Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Preventívka

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
Uživatelský avatar
To3@s
Návštěvník
Návštěvník
Příspěvky: 191
Registrován: 08 dub 2010 10:56

Preventívka

#1 Příspěvek od To3@s »

Dobrý deň,
mohol by som Vás prosím požiadať o kontrolu? :)
Ďakujem.
Přílohy
logy.rar
(30.68 KiB) Staženo 5 x

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2174
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Preventívka

#2 Příspěvek od Diallix »

Dobry den.

:arrow: Stiahnite si na plochu nastroj AdwCleaner, link. na stiahnutie tu: https://toolslib.net/downloads/finish/1/
Pred spustenim nastroja povypinajte vsetke beziace okna programov, to su vsetke beziace programy pod desktopom.
Kliknite pravym tlacidlom mysi na program -> spustit ako Administrator.
Pokracujte kliknutim na tlacidlo Prehladaj teraz (Scan now) a pockajte, kym sa system doskenuje.
Po skene nechajte oznacene vsetky chlieviky, pripadne najdene hrozieby a pokracujte v dolnom pravom rohu tlacidlom Vycistit Teraz (Clean and Repair).
Po restartovani PC sa spusti nastroj AdwCleaner, kliknite na Zobrazit soubor protokolu.
Spusti sa log, jeho obsah skopirujte sem.
¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Uživatelský avatar
To3@s
Návštěvník
Návštěvník
Příspěvky: 191
Registrován: 08 dub 2010 10:56

Re: Preventívka

#3 Příspěvek od To3@s »

# -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build: 10-08-2020
# Database: 2020-09-29.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 10-17-2020
# Duration: 00:00:00
# OS: Windows 10 Pro
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1405 octets] - [28/04/2020 15:32:05]
AdwCleaner[C00].txt - [1595 octets] - [28/04/2020 15:32:30]
AdwCleaner[S01].txt - [1527 octets] - [17/10/2020 20:33:41]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2174
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Preventívka

#4 Příspěvek od Diallix »

V tom systeme je poriadny bordel.

Na virustotal.com otestujte tieto subory a ich vysledky skopirujte sem:
C:\Program Files (x86)\GIGABYTE\AppCenter\BDR_info.dll
C:\Program Files (x86)\GIGABYTE\AppCenter\yccV2.dll
C:\Program Files (x86)\GIGABYTE\AppCenter\osvi.dll

Do poznamkoveho bloku skopirujte obsah dole:

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

File: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.4\Lightshot.exe
C:\Program Files (x86)\Skillbrains
File: C:\Windows\System32\mracsvc.exe
File: C:\Windows\SysWOW64\GameMon.des
File: C:\Windows\xhunter1.sys

HKU\S-1-5-21-1237953686-2037993472-3780050099-1001\...\MountPoints2: {8c6f9af2-8d0f-11ea-b62f-001a7dda7112} - "E:\WifiAutoInstallSetup.exe" 
HKU\S-1-5-21-1237953686-2037993472-3780050099-1001\...\MountPoints2: {8e817452-99db-11ea-b635-001a7dda7112} - "E:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-1237953686-2037993472-3780050099-1001\...\MountPoints2: {9cd64be0-5c58-11ea-b623-e0d55eaeb3a8} - "E:\HiSuiteDownLoader.exe" 
Task: {136C7C5B-2DBA-4058-8418-43805F48FCAE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2019-12-26] (Google LLC -> Google LLC)
Task: {1F5A794D-9A07-4832-B113-F602808A9032} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2019-12-26] (Google LLC -> Google LLC)
Task: {99636600-2E11-45AE-A900-8D8281F33F84} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {E55F9284-1C40-4E74-BFE4-00B56176E060} - System32\Tasks\update-S-1-5-21-1237953686-2037993472-3780050099-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226728 2019-07-22] (Kilonova LLC -> )
Task: C:\Windows\Tasks\update-S-1-5-21-1237953686-2037993472-3780050099-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
S3 HnGEpicService; D:\Program Files\Epic Games\HeroesGeneralsWWII\hngservice.exe [X]
S3 mracsvc; C:\Windows\System32\mracsvc.exe [18534552 2020-01-11] (Mail.Ru LLC -> LLC Mail.Ru)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [8102192 2019-05-12] (INCA Internet Co.,Ltd. -> INCA Internet Co., Ltd.)
S3 GVCIDrv; \??\C:\Program Files (x86)\GIGABYTE\RGBFusion\GVCIDrv64.sys [X]
S3 MSIO; \??\C:\Program Files (x86)\GIGABYTE\RGBFusion\msio64.sys [X]
S3 xhunter1; C:\Windows\xhunter1.sys [2719256 2020-07-22] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 mracdrv; C:\Windows\System32\drivers\mracdrv.sys [17770920 2020-01-11] (Mail.Ru LLC -> LLC Mail.Ru)
2020-09-23 10:51 - 2020-09-23 10:51 - 000000012 _____ C:\ProgramData\ugtcpned.boo
2020-09-23 10:51 - 2020-09-23 10:51 - 000000012 _____ C:\ProgramData\lpkxhlhn.jcc
2020-09-23 10:51 - 2020-09-23 10:51 - 000000008 _____ C:\ProgramData\xtmywyfw.ycf
2020-09-23 10:51 - 2020-09-23 10:51 - 000000008 _____ C:\ProgramData\xdyewnmx.uyg
2020-09-23 10:51 - 2020-09-23 10:51 - 000000008 _____ C:\ProgramData\wyrbjqps.yhd
2020-09-23 10:51 - 2020-09-23 10:51 - 000000008 _____ C:\ProgramData\worwmtjn.lwj
2020-09-23 10:51 - 2020-09-23 10:51 - 000000008 _____ C:\ProgramData\vidaaurq.tyb
2020-09-23 10:51 - 2020-09-23 10:51 - 000000008 _____ C:\ProgramData\vdnmxvqu.tyv
2020-09-23 10:51 - 2020-09-23 10:51 - 000000008 _____ C:\ProgramData\ubycdhsk.skl
2020-09-23 10:51 - 2020-09-23 10:51 - 000000008 _____ C:\ProgramData\txrypqeh.wtv
2020-09-23 10:51 - 2020-09-23 10:51 - 000000008 _____ C:\ProgramData\tkrtubkk.yqd
2020-09-23 10:51 - 2020-09-23 10:51 - 000000008 _____ C:\ProgramData\tinuwxwg.ems
2020-09-23 10:51 - 2020-09-23 10:51 - 000000008 _____ C:\ProgramData\skwbtscr.dci
2020-09-23 10:51 - 2020-09-23 10:51 - 000000008 _____ C:\ProgramData\sdsymcei.jno
2020-09-23 10:51 - 2020-09-23 10:51 - 000000008 _____ C:\ProgramData\rgxpwlks.qef
2020-09-23 10:51 - 2020-09-23 10:51 - 000000008 _____ C:\ProgramData\mfnneveu.tbs
2020-09-23 10:51 - 2020-09-23 10:51 - 000000008 _____ C:\ProgramData\lsanclbe.ytv
2020-09-23 10:51 - 2020-09-23 10:51 - 000000008 _____ C:\ProgramData\kxlporyi.acb
2020-09-23 10:51 - 2020-09-23 10:51 - 000000008 _____ C:\ProgramData\jwyrurmr.mtv
2020-09-23 10:51 - 2020-09-23 10:51 - 000000008 _____ C:\ProgramData\jsbspcwr.csq
2020-09-23 10:51 - 2020-09-23 10:51 - 000000008 _____ C:\ProgramData\irixxrxj.uuv
2020-09-23 10:51 - 2020-09-23 10:51 - 000000008 _____ C:\ProgramData\gyqwrfeq.yey
2020-09-23 10:51 - 2020-09-23 10:51 - 000000008 _____ C:\ProgramData\gbsgqfad.ick
2020-09-23 10:51 - 2020-09-23 10:51 - 000000008 _____ C:\ProgramData\fexcqvbf.cfa
2020-09-23 10:51 - 2020-09-23 10:51 - 000000008 _____ C:\ProgramData\evknnjbi.klu
2020-09-23 10:51 - 2020-09-23 10:51 - 000000008 _____ C:\ProgramData\dklsmkve.vjs
2020-09-23 10:51 - 2020-09-23 10:51 - 000000008 _____ C:\ProgramData\bkkgklla.xjy
2020-09-23 10:51 - 2020-09-23 10:51 - 000000008 _____ C:\ProgramData\awwaprei.kda
2020-10-17 15:26 - 2020-06-12 12:30 - 000003576 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-10-17 15:26 - 2020-06-12 12:30 - 000003452 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-10-14 07:43 - 2019-12-26 23:36 - 000003456 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-10-14 07:43 - 2019-12-26 23:36 - 000003332 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2020-07-19 12:47 - 2020-07-19 12:47 - 000000008 _____ () C:\Users\casyo\AppData\Roaming\00000602001520
2020-05-08 10:59 - 2020-05-08 10:59 - 000000017 _____ () C:\Users\casyo\AppData\Local\resmon.resmoncfg
2019-12-27 15:59 - 2019-12-27 15:59 - 000000003 _____ () C:\Users\casyo\AppData\Local\updater.log
2019-12-27 15:59 - 2019-12-27 15:59 - 000000424 _____ () C:\Users\casyo\AppData\Local\UserProducts.xml
AlternateDataStreams: C:\Users\casyo:Heroes & Generals [38]
AlternateDataStreams: C:\Users\casyo\Application Data:6699d3ee8dd9cf775caae782c8f44f03 [394]
AlternateDataStreams: C:\Users\casyo\AppData\Roaming:6699d3ee8dd9cf775caae782c8f44f03 [394]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [488]
HKLM\...\StartupApproved\Run32: => "Wraith Prism"
HKU\S-1-5-21-1237953686-2037993472-3780050099-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-1237953686-2037993472-3780050099-1001\...\StartupApproved\Run: => "LGHUB"
irewallRules: [TCP Query User{CE03AF89-A179-403D-9639-559294411905}C:\users\casyo\onedrive\počítač\winbox64.exe] => (Allow) C:\users\casyo\onedrive\počítač\winbox64.exe => No File
FirewallRules: [UDP Query User{6B74F573-B0D6-4D0D-AA5B-D6DB6A437925}C:\users\casyo\onedrive\počítač\winbox64.exe] => (Allow) C:\users\casyo\onedrive\počítač\winbox64.exe => No File
FirewallRules: [TCP Query User{5F1960F3-9B3A-415F-9879-3A62CA70CE5C}D:\hry\grounded\maine\binaries\win64\maine-win64-shipping.exe] => (Allow) D:\hry\grounded\maine\binaries\win64\maine-win64-shipping.exe => No File
FirewallRules: [UDP Query User{D2323D4B-2A64-4214-9CA8-EDC3DA07AC54}D:\hry\grounded\maine\binaries\win64\maine-win64-shipping.exe] => (Allow) D:\hry\grounded\maine\binaries\win64\maine-win64-shipping.exe => No File
FirewallRules: [{607B4AF1-3AC8-48E6-B25B-E43BA2DC65DA}] => (Allow) LPort=9009
FirewallRules: [TCP Query User{57A95629-0FE7-41B2-B248-275E03D3C0DF}C:\program files (x86)\mumu\emulator\nemu\emulatorshell\nemuplayer.exe] => (Allow) C:\program files (x86)\mumu\emulator\nemu\emulatorshell\nemuplayer.exe => No File
FirewallRules: [UDP Query User{A9E75BC0-AB11-47ED-816B-6762E6A4EF61}C:\program files (x86)\mumu\emulator\nemu\emulatorshell\nemuplayer.exe] => (Allow) C:\program files (x86)\mumu\emulator\nemu\emulatorshell\nemuplayer.exe => No File
FirewallRules: [{52DFF4EA-7FC9-4837-9EAA-75D911ED6A55}] => (Allow) LPort=9009
FirewallRules: [{473C877B-662D-4FE8-949F-98E20DCF4109}] => (Allow) D:\SteamLibrary\steamapps\common\VillagersAndHeroes\AMysticalLandSAC\VillagersAndHeroes.exe => No File
FirewallRules: [{85B17BF2-52F6-41B4-9244-E7982A956C11}] => (Allow) D:\SteamLibrary\steamapps\common\VillagersAndHeroes\AMysticalLandSAC\VillagersAndHeroes.exe => No File
FirewallRules: [{D3B1EEC8-FE8A-4C3C-BA23-95BB4318A057}] => (Allow) D:\Program Files (x86)\Villagers and Heroes\VHPatcher.exe => No File
FirewallRules: [{DF5743F8-21C8-4B1B-A327-8061CE9067E3}] => (Allow) D:\Program Files (x86)\Villagers and Heroes\VHLauncher.exe => No File
FirewallRules: [{7FEC33CF-71A8-4B87-8C17-2C7ED9159EB1}] => (Allow) D:\Program Files (x86)\Villagers and Heroes\AMysticalLandSAC\villagersAndHeroes.exe => No File
FirewallRules: [TCP Query User{6AADB7F8-8D1E-4F5B-AB40-1FEA094645F9}D:\program files\epic games\rs2v\binaries\win64\risingstorm2.exe] => (Allow) D:\program files\epic games\rs2v\binaries\win64\risingstorm2.exe => No File
FirewallRules: [UDP Query User{A26536A1-67E2-4EBD-A9A7-7E57FE7D0377}D:\program files\epic games\rs2v\binaries\win64\risingstorm2.exe] => (Allow) D:\program files\epic games\rs2v\binaries\win64\risingstorm2.exe => No File

EmptyTemp:
End


Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Uživatelský avatar
To3@s
Návštěvník
Návštěvník
Příspěvky: 191
Registrován: 08 dub 2010 10:56

Re: Preventívka

#5 Příspěvek od To3@s »

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-10-2020
Ran by casyo (18-10-2020 08:58:25) Run:2
Running from C:\Users\casyo\OneDrive\Počítač
Loaded Profiles: casyo
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

File: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.4\Lightshot.exe
C:\Program Files (x86)\Skillbrains
File: C:\Windows\System32\mracsvc.exe
File: C:\Windows\SysWOW64\GameMon.des
File: C:\Windows\xhunter1.sys

HKU\S-1-5-21-1237953686-2037993472-3780050099-1001\...\MountPoints2: {8c6f9af2-8d0f-11ea-b62f-001a7dda7112} - "E:\WifiAutoInstallSetup.exe"
HKU\S-1-5-21-1237953686-2037993472-3780050099-1001\...\MountPoints2: {8e817452-99db-11ea-b635-001a7dda7112} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1237953686-2037993472-3780050099-1001\...\MountPoints2: {9cd64be0-5c58-11ea-b623-e0d55eaeb3a8} - "E:\HiSuiteDownLoader.exe"
Task: {136C7C5B-2DBA-4058-8418-43805F48FCAE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2019-12-26] (Google LLC -> Google LLC)
Task: {1F5A794D-9A07-4832-B113-F602808A9032} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2019-12-26] (Google LLC -> Google LLC)
Task: {99636600-2E11-45AE-A900-8D8281F33F84} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {E55F9284-1C40-4E74-BFE4-00B56176E060} - System32\Tasks\update-S-1-5-21-1237953686-2037993472-3780050099-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226728 2019-07-22] (Kilonova LLC -> )
Task: C:\Windows\Tasks\update-S-1-5-21-1237953686-2037993472-3780050099-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
S3 HnGEpicService; D:\Program Files\Epic Games\HeroesGeneralsWWII\hngservice.exe [X]
S3 mracsvc; C:\Windows\System32\mracsvc.exe [18534552 2020-01-11] (Mail.Ru LLC -> LLC Mail.Ru)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [8102192 2019-05-12] (INCA Internet Co.,Ltd. -> INCA Internet Co., Ltd.)
S3 GVCIDrv; \??\C:\Program Files (x86)\GIGABYTE\RGBFusion\GVCIDrv64.sys [X]
S3 MSIO; \??\C:\Program Files (x86)\GIGABYTE\RGBFusion\msio64.sys [X]
S3 xhunter1; C:\Windows\xhunter1.sys [2719256 2020-07-22] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 mracdrv; C:\Windows\System32\drivers\mracdrv.sys [17770920 2020-01-11] (Mail.Ru LLC -> LLC Mail.Ru)
2020-09-23 10:51 - 2020-09-23 10:51 - 000000012 _____ C:\ProgramData\ugtcpned.boo
2020-09-23 10:51 - 2020-09-23 10:51 - 000000012 _____ C:\ProgramData\lpkxhlhn.jcc
2020-09-23 10:51 - 2020-09-23 10:51 - 000000008 _____ C:\ProgramData\xtmywyfw.ycf
2020-09-23 10:51 - 2020-09-23 10:51 - 000000008 _____ C:\ProgramData\xdyewnmx.uyg
2020-09-23 10:51 - 2020-09-23 10:51 - 000000008 _____ C:\ProgramData\wyrbjqps.yhd
2020-09-23 10:51 - 2020-09-23 10:51 - 000000008 _____ C:\ProgramData\worwmtjn.lwj
2020-09-23 10:51 - 2020-09-23 10:51 - 000000008 _____ C:\ProgramData\vidaaurq.tyb
2020-09-23 10:51 - 2020-09-23 10:51 - 000000008 _____ C:\ProgramData\vdnmxvqu.tyv
2020-09-23 10:51 - 2020-09-23 10:51 - 000000008 _____ C:\ProgramData\ubycdhsk.skl
2020-09-23 10:51 - 2020-09-23 10:51 - 000000008 _____ C:\ProgramData\txrypqeh.wtv
2020-09-23 10:51 - 2020-09-23 10:51 - 000000008 _____ C:\ProgramData\tkrtubkk.yqd
2020-09-23 10:51 - 2020-09-23 10:51 - 000000008 _____ C:\ProgramData\tinuwxwg.ems
2020-09-23 10:51 - 2020-09-23 10:51 - 000000008 _____ C:\ProgramData\skwbtscr.dci
2020-09-23 10:51 - 2020-09-23 10:51 - 000000008 _____ C:\ProgramData\sdsymcei.jno
2020-09-23 10:51 - 2020-09-23 10:51 - 000000008 _____ C:\ProgramData\rgxpwlks.qef
2020-09-23 10:51 - 2020-09-23 10:51 - 000000008 _____ C:\ProgramData\mfnneveu.tbs
2020-09-23 10:51 - 2020-09-23 10:51 - 000000008 _____ C:\ProgramData\lsanclbe.ytv
2020-09-23 10:51 - 2020-09-23 10:51 - 000000008 _____ C:\ProgramData\kxlporyi.acb
2020-09-23 10:51 - 2020-09-23 10:51 - 000000008 _____ C:\ProgramData\jwyrurmr.mtv
2020-09-23 10:51 - 2020-09-23 10:51 - 000000008 _____ C:\ProgramData\jsbspcwr.csq
2020-09-23 10:51 - 2020-09-23 10:51 - 000000008 _____ C:\ProgramData\irixxrxj.uuv
2020-09-23 10:51 - 2020-09-23 10:51 - 000000008 _____ C:\ProgramData\gyqwrfeq.yey
2020-09-23 10:51 - 2020-09-23 10:51 - 000000008 _____ C:\ProgramData\gbsgqfad.ick
2020-09-23 10:51 - 2020-09-23 10:51 - 000000008 _____ C:\ProgramData\fexcqvbf.cfa
2020-09-23 10:51 - 2020-09-23 10:51 - 000000008 _____ C:\ProgramData\evknnjbi.klu
2020-09-23 10:51 - 2020-09-23 10:51 - 000000008 _____ C:\ProgramData\dklsmkve.vjs
2020-09-23 10:51 - 2020-09-23 10:51 - 000000008 _____ C:\ProgramData\bkkgklla.xjy
2020-09-23 10:51 - 2020-09-23 10:51 - 000000008 _____ C:\ProgramData\awwaprei.kda
2020-10-17 15:26 - 2020-06-12 12:30 - 000003576 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-10-17 15:26 - 2020-06-12 12:30 - 000003452 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-10-14 07:43 - 2019-12-26 23:36 - 000003456 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-10-14 07:43 - 2019-12-26 23:36 - 000003332 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2020-07-19 12:47 - 2020-07-19 12:47 - 000000008 _____ () C:\Users\casyo\AppData\Roaming\00000602001520
2020-05-08 10:59 - 2020-05-08 10:59 - 000000017 _____ () C:\Users\casyo\AppData\Local\resmon.resmoncfg
2019-12-27 15:59 - 2019-12-27 15:59 - 000000003 _____ () C:\Users\casyo\AppData\Local\updater.log
2019-12-27 15:59 - 2019-12-27 15:59 - 000000424 _____ () C:\Users\casyo\AppData\Local\UserProducts.xml
AlternateDataStreams: C:\Users\casyo:Heroes & Generals [38]
AlternateDataStreams: C:\Users\casyo\Application Data:6699d3ee8dd9cf775caae782c8f44f03 [394]
AlternateDataStreams: C:\Users\casyo\AppData\Roaming:6699d3ee8dd9cf775caae782c8f44f03 [394]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [488]
HKLM\...\StartupApproved\Run32: => "Wraith Prism"
HKU\S-1-5-21-1237953686-2037993472-3780050099-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-1237953686-2037993472-3780050099-1001\...\StartupApproved\Run: => "LGHUB"
irewallRules: [TCP Query User{CE03AF89-A179-403D-9639-559294411905}C:\users\casyo\onedrive\počítač\winbox64.exe] => (Allow) C:\users\casyo\onedrive\počítač\winbox64.exe => No File
FirewallRules: [UDP Query User{6B74F573-B0D6-4D0D-AA5B-D6DB6A437925}C:\users\casyo\onedrive\počítač\winbox64.exe] => (Allow) C:\users\casyo\onedrive\počítač\winbox64.exe => No File
FirewallRules: [TCP Query User{5F1960F3-9B3A-415F-9879-3A62CA70CE5C}D:\hry\grounded\maine\binaries\win64\maine-win64-shipping.exe] => (Allow) D:\hry\grounded\maine\binaries\win64\maine-win64-shipping.exe => No File
FirewallRules: [UDP Query User{D2323D4B-2A64-4214-9CA8-EDC3DA07AC54}D:\hry\grounded\maine\binaries\win64\maine-win64-shipping.exe] => (Allow) D:\hry\grounded\maine\binaries\win64\maine-win64-shipping.exe => No File
FirewallRules: [{607B4AF1-3AC8-48E6-B25B-E43BA2DC65DA}] => (Allow) LPort=9009
FirewallRules: [TCP Query User{57A95629-0FE7-41B2-B248-275E03D3C0DF}C:\program files (x86)\mumu\emulator\nemu\emulatorshell\nemuplayer.exe] => (Allow) C:\program files (x86)\mumu\emulator\nemu\emulatorshell\nemuplayer.exe => No File
FirewallRules: [UDP Query User{A9E75BC0-AB11-47ED-816B-6762E6A4EF61}C:\program files (x86)\mumu\emulator\nemu\emulatorshell\nemuplayer.exe] => (Allow) C:\program files (x86)\mumu\emulator\nemu\emulatorshell\nemuplayer.exe => No File
FirewallRules: [{52DFF4EA-7FC9-4837-9EAA-75D911ED6A55}] => (Allow) LPort=9009
FirewallRules: [{473C877B-662D-4FE8-949F-98E20DCF4109}] => (Allow) D:\SteamLibrary\steamapps\common\VillagersAndHeroes\AMysticalLandSAC\VillagersAndHeroes.exe => No File
FirewallRules: [{85B17BF2-52F6-41B4-9244-E7982A956C11}] => (Allow) D:\SteamLibrary\steamapps\common\VillagersAndHeroes\AMysticalLandSAC\VillagersAndHeroes.exe => No File
FirewallRules: [{D3B1EEC8-FE8A-4C3C-BA23-95BB4318A057}] => (Allow) D:\Program Files (x86)\Villagers and Heroes\VHPatcher.exe => No File
FirewallRules: [{DF5743F8-21C8-4B1B-A327-8061CE9067E3}] => (Allow) D:\Program Files (x86)\Villagers and Heroes\VHLauncher.exe => No File
FirewallRules: [{7FEC33CF-71A8-4B87-8C17-2C7ED9159EB1}] => (Allow) D:\Program Files (x86)\Villagers and Heroes\AMysticalLandSAC\villagersAndHeroes.exe => No File
FirewallRules: [TCP Query User{6AADB7F8-8D1E-4F5B-AB40-1FEA094645F9}D:\program files\epic games\rs2v\binaries\win64\risingstorm2.exe] => (Allow) D:\program files\epic games\rs2v\binaries\win64\risingstorm2.exe => No File
FirewallRules: [UDP Query User{A26536A1-67E2-4EBD-A9A7-7E57FE7D0377}D:\program files\epic games\rs2v\binaries\win64\risingstorm2.exe] => (Allow) D:\program files\epic games\rs2v\binaries\win64\risingstorm2.exe => No File

EmptyTemp:
End

*****************

Processes closed successfully.
Restore point was successfully created.

========================= File: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.4\Lightshot.exe ========================

C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.4\Lightshot.exe
File is digitally signed
MD5: 1E1C83B9680029AD4A9F8D3B3AC93197
Creation and modification date: 2019-12-27 15:59 - 2019-07-22 00:04
Size: 000499624
Attributes: ----A
Company Name: Kilonova LLC -> Skillbrains
Internal Name: Lightshot
Original Name: Lightshot
Product: Lightshot
Description: Lightshot
File Version: 5.5.0.4
Product Version: 5.5.0.4
Copyright: Copyright (C) 2009-2019
VirusTotal: https://www.virustotal.com/gui/file/0b8 ... 1601820420

====== End of File: ======

C:\Program Files (x86)\Skillbrains => moved successfully

========================= File: C:\Windows\System32\mracsvc.exe ========================

C:\Windows\System32\mracsvc.exe
File is digitally signed
MD5: 706EC19DBB2E0888C45BFEFA32AD0AD9
Creation and modification date: 2020-01-11 15:18 - 2020-01-11 15:18
Size: 018534552
Attributes: ----A
Company Name: Mail.Ru LLC -> LLC Mail.Ru
Internal Name: mracsvc.exe
Original Name: mracsvc.exe
Product: Mail.Ru AntiCheat
Description: Mail.Ru AntiCheat Service
File Version: 2.63.1
Product Version: 2.63.1
Copyright: Copyright (C) 2019 LLC Mail.Ru
VirusTotal: https://www.virustotal.com/gui/file/a45 ... 1584079465

====== End of File: ======


========================= File: C:\Windows\SysWOW64\GameMon.des ========================

C:\Windows\SysWOW64\GameMon.des
File is digitally signed
MD5: 9FCC6078C8642F1D31C84A7A438E3DD3
Creation and modification date: 2020-03-09 18:53 - 2019-05-12 12:59
Size: 008102192
Attributes: ----A
Company Name: INCA Internet Co.,Ltd. -> INCA Internet Co., Ltd.
Internal Name: GameMon
Original Name: GameMon.des
Product: nProtect Game Monitor
Description: nProtect Game Monitor Rev 2604
File Version: 2019, 5, 13, 1
Product Version: 2019, 5, 13, 1
Copyright: Copyright ⓒ 2000-2011 INCA Internet
VirusTotal: https://www.virustotal.com/gui/file/593 ... 1596303631

====== End of File: ======


========================= File: C:\Windows\xhunter1.sys ========================

C:\Windows\xhunter1.sys
File is digitally signed
MD5: E031D482CE4EF80CB81B035AF7A0D669
Creation and modification date: 2019-12-27 13:21 - 2020-07-22 15:48
Size: 002719256
Attributes: ----A
Company Name: Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.
Internal Name: xhunter1.sys
Original Name: xhunter1.sys
Product: XIGNCODE3
Description: XIGNCODE3 System Guard
File Version: 10.0.10011.16384
Product Version: 10.0.10011.16384
Copyright: Copyright (c) 2006-2013 Wellbia.com Co., Ltd.
VirusTotal: https://www.virustotal.com/gui/file/5a5 ... 1602770147

====== End of File: ======

HKU\S-1-5-21-1237953686-2037993472-3780050099-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c6f9af2-8d0f-11ea-b62f-001a7dda7112} => removed successfully
HKU\S-1-5-21-1237953686-2037993472-3780050099-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e817452-99db-11ea-b635-001a7dda7112} => removed successfully
HKU\S-1-5-21-1237953686-2037993472-3780050099-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9cd64be0-5c58-11ea-b623-e0d55eaeb3a8} => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{136C7C5B-2DBA-4058-8418-43805F48FCAE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{136C7C5B-2DBA-4058-8418-43805F48FCAE}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1F5A794D-9A07-4832-B113-F602808A9032}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F5A794D-9A07-4832-B113-F602808A9032}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{99636600-2E11-45AE-A900-8D8281F33F84}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99636600-2E11-45AE-A900-8D8281F33F84}" => removed successfully
C:\Windows\System32\Tasks\update-sys => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\update-sys" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E55F9284-1C40-4E74-BFE4-00B56176E060}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E55F9284-1C40-4E74-BFE4-00B56176E060}" => removed successfully
C:\Windows\System32\Tasks\update-S-1-5-21-1237953686-2037993472-3780050099-1001 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\update-S-1-5-21-1237953686-2037993472-3780050099-1001" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Lightshot" => removed successfully
C:\Windows\Tasks\update-S-1-5-21-1237953686-2037993472-3780050099-1001.job => moved successfully
C:\Windows\Tasks\update-sys.job => moved successfully
HKLM\System\CurrentControlSet\Services\HnGEpicService => removed successfully
HnGEpicService => service removed successfully
HKLM\System\CurrentControlSet\Services\mracsvc => removed successfully
mracsvc => service removed successfully
HKLM\System\CurrentControlSet\Services\npggsvc => removed successfully
npggsvc => service removed successfully
HKLM\System\CurrentControlSet\Services\GVCIDrv => removed successfully
GVCIDrv => service removed successfully
HKLM\System\CurrentControlSet\Services\MSIO => removed successfully
MSIO => service removed successfully
HKLM\System\CurrentControlSet\Services\xhunter1 => removed successfully
xhunter1 => service removed successfully
HKLM\System\CurrentControlSet\Services\mracdrv => removed successfully
mracdrv => service removed successfully
C:\ProgramData\ugtcpned.boo => moved successfully
C:\ProgramData\lpkxhlhn.jcc => moved successfully
C:\ProgramData\xtmywyfw.ycf => moved successfully
C:\ProgramData\xdyewnmx.uyg => moved successfully
C:\ProgramData\wyrbjqps.yhd => moved successfully
C:\ProgramData\worwmtjn.lwj => moved successfully
C:\ProgramData\vidaaurq.tyb => moved successfully
C:\ProgramData\vdnmxvqu.tyv => moved successfully
C:\ProgramData\ubycdhsk.skl => moved successfully
C:\ProgramData\txrypqeh.wtv => moved successfully
C:\ProgramData\tkrtubkk.yqd => moved successfully
C:\ProgramData\tinuwxwg.ems => moved successfully
C:\ProgramData\skwbtscr.dci => moved successfully
C:\ProgramData\sdsymcei.jno => moved successfully
C:\ProgramData\rgxpwlks.qef => moved successfully
C:\ProgramData\mfnneveu.tbs => moved successfully
C:\ProgramData\lsanclbe.ytv => moved successfully
C:\ProgramData\kxlporyi.acb => moved successfully
C:\ProgramData\jwyrurmr.mtv => moved successfully
C:\ProgramData\jsbspcwr.csq => moved successfully
C:\ProgramData\irixxrxj.uuv => moved successfully
C:\ProgramData\gyqwrfeq.yey => moved successfully
C:\ProgramData\gbsgqfad.ick => moved successfully
C:\ProgramData\fexcqvbf.cfa => moved successfully
C:\ProgramData\evknnjbi.klu => moved successfully
C:\ProgramData\dklsmkve.vjs => moved successfully
C:\ProgramData\bkkgklla.xjy => moved successfully
C:\ProgramData\awwaprei.kda => moved successfully
C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA => moved successfully
C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore => moved successfully
"C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore" => not found
C:\Users\casyo\AppData\Roaming\00000602001520 => moved successfully
C:\Users\casyo\AppData\Local\resmon.resmoncfg => moved successfully
C:\Users\casyo\AppData\Local\updater.log => moved successfully
C:\Users\casyo\AppData\Local\UserProducts.xml => moved successfully
C:\Users\casyo => ":Heroes & Generals" ADS removed successfully
C:\Users\casyo\Application Data => ":6699d3ee8dd9cf775caae782c8f44f03" ADS removed successfully
"C:\Users\casyo\AppData\Roaming" => ":6699d3ee8dd9cf775caae782c8f44f03" ADS not found.
C:\Users\Public\Shared Files => ":VersionCache" ADS removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\Wraith Prism" => removed successfully
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Wraith Prism" => removed successfully
"HKU\S-1-5-21-1237953686-2037993472-3780050099-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\EpicGamesLauncher" => removed successfully
"HKU\S-1-5-21-1237953686-2037993472-3780050099-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\EpicGamesLauncher" => removed successfully
"HKU\S-1-5-21-1237953686-2037993472-3780050099-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\LGHUB" => removed successfully
"HKU\S-1-5-21-1237953686-2037993472-3780050099-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\LGHUB" => removed successfully
irewallRules: [TCP Query User{CE03AF89-A179-403D-9639-559294411905}C:\users\casyo\onedrive\počítač\winbox64.exe] => (Allow) C:\users\casyo\onedrive\počítač\winbox64.exe => No File => Error: No automatic fix found for this entry.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{6B74F573-B0D6-4D0D-AA5B-D6DB6A437925}C:\users\casyo\onedrive\počítač\winbox64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{5F1960F3-9B3A-415F-9879-3A62CA70CE5C}D:\hry\grounded\maine\binaries\win64\maine-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D2323D4B-2A64-4214-9CA8-EDC3DA07AC54}D:\hry\grounded\maine\binaries\win64\maine-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{607B4AF1-3AC8-48E6-B25B-E43BA2DC65DA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{57A95629-0FE7-41B2-B248-275E03D3C0DF}C:\program files (x86)\mumu\emulator\nemu\emulatorshell\nemuplayer.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A9E75BC0-AB11-47ED-816B-6762E6A4EF61}C:\program files (x86)\mumu\emulator\nemu\emulatorshell\nemuplayer.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{52DFF4EA-7FC9-4837-9EAA-75D911ED6A55}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{473C877B-662D-4FE8-949F-98E20DCF4109}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{85B17BF2-52F6-41B4-9244-E7982A956C11}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D3B1EEC8-FE8A-4C3C-BA23-95BB4318A057}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DF5743F8-21C8-4B1B-A327-8061CE9067E3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7FEC33CF-71A8-4B87-8C17-2C7ED9159EB1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6AADB7F8-8D1E-4F5B-AB40-1FEA094645F9}D:\program files\epic games\rs2v\binaries\win64\risingstorm2.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A26536A1-67E2-4EBD-A9A7-7E57FE7D0377}D:\program files\epic games\rs2v\binaries\win64\risingstorm2.exe" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 453066984 B
Java, Flash, Steam htmlcache => 223916102 B
Windows/system/drivers => 9886989 B
Edge => 25670 B
Chrome => 692908171 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 37544 B
LocalService => 37544 B
NetworkService => 385008 B
casyo => 84896042 B

RecycleBin => 9447190659 B
EmptyTemp: => 10.2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 08:59:14 ====

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2174
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Preventívka

#6 Příspěvek od Diallix »

Poprosim o nove logy FRST a ADDITION.
¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Uživatelský avatar
To3@s
Návštěvník
Návštěvník
Příspěvky: 191
Registrován: 08 dub 2010 10:56

Re: Preventívka

#7 Příspěvek od To3@s »

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-10-2020
Ran by casyo (18-10-2020 09:38:17)
Running from C:\Users\casyo\OneDrive\Počítač
Windows 10 Pro Version 1909 18363.592 (X64) (2019-12-26 21:28:57)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1237953686-2037993472-3780050099-500 - Administrator - Disabled)
casyo (S-1-5-21-1237953686-2037993472-3780050099-1001 - Administrator - Enabled) => C:\Users\casyo
DefaultAccount (S-1-5-21-1237953686-2037993472-3780050099-503 - Limited - Disabled)
Guest (S-1-5-21-1237953686-2037993472-3780050099-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1237953686-2037993472-3780050099-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Slovak (HKLM-x32\...\{AC76BA86-7AD7-1051-7B44-AC0F074E4100}) (Version: 20.012.20048 - Adobe Systems Incorporated)
Aktualizácie NVIDIA 38.0.5.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 38.0.5.0 - NVIDIA Corporation) Hidden
APP Center (HKLM-x32\...\{D50BEE9A-0EC6-4A58-BF90-35BDC6D6495D}) (Version: 3.20.0506.1 - GIGABYTE) Hidden
APP Center (HKLM-x32\...\InstallShield_{D50BEE9A-0EC6-4A58-BF90-35BDC6D6495D}) (Version: 3.20.0506.1 - GIGABYTE)
Conquer Online 3.0 (HKLM-x32\...\{78B51FD5-DA3F-4B48-8F3F-4E4068F25D89}_is1) (Version: 7110 - Conquer Online)
ENE IO Driver (HKLM-x32\...\{D0512FFD-6194-4D2E-967E-25B82A3322FF}) (Version: 3.0.0 - ENE TECHNOLOGY INC.) Hidden
ENE RGB HAL (HKLM\...\{B380DBDE-BA95-481B-92E9-52F2E5E84F24}) (Version: 1.00.15 - Ene Tech.) Hidden
ENE RGB HAL (HKLM-x32\...\{adbc3d98-57f2-4d68-b155-138f8fb0f73d}) (Version: 1.00.15 - Ene Tech.) Hidden
ENE_DRAM_RGB_AURA42 (HKLM\...\{BC5E0A82-C638-44CB-8129-20C8ED70DE7A}) (Version: 1.00.02 - Ene Tech.) Hidden
ENE_DRAM_RGB_AURA42 (HKLM-x32\...\{f3d7fb09-b93f-4c01-a765-0b0adc5bc746}) (Version: 1.00.02 - Ene Tech.) Hidden
ENE_EHD_M2_HAL (HKLM\...\{37A48B7F-D4EA-4863-844E-A284E2AA3C5D}) (Version: 1.00.04 - ENE TECHNOLOGY INC.) Hidden
ENE_EHD_M2_HAL (HKLM-x32\...\{26b207d1-1f37-4df9-8b3f-aeebbca6bb85}) (Version: 1.00.04 - ENE TECHNOLOGY INC.) Hidden
Epic Games Launcher (HKLM-x32\...\{C69A2919-0662-4390-9418-67C931B44C18}) (Version: 1.1.236.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 86.0.4240.75 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.31 - Google LLC) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LenovoUsbDriver 1.1.34 (HKLM-x32\...\LenovoUsbDriver) (Version: 1.1.34 - Lenovo)
Lightshot-5.5.0.4 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.5.0.4 - Skillbrains)
Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version: - Logitech)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 86.0.622.43 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.135.49 - )
Microsoft Office 2016 Professional Plus - sk-sk (HKLM\...\ProplusRetail - sk-sk) (Version: 16.0.13231.20390 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1237953686-2037993472-3780050099-1001\...\OneDriveSetup.exe) (Version: 20.169.0823.0006 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{97238E8A-4919-4A1E-965A-C6C36938F4CE}) (Version: 2.68.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{3994d355-238a-4612-af93-26d13deddef1}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
Mu (HKLM-x32\...\{F57CEB84-3D22-4657-8EDA-F8CD5217B83E}) (Version: 0.68.0000 - Webzen)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.27 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.20.4.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.4.14 - NVIDIA Corporation)
NVIDIA Grafický ovládač 456.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 456.71 - NVIDIA Corporation)
NVIDIA Ovládač zvuku HD 1.3.38.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.35 - NVIDIA Corporation)
NVIDIA Softvér systému s podporou technológie PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NVIDIA USBC Driver 1.45.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.45.831.832 - NVIDIA Corporation)
NvModuleTracker (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver) (Version: 6.14.24033.38719 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13231.20126 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13231.20200 - Microsoft Corporation) Hidden
qBittorrent 4.2.1 (HKLM-x32\...\qBittorrent) (Version: 4.2.1 - The qBittorrent project)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.5.3 - TeamSpeak Systems GmbH)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.10 - VideoLAN)
Vzum (HKU\S-1-5-21-1237953686-2037993472-3780050099-1001\...\6cfa0c5674100ff8) (Version: 1.0.0.25 - Vzum)
WifiAutoInstall version 2.0.0.8 (HKLM\...\{BBADB2D6-0408-42D0-AAF8-B79D3E8B994C}_is1) (Version: 2.0.0.8 - Realtek, Inc.)
Windows Driver Package - MediaTek Inc. (wdm_usb) Ports (01/22/2015 3.0.1504.0) (HKLM\...\BD5E2A628C2263FAEC66A4BFF2E88B897427E4C3) (Version: 01/22/2015 3.0.1504.0 - MediaTek Inc.)
WinRAR 5.80 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.80.0 - win.rar GmbH)
Wraith Prism Settings software (HKLM-x32\...\{1A3E3EA7-5A7C-4292-8A13-B0DE1BF49E13}_COOLER_MASTER_SR4) (Version: 1.18 - AMD Wraith)

Packages:
=========
Doplnok mediálneho nástroja pre Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-07-09] (Microsoft Corporation)
Doplnok pre Fotografie -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2020-07-09] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-12-27] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-12-27] (Microsoft Corporation) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.958.0_x64__56jybvy8sckqj [2020-06-25] (NVIDIA Corp.)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.3.180.0_x64__dt26b99r8h8gj [2019-12-26] (Realtek Semiconductor Corp)
Xbox Insider Hub -> C:\Program Files\WindowsApps\Microsoft.FlightDashboard_475.2008.10001.0_x64__8wekyb3d8bbwe [2020-08-30] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1237953686-2037993472-3780050099-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1237953686-2037993472-3780050099-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_feed726c6560f7a7\nvshext.dll [2020-10-02] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2020-04-30 15:28 - 2020-04-30 15:28 - 001866752 _____ () [File not signed] C:\Program Files (x86)\GIGABYTE\AppCenter\BDR_info.dll
2019-04-15 16:24 - 2019-04-15 16:24 - 000155648 _____ (GIGA-BYTE TECHNOLOGY CO., LTD.) [File not signed] C:\Program Files (x86)\GIGABYTE\AppCenter\yccV2.dll
2015-10-14 01:15 - 2015-10-14 01:15 - 002042368 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\GIGABYTE\AppCenter\osvi.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2020-09-17] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-06] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 06:49 - 2020-04-30 14:29 - 000000027 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1237953686-2037993472-3780050099-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\casyo\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\wp3073532-fallout-76-wallpapers.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-1237953686-2037993472-3780050099-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1237953686-2037993472-3780050099-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1237953686-2037993472-3780050099-1001\...\StartupApproved\Run: => "qBittorrent"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{56E5CF25-497D-4A33-933B-E1C134D8EFC4}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe (Valve -> Valve Corporation)
FirewallRules: [UDP Query User{A7B27183-51BD-48C9-B65B-E386EBC31BAD}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe (Valve -> Valve Corporation)
FirewallRules: [{86A26790-7770-4AA2-B2B4-A9E31E375963}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{F920CC88-F512-4C4A-85E9-08C41F7EEEA7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{25DE7DFB-BC7C-48AB-8A14-5B95CAB18A5A}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{78023B9E-AC42-41FB-A413-2010980C8253}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{3904AA6A-BFA2-4D86-B603-E13B676C9F31}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [UDP Query User{124900D9-67E4-43F1-84DF-858224C34978}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [TCP Query User{CE03AF89-A179-403D-9639-559294411905}C:\users\casyo\onedrive\počítač\winbox64.exe] => (Allow) C:\users\casyo\onedrive\počítač\winbox64.exe => No File
FirewallRules: [TCP Query User{6C5F2B12-B222-49C7-8676-724139616189}C:\program files\windowsapps\edrlab.thoriumreader_1.4.0.0_x64__r3hax6t39xm4t\app\thorium.exe] => (Allow) C:\program files\windowsapps\edrlab.thoriumreader_1.4.0.0_x64__r3hax6t39xm4t\app\thorium.exe => No File
FirewallRules: [UDP Query User{635167C7-2998-4B93-8988-C34B4383E489}C:\program files\windowsapps\edrlab.thoriumreader_1.4.0.0_x64__r3hax6t39xm4t\app\thorium.exe] => (Allow) C:\program files\windowsapps\edrlab.thoriumreader_1.4.0.0_x64__r3hax6t39xm4t\app\thorium.exe => No File
FirewallRules: [{177B4564-2FA9-4EFE-9CF8-A81F0F819CE9}] => (Allow) LPort=9009
FirewallRules: [{CC799EF2-D543-443A-8B79-B21922545FBA}] => (Allow) D:\SteamLibrary\steamapps\common\Fallout76\Fallout76.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{D257CF66-1DEC-4C21-9C1B-F6584CA401C2}] => (Allow) D:\SteamLibrary\steamapps\common\Fallout76\Fallout76.exe (Bethesda Softworks) [File not signed]
FirewallRules: [TCP Query User{67314003-F8FA-4D1B-85D1-C8504A0657B2}D:\hry\7 days to die alpha 19 + multiplayer (2020)\7dtd a19 b180\7daystodie.exe] => (Allow) D:\hry\7 days to die alpha 19 + multiplayer (2020)\7dtd a19 b180\7daystodie.exe () [File not signed]
FirewallRules: [UDP Query User{AC300351-BE12-4360-B9CA-EE4A826D9179}D:\hry\7 days to die alpha 19 + multiplayer (2020)\7dtd a19 b180\7daystodie.exe] => (Allow) D:\hry\7 days to die alpha 19 + multiplayer (2020)\7dtd a19 b180\7daystodie.exe () [File not signed]
FirewallRules: [{940F0822-6BD5-4EAD-8A7E-FF4A50F9265C}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe (Ubisoft Entertainment Sweden AB -> Ubisoft)
FirewallRules: [{68DA1020-5C52-4EB4-A2B5-6BD2E6F91582}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe (Ubisoft Entertainment Sweden AB -> Ubisoft)
FirewallRules: [{85B64898-8869-4BD6-97FF-6CB98290052A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{11933440-A74F-48B4-99D4-0C3822833378}] => (Allow) D:\SteamLibrary\steamapps\common\RuneScape\bin\win64\RuneScape.exe => No File
FirewallRules: [{0D93185D-628D-447B-8B84-BF09B0DA84E7}] => (Allow) D:\SteamLibrary\steamapps\common\RuneScape\bin\win64\RuneScape.exe => No File
FirewallRules: [TCP Query User{BA94E13E-7B66-431F-A3E6-AE259A6563B4}C:\users\casyo\appdata\local\programs\sirus-open-launcher\resources\app.asar.unpacked\node_modules\@sirussu\torrent-downloader\vendor\td-win-x64\td-win-x64.exe] => (Allow) C:\users\casyo\appdata\local\programs\sirus-open-launcher\resources\app.asar.unpacked\node_modules\@sirussu\torrent-downloader\vendor\td-win-x64\td-win-x64.exe => No File
FirewallRules: [UDP Query User{F96030A3-77EA-4618-9EFE-BDDAECE5AEE7}C:\users\casyo\appdata\local\programs\sirus-open-launcher\resources\app.asar.unpacked\node_modules\@sirussu\torrent-downloader\vendor\td-win-x64\td-win-x64.exe] => (Allow) C:\users\casyo\appdata\local\programs\sirus-open-launcher\resources\app.asar.unpacked\node_modules\@sirussu\torrent-downloader\vendor\td-win-x64\td-win-x64.exe => No File

==================== Restore Points =========================

01-10-2020 14:07:01 Windows Update
04-10-2020 17:43:46 Installed DirectX
08-10-2020 11:23:25 Windows Update
13-10-2020 14:42:07 Windows Update
18-10-2020 08:58:28 Restore Point Created by FRST

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (10/18/2020 08:58:27 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {7966dbc4-a6de-4d3c-ac8a-d87e78b2d61f}

Error: (10/15/2020 06:38:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: wuauclt.exe, verzia: 10.0.18362.449, časová značka: 0xb8640219
Názov chybujúceho modulu: ntdll.dll, verzia: 10.0.18362.418, časová značka: 0x99ca0526
Kód výnimky: 0xc0000005
Odstup chyby: 0x00000000000072a6
Identifikácia chybujúceho procesu: 0x4740
Čas spustenia chybujúcej aplikácie: 0x01d6a3109eae34e2
Cesta chybujúcej aplikácie: C:\Windows\system32\wuauclt.exe
Cesta chybujúceho modulu: C:\Windows\SYSTEM32\ntdll.dll
Identifikácia hlásenia: 2e41f07b-0e82-42b9-aa2d-3a7949337654
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (10/13/2020 02:46:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: wuauclt.exe, verzia: 10.0.18362.449, časová značka: 0xb8640219
Názov chybujúceho modulu: ntdll.dll, verzia: 10.0.18362.418, časová značka: 0x99ca0526
Kód výnimky: 0xc0000005
Odstup chyby: 0x00000000000072a6
Identifikácia chybujúceho procesu: 0x2258
Čas spustenia chybujúcej aplikácie: 0x01d6a15e46ab7a99
Cesta chybujúcej aplikácie: C:\Windows\system32\wuauclt.exe
Cesta chybujúceho modulu: C:\Windows\SYSTEM32\ntdll.dll
Identifikácia hlásenia: 3a4a12e5-9b7c-48e2-a857-204f431d3ad0
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (10/10/2020 11:26:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: wuauclt.exe, verzia: 10.0.18362.449, časová značka: 0xb8640219
Názov chybujúceho modulu: ntdll.dll, verzia: 10.0.18362.418, časová značka: 0x99ca0526
Kód výnimky: 0xc0000005
Odstup chyby: 0x00000000000072a6
Identifikácia chybujúceho procesu: 0xa94
Čas spustenia chybujúcej aplikácie: 0x01d69ee6c3756c07
Cesta chybujúcej aplikácie: C:\Windows\system32\wuauclt.exe
Cesta chybujúceho modulu: C:\Windows\SYSTEM32\ntdll.dll
Identifikácia hlásenia: c6520a02-26f4-42cc-b2a4-8e4f094f74eb
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (10/09/2020 01:54:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: wuauclt.exe, verzia: 10.0.18362.449, časová značka: 0xb8640219
Názov chybujúceho modulu: ntdll.dll, verzia: 10.0.18362.418, časová značka: 0x99ca0526
Kód výnimky: 0xc0000005
Odstup chyby: 0x00000000000072a6
Identifikácia chybujúceho procesu: 0x368
Čas spustenia chybujúcej aplikácie: 0x01d69e325d2d2148
Cesta chybujúcej aplikácie: C:\Windows\system32\wuauclt.exe
Cesta chybujúceho modulu: C:\Windows\SYSTEM32\ntdll.dll
Identifikácia hlásenia: 8ec29102-eeb2-489a-aa89-2ec8d6775cdf
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (10/09/2020 01:26:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Wow.exe version 3.3.5.12340 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 308

Start Time: 01d69e2d34c64731

Termination Time: 3

Application Path: D:\Hry\WOW Wotlk 3.3.5a\Wow.exe

Report Id: 14f0f432-8161-4406-b176-5fbb47212f48

Faulting package full name:

Faulting package-relative application ID:

Hang type: Unknown

Error: (10/08/2020 11:28:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: wuauclt.exe, verzia: 10.0.18362.449, časová značka: 0xb8640219
Názov chybujúceho modulu: ntdll.dll, verzia: 10.0.18362.418, časová značka: 0x99ca0526
Kód výnimky: 0xc0000005
Odstup chyby: 0x00000000000072a6
Identifikácia chybujúceho procesu: 0x3d0c
Čas spustenia chybujúcej aplikácie: 0x01d69d54b0650e9b
Cesta chybujúcej aplikácie: C:\Windows\system32\wuauclt.exe
Cesta chybujúceho modulu: C:\Windows\SYSTEM32\ntdll.dll
Identifikácia hlásenia: f65e7cb5-5098-4822-9f6f-3fa5e48cc20d
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (10/06/2020 06:33:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: Vzum.exe, verzia: 1.0.0.0, časová značka: 0xbf22186b
Názov chybujúceho modulu: KERNELBASE.dll, verzia: 10.0.18362.535, časová značka: 0x5bd9df62
Kód výnimky: 0xe0434352
Odstup chyby: 0x001135d2
Identifikácia chybujúceho procesu: 0x2bc8
Čas spustenia chybujúcej aplikácie: 0x01d69bfd823194aa
Cesta chybujúcej aplikácie: C:\Users\casyo\AppData\Local\Apps\2.0\EQJQHE7K.JXT\M1PDJDX0.2NO\vzum..tion_e8aa87c1f870925e_0001.0000_bcd17931394ab74c\Vzum.exe
Cesta chybujúceho modulu: C:\Windows\System32\KERNELBASE.dll
Identifikácia hlásenia: b28cf6ac-cf66-465b-b3da-0f17faf82007
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:


System errors:
=============
Error: (10/18/2020 08:58:26 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 30000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.

Error: (10/18/2020 08:58:26 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Microsoft Office Klikni a spusti sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 0 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.

Error: (10/18/2020 08:58:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Modules Installer sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 120000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.

Error: (10/18/2020 08:58:25 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Wifi AutoInstall Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.

Error: (10/18/2020 08:58:25 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba SAMSUNG Mobile Connectivity Service V2 sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.

Error: (10/18/2020 08:58:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba LGHUB Updater Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 5000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.

Error: (10/18/2020 08:58:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA LocalSystem Container sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 6000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.

Error: (10/18/2020 08:58:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Realtek Audio Universal Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 0 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.


Windows Defender:
===================================
Date: 2020-10-17 17:36:28.417
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {9B56FBE5-DF7C-4CFC-BF06-0FB6DDF79882}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-10-16 12:52:24.666
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {DE1B5205-BACA-4F8B-B083-16E255753D28}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-10-16 12:40:52.857
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {08FD0644-B83A-4B4A-ACF9-38CF35DEC811}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-10-15 10:37:29.104
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {78943F24-06F9-41BC-9897-1A5F80FF9414}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-10-13 14:41:46.327
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {829265BA-BE6B-4450-B35B-AA7AAB01ECD3}
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===================================

Date: 2020-07-18 21:11:57.180
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\MuOffi\GameGuard\npggNT64.des that did not meet the Microsoft signing level requirements.

Date: 2020-07-18 21:11:56.941
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe) attempted to load \Device\HarddiskVolume2\MuOffi\GameGuard\npggNT64.des that did not meet the Microsoft signing level requirements.

Date: 2020-07-18 21:11:56.397
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\MuOffi\GameGuard\npggNT64.des that did not meet the Microsoft signing level requirements.

Date: 2020-07-18 21:11:50.564
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\SearchIndexer.exe) attempted to load \Device\HarddiskVolume2\MuOffi\GameGuard\npggNT64.des that did not meet the Microsoft signing level requirements.

Date: 2020-07-18 21:11:48.909
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\MuOffi\GameGuard\npggNT64.des that did not meet the Microsoft signing level requirements.

Date: 2020-07-18 21:11:47.780
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\MuOffi\GameGuard\npggNT64.des that did not meet the Microsoft signing level requirements.

Date: 2020-05-01 20:09:22.237
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\MuOffi\GameGuard\npggNT64.des that did not meet the Microsoft signing level requirements.

Date: 2020-05-01 20:09:22.053
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\MuOffi\GameGuard\npggNT64.des that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. F2 08/08/2018
Motherboard: Gigabyte Technology Co., Ltd. B450 AORUS PRO-CF
Processor: AMD Ryzen 7 2700X Eight-Core Processor
Percentage of memory in use: 20%
Total physical RAM: 16332.23 MB
Available physical RAM: 12994.25 MB
Total Virtual: 18764.23 MB
Available Virtual: 13697.63 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:446.5 GB) (Free:365.46 GB) NTFS
Drive d: () (Fixed) (Total:1863 GB) (Free:1285.39 GB) NTFS

\\?\Volume{d1fc455a-1f56-45f3-b20a-0e7d52d3ef3d}\ (Obnovenie) (Fixed) (Total:0.52 GB) (Free:0.09 GB) NTFS
\\?\Volume{6a00fe6b-6c1f-4c54-a157-cf3e7c5375dd}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Size: 447.1 GB) (Disk ID: 0F776EED)

Partition: GPT.

==================== End of Addition.txt =======================

Uživatelský avatar
To3@s
Návštěvník
Návštěvník
Příspěvky: 191
Registrován: 08 dub 2010 10:56

Re: Preventívka

#8 Příspěvek od To3@s »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-10-2020
Ran by casyo (administrator) on DESKTOP-FOMQ4FQ (Gigabyte Technology Co., Ltd. B450 AORUS PRO) (18-10-2020 09:37:35)
Running from C:\Users\casyo\OneDrive\Počítač
Loaded Profiles: casyo
Platform: Windows 10 Pro Version 1909 18363.592 (X64) Language: Slovenčina (Slovensko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe
() [File not signed] C:\Program Files\qBittorrent\qbittorrent.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(GIGA-BYTE TECHNOLOGY CO., LTD. -> ) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_updater.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13228.41011.0_x64__8wekyb3d8bbwe\commsapps.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13228.41011.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.420.8043.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.420.8043.0_x64__8wekyb3d8bbwe\GameBarFT.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.420.8043.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2009.7-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2009.7-0\NisSrv.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_feed726c6560f7a7\Display.NvContainer\NVDisplay.Container.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(Realtek Semiconductor Corp. -> Realtek) C:\Program Files\Realtek\WifiAutoInstall\WifiAutoInstallSrv.exe
(Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [856288 2019-10-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\RunOnce: [PreRun] => C:\Program Files (x86)\GIGABYTE\AppCenter\PreRun.exe [14632 2016-02-26] (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
HKU\S-1-5-21-1237953686-2037993472-3780050099-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3416352 2020-10-07] (Valve -> Valve Corporation)
HKU\S-1-5-21-1237953686-2037993472-3780050099-1001\...\Run: [qBittorrent] => C:\Program Files\qBittorrent\qbittorrent.exe [25294848 2019-12-18] () [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\86.0.4240.75\Installer\chrmstp.exe [2020-10-14] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08A4156B-5E0E-4D70-9006-195AAED8867E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MpCmdRun.exe [533312 2020-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1BF441AC-B454-4E44-9A70-72647F943E6E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5137312 2020-10-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {1DDBC1B5-FD09-45D3-B578-57E7A2A5AA72} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3292984 2020-06-25] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {255DEB23-AFEF-4111-8F8C-5EEA89354CDD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MpCmdRun.exe [533312 2020-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2BFA344E-63DC-48DC-88B6-BA6A6327B092} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2D50E658-28EA-4377-A815-B2E2275713DB} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
Task: {2ECAB010-840E-4BC4-ACE0-7809E150273C} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22855048 2020-10-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {3E642F35-8921-495D-B85A-0EF42C03BE21} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4E2BC76C-8AD4-4445-90BF-88FF2A03D679} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144728 2020-10-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {5AE9D524-1D2A-4D02-ABD4-A4DE9649A5C3} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-05-07] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {65D69A19-9CA9-4555-A6FF-A72D63316B1A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22855048 2020-10-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {680FCB6C-7CEA-42CF-9DB4-61296F0AAD7F} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144728 2020-10-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {6AFA703D-BC86-42C6-A9AE-8E7FDFAC2894} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6FF6FEE6-FE46-4845-9E87-9627C179F6C4} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [647656 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {76816698-D17F-4A5F-A7E8-1AEF152B6238} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MpCmdRun.exe [533312 2020-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7E490EF9-6453-400B-AFD1-4F6E1D00AEC5} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A45AC907-21EF-4F3C-A3CA-4B66FF9F6878} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1341008 2020-09-06] (Adobe Inc. -> Adobe Inc.)
Task: {BEF3092D-5F7C-446B-8ABF-E3CC482FD69E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MpCmdRun.exe [533312 2020-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CDFA56E5-2C02-451E-A0D6-D45259DC634D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5137312 2020-10-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {E3C13C51-1ECF-4274-B9F4-A689998FA599} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-05-07] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {E3CC8CAE-3D29-40EE-AF21-CC9D172E6F04} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E742C892-0C58-4509-A609-1CEB1BB457CE} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.88.1 178.18.67.3 8.8.8.8
Tcpip\..\Interfaces\{5e9dd8cc-a698-4852-962d-1f9159a71ca7}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{5e9dd8cc-a698-4852-962d-1f9159a71ca7}: [DhcpNameServer] 192.168.88.1 178.18.67.3 8.8.8.8

Edge:
======
Edge Profile: C:\Users\casyo\AppData\Local\Microsoft\Edge\User Data\Default [2020-10-18]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-09-17] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-09-17] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-09-11] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1237953686-2037993472-3780050099-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2020-09-25] (Ubisoft Entertainment Sweden AB -> )

Chrome:
=======
CHR Profile: C:\Users\casyo\AppData\Local\Google\Chrome\User Data\Default [2020-10-18]
CHR Notifications: Default -> hxxps://chat.g2g.com; hxxps://www.divoke-kmene.sk; hxxps://www.divokekmeny.cz
CHR HomePage: Default -> hxxp://google.sk/
CHR StartupUrls: Default -> "hxxp://google.sk/"
CHR Extension: (Prezentácie) - C:\Users\casyo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-12-26]
CHR Extension: (Dokumenty) - C:\Users\casyo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-12-26]
CHR Extension: (Disk Google) - C:\Users\casyo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-12-26]
CHR Extension: (MEGA) - C:\Users\casyo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2020-10-16]
CHR Extension: (YouTube) - C:\Users\casyo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-12-26]
CHR Extension: (Tampermonkey) - C:\Users\casyo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2020-10-17]
CHR Extension: (Google Apps Script) - C:\Users\casyo\AppData\Local\Google\Chrome\User Data\Default\Extensions\eoieeedlomnegifmaghhjnghhmcldobl [2020-10-13]
CHR Extension: (Tabuľky) - C:\Users\casyo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-12-26]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\casyo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-09-09]
CHR Extension: (AdBlock - najlepší blokovač reklám) - C:\Users\casyo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-10-16]
CHR Extension: (The West) - C:\Users\casyo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilkgeioneoemibpddeiamfgiofnpjifm [2020-10-13]
CHR Extension: (XLS Editor) - C:\Users\casyo\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobjaooppmgjlgomfpaohhncpfjpigaf [2020-10-13]
CHR Extension: (Search AliExpress by Image) - C:\Users\casyo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jocnlahnjacckbiffghcopjfbifdjocj [2020-09-27]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\casyo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-12-26]
CHR Extension: (Equalizer for YouTube™) - C:\Users\casyo\AppData\Local\Google\Chrome\User Data\Default\Extensions\oggiagogblgafoilijjdhcmflgekfmja [2020-08-17]
CHR Extension: (Script Installation Services/Website Setup) - C:\Users\casyo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojkfkmbechelifpehnokcfhlamloapmc [2020-10-13]
CHR Extension: (Gmail) - C:\Users\casyo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-12-26]
CHR Extension: (Chrome Media Router) - C:\Users\casyo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-10-15]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169544 2020-09-06] (Adobe Inc. -> Adobe Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8686928 2020-09-16] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8945512 2020-10-08] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [777856 2020-03-28] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 gadjservice; C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe [17920 2015-06-25] () [File not signed]
R2 LGHUBUpdaterService; C:\Program Files\LGHUB/lghub_updater.exe [10131080 2020-04-19] (Logitech Inc -> Logitech, Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5796168 2019-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ss_conn_service2; C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [933304 2019-12-17] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\NisSrv.exe [2372048 2020-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WifiAutoInstallSrv; C:\Program Files\Realtek\WifiAutoInstall\WifiAutoInstallSrv.exe [124864 2017-07-31] (Realtek Semiconductor Corp. -> Realtek)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MsMpEng.exe [128376 2020-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_feed726c6560f7a7\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_feed726c6560f7a7\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdTools64; C:\Windows\System32\drivers\AmdTools64.sys [58216 2018-03-23] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R1 EneTechIo; C:\Windows\system32\drivers\ene.sys [19968 2019-10-17] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 gdrv2; C:\Windows\gdrv2.sys [32600 2020-04-24] (GIGA-BYTE Technology Co., Ltd. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
R2 LGHUBTemperatureService; C:\ProgramData\LGHUB\depots\47127\driver_cpu_temperature\logi_core_temp.sys [25448 2020-04-19] (Logitech Inc. -> Logitech)
R3 logi_joy_bus_enum; C:\Windows\system32\drivers\logi_joy_bus_enum.sys [38136 2019-12-31] (Logitech Inc -> Logitech)
S3 logi_joy_vir_hid; C:\Windows\system32\drivers\logi_joy_vir_hid.sys [20624 2019-12-31] (WDKTestCert sqa,131523902232810150 -> Logitech, Inc.)
R3 logi_joy_xlcore; C:\Windows\system32\drivers\logi_joy_xlcore.sys [66808 2019-12-31] (Logitech Inc -> Logitech)
S3 tap0901; C:\Windows\System32\drivers\tap0901.sys [39920 2019-12-10] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [48536 2020-10-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [428264 2020-10-07] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [69864 2020-10-07] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-10-18 08:59 - 2020-10-18 09:36 - 000003576 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-10-18 08:59 - 2020-10-18 09:36 - 000003452 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-10-17 19:41 - 2020-10-17 19:41 - 000002127 _____ C:\Users\casyo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SnoreToast.lnk
2020-10-17 19:39 - 2020-10-17 20:20 - 000000000 ____D C:\Users\casyo\AppData\Roaming\Sirus Launcher
2020-10-17 19:39 - 2020-10-17 19:39 - 000000000 ____D C:\Users\casyo\AppData\Local\sirus-open-launcher-updater
2020-10-15 19:27 - 2020-10-15 19:27 - 000000000 ____D C:\ProgramData\Jagex
2020-10-15 18:31 - 2020-09-10 06:14 - 000492544 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2020-10-15 18:31 - 2020-09-10 06:12 - 000390656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2020-10-12 13:10 - 2020-10-12 13:11 - 000000000 ____D C:\Users\casyo\AppData\Roaming\RS2V
2020-10-09 13:44 - 2020-10-02 01:48 - 001769688 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2020-10-09 13:44 - 2020-10-02 01:48 - 001769688 _____ C:\Windows\system32\vulkaninfo.exe
2020-10-09 13:44 - 2020-10-02 01:48 - 001370328 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2020-10-09 13:44 - 2020-10-02 01:48 - 001370328 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2020-10-09 13:44 - 2020-10-02 01:48 - 001054944 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2020-10-09 13:44 - 2020-10-02 01:48 - 001054944 _____ C:\Windows\system32\vulkan-1.dll
2020-10-09 13:44 - 2020-10-02 01:48 - 000917728 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2020-10-09 13:44 - 2020-10-02 01:48 - 000917728 _____ C:\Windows\SysWOW64\vulkan-1.dll
2020-10-09 13:44 - 2020-10-02 01:48 - 000455408 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2020-10-09 13:44 - 2020-10-02 01:48 - 000351128 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2020-10-09 13:44 - 2020-10-02 01:46 - 001023216 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2020-10-09 13:44 - 2020-10-02 01:46 - 000816368 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
2020-10-09 13:44 - 2020-10-02 01:46 - 000673520 _____ C:\Windows\system32\nvofapi64.dll
2020-10-09 13:44 - 2020-10-02 01:46 - 000543128 _____ C:\Windows\SysWOW64\nvofapi.dll
2020-10-09 13:44 - 2020-10-02 01:45 - 002098072 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2020-10-09 13:44 - 2020-10-02 01:45 - 001585560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2020-10-09 13:44 - 2020-10-02 01:45 - 001507224 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2020-10-09 13:44 - 2020-10-02 01:45 - 001161112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2020-10-09 13:44 - 2020-10-02 01:45 - 000813464 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2020-10-09 13:44 - 2020-10-02 01:45 - 000670616 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2020-10-09 13:44 - 2020-10-02 01:45 - 000657304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2020-10-09 13:44 - 2020-10-02 01:45 - 000589208 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
2020-10-09 13:44 - 2020-10-02 01:45 - 000555248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2020-10-09 13:44 - 2020-10-02 01:44 - 007707544 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2020-10-09 13:44 - 2020-10-02 01:44 - 006860184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2020-10-09 13:44 - 2020-10-02 01:44 - 004174064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2020-10-09 13:44 - 2020-10-02 01:44 - 002508528 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2020-10-09 13:44 - 2020-10-02 01:44 - 000849648 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2020-10-09 13:44 - 2020-10-02 01:44 - 000445848 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2020-10-09 13:44 - 2020-10-02 01:43 - 005972824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2020-10-09 13:44 - 2020-10-01 09:14 - 000080930 _____ C:\Windows\system32\nvinfo.pb
2020-10-06 18:17 - 2020-10-06 18:26 - 000000000 ____D C:\Users\casyo\AppData\Local\Deployment
2020-10-06 18:17 - 2020-10-06 18:17 - 000000000 ____D C:\Users\casyo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vzum
2020-10-06 18:17 - 2020-10-06 18:17 - 000000000 ____D C:\Users\casyo\AppData\Local\Apps\2.0
2020-10-05 17:27 - 2020-10-05 17:34 - 000000000 ____D C:\Users\casyo\AppData\Roaming\TS3Client
2020-10-05 17:27 - 2020-10-05 17:27 - 000000970 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
2020-10-05 17:27 - 2020-10-05 17:27 - 000000000 ____D C:\Users\casyo\AppData\Local\TeamSpeak 3
2020-10-05 17:27 - 2020-10-05 17:27 - 000000000 ____D C:\Program Files\TeamSpeak 3 Client
2020-10-01 19:02 - 2020-10-01 19:03 - 000000000 ____D C:\Users\casyo\OneDrive\Documents\RCT3
2020-10-01 19:02 - 2020-10-01 19:02 - 000000000 ____D C:\Users\casyo\AppData\Roaming\Frontier
2020-10-01 15:33 - 2020-10-01 15:45 - 000000000 ____D C:\Users\casyo\AppData\LocalLow\Heroes and Generals
2020-10-01 15:33 - 2020-10-01 15:33 - 000000000 ____D C:\Users\casyo\AppData\Roaming\Macromedia
2020-10-01 15:33 - 2020-10-01 15:33 - 000000000 ____D C:\Users\casyo\AppData\Roaming\HeroesAndGeneralsDesktop
2020-10-01 14:11 - 2020-10-01 14:11 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2020-10-01 14:11 - 2020-09-10 18:14 - 000905528 _____ (Microsoft Corporation) C:\Windows\system32\sedplugins.dll
2020-10-01 14:11 - 2020-09-10 18:14 - 000436536 _____ (Microsoft Corporation) C:\Windows\system32\QualityUpdateAssistant.dll
2020-09-25 11:00 - 2020-09-25 11:00 - 000000000 ____D C:\Users\casyo\AppData\Local\DBG
2020-09-19 09:57 - 2020-09-19 09:57 - 000000000 ____D C:\Users\defaultuser100000\AppData\Local\ConnectedDevicesPlatform
2020-09-19 09:57 - 2020-09-19 09:57 - 000000000 ____D C:\Users\defaultuser100000
2020-09-18 10:38 - 2020-09-15 02:01 - 000038632 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhdap64.dll

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-10-18 09:37 - 2020-04-24 15:49 - 000000000 ____D C:\FRST
2020-10-18 09:36 - 2019-03-19 06:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-10-18 09:32 - 2019-12-27 11:39 - 000000000 ____D C:\Users\casyo\AppData\Roaming\qBittorrent
2020-10-18 09:05 - 2020-05-08 11:54 - 000049064 _____ C:\Windows\system32\perfh01B.dat
2020-10-18 09:05 - 2020-05-08 11:54 - 000012206 _____ C:\Windows\system32\perfc01B.dat
2020-10-18 09:05 - 2019-12-26 23:33 - 000885446 _____ C:\Windows\system32\PerfStringBackup.INI
2020-10-18 09:05 - 2019-03-19 06:50 - 000000000 ____D C:\Windows\INF
2020-10-18 09:04 - 2019-12-26 23:39 - 000000000 ____D C:\ProgramData\NVIDIA
2020-10-18 08:59 - 2019-12-26 23:27 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-10-18 08:59 - 2019-03-19 06:37 - 000524288 _____ C:\Windows\system32\config\BBI
2020-10-18 08:57 - 2020-01-26 18:32 - 000000000 ____D C:\Program Files\Microsoft Office
2020-10-17 18:38 - 2019-12-26 23:40 - 000000000 ____D C:\Program Files (x86)\Steam
2020-10-17 18:36 - 2020-06-12 12:30 - 000002444 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-10-17 17:37 - 2019-12-26 23:27 - 000000000 ____D C:\Windows\system32\SleepStudy
2020-10-17 15:29 - 2020-04-24 15:48 - 000000000 ____D C:\rsit
2020-10-17 15:29 - 2020-04-24 15:48 - 000000000 ____D C:\Program Files\trend micro
2020-10-17 08:39 - 2019-03-19 06:52 - 000000000 ____D C:\Windows\AppReadiness
2020-10-16 13:19 - 2020-05-25 17:02 - 000000000 ____D C:\Users\casyo\AppData\Roaming\vlc
2020-10-15 18:41 - 2019-03-19 06:37 - 000000000 ____D C:\Windows\CbsTemp
2020-10-15 18:29 - 2019-03-19 06:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-10-15 13:24 - 2019-12-26 23:32 - 000000000 ____D C:\Users\casyo\AppData\Local\Packages
2020-10-15 12:21 - 2019-12-26 23:35 - 000003380 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1237953686-2037993472-3780050099-1001
2020-10-15 12:21 - 2019-12-26 23:35 - 000000000 ___RD C:\Users\casyo\OneDrive
2020-10-15 12:21 - 2019-12-26 23:30 - 000002355 _____ C:\Users\casyo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-10-14 12:49 - 2019-12-26 23:36 - 000002313 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-10-12 13:10 - 2019-12-27 00:51 - 000000000 ____D C:\Users\casyo\OneDrive\Documents\My Games
2020-10-09 17:32 - 2019-12-26 23:39 - 000000000 ____D C:\Users\casyo\AppData\Local\NVIDIA
2020-10-07 09:09 - 2019-12-26 23:27 - 000000000 ____D C:\Windows\system32\Drivers\wd
2020-10-06 18:33 - 2020-01-30 18:40 - 000000000 ____D C:\Users\casyo\AppData\Local\CrashDumps
2020-10-06 18:28 - 2020-09-17 08:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2020-10-06 02:13 - 2019-03-19 06:56 - 000835472 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2020-10-06 02:13 - 2019-03-19 06:56 - 000179608 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2020-10-02 13:23 - 2019-12-27 00:01 - 000000000 ____D C:\Users\casyo\AppData\Local\D3DSCache
2020-10-02 09:52 - 2020-09-16 13:23 - 000000000 ____D C:\Users\casyo\AppData\Roaming\Might & Magic Heroes VI
2020-10-02 09:52 - 2020-09-16 13:23 - 000000000 ____D C:\Users\casyo\AppData\Local\Ubisoft Game Launcher
2020-10-02 01:43 - 2019-12-26 23:33 - 007001536 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2020-10-01 15:33 - 2019-12-26 23:30 - 000000000 ____D C:\Users\casyo
2020-09-25 15:04 - 2020-01-27 18:05 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2020-09-25 15:04 - 2020-01-27 18:05 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-09-23 11:02 - 2020-07-19 12:45 - 000000000 ____D C:\Users\casyo\AppData\Local\NetDragon
2020-09-23 10:49 - 2020-07-19 12:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Conquer Online
2020-09-18 10:39 - 2019-12-26 23:33 - 000000000 ____D C:\ProgramData\NVIDIA Corporation

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2174
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Preventívka

#9 Příspěvek od Diallix »

Precistite pocitac pomocou Ccleanerom.

Na virustotal.com otestujte tieto subory a ich vysledky skopirujte sem:
C:\Program Files (x86)\GIGABYTE\AppCenter\BDR_info.dll
C:\Program Files (x86)\GIGABYTE\AppCenter\yccV2.dll
C:\Program Files (x86)\GIGABYTE\AppCenter\osvi.dll
¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Uživatelský avatar
To3@s
Návštěvník
Návštěvník
Příspěvky: 191
Registrován: 08 dub 2010 10:56

Re: Preventívka

#10 Příspěvek od To3@s »

C:\Program Files (x86)\GIGABYTE\AppCenter\BDR_info.dll - OK
C:\Program Files (x86)\GIGABYTE\AppCenter\yccV2.dll - SecureAge APEX Malicious Dr.Web vxCube MALWARE
C:\Program Files (x86)\GIGABYTE\AppCenter\osvi.dll - OK

CCleanrom vyčistené.

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2174
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Preventívka

#11 Příspěvek od Diallix »

Ak nepouzivate AppCenter doporucujem odinstalovat.

Ako je na to pocitac?
¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Uživatelský avatar
To3@s
Návštěvník
Návštěvník
Příspěvky: 191
Registrován: 08 dub 2010 10:56

Re: Preventívka

#12 Příspěvek od To3@s »

Myslím že lepšie. vďaka :)

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2174
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Preventívka

#13 Příspěvek od Diallix »

Nemate zac :]]
¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Zamčeno