Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Eset hlásí adware v Opeře - není schopen jej zlikvidovat

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zpráva
Autor
Serifus
Návštěvník
Návštěvník
Příspěvky: 172
Registrován: 19 dub 2008 21:20

Eset hlásí adware v Opeře - není schopen jej zlikvidovat

#1 Příspěvek od Serifus »

Hlášky Esetu:

Čas;Skener;Typ objektu;Objekt;Detekce;Akce;Uživatel;Informace;Hash;První výskyt
16.03.2021 12:37:07;HTTP filtr;soubor;https://lapypushistyye.com/?r=dir&zonei ... e.Agent.AA aplikace;přerušeno spojení;AH\j.gb;Tato událost nastala při pokusu o přístup na web aplikací: C:\Users\j.gb\AppData\Local\Programs\Opera\74.0.3911.218\opera.exe (1F03BA3ACC3BCD1209B8E3A662C43418DCE0C966).;46228597FDCFC5152DE2BDF64DD988637002C96A;

Čas;Skener;Typ objektu;Objekt;Detekce;Akce;Uživatel;Informace;Hash;První výskyt
16.03.2021 12:26:24;HTTP filtr;soubor;https://ribunews.com/d/2103160625030825 ... e.Agent.AA aplikace;přerušeno spojení;AH\j.gb;Tato událost nastala při pokusu o přístup na web aplikací: C:\Users\j.gb\AppData\Local\Programs\Opera\74.0.3911.218\opera.exe (1F03BA3ACC3BCD1209B8E3A662C43418DCE0C966).;7642C82A55CDC571E760ECA57FCCC55671436001;



Prosím o kontrolu:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-03-2021
Ran by j.gb (administrator) on 2B2MP73 (Dell Inc. Latitude 5410) (16-03-2021 16:06:18)
Running from C:\Users\j.gb\Desktop
Loaded Profiles: j.gb
Platform: Windows 10 Pro Version 20H2 19042.804 (X64) Language: Čeština (Česko)
Default browser: Opera
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

("STMicroelectronics Srl" -> ) C:\Windows\System32\drivers\DellFFDPWmiService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Systems, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\anipart client\application.exe
(Adobe Systems, Incorporated -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Autodesk, Inc. -> Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(Autodesk, Inc. -> Autodesk Inc.) C:\Windows\Temp\AdAppMgrUpdater.exe
(Autodesk, Inc. -> Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\AcWebBrowser.exe <3>
(Autodesk, Inc. -> Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe
(Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(CANON INC. -> CANON INC.) C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE
(Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\egui.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_f75fa513cf0ccec1\esif_uf.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_0b214be229a13e84\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_c0fd909ca6e7d672\LMS.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b8e01d9e8716d2a7\igfxCUIService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b8e01d9e8716d2a7\igfxEM.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_54b736e5be5b50b2\OneApp.IGCC.WinService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_3f9eae06dd582000\IntelCpHDCPSvc.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_3f9eae06dd582000\IntelCpHeciSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_42f9d9bfb72d84cf\RstMwService.exe
(Kvaser AB -> KVASER AB, Mölndal, SWEDEN) C:\Program Files\Kvaser\Drivers\32\KvEnumSrv.exe <2>
(Magic Control Technology Corp. -> ) C:\Windows\System32\mlpatch.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Users\j.gb\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\j.gb\AppData\Local\Microsoft\Teams\current\Teams.exe <9>
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.8.8.0_x64__8wekyb3d8bbwe\Microsoft.Notes.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2101.10.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20688.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20688.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Microsoft Update Health Tools\uhssvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Opera Software AS -> Opera Software) C:\Users\j.gb\AppData\Local\Programs\Opera\74.0.3911.218\opera.exe <67>
(Opera Software AS -> Opera Software) C:\Users\j.gb\AppData\Local\Programs\Opera\74.0.3911.218\opera_crashreporter.exe
(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7240.285\DSAPI.exe
(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7240.285\SystemIdleCheck.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_bc81681eb27bc1ae\RtkAudUService64.exe <3>
(Smart Sound Technology -> Intel) C:\Windows\System32\cAVS\IAS\IntelAudioService.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo9de.inf_amd64_177ab60f8bad72cc\WavesSvc64.exe
(Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo9de.inf_amd64_177ab60f8bad72cc\WavesSysSvc64.exe
(WhatsApp, Inc -> WhatsApp) C:\Users\j.gb\AppData\Local\WhatsApp\app-2.2108.8\WhatsApp.exe <6>
(WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
(WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG) C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
(WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG) C:\Program Files\CodeMeter\Runtime\bin\CmWebAdmin.exe
(win.rar GmbH -> Alexander Roshal) C:\Program Files\WinRAR\WinRAR.exe
(Winamp SA -> Winamp SA) C:\Program Files (x86)\Winamp\winamp.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_bc81681eb27bc1ae\RtkAudUService64.exe [1223224 2021-01-07] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Windows\System32\DriverStore\FileRepository\wavesapo9de.inf_amd64_177ab60f8bad72cc\WavesSvc64.exe [1776744 2020-12-24] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [175504 2020-11-11] (ESET, spol. s r.o. -> ESET)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [MFNetworkScanUtility] => C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE [508312 2009-12-15] (CANON INC. -> CANON INC.)
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [101284632 2020-09-16] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1313408 2017-07-05] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [664872 2020-03-04] (Autodesk, Inc. -> Autodesk, Inc.)
HKLM\...\RunOnce: [msedge_cleanup_{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}] => C:\Program Files (x86)\Microsoft\Edge\Application\89.0.774.54\Installer\setup.exe [3841424 2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-229502678-4061752961-2197657978-1117\...\Run: [Opera Browser Assistant] => C:\Users\j.gb\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3366424 2020-12-16] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-229502678-4061752961-2197657978-1117\...\Run: [com.squirrel.Teams.Teams] => C:\Users\j.gb\AppData\Local\Microsoft\Teams\Update.exe [2453720 2021-02-26] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-229502678-4061752961-2197657978-1117\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [2007576 2017-02-03] (Autodesk, Inc -> Autodesk, Inc.)
HKU\S-1-5-21-229502678-4061752961-2197657978-1117\...\Policies\Explorer: []
HKU\S-1-5-21-229502678-4061752961-2197657978-1117\...\MountPoints2: {17a33837-4907-11eb-9545-dc41a949503d} - "D:\WHLoader.exe"
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [2007576 2017-02-03] (Autodesk, Inc -> Autodesk, Inc.)
HKLM\...\Windows x64\Print Processors\Canon MG7100 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDBR.DLL [30208 2013-03-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [55432 2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG7100 series: C:\Windows\system32\CNMLMBR.DLL [391168 2013-03-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJNP Port: C:\Windows\system32\CNMN6PPM.DLL [359936 2013-01-24] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\Canon MFNP Port: C:\Windows\system32\CNCENPM6.dll [153088 2016-02-10] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\CPCA Language Monitor3b: C:\Windows\system32\CNAS0MOK.DLL [967168 2009-04-28] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2021-01-08]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2020-12-22]
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Network Server.lnk [2020-12-22]
ShortcutTarget: Network Server.lnk -> C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0945C09A-D144-4B8A-ABED-8C31F86CB13F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1511320 2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {2BF0450A-4FF4-410C-A347-C952B1BBCAE8} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23079792 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {2C9830F1-181C-40C6-980D-8920576FB3CB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {6309142C-DBAE-47D5-9BCF-6AB6F3B24D18} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23079792 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
"C:\Windows\System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202}" was unlocked. <==== ATTENTION
Task: {81474A3A-5E30-45A7-87FE-566AA8EE5360} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202} => C:\Windows\system32\gpupdate.exe [30720 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
Task: {A9A20BF5-C5CB-4E1E-B3DE-E122A38ACE13} - System32\Tasks\Opera scheduled assistant Autoupdate 1608627186 => C:\Users\j.gb\AppData\Local\Programs\Opera\launcher.exe [1793688 2021-03-11] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\j.gb\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {B1539CA3-A5EC-4DAC-A9F1-E5B1018A985E} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141136 2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {BC5E9969-1F6A-47D6-8DAD-3CB3AFACCCF1} - System32\Tasks\Opera scheduled Autoupdate 1608627185 => C:\Users\j.gb\AppData\Local\Programs\Opera\launcher.exe [1793688 2021-03-11] (Opera Software AS -> Opera Software)
"C:\Windows\System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}" was unlocked. <==== ATTENTION
Task: {CE9F5343-2192-46F9-B667-266D339EC1FF} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA} => C:\Windows\system32\gpupdate.exe [30720 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
Task: {D1F125C3-4FD4-4025-AD11-8714470B9A46} - System32\Tasks\GE_CloudProxySettings_1.1_V03 => C:\Windows\Options\Packages\GE_CloudProxySettings_1.1_V03\SchTasks.EXE [133195 2017-07-24] () [File not signed]
Task: {F4C778B2-134C-420D-85B7-7DE8D070B83E} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141136 2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {FCA4DB86-5AF9-4FE7-82B3-FC0F81A710F5} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [1059336 2021-01-09] (Dell Inc -> Dell Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.20.11 8.8.8.8
Tcpip\..\Interfaces\{1bf34c8a-8607-42d7-b794-f40506edffaa}: [DhcpNameServer] 192.168.20.11 8.8.8.8
Tcpip\..\Interfaces\{79338ff9-755c-4fc2-897b-b0f4ecadaa5f}: [DhcpNameServer] 192.168.20.11 8.8.8.8
Tcpip\..\Interfaces\{ac8bc92f-de38-4010-b14d-caf54f08c7da}: [DhcpNameServer] 192.168.20.11 8.8.8.8
HKLM\System\...\Parameters\PersistentRoutes: [169.254.0.0,255.255.0.0,192.168.18.111,1]
HKLM\System\...\Parameters\PersistentRoutes: [169.254.0.0,255.255.0.0,192.168.20.114,1]

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\j.gb\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-24]

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2021-01-08] [Legacy] [not signed]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2019-07-02] (CANON INC.) [File not signed]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-09-12] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-03-06] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems Incorporated -> Adobe Systems)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]

Opera:
=======
OPR Profile: C:\Users\j.gb\AppData\Roaming\Opera Software\Opera Stable [2021-03-16]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=o ... utEncoding}
OPR Extension: (Translator) - C:\Users\j.gb\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnbpedcoekjafichoehopgaaldogogch [2021-01-11]
OPR Extension: (Rich Hints Agent) - C:\Users\j.gb\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-03-11]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1046904 2020-03-04] (Autodesk, Inc. -> Autodesk Inc.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2021-01-08] () [File not signed]
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8988552 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
R2 CmWebAdmin.exe; C:\Program Files\CodeMeter\Runtime\bin\CmWebAdmin.exe [12002208 2019-12-16] (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [287776 2020-10-25] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3750944 2020-10-25] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [507936 2020-10-25] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7240.285\DSAPI.exe [985584 2021-01-13] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [38592 2020-10-29] (Dell Inc -> )
R2 DellFFDPWmiService; C:\Windows\System32\drivers\DellFFDPWmiService.exe [32528 2020-02-17] ("STMicroelectronics Srl" -> )
S3 EHttpSrv; C:\Program Files\ESET\ESET Security\ehttpsrv.exe [49448 2020-11-11] (ESET, spol. s r.o. -> ESET)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2595360 2020-11-11] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2595360 2020-11-11] (ESET, spol. s r.o. -> ESET)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140936 2013-05-14] (Canon Inc. -> )
R2 KvEnumSrv; C:\Program Files\Kvaser\Drivers\32\kvenumsrv.exe [553640 2020-09-09] (Kvaser AB -> KVASER AB, Mölndal, SWEDEN)
R2 KvWiFiPairingSrv; C:\Program Files\Kvaser\Drivers\32\kvenumsrv.exe [553640 2020-09-09] (Kvaser AB -> KVASER AB, Mölndal, SWEDEN)
R2 MlPatch; C:\Windows\system32\MlPatch.exe [2244912 2014-08-22] (Magic Control Technology Corp. -> )
R2 RtkAudioUniversalService; C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_bc81681eb27bc1ae\RtkAudUService64.exe [1223224 2021-01-07] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5198064 2021-01-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [39432 2021-01-09] (Dell Inc -> Dell Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12723480 2021-02-17] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-18] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-18] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R3 DDDriver; C:\Windows\System32\drivers\dddriver64Dcsa.sys [42376 2020-10-25] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [160992 2020-11-11] (ESET, spol. s r.o. -> ESET)
S0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [109360 2020-11-11] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [15824 2021-03-15] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [190464 2020-11-11] (ESET, spol. s r.o. -> ESET)
R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [70560 2020-11-11] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [108808 2020-11-11] (ESET, spol. s r.o. -> ESET)
S3 f5ipfw; C:\Windows\system32\drivers\urfltv64.sys [44440 2020-09-10] (F5 Networks Inc -> F5 Networks, Inc.)
U3 Healcea; no ImagePath
S3 kcane; C:\Windows\system32\DRIVERS\kcane.sys [119352 2020-09-17] (Kvaser AB -> KVASER AB, Mölndal, SWEDEN)
R3 kcanv; C:\Windows\system32\DRIVERS\kcanv.sys [98360 2020-09-17] (Kvaser AB -> KVASER AB, Mölndal, SWEDEN)
R3 kvnetenum; C:\Windows\system32\DRIVERS\kvnetenum.sys [58424 2020-09-17] (Kvaser AB -> KVASER AB, Mölndal, SWEDEN)
R2 kvsoftsync; C:\Windows\system32\Drivers\kvsoftsync.sys [32312 2020-09-17] (Kvaser AB -> KVASER AB, Mölndal, SWEDEN)
R3 LAN9500; C:\Windows\System32\drivers\lan9500-x64-n650f.sys [109408 2017-04-27] (Microchip Technology Inc. -> Microchip Technology Inc.)
R3 MctUsbAudio; C:\Windows\System32\drivers\MctFlt.sys [38680 2017-11-09] (Magic Control Technology Corp. -> Windows (R) Win 7 DDK provider)
R3 urvpndrv; C:\Windows\System32\drivers\covpnv64.sys [57736 2020-09-10] (F5 Networks Inc -> F5 Networks, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [48536 2020-12-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [429296 2020-12-18] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-18] (Microsoft Windows -> Microsoft Corporation)
R2 WIBUKEY; C:\Windows\System32\DRIVERS\WibuKey64.sys [118200 2020-03-18] (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
R3 WiManH; C:\Windows\System32\DriverStore\FileRepository\wiman.inf_amd64_4b0336d95f188e47\WiManH\WiManH.sys [168792 2020-09-02] (Intel Wireless Driver -> )

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-03-16 16:06 - 2021-03-16 16:06 - 000026621 _____ C:\Users\j.gb\Desktop\FRST.txt
2021-03-16 16:06 - 2021-03-16 16:06 - 000000000 ____D C:\FRST
2021-03-16 16:04 - 2021-03-16 16:04 - 002300928 _____ (Farbar) C:\Users\j.gb\Desktop\FRST64.exe
2021-03-16 11:58 - 2021-03-16 11:58 - 000000000 ____D C:\Users\j.gb\AppData\Local\Brice_Lambson
2021-03-16 11:56 - 2021-03-16 11:56 - 001083664 _____ (Brice Lambson) C:\Users\j.gb\Downloads\ImageResizerSetup-3.1.1.exe
2021-03-16 11:56 - 2021-03-16 11:56 - 000000000 ____D C:\Program Files\Image Resizer for Windows
2021-03-16 11:56 - 2021-03-16 11:56 - 000000000 ____D C:\Program Files (x86)\Image Resizer for Windows
2021-03-16 11:50 - 2021-03-16 11:58 - 000000000 ____D C:\Users\j.gb\Downloads\drive-download-20210316T104853Z-001
2021-03-16 11:49 - 2021-03-16 11:49 - 028919689 _____ C:\Users\j.gb\Downloads\drive-download-20210316T104853Z-001.zip
2021-03-15 10:22 - 2021-03-15 10:22 - 000000004 ____H C:\ProgramData\cm-lock
2021-03-15 10:21 - 2021-03-15 11:20 - 000307116 _____ C:\Users\j.gb\Desktop\29145583_Installation Protocol BC T200.pdf
2021-03-12 22:08 - 2021-03-12 22:10 - 000000000 ____D C:\Users\j.gb\Desktop\Fighting With My Family (2019) [WEBRip] [1080p] [YTS.AM]
2021-03-03 16:50 - 2021-03-03 16:50 - 000241456 _____ C:\Users\j.gb\Downloads\Dap2020Jenda.XLSX
2021-03-03 11:39 - 2021-03-03 11:39 - 000000000 ____D C:\Users\j.gb\AppData\Roaming\Media Player Classic
2021-03-03 11:38 - 2021-03-03 11:38 - 001969179 _____ C:\Users\j.gb\Downloads\mpc_6490+_2kXP_cze.zip
2021-02-24 15:57 - 2021-02-24 15:57 - 000000000 ____D C:\Users\j.gb\AppData\Local\GHISLER
2021-02-24 15:56 - 2021-02-24 15:57 - 000000000 ____D C:\totalcmd
2021-02-24 15:56 - 2021-02-24 15:56 - 008095960 _____ (Ghisler Software GmbH) C:\Users\j.gb\Downloads\tcmd951x32_64.exe
2021-02-24 15:56 - 2021-02-24 15:56 - 000000000 ____D C:\Users\j.gb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander
2021-02-24 15:56 - 2021-02-24 15:56 - 000000000 ____D C:\Users\j.gb\AppData\Roaming\GHISLER
2021-02-24 11:43 - 2021-02-24 11:44 - 000000000 ____D C:\SERVICEmgr32
2021-02-24 11:39 - 2021-03-15 10:23 - 000000000 ____D C:\ProgramData\boost_interprocess
2021-02-24 11:21 - 2021-02-24 11:21 - 013746920 _____ (Kvaser AB, Mölndal, Sweden) C:\Users\j.gb\Downloads\kvaser_drivers_setup.exe
2021-02-24 11:21 - 2021-02-24 11:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kvaser CAN Drivers
2021-02-24 11:21 - 2021-02-24 11:21 - 000000000 ____D C:\Program Files\Kvaser
2021-02-24 11:21 - 2020-09-17 08:28 - 000156216 _____ (KVASER AB, Mölndal, SWEDEN) C:\Windows\system32\Drivers\kcany.sys
2021-02-24 11:21 - 2020-09-17 08:28 - 000145976 _____ (KVASER AB, Mölndal, SWEDEN) C:\Windows\system32\Drivers\kcanyr.sys
2021-02-24 11:21 - 2020-09-17 08:28 - 000133176 _____ (KVASER AB, Mölndal, SWEDEN) C:\Windows\system32\Drivers\kcanl.sys
2021-02-24 11:21 - 2020-09-17 08:28 - 000126008 _____ (KVASER AB, Mölndal, SWEDEN) C:\Windows\system32\Drivers\kcanlr.sys
2021-02-24 11:21 - 2020-09-17 08:28 - 000119352 _____ (KVASER AB, Mölndal, SWEDEN) C:\Windows\system32\Drivers\kcanx.sys
2021-02-24 11:21 - 2020-09-17 08:28 - 000117816 _____ (KVASER AB, Mölndal, SWEDEN) C:\Windows\system32\Drivers\kcanf.sys
2021-02-24 11:21 - 2020-09-17 08:28 - 000112696 _____ (KVASER AB, Mölndal, SWEDEN) C:\Windows\system32\Drivers\kcanh.sys
2021-02-24 11:21 - 2020-09-17 08:28 - 000111160 _____ (KVASER AB, Mölndal, SWEDEN) C:\Windows\system32\Drivers\kcans.sys
2021-02-24 11:21 - 2020-09-17 08:28 - 000098360 _____ (KVASER AB, Mölndal, SWEDEN) C:\Windows\system32\Drivers\kcanv.sys
2021-02-24 11:21 - 2020-09-17 08:28 - 000058424 _____ (KVASER AB, Mölndal, SWEDEN) C:\Windows\system32\Drivers\kvnetenum.sys
2021-02-24 11:21 - 2020-09-17 08:28 - 000032312 _____ (KVASER AB, Mölndal, SWEDEN) C:\Windows\system32\Drivers\kvsoftsync.sys
2021-02-24 11:21 - 2020-09-09 23:09 - 000670888 _____ (KVASER AB, Mölndal, SWEDEN) C:\Windows\SysWOW64\kvalapw2.dll
2021-02-24 11:21 - 2020-09-09 23:09 - 000564904 _____ (KVASER AB, Mölndal, SWEDEN) C:\Windows\system32\kcanconf.exe
2021-02-24 11:21 - 2020-09-09 23:09 - 000538280 _____ (KVASER AB, Mölndal, SWEDEN) C:\Windows\SysWOW64\kvaser_vcndrvms.dll
2021-02-24 11:21 - 2020-09-09 23:09 - 000509608 _____ (KVASER AB, Mölndal, SWEDEN) C:\Windows\SysWOW64\canlib32.dll
2021-02-24 11:21 - 2020-09-09 23:09 - 000442024 _____ (KVASER AB, Mölndal, SWEDEN) C:\Windows\SysWOW64\kcanconf.exe
2021-02-24 11:18 - 2021-02-24 11:43 - 000262144 ____N (Microsoft Corporation) C:\Windows\Setup1.exe
2021-02-24 11:18 - 2021-02-24 11:43 - 000073216 _____ (Microsoft Corporation) C:\Windows\ST6UNST.EXE
2021-02-24 11:18 - 2021-02-24 11:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SERVICEmgr32
2021-02-24 11:18 - 2015-03-18 20:31 - 002896977 ____N C:\Windows\SERVIC~1.CAB
2021-02-23 12:48 - 2021-02-23 12:48 - 000665428 _____ C:\Users\j.gb\Downloads\potvrzeni (1).pdf
2021-02-23 11:51 - 2021-02-23 11:51 - 004526932 _____ C:\Users\j.gb\Downloads\SITUACE.pdf
2021-02-22 15:49 - 2021-02-22 15:49 - 000000000 ____D C:\Users\j.gb\Downloads\The-Prodigy---Diskografie-+Singly-(1991-2009)-(MP3-320kbps).Mp3_HQ-by-PiPeTamer
2021-02-22 11:14 - 2021-02-22 13:20 - 2277271356 _____ C:\Users\j.gb\Downloads\The-Prodigy---Diskografie-+Singly-(1991-2009)-(MP3-320kbps).Mp3_HQ-by-PiPeTamer.rar
2021-02-22 10:46 - 2021-02-22 10:46 - 001462176 _____ C:\Users\j.gb\Desktop\1_podlaží.psd
2021-02-22 10:45 - 2021-02-22 10:45 - 001695762 _____ C:\Users\j.gb\Desktop\1_podlaží.pdf
2021-02-16 12:09 - 2021-02-16 12:45 - 104941649 _____ C:\Users\j.gb\Downloads\PoR - PL.rar
2021-02-16 12:03 - 2021-02-16 12:23 - 354036255 _____ C:\Users\j.gb\Downloads\Mo-Do - Was Ist Das (1995)FLAC.rar
2021-02-16 12:00 - 2021-02-16 12:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoCAD 2018 – Čeština (Czech)
2021-02-16 11:59 - 2021-02-16 11:59 - 111747832 _____ (Autodesk, Inc.) C:\Users\j.gb\Downloads\AutoCAD_2018_Czech_LP_Win_64bit_dlm.sfx.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-03-16 16:04 - 2020-12-21 23:59 - 000000000 ____D C:\ProgramData\Adobe
2021-03-16 16:04 - 2020-12-21 23:26 - 000000000 ____D C:\Users\j.gb\AppData\Roaming\Adobe
2021-03-16 16:02 - 2021-01-04 10:00 - 000000000 ____D C:\Users\j.gb\AppData\Roaming\WhatsApp
2021-03-16 16:02 - 2020-12-21 23:17 - 000000136 _____ C:\Windows\system32\config\netlogon.ftl
2021-03-16 15:58 - 2020-11-18 23:46 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-03-16 15:58 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-03-16 11:56 - 2020-12-18 21:57 - 000000000 ____D C:\ProgramData\Package Cache
2021-03-16 11:50 - 2020-12-28 11:00 - 000000000 ____D C:\Program Files (x86)\anipart client
2021-03-16 11:50 - 2020-12-28 10:48 - 000000000 ____D C:\Users\j.gb\Documents\aniPart support
2021-03-16 08:58 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp
2021-03-16 08:50 - 2020-12-18 21:33 - 000000000 ____D C:\Windows\system32\MRT
2021-03-16 08:46 - 2020-12-18 21:33 - 131005360 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-03-15 20:40 - 2020-11-19 00:48 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-03-15 20:40 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-03-15 20:40 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2021-03-15 11:02 - 2021-01-04 10:00 - 000000000 ____D C:\Users\j.gb\AppData\Local\WhatsApp
2021-03-15 10:46 - 2020-11-08 12:08 - 000015824 _____ (ESET) C:\Windows\system32\Drivers\eelam.sys
2021-03-15 10:46 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2021-03-15 10:34 - 2021-02-12 13:27 - 000000000 ____D C:\ProgramData\Autodesk
2021-03-15 10:23 - 2020-12-21 23:30 - 000000000 ____D C:\Program Files\Microsoft Office
2021-03-15 10:23 - 2020-12-21 23:26 - 000000000 __SHD C:\Users\j.gb\IntelGraphicsProfiles
2021-03-15 10:23 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-03-15 10:22 - 2020-12-18 22:04 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-03-15 10:22 - 2020-12-18 21:39 - 000000000 ____D C:\Intel
2021-03-15 10:22 - 2020-12-18 21:26 - 000008192 ___SH C:\DumpStack.log.tmp
2021-03-15 10:22 - 2020-11-19 00:46 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-03-15 10:22 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ServiceState
2021-03-15 10:22 - 2019-12-07 10:03 - 000786432 _____ C:\Windows\system32\config\BBI
2021-03-15 10:06 - 2021-01-08 13:48 - 000000000 ____D C:\ProgramData\CanonIJPLM
2021-03-15 10:05 - 2020-12-22 00:00 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-03-15 10:04 - 2020-12-22 09:53 - 000004182 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1608627185
2021-03-15 10:04 - 2020-12-22 09:53 - 000001515 _____ C:\Users\j.gb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prohlížeč Opera.lnk
2021-03-08 22:02 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\LiveKernelReports
2021-03-08 17:29 - 2020-12-28 10:34 - 000000000 ____D C:\Users\j.gb\Documents\Pharmatech
2021-03-04 12:35 - 2020-11-19 00:48 - 000003584 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-03-04 12:35 - 2020-11-19 00:48 - 000003460 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-03-04 10:00 - 2020-12-21 23:26 - 000003368 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-229502678-4061752961-2197657978-1117
2021-03-04 10:00 - 2020-12-21 23:26 - 000002407 _____ C:\Users\j.gb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-03-04 10:00 - 2020-12-21 23:26 - 000000000 ___RD C:\Users\j.gb\OneDrive
2021-03-03 15:13 - 2020-12-28 10:32 - 000000000 ____D C:\Users\j.gb\Documents\Protokoly
2021-03-01 12:34 - 2020-12-21 23:26 - 000000000 ____D C:\Users\j.gb\AppData\Local\Packages
2021-03-01 11:51 - 2021-01-08 12:20 - 000000000 ____D C:\Users\j.gb\Desktop\Proformy
2021-02-26 03:29 - 2020-12-22 16:01 - 000002416 _____ C:\Users\j.gb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2021-02-24 16:05 - 2020-12-28 10:33 - 000000000 ____D C:\Users\j.gb\Documents\Projít
2021-02-24 12:02 - 2021-02-02 18:31 - 000000000 ____D C:\Users\j.gb\AppData\Local\Google
2021-02-24 12:02 - 2021-02-02 18:31 - 000000000 ____D C:\Program Files (x86)\Google
2021-02-24 11:43 - 2014-10-30 21:03 - 000001291 _____ C:\Windows\SERVICEmgr32.ini
2021-02-24 11:43 - 2006-01-19 13:22 - 000000526 _____ C:\Windows\Eptcan32.ini
2021-02-24 11:43 - 2003-11-04 15:56 - 000000259 _____ C:\Windows\xptcan32.ini
2021-02-24 11:39 - 2021-02-12 13:30 - 000000000 ____D C:\Users\j.gb\AppData\Local\Autodesk
2021-02-24 11:39 - 2021-02-12 13:23 - 000536984 _____ C:\Windows\system32\FNTCACHE.DAT
2021-02-24 11:37 - 2020-12-22 16:06 - 000000000 ____D C:\Users\j.gb\GRAPHISOFT
2021-02-24 11:37 - 2020-12-22 16:06 - 000000000 ____D C:\Users\j.gb\AppData\Roaming\GRAPHISOFT
2021-02-24 11:37 - 2020-12-22 16:06 - 000000000 ____D C:\Users\j.gb\AppData\Local\GRAPHISOFT
2021-02-24 11:18 - 2020-12-28 10:43 - 000000000 ____D C:\SERVICEmgr323
2021-02-23 13:34 - 2020-12-28 10:27 - 000000000 ____D C:\Users\j.gb\Documents\Dům
2021-02-22 11:33 - 2021-01-08 12:40 - 000000000 ____D C:\Users\j.gb\AppData\Local\CrashDumps
2021-02-17 14:29 - 2020-12-21 23:26 - 000000000 ____D C:\Users\j.gb
2021-02-16 12:00 - 2021-02-12 13:29 - 000000000 ____D C:\Program Files\Common Files\Autodesk Shared
2021-02-16 12:00 - 2021-02-12 13:29 - 000000000 ____D C:\Program Files\Autodesk
2021-02-16 12:00 - 2021-02-12 13:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2021-02-16 11:59 - 2021-02-12 12:37 - 000000000 ____D C:\Autodesk
2021-02-15 13:14 - 2020-12-28 10:32 - 000000000 ____D C:\Users\j.gb\Documents\Výkazy f
2021-02-15 13:14 - 2020-12-28 10:26 - 000000000 ____D C:\Users\j.gb\Documents\AutoDELFIA

==================== Files in the root of some directories ========

2021-01-08 10:08 - 2021-01-08 10:08 - 000003584 _____ () C:\Users\j.gb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2021-01-08 12:29 - 2021-01-08 12:29 - 000000017 _____ () C:\Users\j.gb\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Serifus
Návštěvník
Návštěvník
Příspěvky: 172
Registrován: 19 dub 2008 21:20

Re: Eset hlásí adware v Opeře - není schopen jej zlikvidovat

#2 Příspěvek od Serifus »

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-03-2021
Ran by j.gb (16-03-2021 16:07:12)
Running from C:\Users\j.gb\Desktop
Windows 10 Pro Version 20H2 19042.804 (X64) (2020-12-18 20:27:58)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Admin (S-1-5-21-3689790936-738298057-1859486358-1001 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-3689790936-738298057-1859486358-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3689790936-738298057-1859486358-503 - Limited - Disabled)
Guest (S-1-5-21-3689790936-738298057-1859486358-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3689790936-738298057-1859486358-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Security (Enabled - Up to date) {89B55CC4-3881-78B2-11E2-479AE0371896}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

A360 Desktop (HKLM\...\{B65CD59E-A771-4354-AA4B-C3E01B496BCD}) (Version: 8.2.3.1800 - Autodesk)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.001.20145 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.09 - Adobe Systems)
Adobe Photoshop CS (HKLM-x32\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.)
ARCHICAD 23 Goodies Suite R1 CZE (HKLM\...\Goodies 23.0 CZE FULL R1 1) (Version: 23.0.0.3003 - GRAPHISOFT SE)
ARCHICAD 23 R1 CZE (HKLM\...\ARCHICAD 23.0 CZE FULL R1 1) (Version: 23.0.0.3003 - GRAPHISOFT SE)
ARCHICAD 24 R1 CZE (HKLM\...\ARCHICAD 24.0 CZE FULL R1 1) (Version: 24.0.0.3022 - GRAPHISOFT SE)
AutoCAD 2018 – Čeština (Czech) (HKLM\...\{28B89EEF-1001-0405-2102-CF3F3A09B77D}) (Version: 22.0.49.0 - Autodesk) Hidden
AutoCAD 2018 - English (HKLM\...\{28B89EEF-1001-0409-2102-CF3F3A09B77D}) (Version: 22.0.49.0 - Autodesk) Hidden
Autodesk Advanced Material Library Image Library 2018 (HKLM-x32\...\{177AD7F6-9C77-4E50-BA53-B7259C5F282D}) (Version: 16.11.1.0 - Autodesk)
Autodesk App Manager 2016-2018 (HKLM-x32\...\{20EC0CA2-346E-4660-9903-51B278DF15F6}) (Version: 2.4.0 - Autodesk)
Autodesk AutoCAD 2018 - English (HKLM\...\AutoCAD 2018 - English) (Version: 22.0.49.0 - Autodesk)
Autodesk AutoCAD 2018 Language Pack – Čeština (Czech) (HKLM\...\AutoCAD 2018 – Čeština (Czech)) (Version: 22.0.49.0 - Autodesk)
Autodesk AutoCAD 2018.0.2 (HKLM-x32\...\{b501e2dd-1001-0000-0102-2d66c6a9c722}) (Version: 22.0.72.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.8 (HKLM-x32\...\{214D3370-746E-4886-8EAA-5769EB87D044}) (Version: 1.2.8.0 - Autodesk)
Autodesk Material Library 2018 (HKLM-x32\...\{7847611E-92E9-4917-B395-71C91D523104}) (Version: 16.11.1.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2018 (HKLM-x32\...\{FCDED119-A969-4E48-8A32-D21AD6B03253}) (Version: 16.11.1.0 - Autodesk)
Autodesk ReCap (HKLM\...\Autodesk ReCap 360) (Version: 4.0.0.28 - Autodesk)
BIG-IP Edge Client Components (All Users) (HKLM-x32\...\F5 Networks Client Components) (Version: 72.2020.0910.1202 - F5 Networks, Inc.)
BIMTech Tools for ArchiCAD 2.0.0 verze 2.0.0 (HKLM-x32\...\{1D261017-1A97-44BF-852E-049E5D08BF13}_is1) (Version: 2.0.0 - BIM Technology s.r.o.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.1.0 - Canon Inc.)
Canon MF Toolbox 4.9.1.1.mf18 (HKLM-x32\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf18 - CANON INC.)
Canon MF8000 Series (HKLM\...\{5BE226B3-1722-4fd0-9E39-997712B68F67}) (Version: - )
Canon MG7100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG7100_series) (Version: 1.01 - Canon Inc.)
Canon MG7100 series On-screen Manual (HKLM-x32\...\Canon MG7100 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.6.4 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.6.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.8.5 - Canon Inc.)
CodeMeter Runtime Kit v7.00 (HKLM\...\{9054FBAC-C4FD-4FC2-B3F2-E4E41E49A20B}) (Version: 7.00.3918.500 - WIBU-SYSTEMS AG)
DEKSOFT BIM Plug-in (HKU\S-1-5-21-229502678-4061752961-2197657978-1117\...\DEKSOFT BIM Plug-in) (Version: 01.00.01.76 - DEKSOFT)
Dell SupportAssist (HKLM\...\{C5A70974-2F89-4BE0-90F7-749E62468C4D}) (Version: 3.8.1.23 - Dell Inc.)
Dynamic Application Loader Host Interface Service (HKLM\...\{ECFC785A-9107-4259-9288-0ABC86C0F6AB}) (Version: 1.0.0.0 - Intel Corporation) Hidden
ESET Endpoint Antivirus (HKLM\...\{CAC9C8AF-7485-48E0-AF87-FDC929B57E76}) (Version: 8.0.2028.0 - ESET, spol. s r.o.)
Excel (HKU\S-1-5-21-3689790936-738298057-1859486358-1001\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel)
FARO LS 1.1.600.6 (64bit) (HKLM-x32\...\{510A08AF-1649-4844-94E5-EAC43A023685}) (Version: 6.0.6.5 - FARO Scanner Production)
GRAPHISOFT BIMx Desktop Viewer (HKLM\...\BIMx Viewer 23.0 GEN FULL R1 1) (Version: 2019.2.2328.0 - GRAPHISOFT SE)
GRAPHISOFT License Manager Tool (HKLM\...\License Manager Tool 20.0 INT FULL R1 1) (Version: 20.0.0.4800 - GRAPHISOFT SE)
Image Resizer for Windows (64 bit) (HKLM\...\{2A1F3759-5792-469B-B895-7E29680F02F1}) (Version: 3.1.1.0 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{92916BDF-74CB-479C-B69E-32EACB074FFE}) (Version: 3.1.1.0 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{c624f5da-779e-4ccb-9ce1-34bc5ef0a6b9}) (Version: 3.1.1.0 - Brice Lambson)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{3DAC4F8C-80E6-4204-8A58-747FA4CBAA03}) (Version: 16.0.246 - Intel Corporation)
Intel(R) Dynamic Tuning (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.7.10400.15556 - Intel Corporation)
Intel(R) Dynamic Tuning Technology (HKLM-x32\...\{7a82309b-956d-4788-8207-25897660c3d6}) (Version: 8.7.10400.15556 - Intel) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2036.15.0.1835 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.2020.7 - Intel Corporation)
j5 USB Functional Docking Station 20.01.0620.3185 (HKLM-x32\...\{81C5AD1D-C7C6-48AC-AC85-8F04293B1780}) (Version: 20.01.0620.3185 - j5create)
Kvaser CAN Drivers WHCP (HKLM\...\Kvaser CAN Drivers) (Version: 5.34 - Kvaser AB)
Microsoft 365 Apps pro firmy - cs-cz (HKLM\...\O365BusinessRetail - cs-cz) (Version: 16.0.13801.20294 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.54 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-229502678-4061752961-2197657978-1117\...\OneDriveSetup.exe) (Version: 21.030.0211.0002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3689790936-738298057-1859486358-1001\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-229502678-4061752961-2197657978-1117\...\Teams) (Version: 1.4.00.4167 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13801.20274 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13801.20294 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.13801.20274 - Microsoft Corporation) Hidden
OpenRA (HKLM\...\OpenRA) (Version: release-20200503 - OpenRA developers)
Opera Stable 74.0.3911.218 (HKU\S-1-5-21-229502678-4061752961-2197657978-1117\...\Opera 74.0.3911.218) (Version: 74.0.3911.218 - Opera Software)
OptaneDowngradeGuard (HKLM\...\{86B0E6C1-32E0-42CC-BC4F-BF3C0730CECB}) (Version: 18.0.0.0 - Intel Corporation) Hidden
Outlook (HKU\S-1-5-21-3689790936-738298057-1859486358-1001\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook)
Počítačová aplikace Autodesk (HKLM-x32\...\Autodesk Desktop App) (Version: 8.0.0.46 - Autodesk)
PowerPoint (HKU\S-1-5-21-3689790936-738298057-1859486358-1001\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9098.1 - Realtek Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.18363.21333 - Realtek Semiconductor Corp.)
Registrace uživatele zařízení Canon MG7100 series (HKLM-x32\...\Registrace uživatele zařízení Canon MG7100 series) (Version: - ‭Canon Inc.)
RstDowngradeGuard (HKLM\...\{13C2A26E-7AD4-4D82-BB4F-DEA6E871B958}) (Version: 18.0.0.0 - Intel Corporation) Hidden
SERVICEmgr32 v2.46.1 (C:\SERVICEmgr32\) (HKLM-x32\...\ST6UNST #2) (Version: - )
SERVICEmgr32 v2.46.1 (HKLM-x32\...\ST6UNST #1) (Version: - )
Speciální aplikace Autodesk 2016-2018 (HKLM-x32\...\{384C4B74-B749-4AB6-9367-4D51A6AA9CB8}) (Version: 2.4.0 - Autodesk)
ST Microelectronics 3 Axis Digital Accelerometer Solution verze 4.10.0103 (HKLM\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}_is1) (Version: 4.10.0103 - ST Microelectronics)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.3.0.26064 - Microsoft Corporation)
TeamViewer Host (HKLM-x32\...\TeamViewer) (Version: 15.15.5 - TeamViewer)
Total Commander 64+32-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.51 - Ghisler Software GmbH)
WhatsApp (HKU\S-1-5-21-229502678-4061752961-2197657978-1117\...\WhatsApp) (Version: 2.2108.8 - WhatsApp)
WibuKey Setup (WibuKey Remove) (HKLM\...\{00060000-0000-1004-8002-0000C06B5161}) (Version: Version 6.40 of 2016-Dec-22 (Build 2402) (Setup) - WIBU-SYSTEMS AG)
Winamp (HKLM-x32\...\Winamp) (Version: 5.8 - Winamp SA)
WinRAR 6.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH)
Word (HKU\S-1-5-21-3689790936-738298057-1859486358-1001\...\1b837d0bf93d01407352736c91b7bf50) (Version: 1.0 - Word)

Packages:
=========
Dell Free Fall Data Protection -> C:\Program Files\WindowsApps\STMicroelectronicsMEMS.DellFreeFallDataProtection_1.0.26.0_x64__rp6h1c31mfy1y [2021-01-04] (STMICROELECTRONICS S.R.L.)
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.8.10.0_x64__htrsf667h5kn2 [2021-01-13] (Dell Inc)
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1015.0_x64__8j3eq9eme6ctt [2021-03-15] (INTEL CORP)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-01-30] (Microsoft Studios) [MS Ad]
Ovládací centrum grafiky Intel® -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3282.0_x64__8j3eq9eme6ctt [2021-01-04] (INTEL CORP) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-229502678-4061752961-2197657978-1117_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\j.gb\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20289.5\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-229502678-4061752961-2197657978-1117_Classes\CLSID\{9AAF0EB6-42D8-46C1-A2EF-679511B37A0D}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2018\acad.exe (Autodesk, Inc -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-229502678-4061752961-2197657978-1117_Classes\CLSID\{B6EB585B-B467-4E46-A9C7-48D7D6FD26CB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2018\acad.exe (Autodesk, Inc -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-229502678-4061752961-2197657978-1117_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\j.gb\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-229502678-4061752961-2197657978-1117_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2018\en-US\acadficn.dll (Autodesk, Inc -> Autodesk, Inc.)
ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Windows\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_a41f71ab3b5175b6\OptaneShellExt.dll [2020-06-18] (Intel(R) Rapid Storage Technology -> )
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2017-02-03] (Autodesk, Inc -> Autodesk, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2017-02-03] (Autodesk, Inc -> Autodesk)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-11-11] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [Image Resizer] -> {51B4D7E5-7568-4234-B4BB-47FB3C016A69} => C:\Program Files\Image Resizer for Windows\ShellExtensions.dll [2018-05-26] (Open Source Developer, Brice Lambson -> Brice Lambson)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-11-11] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Windows\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_a41f71ab3b5175b6\OptaneShellExt.dll [2020-06-18] (Intel(R) Rapid Storage Technology -> )
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-11-11] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2012-09-23 20:44 - 2012-09-23 20:44 - 000010240 _____ () [File not signed] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\cs_cz\acrotray.cze
2018-10-18 23:13 - 2018-10-18 23:13 - 000939008 _____ () [File not signed] C:\Program Files (x86)\Winamp\Plugins\in_mod.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000012800 _____ () [File not signed] C:\Program Files (x86)\Winamp\Plugins\out_wasapi.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000268288 _____ () [File not signed] C:\Program Files (x86)\Winamp\Shared\libFLAC.dll
2012-09-23 20:44 - 2012-09-23 20:44 - 000010240 _____ (Adobe Systems Inc.) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\cs_cz\Acrobat Elements\ContextMenuShim64.cze
2020-12-28 11:01 - 2014-11-20 16:09 - 000200704 _____ (Adobe Systems, Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\AudioMixer.x32
2020-12-28 11:01 - 2015-03-25 13:53 - 000098304 _____ (Adobe Systems, Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\BitmapFilters.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 000009216 _____ (Adobe Systems, Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\BMP Agent.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 001802240 _____ (Adobe Systems, Inc.) [File not signed] C:\Program Files (x86)\anipart client\Xtras\DIRAPI.dll
2020-12-28 11:01 - 2014-05-28 12:22 - 000030720 _____ (Adobe Systems, Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\FileIo.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 004355072 _____ (Adobe Systems, Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\Flash Asset.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 000069632 _____ (Adobe Systems, Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\Font Asset.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 000282624 _____ (Adobe Systems, Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\Font Xtra.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 001011712 _____ (Adobe Systems, Inc.) [File not signed] C:\Program Files (x86)\anipart client\Xtras\IML32.dll
2020-12-28 11:01 - 2014-05-28 12:22 - 000032256 _____ (Adobe Systems, Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\INetURL.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 000009216 _____ (Adobe Systems, Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\JPEG Agent.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 000081920 _____ (Adobe Systems, Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\Mix Services.x32
2020-12-28 11:01 - 2014-11-20 16:09 - 001462272 _____ (Adobe Systems, Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\MP4Asset.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 000262144 _____ (Adobe Systems, Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\Mui Dialog.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 000147456 _____ (Adobe Systems, Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\NetFile.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 000039936 _____ (Adobe Systems, Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\NetLingo.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 000446464 _____ (Adobe Systems, Inc.) [File not signed] C:\Program Files (x86)\anipart client\Xtras\proj.dll
2020-12-28 11:01 - 2014-05-28 12:22 - 000009216 _____ (Adobe Systems, Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\Script Agent.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 001691648 _____ (Adobe Systems, Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\Shockwave 3D Asset.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 000053248 _____ (Adobe Systems, Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\Sound Control.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 000073728 _____ (Adobe Systems, Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\SWADCmpr.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 000045568 _____ (Adobe Systems, Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\SWAStrm.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 000094208 _____ (Adobe Systems, Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\Text Asset.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 000802816 _____ (Adobe Systems, Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\TextXtra.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 000081920 _____ (Adobe Systems, Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\Windows Media Asset.x32
2021-01-08 14:22 - 2013-02-19 16:37 - 000008192 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNSS_CSY.DLL
2021-01-08 14:22 - 2013-02-19 16:36 - 000307200 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNSS_IMG.dll
2021-01-08 13:22 - 2009-12-14 13:49 - 000004608 _____ (CANON INC.) [File not signed] C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUR6.DLL
2021-01-08 13:25 - 2016-02-10 13:33 - 000153088 _____ (CANON INC.) [File not signed] C:\Windows\System32\CNCENPM6.dll
2021-01-08 13:25 - 2016-05-18 06:41 - 000155648 _____ (CANON INC.) [File not signed] C:\Windows\system32\CNCLSD36a.dll
2021-01-08 14:00 - 2013-01-24 16:24 - 000359936 _____ (CANON INC.) [File not signed] C:\Windows\System32\CNMN6PPM.DLL
2020-12-28 11:01 - 2014-05-28 12:22 - 000233472 _____ (DirectXtras, Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\DirectOS.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 000679936 _____ (Electronic Ink) [File not signed] C:\Program Files (x86)\anipart client\xtras\PrintOMatic Lite MX.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 000233472 _____ (Eugene Shoustrov) [File not signed] C:\Program Files (x86)\anipart client\xtras\VbScriptXtra.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 000906240 _____ (FreeImage) [File not signed] C:\Program Files (x86)\anipart client\xtras\FreeImage.dll
2021-01-01 15:50 - 2019-08-29 17:44 - 000076288 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 23\AlgMath.dll
2021-01-01 15:50 - 2019-08-29 17:49 - 001757184 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 23\GDL.dll
2021-01-01 15:50 - 2019-08-29 17:45 - 002967040 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 23\Geometry.dll
2021-01-01 15:50 - 2019-08-29 17:46 - 000916992 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 23\Graphix.dll
2021-01-01 15:50 - 2019-08-29 17:47 - 000039936 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 23\GSProfiler.dll
2021-01-01 15:50 - 2019-08-29 17:44 - 001792512 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 23\GSRoot.dll
2021-01-01 15:51 - 2019-08-29 19:11 - 003456512 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 23\GSShellX64.dll
2021-01-01 15:50 - 2019-08-29 19:13 - 000026112 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 23\GSTestEnvironment.dll
2021-01-01 15:50 - 2019-08-29 17:45 - 000612864 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 23\GSUtils.dll
2021-01-01 15:50 - 2019-08-29 17:44 - 002523648 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 23\GSXML.dll
2021-01-01 15:50 - 2019-08-29 17:45 - 000293376 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 23\GSXMLUtils.dll
2021-01-01 15:50 - 2019-08-29 17:44 - 000076288 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 23\GSZLib.dll
2021-01-01 15:50 - 2019-08-29 17:46 - 000061952 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 23\GX.dll
2021-01-01 15:50 - 2019-08-29 17:46 - 000060416 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 23\GXImageBase.dll
2021-01-01 15:50 - 2019-08-29 17:44 - 000693248 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 23\InputOutput.dll
2021-01-01 15:50 - 2019-08-29 17:48 - 000609792 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 23\JACK.dll
2021-01-01 15:50 - 2019-08-29 17:46 - 000135168 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 23\JSON.dll
2021-01-01 15:50 - 2019-08-29 17:47 - 000038400 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 23\JSONConversion.dll
2021-01-01 15:50 - 2019-08-29 17:45 - 000076800 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 23\Measure.dll
2021-01-01 15:50 - 2019-08-29 17:44 - 000154624 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 23\Network.dll
2021-01-01 15:50 - 2019-08-29 17:45 - 003585024 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 23\ObjectDatabase.dll
2021-01-01 15:50 - 2019-08-29 17:48 - 000108032 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 23\ProjectFile.dll
2021-01-01 15:50 - 2019-08-29 18:11 - 000323072 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 23\ProjectInfo.dll
2021-01-01 15:50 - 2019-08-29 18:10 - 000494592 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 23\ProjectIO.dll
2021-01-01 15:50 - 2019-08-29 17:45 - 000468480 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 23\TextEngine.dll
2021-01-01 15:50 - 2019-08-29 17:48 - 000247808 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 23\TWRoot.dll
2021-01-01 15:51 - 2019-08-29 17:49 - 000562176 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 23\VBUtils.dll
2020-12-28 11:01 - 2014-05-28 12:22 - 000126976 _____ (Integration New Media Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\SecureNet Xtra.x32
2020-12-28 11:01 - 2014-05-28 13:00 - 000032768 _____ (Macromedia, Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\DirectSound.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 000045056 _____ (Macromedia, Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\SWA Import Export.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 000192512 _____ (Macromedia, Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\SwaCmpr.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 000073728 _____ (Macromedia, Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\SWAOpt.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 000090112 _____ (Macromedia, Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\TextAuth.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 000045056 _____ (Macromedia, Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\UIHelper.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 000585728 _____ (Magic Modules Pty Ltd) [File not signed] C:\Program Files (x86)\anipart client\xtras\Buddy API Xtra.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 000098304 _____ (Magic Modules Pty Ltd) [File not signed] C:\Program Files (x86)\anipart client\xtras\Buddy Menu Xtra.x32
2020-12-21 23:33 - 2020-12-21 23:33 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll
2020-12-21 23:33 - 2020-12-21 23:33 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\c2r64.dll
2020-12-28 11:01 - 2014-05-28 12:22 - 000136192 _____ (PiMZ) [File not signed] C:\Program Files (x86)\anipart client\xtras\OSControlXtra.X32
2020-12-28 11:01 - 2014-05-28 12:22 - 000311296 _____ (RavWare) [File not signed] C:\Program Files (x86)\anipart client\xtras\RavImageExport.x32
2020-12-01 00:14 - 2020-12-01 00:14 - 001638912 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\x64\SQLite.Interop.dll
2020-12-28 11:01 - 2014-05-28 12:22 - 000108544 _____ (Tabuleiro Prod Ltda) [File not signed] C:\Program Files (x86)\anipart client\xtras\vList.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 000056832 _____ (Tabuleiro Producoes) [File not signed] C:\Program Files (x86)\anipart client\xtras\WebXtra.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 000421888 _____ (Valentin Schmidt) [File not signed] C:\Program Files (x86)\anipart client\xtras\ImgXtra.x32
2018-10-18 23:13 - 2018-10-18 23:13 - 000017408 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Components\ssdp.w6c
2018-10-18 23:13 - 2018-10-18 23:13 - 000338944 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\freeform\wacs\freetype\freetype.wac
2018-10-18 23:13 - 2018-10-18 23:13 - 000041984 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\gen_crasher.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 001770496 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\gen_ff.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000031232 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\gen_hotkeys.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000323072 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\gen_ml.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000026624 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\gen_tray.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000070144 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\in_avi.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000061440 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\in_cdda.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000072704 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\in_dshow.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000051200 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\in_flac.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000044032 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\in_flv.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000008192 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\in_linein.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000112128 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\in_midi.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000041472 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\in_mkv.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000150016 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\in_mp3.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000052224 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\in_mp4.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000077824 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\in_nsv.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000024064 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\in_swf.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000239104 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\in_vorbis.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000024064 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\in_wave.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000100864 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\in_wm.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000031744 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\ml_bookmarks.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000226816 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\ml_devices.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000165376 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\ml_disc.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000057856 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\ml_downloads.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000060928 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\ml_history.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000059904 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\ml_impex.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000329728 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\ml_local.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000139776 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\ml_online.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000111104 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\ml_playlists.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000287232 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\ml_pmp.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000038912 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\ml_rg.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000033792 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\ml_transcode.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000126464 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\ml_wire.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000024576 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\out_disk.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000053760 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\out_ds.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000019968 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\out_wave.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000058368 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\pmp_android.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000163840 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\pmp_ipod.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000020992 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\pmp_njb.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000113664 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\pmp_p4s.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000078336 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\pmp_wifi.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000867328 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Shared\jnetlib.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000212992 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Shared\libmp4v2.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000165376 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Shared\libmpg123.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000260096 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Shared\libsndfile.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000086016 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Shared\nde.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000418304 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Shared\nsutil.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000030208 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Shared\nxlite.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000094208 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Shared\tataki.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000051200 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Shared\zlib.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000030208 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\System\aacdec.w5s
2018-10-18 23:13 - 2018-10-18 23:13 - 000026112 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\System\albumart.w5s
2018-10-18 23:13 - 2018-10-18 23:13 - 000018432 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\System\bmp.w5s
2018-10-18 23:13 - 2018-10-18 23:13 - 000034304 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\System\devices.w5s
2018-10-18 23:13 - 2018-10-18 23:13 - 000017920 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\System\dlmgr.w5s
2018-10-18 23:13 - 2018-10-18 23:13 - 000015360 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\System\filereader.w5s
2018-10-18 23:13 - 2018-10-18 23:13 - 000019456 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\System\gif.w5s
2018-10-18 23:13 - 2018-10-18 23:13 - 000869888 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\System\jnetlib.w5s
2018-10-18 23:13 - 2018-10-18 23:13 - 000156160 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\System\jpeg.w5s
2018-10-18 23:13 - 2018-10-18 23:13 - 000027648 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\System\mp3.w5s
2018-10-18 23:13 - 2018-10-18 23:13 - 000308224 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\System\ombrowser.w5s
2018-10-18 23:13 - 2018-10-18 23:13 - 000091648 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\System\playlist.w5s
2018-10-18 23:13 - 2018-10-18 23:13 - 000086528 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\System\png.w5s
2018-10-18 23:13 - 2018-10-18 23:13 - 000024064 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\System\tagz.w5s
2018-10-18 23:13 - 2018-10-18 23:13 - 000037376 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\System\timer.w5s
2018-10-18 23:13 - 2018-10-18 23:13 - 000048128 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\System\wasabi2.w5s
2018-10-18 23:13 - 2018-10-18 23:13 - 000088576 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\System\xml.w5s
2018-10-18 23:13 - 2018-10-18 23:13 - 000017408 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\System\xspf.w5s
2020-12-28 11:01 - 2014-05-28 12:22 - 000555520 _____ (www.cXtra.net) [File not signed] C:\Program Files (x86)\anipart client\xtras\cXtraTreeView.x32

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-229502678-4061752961-2197657978-1117\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
DPF: HKLM-x32 {2BCDB465-81F9-41CB-832C-8037A4064446} hxxps://amsterdam-01-nl.connectge.com/public/download/urxvpn.cab#version=7210,2020,910,1202
DPF: HKLM-x32 {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} hxxps://amsterdam-01-nl.connectge.com/public/download/f5tunsrv.cab#version=7210,2020,910,1202
DPF: HKLM-x32 {45B69029-F3AB-4204-92DE-D5140C3E8E74} hxxps://amsterdam-01-nl.connectge.com/public/download/InstallerControl.cab#7210,2020,910,1202
DPF: HKLM-x32 {E0FF21FA-B857-45C5-8621-F120A0C17FF2} hxxps://amsterdam-01-nl.connectge.com/public/download/urxhost.cab#version=7210,2020,910,1202
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-229502678-4061752961-2197657978-1117\...\connectge.com -> hxxps://amsterdam-01-nl.connectge.com
IE trusted site: HKU\S-1-5-21-229502678-4061752961-2197657978-1117\...\sharepoint.com -> hxxps://ah-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 10:14 - 2021-02-02 15:10 - 000000822 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %INTEL_DEV_REDIST%redist\intel64_win\compiler;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-229502678-4061752961-2197657978-1117\Control Panel\Desktop\\Wallpaper -> C:\Users\j.gb\Pictures\Dinan-E34-540i-s2.jpg
HKU\S-1-5-21-3689790936-738298057-1859486358-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.20.11 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{311F6012-4C76-4CDD-8D78-EBC6A461C19C}] => (Block) C:\Program Files\GRAPHISOFT\ARCHICAD 23\ARCHICAD.exe (GRAPHISOFT SE) [File not signed]
FirewallRules: [{83CD2ADE-1136-4B1D-84AF-E08AD39A9FB9}] => (Block) C:\Program Files\GRAPHISOFT\ARCHICAD 23\ARCHICAD Starter.exe (GRAPHISOFT SE) [File not signed]
FirewallRules: [{C9ACB768-AF65-4578-9222-D9C5ECCA3559}] => (Block) C:\Program Files\GRAPHISOFT\ARCHICAD 23\CineRender\CineRenderNEM.exe (MAXON Computer GmbH -> MAXON Computer GmbH)
FirewallRules: [{EADA26C8-949F-4390-8B39-C418EF62A8C9}] => (Block) C:\Program Files\GRAPHISOFT\ARCHICAD 23\BIMxUploader.exe (GRAPHISOFT SE) [File not signed]
FirewallRules: [{6B3A2953-84EF-409A-9405-681F5B44B92D}] => (Block) C:\Program Files\GRAPHISOFT\ARCHICAD 23\OverwatchServer.exe (GRAPHISOFT SE) [File not signed]
FirewallRules: [{1204A166-A9E5-41C3-BE0E-7AC3AEAFDAAE}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Winamp SA -> Winamp SA)
FirewallRules: [{8D533738-A694-41BD-A74D-7A9BD376B0B7}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Winamp SA -> Winamp SA)
FirewallRules: [TCP Query User{22005354-A75D-49CC-96EE-51AE46BB9D46}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe (Winamp SA -> Winamp SA)
FirewallRules: [UDP Query User{F984DA56-5BA0-40D3-9CB5-73D9CBE5084D}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe (Winamp SA -> Winamp SA)
FirewallRules: [{646F3500-7A64-4186-B8A3-B92B89ECC1EF}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{33AC4AF5-6A98-4ECA-819E-0AAD119D05E0}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{892A9898-72C2-4EBA-8EC7-BF76AA79325E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{56005ECC-40A9-4BC5-B514-918955945BFB}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2D6742A5-6ADC-469E-9A22-7F79102BDE86}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{D90DE8A8-6715-4624-B809-ADD511F9832F}C:\users\j.gb\appdata\local\programs\opera\73.0.3856.329\opera.exe] => (Allow) C:\users\j.gb\appdata\local\programs\opera\73.0.3856.329\opera.exe => No File
FirewallRules: [UDP Query User{634653FF-EC7C-4068-B6B0-BB82D838626F}C:\users\j.gb\appdata\local\programs\opera\73.0.3856.329\opera.exe] => (Allow) C:\users\j.gb\appdata\local\programs\opera\73.0.3856.329\opera.exe => No File
FirewallRules: [TCP Query User{54832A48-859B-4D22-B9C5-EEE506FD12F9}C:\program files\openra\redalert.exe] => (Allow) C:\program files\openra\redalert.exe () [File not signed]
FirewallRules: [UDP Query User{538F77F0-47FA-4EEE-8697-E7D90301DAF3}C:\program files\openra\redalert.exe] => (Allow) C:\program files\openra\redalert.exe () [File not signed]
FirewallRules: [TCP Query User{32C148C8-D68E-403E-8C86-78F2582DB68B}C:\program files\graphisoft\archicad 24\archicad.exe] => (Block) C:\program files\graphisoft\archicad 24\archicad.exe (GRAPHISOFT SE) [File not signed]
FirewallRules: [UDP Query User{6E6A20E6-B053-4F33-9FAB-60C81D7D0331}C:\program files\graphisoft\archicad 24\archicad.exe] => (Block) C:\program files\graphisoft\archicad 24\archicad.exe (GRAPHISOFT SE) [File not signed]
FirewallRules: [TCP Query User{6DC1A450-B073-430A-A47E-8B43258A13F5}C:\users\j.gb\appdata\local\programs\opera\73.0.3856.344\opera.exe] => (Allow) C:\users\j.gb\appdata\local\programs\opera\73.0.3856.344\opera.exe => No File
FirewallRules: [UDP Query User{6855CA14-A5C9-4742-AA19-CC690DF3E9FD}C:\users\j.gb\appdata\local\programs\opera\73.0.3856.344\opera.exe] => (Allow) C:\users\j.gb\appdata\local\programs\opera\73.0.3856.344\opera.exe => No File
FirewallRules: [{665C58A9-964F-4215-81A9-82D838FBD784}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{45C4C2E9-EFD8-467B-B8CE-A3CA719AA89B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A20B8BA8-8E03-4940-9A0C-79DC16A20070}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{391C29B5-9463-4585-9784-44CD4C6FEA45}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{F841472A-27BC-450F-A686-6932FEA11425}C:\users\j.gb\appdata\local\programs\opera\74.0.3911.107\opera.exe] => (Allow) C:\users\j.gb\appdata\local\programs\opera\74.0.3911.107\opera.exe => No File
FirewallRules: [UDP Query User{EF1E0099-537A-4FD1-A62B-A003D6F0D8EA}C:\users\j.gb\appdata\local\programs\opera\74.0.3911.107\opera.exe] => (Allow) C:\users\j.gb\appdata\local\programs\opera\74.0.3911.107\opera.exe => No File
FirewallRules: [{20C29C0A-B225-4B30-93D5-B2EB892520B1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{05111B94-FBEC-40CE-9F1E-EB5120EC4A82}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{F93A0420-331A-4911-AC43-1F6340BAC925}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{82D6A93E-5E50-420F-BAC4-4216EB5D4CBC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{701CF14F-7967-4BA2-8872-EE08A6DDEBAE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.154.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E7A6D376-894A-4A4B-8A42-EC504F5D1123}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.154.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{591F6934-B20D-4329-A1B3-218F6A974D66}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.154.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BFC3B97E-C552-4B71-AA3E-F0CD1E089921}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.154.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4846EB7A-538C-46A8-A0D0-3ABE52EED363}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.154.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D311C94A-B956-49C1-B424-960A9888070A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.154.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{196A39E4-69A3-4976-BEB7-3C3FAD9C1F2D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.154.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F27307BA-0F49-4D86-B5D4-3602A51489BC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.154.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{165A09A6-154E-4252-889A-DE9F503CE555}C:\users\j.gb\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\j.gb\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{7511A506-EFCE-4DCC-A4B9-FF858747672B}C:\users\j.gb\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\j.gb\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{6E89A2FA-1B0F-448A-ADCB-FCF3B3D4530A}C:\users\j.gb\appdata\local\programs\opera\74.0.3911.218\opera.exe] => (Allow) C:\users\j.gb\appdata\local\programs\opera\74.0.3911.218\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [UDP Query User{61E0C643-6946-4218-A167-7CD0591E8DBB}C:\users\j.gb\appdata\local\programs\opera\74.0.3911.218\opera.exe] => (Allow) C:\users\j.gb\appdata\local\programs\opera\74.0.3911.218\opera.exe (Opera Software AS -> Opera Software)
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server

==================== Restore Points =========================

15-03-2021 14:57:54 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (03/15/2021 10:07:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: OLicenseHeartbeat.exe, verze: 16.0.13801.20182, časové razítko: 0x602dd932
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.19041.804, časové razítko: 0x0e9c5eae
Kód výjimky: 0xc06d007e
Posun chyby: 0x000000000002d759
ID chybujícího procesu: 0x4c40
Čas spuštění chybující aplikace: 0x01d7197a93e4b05c
Cesta k chybující aplikaci: C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe
Cesta k chybujícímu modulu: C:\Windows\System32\KERNELBASE.dll
ID zprávy: 0d2c21ff-cd8b-463f-96c1-f19e7911f5b7
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (03/15/2021 10:04:30 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (03/15/2021 10:04:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: OLicenseHeartbeat.exe, verze: 16.0.13801.20182, časové razítko: 0x602dd932
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.19041.804, časové razítko: 0x0e9c5eae
Kód výjimky: 0xc06d007e
Posun chyby: 0x000000000002d759
ID chybujícího procesu: 0x5194
Čas spuštění chybující aplikace: 0x01d7197a2cca0881
Cesta k chybující aplikaci: C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe
Cesta k chybujícímu modulu: C:\Windows\System32\KERNELBASE.dll
ID zprávy: eccaed58-3fa5-44f7-8600-0da041a9cbda
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (03/11/2021 10:54:47 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (03/11/2021 10:54:47 AM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (03/02/2021 12:05:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program RedAlert.exe verze 0.0.0.0 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 61a8

Čas spuštění: 01d70f4f0e9c54f8

Čas ukončení: 8

Cesta k aplikaci: C:\Program Files\OpenRA\RedAlert.exe

ID hlášení: 0dbd82fb-d93b-4cb5-a016-f43c9bd3d891

Úplný název balíčku s chybou:

ID aplikace relativní podle balíčku s chybou:

Typ zablokování: Cross-thread

Error: (03/01/2021 12:25:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program OUTLOOK.EXE verze 16.0.13628.20448 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 1f0c

Čas spuštění: 01d70a9c6651cd2e

Čas ukončení: 0

Cesta k aplikaci: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE

ID hlášení: e74c077c-b13b-4acd-9dc8-67bbb78dd7c9

Úplný název balíčku s chybou:

ID aplikace relativní podle balíčku s chybou:

Typ zablokování: Cross-thread

Error: (02/22/2021 12:59:52 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddWin32ServiceFiles: Unable to back up image of service Bferor since QueryServiceConfig API failed

System Error:
Systém nemůže nalézt uvedený soubor.
.


System errors:
=============
Error: (03/16/2021 04:07:12 PM) (Source: disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk2\DR2.

Error: (03/16/2021 09:40:39 AM) (Source: cdrom) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\CdRom0.

Error: (03/16/2021 09:40:39 AM) (Source: cdrom) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\CdRom0.

Error: (03/16/2021 09:40:39 AM) (Source: cdrom) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\CdRom0.

Error: (03/16/2021 09:40:39 AM) (Source: cdrom) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\CdRom0.

Error: (03/16/2021 09:40:39 AM) (Source: cdrom) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\CdRom0.

Error: (03/16/2021 09:25:41 AM) (Source: cdrom) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\CdRom0.

Error: (03/16/2021 09:25:41 AM) (Source: cdrom) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\CdRom0.


CodeIntegrity:
===============
Date: 2021-03-16 11:11:24
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

BIOS: Dell Inc. 1.4.3 12/23/2020
Motherboard: Dell Inc. 06KF2W
Processor: Intel(R) Core(TM) i7-10610U CPU @ 1.80GHz
Percentage of memory in use: 76%
Total physical RAM: 15980.48 MB
Available physical RAM: 3758.86 MB
Total Virtual: 23812.84 MB
Available Virtual: 4440.06 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:476.34 GB) (Free:14.96 GB) NTFS
Drive d: (Wormhole) (CDROM) (Total:0 GB) (Free:0 GB) CDFS
Drive e: () (Removable) (Total:0 GB) (Free:0 GB) FAT

\\?\Volume{a88454d9-dec6-4491-8398-9148ba0a569c}\ () (Fixed) (Total:0.49 GB) (Free:0.07 GB) NTFS
\\?\Volume{e57f8ce7-b138-4521-b4c7-f9b03f0700df}\ () (Fixed) (Total:0.09 GB) (Free:0.05 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 0A4A703D)

Partition: GPT.

==========================================================
Disk: 1 (Size: 1026 KB) (Disk ID: 000A0D2E)

==================== End of Addition.txt =======================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118197
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Eset hlásí adware v Opeře - není schopen jej zlikvidovat

#3 Příspěvek od Rudy »

Zdravím!
Spusťte teuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Serifus
Návštěvník
Návštěvník
Příspěvky: 172
Registrován: 19 dub 2008 21:20

Re: Eset hlásí adware v Opeře - není schopen jej zlikvidovat

#4 Příspěvek od Serifus »

Našlo to jen předinstalovaný SW od Dellu. Dell Update. Víc nic...

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118197
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Eset hlásí adware v Opeře - není schopen jej zlikvidovat

#5 Příspěvek od Rudy »

OK. Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
FirewallRules: [TCP Query User{D90DE8A8-6715-4624-B809-ADD511F9832F}C:\users\j.gb\appdata\local\programs\opera\73.0.3856.329\opera.exe] => (Allow) C:\users\j.gb\appdata\local\programs\opera\73.0.3856.329\opera.exe => No File
FirewallRules: [UDP Query User{634653FF-EC7C-4068-B6B0-BB82D838626F}C:\users\j.gb\appdata\local\programs\opera\73.0.3856.329\opera.exe] => (Allow) C:\users\j.gb\appdata\local\programs\opera\73.0.3856.329\opera.exe => No File
FirewallRules: [TCP Query User{6DC1A450-B073-430A-A47E-8B43258A13F5}C:\users\j.gb\appdata\local\programs\opera\73.0.3856.344\opera.exe] => (Allow) C:\users\j.gb\appdata\local\programs\opera\73.0.3856.344\opera.exe => No File
FirewallRules: [UDP Query User{6855CA14-A5C9-4742-AA19-CC690DF3E9FD}C:\users\j.gb\appdata\local\programs\opera\73.0.3856.344\opera.exe] => (Allow) C:\users\j.gb\appdata\local\programs\opera\73.0.3856.344\opera.exe => No File
FirewallRules: [TCP Query User{F841472A-27BC-450F-A686-6932FEA11425}C:\users\j.gb\appdata\local\programs\opera\74.0.3911.107\opera.exe] => (Allow) C:\users\j.gb\appdata\local\programs\opera\74.0.3911.107\opera.exe => No File
FirewallRules: [UDP Query User{EF1E0099-537A-4FD1-A62B-A003D6F0D8EA}C:\users\j.gb\appdata\local\programs\opera\74.0.3911.107\opera.exe] => (Allow) C:\users\j.gb\appdata\local\programs\opera\74.0.3911.107\opera.exe => No File
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-229502678-4061752961-2197657978-1117\...\Policies\Explorer: []
HKU\S-1-5-21-229502678-4061752961-2197657978-1117\...\MountPoints2: {17a33837-4907-11eb-9545-dc41a949503d} - "D:\WHLoader.exe"
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {6309142C-DBAE-47D5-9BCF-6AB6F3B24D18} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23079792 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
"C:\Windows\System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202}" was unlocked. <==== ATTENTION
Task: {BC5E9969-1F6A-47D6-8DAD-3CB3AFACCCF1} - System32\Tasks\Opera scheduled Autoupdate 1608627185 => C:\Users\j.gb\AppData\Local\Programs\Opera\launcher.exe [1793688 2021-03-11] (Opera Software AS -> Opera Software)
"C:\Windows\System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}" was unlocked. <==== ATTENTION
Task: {BC5E9969-1F6A-47D6-8DAD-3CB3AFACCCF1} - System32\Tasks\Opera scheduled Autoupdate 1608627185 => C:\Users\j.gb\AppData\Local\Programs\Opera\launcher.exe [1793688 2021-03-11] (Opera Software AS -> Opera Software)
"C:\Windows\System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}" was unlocked. <==== ATTENTION
C:\Users\j.gb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Serifus
Návštěvník
Návštěvník
Příspěvky: 172
Registrován: 19 dub 2008 21:20

Re: Eset hlásí adware v Opeře - není schopen jej zlikvidovat

#6 Příspěvek od Serifus »

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-03-2021
Ran by j.gb (18-03-2021 10:52:38) Run:1
Running from C:\Users\j.gb\Desktop
Loaded Profiles: j.gb & Admin
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
FirewallRules: [TCP Query User{D90DE8A8-6715-4624-B809-ADD511F9832F}C:\users\j.gb\appdata\local\programs\opera\73.0.3856.329\opera.exe] => (Allow) C:\users\j.gb\appdata\local\programs\opera\73.0.3856.329\opera.exe => No File
FirewallRules: [UDP Query User{634653FF-EC7C-4068-B6B0-BB82D838626F}C:\users\j.gb\appdata\local\programs\opera\73.0.3856.329\opera.exe] => (Allow) C:\users\j.gb\appdata\local\programs\opera\73.0.3856.329\opera.exe => No File
FirewallRules: [TCP Query User{6DC1A450-B073-430A-A47E-8B43258A13F5}C:\users\j.gb\appdata\local\programs\opera\73.0.3856.344\opera.exe] => (Allow) C:\users\j.gb\appdata\local\programs\opera\73.0.3856.344\opera.exe => No File
FirewallRules: [UDP Query User{6855CA14-A5C9-4742-AA19-CC690DF3E9FD}C:\users\j.gb\appdata\local\programs\opera\73.0.3856.344\opera.exe] => (Allow) C:\users\j.gb\appdata\local\programs\opera\73.0.3856.344\opera.exe => No File
FirewallRules: [TCP Query User{F841472A-27BC-450F-A686-6932FEA11425}C:\users\j.gb\appdata\local\programs\opera\74.0.3911.107\opera.exe] => (Allow) C:\users\j.gb\appdata\local\programs\opera\74.0.3911.107\opera.exe => No File
FirewallRules: [UDP Query User{EF1E0099-537A-4FD1-A62B-A003D6F0D8EA}C:\users\j.gb\appdata\local\programs\opera\74.0.3911.107\opera.exe] => (Allow) C:\users\j.gb\appdata\local\programs\opera\74.0.3911.107\opera.exe => No File
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-229502678-4061752961-2197657978-1117\...\Policies\Explorer: []
HKU\S-1-5-21-229502678-4061752961-2197657978-1117\...\MountPoints2: {17a33837-4907-11eb-9545-dc41a949503d} - "D:\WHLoader.exe"
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {6309142C-DBAE-47D5-9BCF-6AB6F3B24D18} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23079792 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
"C:\Windows\System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202}" was unlocked. <==== ATTENTION
Task: {BC5E9969-1F6A-47D6-8DAD-3CB3AFACCCF1} - System32\Tasks\Opera scheduled Autoupdate 1608627185 => C:\Users\j.gb\AppData\Local\Programs\Opera\launcher.exe [1793688 2021-03-11] (Opera Software AS -> Opera Software)
"C:\Windows\System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}" was unlocked. <==== ATTENTION
Task: {BC5E9969-1F6A-47D6-8DAD-3CB3AFACCCF1} - System32\Tasks\Opera scheduled Autoupdate 1608627185 => C:\Users\j.gb\AppData\Local\Programs\Opera\launcher.exe [1793688 2021-03-11] (Opera Software AS -> Opera Software)
"C:\Windows\System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}" was unlocked. <==== ATTENTION
C:\Users\j.gb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D90DE8A8-6715-4624-B809-ADD511F9832F}C:\users\j.gb\appdata\local\programs\opera\73.0.3856.329\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{634653FF-EC7C-4068-B6B0-BB82D838626F}C:\users\j.gb\appdata\local\programs\opera\73.0.3856.329\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6DC1A450-B073-430A-A47E-8B43258A13F5}C:\users\j.gb\appdata\local\programs\opera\73.0.3856.344\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{6855CA14-A5C9-4742-AA19-CC690DF3E9FD}C:\users\j.gb\appdata\local\programs\opera\73.0.3856.344\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F841472A-27BC-450F-A686-6932FEA11425}C:\users\j.gb\appdata\local\programs\opera\74.0.3911.107\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{EF1E0099-537A-4FD1-A62B-A003D6F0D8EA}C:\users\j.gb\appdata\local\programs\opera\74.0.3911.107\opera.exe" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKU\S-1-5-21-229502678-4061752961-2197657978-1117\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\" => removed successfully
HKU\S-1-5-21-229502678-4061752961-2197657978-1117\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{17a33837-4907-11eb-9545-dc41a949503d} => removed successfully
C:\ProgramData\NTUSER.pol => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6309142C-DBAE-47D5-9BCF-6AB6F3B24D18}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6309142C-DBAE-47D5-9BCF-6AB6F3B24D18}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office ClickToRun Service Monitor" => removed successfully
"C:\Windows\System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202}" was unlocked. <==== ATTENTION" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BC5E9969-1F6A-47D6-8DAD-3CB3AFACCCF1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC5E9969-1F6A-47D6-8DAD-3CB3AFACCCF1}" => removed successfully
C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1608627185 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 1608627185" => removed successfully
"C:\Windows\System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}" was unlocked. <==== ATTENTION" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC5E9969-1F6A-47D6-8DAD-3CB3AFACCCF1}" => not found
"C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1608627185" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 1608627185" => not found
"C:\Windows\System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}" was unlocked. <==== ATTENTION" => not found
C:\Users\j.gb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 82894475 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 178004407 B
Edge => 0 B
Firefox => 0 B
Opera => 310754936 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 57862 B
NetworkService => 60928 B
balcompc => 110790590 B
j.gb => 402607465 B
Admin => 403202522 B

RecycleBin => 195590031 B
EmptyTemp: => 1.6 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:53:20 ====

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118197
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Eset hlásí adware v Opeře - není schopen jej zlikvidovat

#7 Příspěvek od Rudy »

Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Serifus
Návštěvník
Návštěvník
Příspěvky: 172
Registrován: 19 dub 2008 21:20

Re: Eset hlásí adware v Opeře - není schopen jej zlikvidovat

#8 Příspěvek od Serifus »

Zatím úplně nemohu říci. Hlášky eset sype občas dost náhodně. Rozhodně budu sledovat a dám vědět. Zatím moc děkuji.

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118197
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Eset hlásí adware v Opeře - není schopen jej zlikvidovat

#9 Příspěvek od Rudy »

OK, zatím nemáte zač! :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Serifus
Návštěvník
Návštěvník
Příspěvky: 172
Registrován: 19 dub 2008 21:20

Re: Eset hlásí adware v Opeře - není schopen jej zlikvidovat

#10 Příspěvek od Serifus »

Zdravím!

Tak bohužel zase hlášení:

Čas;Skener;Typ objektu;Objekt;Detekce;Akce;Uživatel;Informace;Hash;První výskyt
28.03.2021 18:38:33;HTTP filtr;soubor;https://lapypushistyye.com/?r=dir&zonei ... e.Agent.AA aplikace;přerušeno spojení;APCZECH\j.gb;Tato událost nastala při pokusu o přístup na web aplikací: C:\Users\j.gb\AppData\Local\Programs\Opera\74.0.3911.218\opera.exe (1F03BA3ACC3BCD1209B8E3A662C43418DCE0C966).;49B9A7729E01AEBC5C4CEEACC005B26BBC88BEB1;


A v logu jich je dost :-(

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118197
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Eset hlásí adware v Opeře - není schopen jej zlikvidovat

#11 Příspěvek od Rudy »

Zkusíme vyčistit prohlížeče. Spusťte postupně tyto utility:

1. Stahnete Zoek.exe , https://www.edisk.cz/stahni/21334/zoek.rar_1.3MB.html/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize




autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;





Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: https://www.stahuj.cz/utility_a_ostatni ... oval-tool/
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Serifus
Návštěvník
Návštěvník
Příspěvky: 172
Registrován: 19 dub 2008 21:20

Re: Eset hlásí adware v Opeře - není schopen jej zlikvidovat

#12 Příspěvek od Serifus »

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by j.gb on 29.03.2021 at 12:07:25,77.
Microsoft Windows 10 Pro 10.0.19042 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\j.gb\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

29.03.2021 12:07:52 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~3\Canon IJ Network Tool deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\PROGRA~3\ssh deleted successfully
C:\Users\Admin\AppData\Local\PeerDistRepub deleted successfully
C:\Users\Admin\AppData\Local\PlaceholderTileLogoFolder deleted successfully
C:\Users\Admin\AppData\Local\VirtualStore deleted successfully
C:\Users\balcompc\AppData\Local\Adobe deleted successfully
C:\Users\j.gb\AppData\Local\GHISLER deleted successfully
C:\Users\j.gb\AppData\Local\PeerDistRepub deleted successfully
C:\Users\j.gb\AppData\Local\PlaceholderTileLogoFolder deleted successfully
C:\Users\j.gb\AppData\Local\Saber deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\BIMTECH deleted
C:\PROGRA~3\Package Cache deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1138-2ca0-40de3c6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1138-2ca0-40de3c8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1138-2ca0-40de3ca.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1138-2ca0-40de3dc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1138-2ca0-40de3de.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1138-2ca0-40de3e0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1138-2ca0-40de3e2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1138-2ca0-40de3f3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1138-2ca0-40de3f5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1138-2ca0-40de3f7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1138-2ca0-40de409.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1138-2ca0-40de40b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1138-2ca0-40de40d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1138-2ca0-40de40f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1138-2ca0-40de421.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1138-2ca0-40de423.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1138-2ca0-40de434.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1138-2ca0-40de436.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1138-2ca0-40de438.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1138-2ca0-40de44a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-11fc-270c-608e54.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-11fc-270c-608e66.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-11fc-270c-608e77.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-11fc-270c-608e79.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-11fc-270c-608e8b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-11fc-270c-608e9d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-11fc-270c-608e9f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-11fc-270c-608eb0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-11fc-270c-608ec2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-11fc-270c-608ec4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-11fc-270c-608ed5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-11fc-270c-608ee7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-11fc-270c-608ef9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-11fc-270c-608f0a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-11fc-270c-608f0c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-11fc-270c-608f1e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-11fc-270c-608f30.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-11fc-270c-608f41.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-11fc-270c-608f43.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-11fc-270c-608f55.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1208-a24-112e4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1208-a24-112e6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1208-a24-112e8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1208-a24-112ea.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1208-a24-112ec.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1208-a24-112ee.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1208-a24-11300.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1208-a24-11302.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1208-a24-11304.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1208-a24-11306.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1208-a24-11308.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1208-a24-1130a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1208-a24-1131c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1208-a24-1131e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1208-a24-11320.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1208-a24-11322.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1208-a24-11324.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1208-a24-11326.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1208-a24-11337.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a0-2224-12e51a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a0-2224-12e52c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a0-2224-12e52e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a0-2224-12e530.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a0-2224-12e542.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a0-2224-12e544.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a0-2224-12e546.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a0-2224-12e557.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a0-2224-12e559.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a0-2224-12e55b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a0-2224-12e56d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a0-2224-12e56f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a0-2224-12e571.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a0-2224-12e582.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a0-2224-12e584.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a0-2224-12e586.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a0-2224-12e588.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a0-2224-12e59a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a0-2224-12e59c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a0-2224-12e5ae.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1524-20fc-299bae.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1524-20fc-299bb0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1524-20fc-299bc1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1524-20fc-299bc3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1524-20fc-299bc5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1524-20fc-299bd7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1524-20fc-299bd9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1524-20fc-299bdb.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1524-20fc-299bec.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1524-20fc-299bee.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1524-20fc-299bf0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1524-20fc-299c02.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1524-20fc-299c04.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1524-20fc-299c06.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1524-20fc-299c18.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1524-20fc-299c1a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1524-20fc-299c1c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1524-20fc-299c2d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1524-20fc-299c2f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1524-20fc-299c31.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1720-cd0-bb8cd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1720-cd0-bb8cf.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1720-cd0-bb8e0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1720-cd0-bb8e2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1720-cd0-bb8e4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1720-cd0-bb8e6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1720-cd0-bb8f8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1720-cd0-bb8fa.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1720-cd0-bb8fc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1720-cd0-bb90d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1720-cd0-bb90f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1720-cd0-bb911.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1720-cd0-bb923.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1720-cd0-bb925.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1720-cd0-bb927.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1720-cd0-bb939.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1720-cd0-bb93b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1720-cd0-bb93d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1720-cd0-bb94e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1720-cd0-bb950.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1758-f3c-fa0fb.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1758-f3c-fa0fd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1758-f3c-fa0ff.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1758-f3c-fa111.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1758-f3c-fa113.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1758-f3c-fa115.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1758-f3c-fa127.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1758-f3c-fa129.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1758-f3c-fa12b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1758-f3c-fa13c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1758-f3c-fa13e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1758-f3c-fa140.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1758-f3c-fa152.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1758-f3c-fa154.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1758-f3c-fa156.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1758-f3c-fa168.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1758-f3c-fa16a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1758-f3c-fa16c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1758-f3c-fa17d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1758-f3c-fa17f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1bbc-ee8-1885265.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1bbc-ee8-1885267.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1bbc-ee8-1885278.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1bbc-ee8-188527a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1bbc-ee8-188527c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1bbc-ee8-188527e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1bbc-ee8-1885290.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1bbc-ee8-1885292.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1bbc-ee8-1885294.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1bbc-ee8-1885296.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1bbc-ee8-1885298.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1bbc-ee8-18852a9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1bbc-ee8-18852ab.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1bbc-ee8-18852ad.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1bbc-ee8-18852af.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1bbc-ee8-18852b1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1bbc-ee8-18852c3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1bbc-ee8-18852c5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1bbc-ee8-18852c7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1bbc-ee8-18852c9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f4c-2e88-e3ab535.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f4c-2e88-e3ab537.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f4c-2e88-e3ab549.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f4c-2e88-e3ab54b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f4c-2e88-e3ab54d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f4c-2e88-e3ab55f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f4c-2e88-e3ab561.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f4c-2e88-e3ab5b1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f4c-2e88-e3ab5c2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f4c-2e88-e3ab5d4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f4c-2e88-e3ab605.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f4c-2e88-e3ab665.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f4c-2e88-e3ab686.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f4c-2e88-e3ab698.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f4c-2e88-e3ab69a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f4c-2e88-e3ab69c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f4c-2e88-e3ab6ad.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f4c-2e88-e3ab6bf.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f4c-2e88-e3ab6ff.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f4c-2e88-e3ab75f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fe8-1f88-15e4ae.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fe8-1f88-15e4c0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fe8-1f88-15e4c2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fe8-1f88-15e4c4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fe8-1f88-15e4d6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fe8-1f88-15e4d8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fe8-1f88-15e4f9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fe8-1f88-15e4fb.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fe8-1f88-15e50c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fe8-1f88-15e50e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fe8-1f88-15e510.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fe8-1f88-15e512.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fe8-1f88-15e524.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fe8-1f88-15e526.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fe8-1f88-15e528.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fe8-1f88-15e52a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fe8-1f88-15e53c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fe8-1f88-15e53e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fe8-1f88-15e540.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fe8-1f88-15e551.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-28e4-638-e0ccf.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-28e4-638-e0cd1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-28e4-638-e0ce2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-28e4-638-e0ce4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-28e4-638-e0ce6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-28e4-638-e0cf8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-28e4-638-e0cfa.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-28e4-638-e0cfc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-28e4-638-e0d0e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-28e4-638-e0d10.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-28e4-638-e0d12.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-28e4-638-e0d23.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-28e4-638-e0d25.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-28e4-638-e0d27.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-28e4-638-e0d39.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-28e4-638-e0d3b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-28e4-638-e0d3d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-28e4-638-e0d3f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-28e4-638-e0d50.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-28e4-638-e0d52.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2a60-2678-7c83b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e44-1f4-4a1641.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e44-1f4-4a1652.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e44-1f4-4a1674.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e44-1f4-4a1676.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e44-1f4-4a1678.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e44-1f4-4a1689.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e44-1f4-4a168b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e44-1f4-4a168d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e44-1f4-4a169f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e44-1f4-4a16a1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e44-1f4-4a16a3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e44-1f4-4a16b5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e44-1f4-4a16b7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e44-1f4-4a16b9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e44-1f4-4a16ca.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e44-1f4-4a16cc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e44-1f4-4a16ce.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e44-1f4-4a16d0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e44-1f4-4a16e2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e44-1f4-4a16e4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2ec8-2730-98c67.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2ec8-2730-98c69.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2ec8-2730-98c7b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2ec8-2730-98c7d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2ec8-2730-98c7f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2ec8-2730-98c90.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2ec8-2730-98c92.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2ec8-2730-98c94.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2ec8-2730-98ca6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2ec8-2730-98ca8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2ec8-2730-98caa.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2ec8-2730-98cac.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2ec8-2730-98ccd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2ec8-2730-98ccf.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2ec8-2730-98cd1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2ec8-2730-98ce3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2ec8-2730-98ce5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2ec8-2730-98ce7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2ec8-2730-98cf8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2ec8-2730-98cfa.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f94-948-af00e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f94-948-af010.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f94-948-af012.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f94-948-af024.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f94-948-af026.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f94-948-af028.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f94-948-af02a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f94-948-af02c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f94-948-af03d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f94-948-af03f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f94-948-af041.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f94-948-af043.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f94-948-af055.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f94-948-af057.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f94-948-af059.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f94-948-af05b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f94-948-af06c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f94-948-af06e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f94-948-af070.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f94-948-af072.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b40-a0c-47fdc1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b40-a0c-47fdc3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b40-a0c-47fdd5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b40-a0c-47fdd7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b40-a0c-47fdd9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b40-a0c-47fddb.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b40-a0c-47fdec.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b40-a0c-47fdee.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b40-a0c-47fdf0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b40-a0c-47fdf2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b40-a0c-47fe04.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b40-a0c-47fe06.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b40-a0c-47fe08.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b40-a0c-47fe0a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b40-a0c-47fe1c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b40-a0c-47fe1e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b40-a0c-47fe20.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b40-a0c-47fe22.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b40-a0c-47fe33.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b40-a0c-47fe35.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-4624-1e7c-278ce2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-4624-1e7c-278cf4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-4624-1e7c-278cf6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-4624-1e7c-278cf8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-4624-1e7c-278cfa.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-4624-1e7c-278d0b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-4624-1e7c-278d0d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-4624-1e7c-278d0f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-4624-1e7c-278d21.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-4624-1e7c-278d23.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-4624-1e7c-278d25.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-4624-1e7c-278d46.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-4624-1e7c-278d68.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-4624-1e7c-278d6a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-4624-1e7c-278d7b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-4624-1e7c-278d7d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-4624-1e7c-278d9e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-4624-1e7c-278db0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-4624-1e7c-278db2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-4624-1e7c-278dc4.tmp deleted
C:\Windows\invcol.tmp deleted
C:\windows\SysNative\GroupPolicy\DataStore deleted
"C:\Windows\Installer\45b92.msi" deleted
"C:\ProgramData\cm-lock" not deleted
"C:\DumpStack.log.tmp" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Cookies" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\lockfile" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\main-process.log" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\QuotaManager" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\QuotaManager-journal" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Cache\data_0" deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Cache\data_1" deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Cache\data_2" deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Cache\data_3" deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Cache\index" deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\databases\Databases.db" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Dictionaries\cs-CZ-3-0.bdic" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\GPUCache\data_0" deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\GPUCache\data_1" deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\GPUCache\data_2" deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\GPUCache\data_3" deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\GPUCache\index" deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Session Storage\000003.log" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Session Storage\LOCK" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Session Storage\LOG" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Session Storage\MANIFEST-000001" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\File System\Origins\000003.log" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\File System\Origins\LOCK" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\File System\Origins\LOG" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\File System\Origins\MANIFEST-000001" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\000237.log" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\000239.ldb" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\000240.ldb" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\000241.ldb" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\000242.ldb" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\000243.ldb" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\000244.ldb" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\000245.ldb" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\LOCK" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\LOG" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\MANIFEST-000001" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Local Storage\leveldb\000005.ldb" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Local Storage\leveldb\000085.ldb" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Local Storage\leveldb\000087.ldb" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Local Storage\leveldb\000089.ldb" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Local Storage\leveldb\000090.log" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Local Storage\leveldb\000091.ldb" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Local Storage\leveldb\LOCK" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Local Storage\leveldb\LOG" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Local Storage\leveldb\MANIFEST-000001" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Cache" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\databases" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Dictionaries" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\File System" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\GPUCache" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\IndexedDB" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Local Storage" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Session Storage" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\File System\Origins" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Local Storage\leveldb" not deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"web2pdfextension@web2pdf.adobedotcom"="C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn" [08.01.2021 14:01]

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
efaidnbmnnnibpcajpcglclefindmkaj - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx[12.09.2014 11:43]

Outlook - Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb
Word - Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi
Excel - Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm
PowerPoint - Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf

==== Chromium Startpages ======================

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
00StG95LweksGcLBlFlYL46cHFVgHHj1gmzcpBtgsURdcrAC3V8yiE7GY4wtpOP+9l+adUGR+cyOG0mw9fLjyH+2Il0QqktsNXzkNiE1ogW4l0h4+PJc262j0vtm4hBzMvR0QScFWcAIcAErlUiWTt4jefXCAYqubV99ed5MvVMWBxe97wOa9hYwAhbCminOepA4RRTg9eyi0TiuHpq/bNI8C5qZgKIQNBAjgiFBaIx9hiMBFlK4NHUbFdgY6Qp/hSCMNurctwz1jpsXEnT4eHg1YWXfquoH8s4swIjkFCMBF6Ejc3cUkQIDAQAB","manifest_version":2,"name":"WebRTC Internals Extension","permissions":["webrtcInternalsPrivate"],"version":"2.0.0"},"never_activated_since_loaded":true,"path":"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\84.0.522.52\\resources\\webrtc_internals","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false},"nkeimhogjdpnpccoofpliimaahmaaome":{"active_permissions":{"api":["desktopCapture","processes","webrtcAudioPrivate","webrtcDesktopCapturePrivate","webrtcLoggingPrivate","system.cpu","enterprise.hardwarePlatform"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":["runtime.onConnectExternal"],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13252797053106230","location":5,"manifest":{"background":{"page":"background.html","persistent":false},"externally_connectable":{"matches":["https://*.google.com/*","https://*.microsoft.com/*","https://*.skype.com/*","*://localhost/*"]},"incognito":"split","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDAQt2ZDdPfoSe/JI6ID5bgLHRCnCu9T36aYczmhw/tnv6QZB2I6WnOCMZXJZlRdqWc7w9jo4BWhYS50Vb4weMfh/I0On7VcRwJUgfAxW2cHB+EkmtI1v4v/OU24OqIa1Nmv9uRVeX0GjhQukdLNhAE6ACWooaf5kqKlCeK+1GOkQIDAQAB","manifest_version":2,"name":"Google Hangouts","permissions":["desktopCapture","enterprise.hardwarePlatform","processes","system.cpu","webrtcAudioPrivate","webrtcDesktopCapturePrivate","webrtcLoggingPrivate"],"version":"1.3.15"},"never_activated_since_loaded":true,"path":"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\84.0.522.52\\resources\\hangout_services","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false},"opfacbhaojodjaojgocnibmklknchehf":{"active_permissions":{"api":[],"manifest_permissions":[]},"app_launcher_ordinal":"n","commands":{},"content_settings":[],"creation_flags":17,"events":[],"from_bookmark":true,"from_webstore":false,"granted_permissions":{"api":[],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13252798204373631","location":1,"manifest":{"app":{"display_mode":"browser","launch":{"web_url":"https://powerpoint.office.com/"},"linke ... D299A834E1"}}

C:\Users\j.gb\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
5BF7F05B86988C23E79B49EEA11D948C7760BAC58F","kmendfapggjehodndflmmgagdbamhnfd":"B4C84F520C6266F1DBC99857F050D605BF1E4960F5CD2F8F333342E6B24415CA","mhjfbmdgcfjbbpaeojofohoefgiehjai":"1A7F7743A4CE4BF348B20CE775D904E9754F42991A2C7588A86D156171FA3475","ncbjelpjchkpbikbpkcchkhkblodoama":"0C10A19570123FB2CEEB2CD1FF6B2AA5478EA5C78FEB1FB6AD8EF31FA05A446B","nkeimhogjdpnpccoofpliimaahmaaome":"15AF951D233110A942BB696611716D4C658AF14F5BDB0A490EB7E45CEE3364FF"}},"homepage":"7313723229CC157627717C3150491EFD19BE0BF5305F76A9224D3821CB326FAF","homepage_is_newtabpage":"AB88E354746CE59CF5536213EF8ED8C3880FC7227740375B0F9ACB31A1054D84","media":{"storage_id_salt":"154AC4B0A176204600B867A43DEA4F32D1772C2403A6C687E182DFA1C23D6CB4"},"pinned_tabs":"8A4ED53F4A1D16054A5D0B00D23448878AA064C5649D30432DC76888F96D2918","prefs":{"preference_reset_time":"B1D4EEAECCC0D851CA8ECE3EB88A4FCF0154609E13605DDD5C842B443BD67DAA"},"safebrowsing":{"incidents_sent":"7B20938625FD29BEA7FFFA39517FB169D49901824EFCDD5E628291ACAB704E36"},"search_provider_overrides":"240834AAB31487C6D327E7BF347FB3BB1EB557CE996D88232E7705C3BDB08B05","session":{"restore_on_startup":"39C0471CEBFEE9505FCF9222B38F5A4EE943514536F2777FD6F85106543BB968","startup_urls":"8D6EC921344958D0FC4A3FEE8051CE06DC165F453126A60A426722A8611A0A8F"},"settings_reset_prompt":{"last_triggered_for_default_search":"DCB63703C95860ABC931C87A19C351F8262CC09203B980DC16321DB4754CF671","last_triggered_for_homepage":"B4EB6BD14D1121E258E2B930C12C8E73B5CD394429F2C45F672C537D69F6B25C","last_triggered_for_startup_urls":"CFD88530AEAFA144E39218C2693DD82B106CC01F695B27AD0C3F5A834D054895","prompt_wave":"70AE68D356E52B723DFBA7AA1E099023E4E6E2AD8732C90CCC1FED986DEECBE7"},"software_reporter":{"prompt_seed":"B4C18DCCD2D41ACDE7FF7E1489000FAF88178893DF5B68428B2ACC0D3E1105C0","prompt_version":"9C208DBC06321D59F99E4D8979BD6109614D66D14C571A84EBCD13D8B8315FE0","reporting":"85493E297457987410199DDB944326EFE6D7E2603983D5D240B75C5F07E5E9B7"}}},"reset_prepopulated_engines":false,"safebrowsing":{"advanced_protection_last_refresh":"13258652103002492","metrics_last_log_time":"13258638125"},"settings":{"a11y":{"caretbrowsing":{"enabled":false}}},"signin":{"DiceMigrationComplete":true,"allowed":true},"spellcheck":{"dictionaries":["cs"],"dictionary":""},"sync":{"autofill":true,"bag_of_chips":"CgEw","birthday":"ProductionEnvironmentDefinition","bookmarks":true,"cache_guid":"5hLIci1GQ2vDrOJzV14RuA==","collections":true,"collections_edge_re_evaluated":true,"collections_edge_supported":true,"edge_account_type":2,"extensions":true,"extensions_edge_supported":true,"gaia_id":"eePPQwAE-NaxSPnI5vG-1_iQJpdnCJZeSXoR1C-kmDk","has_setup_completed":true,"history_edge_supported":true,"keep_everything_synced":false,"keystore_encryption_key_state":"eyJleHBpcmF0aW9uX3RpbWUiOjE2MjAwNzgwNDQuNTIzNTI4LCJpc19wZW5kaW5nIjpmYWxzZSwia2V5X2NvbmZsaWN0IjpmYWxzZSwic2VydmljZV9kaXNhYmxlZF9jb3VudCI6MH0=","last_poll_time":"13258652268361258","last_run_version":"88.0.705.74","last_synced_time":"13258652268361432","local_device_guids_with_timestamp":[{"cache_guid":"5hLIci1GQ2vDrOJzV14RuA==","timestamp":153456}],"passwords":true,"preferences":true,"requested":false,"short_poll_interval":"28800","tabs_edge_supported":true},"translate_accepted_count":{"en":0},"translate_denied_count_for_language":{"en":1},"translate_ignored_count_for_language":{"en":8},"translate_last_denied_time_for_language":{"en":[1.608627164430529e+12]},"translate_site_blacklist_with_time":{},"try_collections_bubble_shown_num_times":1,"unified_consent":{"migration_state":10},"web_apps":{"daily_metrics":{"https://www.office.com/?from=Homescreen ... d_up":true}}

C:\Users\J1757~1.HAL\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
5BF7F05B86988C23E79B49EEA11D948C7760BAC58F","kmendfapggjehodndflmmgagdbamhnfd":"B4C84F520C6266F1DBC99857F050D605BF1E4960F5CD2F8F333342E6B24415CA","mhjfbmdgcfjbbpaeojofohoefgiehjai":"1A7F7743A4CE4BF348B20CE775D904E9754F42991A2C7588A86D156171FA3475","ncbjelpjchkpbikbpkcchkhkblodoama":"0C10A19570123FB2CEEB2CD1FF6B2AA5478EA5C78FEB1FB6AD8EF31FA05A446B","nkeimhogjdpnpccoofpliimaahmaaome":"15AF951D233110A942BB696611716D4C658AF14F5BDB0A490EB7E45CEE3364FF"}},"homepage":"7313723229CC157627717C3150491EFD19BE0BF5305F76A9224D3821CB326FAF","homepage_is_newtabpage":"AB88E354746CE59CF5536213EF8ED8C3880FC7227740375B0F9ACB31A1054D84","media":{"storage_id_salt":"154AC4B0A176204600B867A43DEA4F32D1772C2403A6C687E182DFA1C23D6CB4"},"pinned_tabs":"8A4ED53F4A1D16054A5D0B00D23448878AA064C5649D30432DC76888F96D2918","prefs":{"preference_reset_time":"B1D4EEAECCC0D851CA8ECE3EB88A4FCF0154609E13605DDD5C842B443BD67DAA"},"safebrowsing":{"incidents_sent":"7B20938625FD29BEA7FFFA39517FB169D49901824EFCDD5E628291ACAB704E36"},"search_provider_overrides":"240834AAB31487C6D327E7BF347FB3BB1EB557CE996D88232E7705C3BDB08B05","session":{"restore_on_startup":"39C0471CEBFEE9505FCF9222B38F5A4EE943514536F2777FD6F85106543BB968","startup_urls":"8D6EC921344958D0FC4A3FEE8051CE06DC165F453126A60A426722A8611A0A8F"},"settings_reset_prompt":{"last_triggered_for_default_search":"DCB63703C95860ABC931C87A19C351F8262CC09203B980DC16321DB4754CF671","last_triggered_for_homepage":"B4EB6BD14D1121E258E2B930C12C8E73B5CD394429F2C45F672C537D69F6B25C","last_triggered_for_startup_urls":"CFD88530AEAFA144E39218C2693DD82B106CC01F695B27AD0C3F5A834D054895","prompt_wave":"70AE68D356E52B723DFBA7AA1E099023E4E6E2AD8732C90CCC1FED986DEECBE7"},"software_reporter":{"prompt_seed":"B4C18DCCD2D41ACDE7FF7E1489000FAF88178893DF5B68428B2ACC0D3E1105C0","prompt_version":"9C208DBC06321D59F99E4D8979BD6109614D66D14C571A84EBCD13D8B8315FE0","reporting":"85493E297457987410199DDB944326EFE6D7E2603983D5D240B75C5F07E5E9B7"}}},"reset_prepopulated_engines":false,"safebrowsing":{"advanced_protection_last_refresh":"13258652103002492","metrics_last_log_time":"13258638125"},"settings":{"a11y":{"caretbrowsing":{"enabled":false}}},"signin":{"DiceMigrationComplete":true,"allowed":true},"spellcheck":{"dictionaries":["cs"],"dictionary":""},"sync":{"autofill":true,"bag_of_chips":"CgEw","birthday":"ProductionEnvironmentDefinition","bookmarks":true,"cache_guid":"5hLIci1GQ2vDrOJzV14RuA==","collections":true,"collections_edge_re_evaluated":true,"collections_edge_supported":true,"edge_account_type":2,"extensions":true,"extensions_edge_supported":true,"gaia_id":"eePPQwAE-NaxSPnI5vG-1_iQJpdnCJZeSXoR1C-kmDk","has_setup_completed":true,"history_edge_supported":true,"keep_everything_synced":false,"keystore_encryption_key_state":"eyJleHBpcmF0aW9uX3RpbWUiOjE2MjAwNzgwNDQuNTIzNTI4LCJpc19wZW5kaW5nIjpmYWxzZSwia2V5X2NvbmZsaWN0IjpmYWxzZSwic2VydmljZV9kaXNhYmxlZF9jb3VudCI6MH0=","last_poll_time":"13258652268361258","last_run_version":"88.0.705.74","last_synced_time":"13258652268361432","local_device_guids_with_timestamp":[{"cache_guid":"5hLIci1GQ2vDrOJzV14RuA==","timestamp":153456}],"passwords":true,"preferences":true,"requested":false,"short_poll_interval":"28800","tabs_edge_supported":true},"translate_accepted_count":{"en":0},"translate_denied_count_for_language":{"en":1},"translate_ignored_count_for_language":{"en":8},"translate_last_denied_time_for_language":{"en":[1.608627164430529e+12]},"translate_site_blacklist_with_time":{},"try_collections_bubble_shown_num_times":1,"unified_consent":{"migration_state":10},"web_apps":{"daily_metrics":{"https://www.office.com/?from=Homescreen ... d_up":true}}


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IESR02"

==== Reset Google Chrome ======================

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences was reset successfully
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences was reset successfully
C:\Users\j.gb\AppData\Local\Microsoft\Edge\User Data\Default\Preferences was reset successfully
C:\Users\j.gb\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences was reset successfully
C:\Users\J1757~1.HAL\AppData\Local\Microsoft\Edge\User Data\Default\Preferences was reset successfully
C:\Users\J1757~1.HAL\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences was reset successfully
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data was reset successfully
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data-journal was reset successfully
C:\Users\j.gb\AppData\Local\Microsoft\Edge\User Data\Default\Web Data was reset successfully
C:\Users\j.gb\AppData\Local\Microsoft\Edge\User Data\Default\Web Data-journal was reset successfully
C:\Users\J1757~1.HAL\AppData\Local\Microsoft\Edge\User Data\Default\Web Data was reset successfully
C:\Users\J1757~1.HAL\AppData\Local\Microsoft\Edge\User Data\Default\Web Data-journal was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FEE98B82400100001520FCF3A3907BD7 deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28B89EEF-1004-0000-5102-CF3F3A09B77D} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FEE98B82400100001520FCF3A3907BD7 deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\balcompc\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\j.gb\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\j.gb\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Users\J1757~1.HAL\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\J1757~1.HAL\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\j.gb\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\j.gb\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Users\J1757~1.HAL\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\J1757~1.HAL\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\j.gb\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\J1757~1.HAL\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache emptied successfully
C:\Users\j.gb\AppData\Local\Microsoft\Edge\User Data\Default\Cache emptied successfully
C:\Users\J1757~1.HAL\AppData\Local\Microsoft\Edge\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=414 folders=422 247572483 bytes)

==== Empty Temp Folders ======================

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\J1757~1.HAL\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\ProgramData\cm-lock" not deleted
"C:\DumpStack.log.tmp" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Cookies" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\lockfile" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\main-process.log" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\QuotaManager" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\QuotaManager-journal" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\databases\Databases.db" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Dictionaries\cs-CZ-3-0.bdic" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Session Storage\000003.log" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Session Storage\LOCK" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Session Storage\LOG" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Session Storage\MANIFEST-000001" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\File System\Origins\000003.log" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\File System\Origins\LOCK" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\File System\Origins\LOG" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\File System\Origins\MANIFEST-000001" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\000237.log" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\000239.ldb" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\000240.ldb" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\000241.ldb" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\000242.ldb" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\000243.ldb" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\000244.ldb" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\000245.ldb" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\LOCK" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\LOG" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\MANIFEST-000001" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Local Storage\leveldb\000005.ldb" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Local Storage\leveldb\000085.ldb" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Local Storage\leveldb\000087.ldb" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Local Storage\leveldb\000089.ldb" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Local Storage\leveldb\000090.log" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Local Storage\leveldb\000091.ldb" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Local Storage\leveldb\LOCK" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Local Storage\leveldb\LOG" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Local Storage\leveldb\MANIFEST-000001" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp" not found

==== EOF on 29.03.2021 at 12:52:28,75 ======================

Serifus
Návštěvník
Návštěvník
Příspěvky: 172
Registrován: 19 dub 2008 21:20

Re: Eset hlásí adware v Opeře - není schopen jej zlikvidovat

#13 Příspěvek od Serifus »

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Enterprise x64
Ran by j.gb (Administrator) on 29.03.2021 at 12:58:08,61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 2

Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.03.2021 at 12:58:47,10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118197
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Eset hlásí adware v Opeře - není schopen jej zlikvidovat

#14 Příspěvek od Rudy »

OK. Změnilo se něco?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Serifus
Návštěvník
Návštěvník
Příspěvky: 172
Registrován: 19 dub 2008 21:20

Re: Eset hlásí adware v Opeře - není schopen jej zlikvidovat

#15 Příspěvek od Serifus »

Teď opět hláška:

Čas;Skener;Typ objektu;Objekt;Detekce;Akce;Uživatel;Informace;Hash;První výskyt
30.03.2021 17:07:03;HTTP filtr;soubor;https://lapypushistyye.com/?r=dir&zonei ... e.Agent.AA aplikace;přerušeno spojení;APC\j.gb;Tato událost nastala při pokusu o přístup na web aplikací: C:\Users\j.gb\AppData\Local\Programs\Opera\74.0.3911.218\opera.exe (1F03BA3ACC3BCD1209B8E3A662C43418DCE0C966).;1729557A284DA5045E1C806C2262316ECDCFF338;


:o :?: :boxed:

Mám odinstalovat Operu a zkusit nainstalovat znovu? Děkuji předem.

Odpovědět