-906E-CB07827A55EA} - System32\Tasks\Opera GX scheduled Autoupdate 1652367108 => C:\Users\Uporabnik\AppData\Local\Programs\Opera GX\launcher.exe [2462712 2022-07-25] (Opera Norway AS → Opera Software)
Task: {BB924F0D-F18F-4184-AE72-9329A94D5194} - System32\Tasks\Microsoft\Windows\Management\Autopi lot\DetectHardwareChange => {62B2DD2C-F129-42EE-BF59-55D3FD21C215} C:\Windows\System32\Autopilot.dll [192000 2022-08-12] (Microsoft Windows → Microsoft Corporation)
Task: {C19DF3EC-8AE8-485C-83F6-C7B10E75A5C5} - System32\Tasks\Opera GX scheduled assistant Autoupdate 1653319739 => C:\Users\Uporabnik\AppData\Local\Programs\Opera GX\launcher.exe [2462712 2022-07-25] (Opera Norway AS → Opera Software) → --scheduledautoupdate --component-name=assistant --component-path=“C:\Users\Uporabnik\AppData\Local\Programs\Op era GX\assistant” $(Arg0)
Task: {D8E4E359-2281-47C5-817A-C6234936C87B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-23] (Microsoft Windows Publisher → Microsoft Corporation)
Task: {E1C3F226-AACE-485E-86BE-0998ACE9038A} - System32\Tasks\Microsoft\Windows\Management\Autopi lot\RemediateHardwareChange => {62B2DD2C-F129-42EE-BF59-55D3FD21C215} C:\Windows\System32\Autopilot.dll [192000 2022-08-12] (Microsoft Windows → Microsoft Corporation)
Task: {E4D8DB10-8FEF-4583-BF9D-37F404222EE3} - System32\Tasks\Microsoft\Office\OfficeBackgroundTa skHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.e xe [2209248 2022-08-15] (Microsoft Corporation → Microsoft Corporation)
Task: {EB6AAD5D-D1FD-4403-9FD6-7C081126355B} - System32\Tasks\GoogleUpdateTaskMachineCore{F6312DF C-7934-464A-8719-7EF69689C58C} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-04-26] (Google LLC → Google LLC)
Task: {F49BCA67-DF81-4D8C-A671-9DCB691A0FDF} - System32\Tasks\Microsoft\Office\OfficeBackgroundTa skHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.e xe [2209248 2022-08-15] (Microsoft Corporation → Microsoft Corporation)
Task: {F56438EF-9337-4721-90F9-7758FCA4E306} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2022-03-01] (Nvidia Corporation → NVIDIA Corporation) → -d “C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck” -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck .log
Task: {F61B777E-90B1-4194-8F40-A75BB4D4EA49} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-03-30] (Nvidia Corporation → NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip..\Interfaces{4fe77cfd-8847-4e70-a22f-b911537c9348}: [DhcpNameServer] 192.168.178.1
Tcpip..\Interfaces{e08c3838-817f-4deb-a06b-04a8e4a8b1f1}: [DhcpNameServer] 192.168.1.1
[HEADING=1]Edge:[/HEADING]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Uporabnik\AppData\Local\Microsoft\Edge\Us er Data\Default [2022-08-01]
[HEADING=1]FireFox:[/HEADING]
FF Plugin: @microsoft.com/SharePoint,version=14.0 → C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-04-26] (Microsoft Corporation → Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect → C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2022-07-01] (Adobe Inc. → Adobe Systems)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf → C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-01-21] (FOXIT SOFTWARE INC. → Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf → C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-01-21] (FOXIT SOFTWARE INC. → Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf → C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-01-21] (FOXIT SOFTWARE INC. → Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp → C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-01-21] (FOXIT SOFTWARE INC. → Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf → C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-01-21] (FOXIT SOFTWARE INC. → Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.333.2 → C:\Program Files (x86)\Java\jre1.8.0_333\bin\dtplugin\npDeployJava1 .dll [2022-05-03] (Oracle America, Inc. → Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.333.2 → C:\Program Files (x86)\Java\jre1.8.0_333\bin\plugin2\npjp2.dll [2022-05-03] (Oracle America, Inc. → Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 → C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-04-26] (Microsoft Corporation → Microsoft Corporation)
FF Plugin-x32: adobe.com/AdobeAAMDetect → C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2022-07-01] (Adobe Inc. → Adobe Systems)
[HEADING=1]Chrome:[/HEADING]
CHR DefaultProfile: Default
CHR Profile: C:\Users\Uporabnik\AppData\Local\Google\Chrome\Use r Data\Default [2022-08-28]
CHR Notifications: Default → hxxps://aternos.org; hxxps://pchelpforum.net
CHR StartupUrls: Default → “hxxps://www.google.com/”
CHR Extension: (MetaMask) - C:\Users\Uporabnik\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbef gpgknn [2022-08-17]
CHR Extension: (Plačila v spletni trgovini Chrome) - C:\Users\Uporabnik\AppData\Local\Google\Chrome\Use r Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2022-04-28]
CHR Profile: C:\Users\Uporabnik\AppData\Local\Google\Chrome\Use r Data\Guest Profile [2022-08-28]
CHR Profile: C:\Users\Uporabnik\AppData\Local\Google\Chrome\Use r Data\Profile 1 [2022-08-19]
CHR Extension: (Google Dokumenti brez povezave) - C:\Users\Uporabnik\AppData\Local\Google\Chrome\Use r Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-08-10]
CHR Extension: (Plačila v spletni trgovini Chrome) - C:\Users\Uporabnik\AppData\Local\Google\Chrome\Use r Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-05-19]
CHR Profile: C:\Users\Uporabnik\AppData\Local\Google\Chrome\Use r Data\System Profile [2022-08-28]
[HEADING=1]Opera:[/HEADING]
StartMenuInternet: (HKU\S-1-5-21-3134029656-847882931-1988809457-1001) Opera GXStable - “C:\Users\Uporabnik\AppData\Local\Programs\Opera GX\Launcher.exe”

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [919328 2022-07-01] (Adobe Inc. → Adobe Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8885112 2022-06-23] (BattlEye Innovations e.K. → )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9484248 2022-08-05] (Microsoft Corporation → Microsoft Corporation)
R2 CortexLauncherService; C:\Program Files (x86)\Razer\Razer Cortex\CortexLauncherService.exe [588208 2022-08-15] (Razer USA Ltd. → Razer Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [811496 2022-06-22] (EasyAntiCheat Oy → Epic Games, Inc)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [16029456 2022-06-22] (Epic Games Inc. → Epic Games, Inc.)
R2 FoxitReaderUpdateService; C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe [2359424 2022-01-21] (FOXIT SOFTWARE INC. → Foxit Software Inc.)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [2578792 2022-07-27] (Electronic Arts, Inc. → Electronic Arts)
R2 Origin Web Helper Service; D:\Origin\OriginWebHelperService.exe [3497840 2022-07-27] (Electronic Arts, Inc. → Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2577752 2022-08-04] (Overwolf Ltd → Overwolf LTD)
R2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [2030624 2022-05-17] (Razer USA Ltd. → Razer Inc.)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [464416 2022-05-17] (Razer USA Ltd. → Razer Inc.)
R2 Razer Chroma Stream Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzChromaStreamServer.exe [1354232 2022-06-15] (Razer USA Ltd. → Razer Inc.)
R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [254224 2021-11-16] (Razer USA Ltd. → Razer Inc)
R2 Razer Game Manager Service 3; C:\Program Files (x86)\Razer\Razer Services\GMS3\GameManagerService3.exe [361336 2022-05-31] (Razer USA Ltd. → Razer Inc)
R2 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe [300600 2022-07-25] (Razer USA Ltd. → Razer Inc.)
R2 Razer Update Service; C:\Program Files (x86)\Razer\RzUpdateEngineService\RzUpdateEngineSe rvice.exe [408912 2020-04-02] (Razer USA Ltd. → Razer)
R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [534440 2022-04-28] (Razer USA Ltd. → Razer Inc.)
R2 RzThxSrv; C:\Windows\system32\RZTHXService.exe [357104 2020-04-26] (Razer USA Ltd. → Razer)
R2 SecurityService; C:\Program Files (x86)\TotalAV\SecurityService.exe [267088 2022-06-23] (Protected Antivirus Limited → TotalAV) <==== ATTENTION
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6255896 2022-08-12] (Microsoft Windows Publisher → Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe [3120992 2022-06-23] (Microsoft Windows Publisher → Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe [133544 2022-06-23] (Microsoft Windows Publisher → Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_ dispi.inf_amd64_4d7400884d0d52e3\Display.NvContain er\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSyste m.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_ dispi.inf_amd64_4d7400884d0d52e3\Display.NvContain er\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
R2 ZoomCptService; “C:\Program Files\Common Files\Zoom\Support\CptService.exe” -user_path “C:\Users\Uporabnik\AppData\Roaming\Zoom”

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 → Apple Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [208176 2022-06-23] (Avira Operations GmbH & Co. KG → Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [197176 2022-06-23] (Avira Operations GmbH & Co. KG → Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [46704 2022-06-23] (Avira Operations GmbH & Co. KG → Avira Operations GmbH & Co. KG)
R2 BlueStacksDrv_nxt; C:\Program Files\BlueStacks_nxt\BstkDrv_nxt.sys [321784 2022-05-18] (Bluestack Systems, Inc → Bluestack System Inc.)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [48552 2021-11-01] (Microsoft Windows Hardware Compatibility Publisher → NVIDIA Corporation)
S0 ProtectedELAM; C:\Windows\System32\drivers\protected_elam.sys [17864 2022-06-23] (Microsoft Windows Early Launch Anti-malware Publisher → TODO: )
R3 RzCommon; C:\Windows\System32\drivers\RzCommon.sys [54632 2021-03-30] (Razer USA Ltd. → Razer Inc)
R3 RzDev_0067; C:\Windows\System32\drivers\RzDev_0067.sys [54152 2020-08-24] (Razer USA Ltd. → Razer Inc)
R3 RzDev_021e; C:\Windows\System32\drivers\RzDev_021e.sys [54168 2020-08-24] (Razer USA Ltd. → Razer Inc)
R2 SignalRgbDriver; C:\Windows\System32\Drivers\SignalRgbDriver.sys [25832 2022-05-03] (WHIRLWIND VIRTUAL REALITIES INC. → )
R3 sRZTHXSpatial; C:\Windows\System32\drivers\RZTHXSpatial.sys [172024 2020-04-26] (Razer USA Ltd. → Windows (R) Win 7 DDK provider)
R3 VOICEMOD_Driver; C:\Windows\system32\drivers\mvvad.sys [48144 2022-07-04] (Voicemod Sociedad Limitada → Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49576 2022-06-23] (Microsoft Windows Early Launch Anti-malware Publisher → Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [452856 2022-06-23] (Microsoft Windows → Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [91384 2022-06-23] (Microsoft Windows → Microsoft Corporation)
R1 webshieldfilter; C:\Windows\System32\drivers\webshieldfilter.sys [96264 2022-06-23] (Microsoft Windows Hardware Compatibility Publisher → Windows (R) Win 7 DDK provider) <==== ATTENTION
R2 WinRing0x64; C:\Windows\System32\Drivers\WinRing0x64.sys [14544 2022-05-03] (Noriyuki MIYAZAKI → OpenLibSys.org)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-08-28 15:37 - 2022-08-28 15:37 - 000031126 _____ C:\Users\Uporabnik\Downloads\FRST.txt
2022-08-28 15:36 - 2022-08-28 15:37 - 000000000 ____D C:\FRST
2022-08-28 15:26 - 2022-08-28 15:27 - 002371072 _____ (Farbar) C:\Users\Uporabnik\Downloads\FRST64.exe
2022-08-19 22:26 - 2022-08-19 22:26 - 000000289 _____ C:\Users\Uporabnik\Desktop\fredboat bot.txt
2022-08-19 14:42 - 2022-06-23 15:03 - 000208176 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2022-08-19 14:42 - 2022-06-23 15:03 - 000197176 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2022-08-19 14:42 - 2022-06-23 15:03 - 000046704 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2022-08-18 22:51 - 2022-07-04 13:28 - 000048144 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\mvvad.sys
2022-08-18 20:45 - 2022-08-18 20:45 - 000000000 ____D C:\Users\Uporabnik\Documents\FeedbackHub
2022-08-18 14:44 - 2022-08-18 14:44 - 000000000 ____D C:\Users\Uporabnik\Documents\TotalAV
2022-08-18 14:44 - 2022-06-23 15:03 - 000096264 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\webshieldfilter.sys
2022-08-18 14:41 - 2022-08-28 15:23 - 000001146 _____ C:\Users\Uporabnik\AppData\Roaming\Microsoft\Windo ws\Start Menu\Programs\TotalAV.lnk
2022-08-18 14:41 - 2022-08-28 15:23 - 000000000 ____D C:\Program Files (x86)\TotalAV
2022-08-18 14:41 - 2022-08-18 14:41 - 000001060 _____ C:\Users\Public\Desktop\TotalAV.lnk
2022-08-18 14:41 - 2022-08-18 14:41 - 000000000 ____D C:\Users\Uporabnik\AppData\Local\GUI
2022-08-18 14:41 - 2022-08-18 14:41 - 000000000 ____D C:\ProgramData\TotalAV
2022-08-18 14:41 - 2022-08-18 14:41 - 000000000 ____D C:\ProgramData\SecuritySuite
2022-08-18 14:41 - 2022-06-23 15:03 - 000017864 _____ (TODO: ) C:\Windows\system32\Drivers\protected_elam.sys
2022-08-18 14:40 - 2022-08-18 14:41 - 057816512 _____ C:\Users\Uporabnik\Downloads\TotalAV_Setup.exe
2022-08-17 21:02 - 2022-08-17 21:02 - 000304835 _____ C:\Users\Uporabnik\Downloads\video-1660762831.mp4
2022-08-16 22:20 - 2022-08-16 22:20 - 000000000 ____D C:\Users\Uporabnik\AppData\Local\Yandex
2022-08-15 20:58 - 2022-08-15 20:58 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2022-08-15 20:28 - 2022-08-17 13:24 - 000001157 _____ C:\Users\Public\Desktop\Razer Cortex.lnk
2022-08-12 15:03 - 2022-08-12 15:03 - 000581120 _____ (Microsoft Corporation) C:\Windows\system32\PhotoScreensaver.scr
2022-08-12 15:03 - 2022-08-12 15:03 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoScreensaver.scr
2022-08-12 15:03 - 2022-08-12 15:03 - 000288768 _____ C:\Windows\system32\Windows.Management.InprocObjec ts.dll
2022-08-12 15:03 - 2022-08-12 15:03 - 000162304 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe
2022-08-12 15:03 - 2022-08-12 15:03 - 000089088 _____ C:\Windows\system32\windows.applicationmodel.conve rsationalagent.proxystub.dll
2022-08-12 15:03 - 2022-08-12 15:03 - 000073216 _____ C:\Windows\system32\windows.applicationmodel.conve rsationalagent.internal.proxystub.dll
2022-08-12 15:03 - 2022-08-12 15:03 - 000060928 _____ C:\Windows\system32\runexehelper.exe
2022-08-12 15:03 - 2022-08-12 15:03 - 000011803 _____ C:\Windows\system32\DrtmAuthTxt.wim
2022-08-12 14:58 - 2022-08-12 14:58 - 000000000 ___HD C:$WinREAgent
2022-08-08 21:59 - 2022-08-09 22:23 - 000000040 _____ C:\Users\Uporabnik\Desktop\gmails.txt
2022-08-08 12:54 - 2022-06-24 02:17 - 000172304 _____ (Razer Inc) C:\Windows\system32\RazerS2S3CoinstallerEx.dll
2022-08-08 12:54 - 2022-06-24 02:17 - 000172288 _____ (Razer Inc) C:\Windows\system32\RazerS3CoinstallerEx.dll

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-08-28 15:33 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-08-28 15:33 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\AppReadiness
2022-08-28 15:32 - 2022-04-29 12:38 - 000000000 ____D C:\Program Files (x86)\Steam
2022-08-28 15:32 - 2022-04-26 13:19 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-08-28 15:32 - 2022-04-26 13:19 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-08-28 15:32 - 2022-04-26 13:18 - 000000000 ____D C:\Program Files (x86)\Google
2022-08-28 15:30 - 2022-04-26 13:08 - 000003588 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3134029656-847882931-1988809457-1001
2022-08-28 15:30 - 2022-04-26 13:07 - 000003386 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3134029656-847882931-1988809457-1001
2022-08-28 15:30 - 2022-04-26 13:05 - 000002401 _____ C:\Users\Uporabnik\AppData\Roaming\Microsoft\Windo ws\Start Menu\Programs\OneDrive.lnk
2022-08-28 15:27 - 2022-04-26 13:11 - 000840598 _____ C:\Windows\system32\PerfStringBackup.INI
2022-08-28 15:27 - 2022-04-26 13:05 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-08-28 15:27 - 2022-04-26 13:05 - 000002280 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-08-28 15:27 - 2019-12-07 11:13 - 000000000 ____D C:\Windows\INF
2022-08-28 15:25 - 2022-05-01 10:52 - 000000000 ____D C:\ProgramData\NVIDIA
2022-08-28 15:24 - 2022-04-26 13:19 - 000000000 ____D C:\Users\Uporabnik\AppData\Roaming\discord
2022-08-28 15:24 - 2022-04-26 13:19 - 000000000 ____D C:\Users\Uporabnik\AppData\Local\Discord
2022-08-28 15:23 - 2022-06-18 19:42 - 000003984 _____ C:\Windows\system32\Tasks\RazerCortexScheduleClean
2022-08-28 15:23 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-08-28 15:23 - 2019-12-07 11:03 - 000032768 _____ C:\Windows\system32\config\ELAM
2022-08-28 15:22 - 2022-04-26 13:10 - 000000180 _____ C:\Windows\system32{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2022-08-28 15:22 - 2022-04-26 13:10 - 000000000 __SHD C:\Users\Uporabnik\IntelGraphicsProfiles
2022-08-28 15:22 - 2022-04-26 12:50 - 000008192 ___SH C:\DumpStack.log.tmp
2022-08-28 15:22 - 2022-04-26 12:50 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2022-08-28 15:22 - 2022-04-26 12:50 - 000000000 ____D C:\Windows\system32\SleepStudy
2022-08-19 16:18 - 2022-05-02 17:57 - 000001445 _____ C:\Users\Uporabnik\Desktop\Roblox Studio.lnk
2022-08-19 16:18 - 2022-05-02 17:57 - 000000255 _____ C:\Users\Uporabnik\AppData\LocalLow\rbxcsettings.r bx
2022-08-19 16:18 - 2022-05-02 17:57 - 000000000 ____D C:\Users\Uporabnik\AppData\Roaming\Microsoft\Windo ws\Start Menu\Programs\Roblox
2022-08-19 15:26 - 2022-06-04 20:24 - 000000000 ____D C:\ProgramData\Voicemod
2022-08-19 15:09 - 2022-06-04 20:24 - 000000000 ____D C:\Users\Uporabnik\AppData\Local\Voicemod
2022-08-19 11:08 - 2022-04-30 21:38 - 000000000 ____D C:\Users\Uporabnik\AppData\Roaming.minecraft
2022-08-18 22:51 - 2022-06-04 20:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Voicemod
2022-08-18 22:51 - 2022-06-04 20:24 - 000000000 ____D C:\Program Files\Voicemod Desktop
2022-08-18 14:41 - 2019-12-07 11:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2022-08-17 21:58 - 2022-05-02 18:13 - 000001425 _____ C:\Users\Uporabnik\Desktop\Roblox Player.lnk
2022-08-17 13:24 - 2022-05-02 21:40 - 000000000 ____D C:\Users\Uporabnik\AppData\Local\CrashDumps
2022-08-17 13:24 - 2022-04-28 11:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer Cortex
2022-08-17 13:24 - 2022-04-28 11:04 - 000000000 ____D C:\Users\Uporabnik\AppData\Local\Razer
2022-08-17 08:49 - 2022-04-26 13:04 - 000003678 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskM achineUA
2022-08-17 08:49 - 2022-04-26 13:04 - 000003554 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskM achineCore
2022-08-16 22:21 - 2022-04-26 13:07 - 000000000 ___RD C:\Users\Uporabnik\OneDrive
2022-08-15 20:58 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2022-08-15 20:57 - 2022-04-26 13:11 - 000000000 ____D C:\Program Files\Microsoft Office
2022-08-15 14:19 - 2022-06-28 10:18 - 000000000 ____D C:\Program Files (x86)\Overwolf
2022-08-15 14:04 - 2022-05-25 17:14 - 000000000 ____D C:\Users\Uporabnik\AppData\Local\Ubisoft Game Launcher
2022-08-15 12:12 - 2022-04-28 11:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2022-08-15 12:11 - 2022-04-28 11:03 - 000000000 ____D C:\Program Files (x86)\Razer Chroma SDK
2022-08-14 17:39 - 2022-04-26 13:05 - 000000000 ____D C:\ProgramData\Packages
2022-08-12 15:21 - 2022-04-26 12:50 - 000295120 _____ C:\Windows\system32\FNTCACHE.DAT
2022-08-12 15:21 - 2019-12-07 11:03 - 000524288 _____ C:\Windows\system32\config\BBI
2022-08-12 15:20 - 2019-12-07 16:51 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-08-12 15:20 - 2019-12-07 16:51 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2022-08-12 15:20 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2022-08-12 15:20 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2022-08-12 15:20 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2022-08-12 15:20 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SystemResources
2022-08-12 15:20 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2022-08-12 15:20 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2022-08-12 15:20 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\oobe
2022-08-12 15:20 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\Dism
2022-08-12 15:20 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ShellExperiences
2022-08-12 15:20 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\bcastdvr
2022-08-12 15:05 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\CbsTemp
2022-08-12 15:03 - 2022-04-26 12:52 - 003011072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2022-08-12 14:58 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2022-08-12 14:57 - 2022-04-26 13:09 - 000000000 ____D C:\Windows\system32\MRT
2022-08-12 14:54 - 2022-04-26 13:09 - 144534560 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2022-08-11 12:46 - 2022-04-26 13:05 - 000000000 ____D C:\Users\Uporabnik\AppData\Local\D3DSCache
2022-08-11 10:07 - 2022-04-26 13:19 - 000002247 _____ C:\Users\Uporabnik\Desktop\Discord.lnk
2022-08-10 12:11 - 2022-06-07 18:46 - 000000000 ____D C:\ProgramData\BlueStacks_nxt
2022-08-10 10:41 - 2022-05-01 10:17 - 000000000 ____D C:\Users\Uporabnik\AppData\Local\BattlEye
2022-08-10 10:36 - 2022-06-05 12:13 - 000000000 ____D C:\Users\Uporabnik\AppData\Local\Origin
2022-08-10 10:36 - 2022-06-05 12:13 - 000000000 ____D C:\ProgramData\Origin
2022-08-08 20:33 - 2022-06-28 10:18 - 000002325 _____ C:\Users\Uporabnik\Desktop\CurseForge.lnk
2022-08-08 20:33 - 2022-06-28 10:14 - 000000000 ____D C:\Users\Uporabnik\AppData\Local\Overwolf
2022-08-08 14:45 - 2022-06-25 22:29 - 000000000 ____D C:\Users\Uporabnik\AppData\Local\ElevatedDiagnosti cs
2022-08-02 15:30 - 2022-06-07 18:56 - 000001999 _____ C:\Users\Uporabnik\Desktop\7DS.lnk
2022-07-31 19:55 - 2022-04-30 21:23 - 002754000 _____ (Microsoft Corporation) C:\Windows\system32\xgameruntime.dll
2022-07-31 19:55 - 2022-04-30 21:23 - 000234960 _____ (Microsoft Corporation) C:\Windows\system32\gamingservicesproxy.dll
2022-07-31 19:55 - 2022-04-30 21:23 - 000131072 _____ (Microsoft Corporation) C:\Windows\system32\gamingtcuihelpers.dll
2022-07-31 19:54 - 2022-04-30 21:23 - 000402904 _____ (Microsoft Corporation) C:\Windows\system32\gameplatformservices.dll
2022-07-31 19:54 - 2022-04-30 21:23 - 000198096 _____ (Microsoft Corporation) C:\Windows\system32\gameconfighelper.dll
2022-07-31 19:54 - 2022-04-30 21:23 - 000144856 _____ (Microsoft Corporation) C:\Windows\system32\gamelaunchhelper.dll
2022-07-31 19:54 - 2022-04-30 21:23 - 000067032 _____ (Microsoft Corporation) C:\Windows\system32\gamemodcontrol.exe
2022-07-29 19:18 - 2022-05-12 16:51 - 000004250 _____ C:\Windows\system32\Tasks\Opera GX scheduled Autoupdate 1652367108
2022-07-29 19:18 - 2022-05-12 16:51 - 000001512 _____ C:\Users\Uporabnik\AppData\Roaming\Microsoft\Windo ws\Start Menu\Programs\Opera GX Browser.lnk

==================== Files in the root of some directories ========

2022-07-01 22:06 - 2022-07-01 22:06 - 000000360 _____ () C:\Users\Uporabnik\AppData\Local\karboncalligraphy rc
2022-06-25 17:41 - 2022-07-16 13:13 - 000005144 _____ () C:\Users\Uporabnik\AppData\Local\krita-sysinfo.log
2022-06-25 17:41 - 2022-07-16 13:13 - 000011094 _____ () C:\Users\Uporabnik\AppData\Local\krita.log
2022-07-16 13:13 - 2022-07-16 13:13 - 000000039 _____ () C:\Users\Uporabnik\AppData\Local\kritadisplayrc
2022-06-25 17:41 - 2022-07-16 13:13 - 000021066 _____ () C:\Users\Uporabnik\AppData\Local\kritarc
2022-07-02 08:31 - 2022-07-02 08:31 - 000000000 _____ () C:\Users\Uporabnik\AppData\Local\oobelibMkey.log

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Not a problem. I will use translation software

oh okay i hope we can manage to get my acc back

These logs take a while to go over, so it may take me a couple hours, so lets run a couple scans while you wait.

Download AV block remover .
Unzip to your desktop, Right click run as admin and follow the instructions. If it does not start, rename the AVbr.exe file to, for example, AV_br.exe
Click yes to reset hosts file.
After the machine reboots then there will be a logfile in the new folder created, post that please.

---

Adware Cleaner

[ul]
[li]Download AdwCleaner and save it to your Desktop[/li][li]Right-click on AdwCleaner.exeand select[/li]
[IMG alt=“Spcusrh.png”]https://i.imgur.com/Spcusrh.png
Run as Administrator
[li]Accept the EULA (I accept), then click on Scan Now[/li][li]Let the scan complete[/li][li]Once the scan completes, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button[/li][li]Subsequently you may be asked to Run Basic Repair. This is optional. I would suggest holding off on this for now.[/li][li]Once the cleaning process is complete, AdwCleaner will ask you to restart your computer[/li][li]Close all other open windows and allow it to restart[/li][li]After the restart, Notepad will open with the AdwCleaner cleaning log[/li][li]Please Attach the contents of that log into your next reply to me[/li][/ul]

---

Download Malwarebytes v.4 . Install and run.
[ul]
[li]Once the MBAM dashboard opens, click on Settings (gear icon).[/li][li]Click on Security tab and make sure that all four Scan options are enabled.[/li][li]Close Settings and click on the Scan button on the dashboard.[/li][li]Once the scan is completed make sure you have it quarantine any detections it finds.[/li][li]If no detections were found click on the Save results drop-down, then the Export to TXT button and save the file as a Text file to your desktop.[/li][li]If there were detections then once the quarantine has completed click on the View report button, then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.[/li][li]If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and include that log on your next reply.[/li][/ul][/IMG]

adw cleaner i cannot select clean and reparl there is just quaranteen[/IMG][/QUOTE]

Go ahead with that option.

[HEADING=1]-------------------------------[/HEADING]
[HEADING=1]Malwarebytes AdwCleaner 8.3.2.0[/HEADING]
[HEADING=1]-------------------------------[/HEADING]
[HEADING=1]Build: 03-23-2022[/HEADING]
[HEADING=1]Database: 2022-08-22.1 (Cloud)[/HEADING]
[HEADING=1]Support: https://www.malwarebytes.com/support[/HEADING]
[HEADING=1]-------------------------------[/HEADING]
[HEADING=1]Mode: Clean[/HEADING]
[HEADING=1]-------------------------------[/HEADING]
[HEADING=1]Start: 08-28-2022[/HEADING]
[HEADING=1]Duration: 00:00:09[/HEADING]
[HEADING=1]OS: Windows 10 Pro[/HEADING]
[HEADING=1]Cleaned: 20[/HEADING]
[HEADING=1]Awaiting reboot:3[/HEADING]
[HEADING=1]Failed: 0[/HEADING]
***** [ Services ] *****

Deleted SecurityService
Deleted webshieldfilter

***** [ Folders ] *****

Deleted C:\ProgramData\SecuritySuite
Deleted C:\Users\Uporabnik\Documents\TotalAV
Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\TotalAV
Needs Reboot C:\Program Files (x86)\TotalAV
Needs Reboot C:\ProgramData\TotalAV

***** [ Files ] *****

Deleted C:\Users\Public\Desktop\TotalAV.lnk
Deleted C:\Users\Uporabnik\AppData\Roaming\Microsoft\Windo ws\Start Menu\Programs\TotalAV.lnk
Deleted C:\Users\Uporabnik\Downloads\TOTALAV_SETUP.EXE
Needs Reboot C:\Windows\System32\drivers\webshieldfilter.sys

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\SSProtect
Deleted HKLM\SOFTWARE\Classes*\shell\TotalAV
Deleted HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\c om.totalav.passwordvaultassistant
Deleted HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}
Deleted HKLM\SOFTWARE\Microsoft\Edge\NativeMessagingHosts\ com.totalav.passwordvaultassistant
Deleted HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.tot alav.passwordvaultassistant
Deleted HKLM\Software\Classes\totalav
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall\TotalAV
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Ap plication\SecurityService

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.

---

[+] Delete Tracing Keys
[+] Reset Winsock

---

***** Reboot Required to Complete *****

***** [ Folders ] *****

Cleaning failed C:\Program Files (x86)\TotalAV
Cleaning failed C:\ProgramData\TotalAV

---

***** [ Files ] *****

Cleaning failed C:\Windows\System32\drivers\webshieldfilter.sys

---

AdwCleaner[S00].txt - [2965 octets] - [28/08/2022 16:00:19]
thats the adwcleaner i couldnt post it faster because forum was down

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Can you please post the logs from malwarebytes and AVblock remover.

FRST Fix.

Download attached fixlist.txt file and save it to the Desktop. NOTE. It’s important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

@Mai Brumec any update?

Thread locked due to inactivity.