Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Kontrola Logu :)

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Maty44
Návštěvník
Návštěvník
Příspěvky: 7
Registrován: 04 čer 2021 18:55

Kontrola Logu :)

#1 Příspěvek od Maty44 »

Dobrý deň, prosím o kontrolu logu z dôvodu pomalého počítača. Ďakujem
Logy.rar
(40.73 KiB) Staženo 61 x

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Kontrola Logu :)

#2 Příspěvek od Diallix »

Dobry den.

:arrow: Stiahnite si na plochu nastroj AdwCleaner, link. na stiahnutie tu: https://toolslib.net/downloads/finish/1/
Pred spustenim nastroja povypinajte vsetke beziace okna programov, to su vsetke beziace programy pod desktopom.
Kliknite pravym tlacidlom mysi na program -> spustit ako Administrator.
Pokracujte kliknutim na tlacidlo Prehladaj teraz (Scan now) a pockajte, kym sa system doskenuje.
Po skene nechajte oznacene vsetky chlieviky, pripadne najdene hrozieby a pokracujte v dolnom pravom rohu tlacidlom Vycistit Teraz (Clean and Repair).
Po restartovani PC sa spusti nastroj AdwCleaner, kliknite na Zobrazit soubor protokolu.
Spusti sa log, jeho obsah skopirujte sem.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Maty44
Návštěvník
Návštěvník
Příspěvky: 7
Registrován: 04 čer 2021 18:55

Re: Kontrola Logu :)

#3 Příspěvek od Maty44 »

Logs.rar
(1.98 KiB) Staženo 64 x
Tak teda posielam, dúfam že to je správne.

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Kontrola Logu :)

#4 Příspěvek od Diallix »

Ano, su spravne. Mozem, prosim, poprosit o nove logy FRST + ADDITION?
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Maty44
Návštěvník
Návštěvník
Příspěvky: 7
Registrován: 04 čer 2021 18:55

Re: Kontrola Logu :)

#5 Příspěvek od Maty44 »

Samozrejme.
Naposledy upravil(a) Maty44 dne 11 čer 2021 15:13, celkem upraveno 3 x.

Maty44
Návštěvník
Návštěvník
Příspěvky: 7
Registrován: 04 čer 2021 18:55

Re: Kontrola Logu :)

#6 Příspěvek od Maty44 »

Diallix píše: 05 čer 2021 16:36 Ano, su spravne. Mozem, prosim, poprosit o nove logy FRST + ADDITION?
Posielam znova, kedže sa pôvodné nejako zle odoslali :)
Logy virycz.rar
(40.24 KiB) Staženo 60 x

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Kontrola Logu :)

#7 Příspěvek od Diallix »

Do poznamkoveho bloku skopirujte obsah dole:

Kód: Vybrat vše

CloseProcesses:
CreateRestorePoint:

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706288 2021-04-09] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {032435BF-B3E7-4267-9F7C-6ACECDC3EA06} - System32\Tasks\Opera scheduled assistant Autoupdate 1616416552 => C:\Users\HP\AppData\Local\Programs\Opera\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\HP\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {21DB8893-F20A-4F6E-934F-26D53B59937D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {0D7EA97A-0A6C-41D3-8562-F6E72A966B26} - System32\Tasks\Opera scheduled Autoupdate 1616416544 => C:\Users\HP\AppData\Local\Programs\Opera\launcher.exe
Task: {406EE30A-036F-4688-9648-70817AB1F571} - System32\Tasks\Opera scheduled assistant Autoupdate 1613585807 => C:\Users\HP\AppData\Local\Programs\Opera\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\HP\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {46BEBC81-E676-4C23-9419-01F07DFB92F4} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2493272 2021-05-18] (Overwolf Ltd -> Overwolf LTD)
Task: {68B35E6F-3D8E-40FF-9A9C-FC2C20C0F956} - System32\Tasks\Opera scheduled assistant Autoupdate 1615056220 => C:\Users\HP\AppData\Local\Programs\Opera\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\HP\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {5C5956F5-A3F9-49B7-96C2-566D2957A906} - System32\Tasks\Opera scheduled Autoupdate 1613585797 => C:\Users\HP\AppData\Local\Programs\Opera\launcher.exe
Task: {8094E15C-C9B4-4370-B555-9F6CF7B1AE18} - System32\Tasks\Opera scheduled Autoupdate 1615729237 => C:\Users\HP\AppData\Local\Programs\Opera\launcher.exe
Task: {A5683E32-74A9-4324-BD4E-DE8F7C5DEE68} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-05-20] (Google LLC -> Google LLC)
Task: {AAA4F552-E52D-44E5-B859-687F9586BE91} - System32\Tasks\Opera scheduled assistant Autoupdate 1615729246 => C:\Users\HP\AppData\Local\Programs\Opera\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\HP\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {BA3152C2-A02A-4F62-81A0-E1D96F7E683A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-05-20] (Google LLC -> Google LLC)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
CHR Notifications: Default -> hxxps://www74.darenjarvis.pro
S3 RivaTuner64; \??\E:\RIVA\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [X]
Task: {6431D597-9A49-4E75-9758-CDAECDF8F7A4} - System32\Tasks\RTSS => E:\Riva No fake\RivaTuner Statistics Server\RTSS.exe [261264 2019-09-09] (Alexey Nicolaychuk -> )
HKLM\...\StartupApproved\Run: => "Riot Vanguard"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "RadminVPN"
HKU\S-1-5-21-3196039111-1982186927-2852310541-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-3196039111-1982186927-2852310541-1001\...\StartupApproved\Run: => "SIMDashboardServer"
HKU\S-1-5-21-3196039111-1982186927-2852310541-1001\...\StartupApproved\Run: => "Spotify"
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [488]
FirewallRules: [{6F25BCAE-81B2-4CD3-99A9-8471EE1DC2B4}] => (Allow) C:\Users\HP\AppData\Local\Programs\Opera\74.0.3911.139\opera.exe => No File
FirewallRules: [{E9432CBD-CCA1-4316-A835-E189022F9A14}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe => No File
FirewallRules: [UDP Query User{6E65B35D-7B1C-40C5-B23A-EDDF41C60914}C:\users\hp\.lunarclient\jre\zulu8.50.0.53-ca-fx-jre8.0.275-win_x64\bin\javaw.exe] => (Allow) C:\users\hp\.lunarclient\jre\zulu8.50.0.53-ca-fx-jre8.0.275-win_x64\bin\javaw.exe => No File
FirewallRules: [TCP Query User{00CF5812-9051-498A-A1EC-3EAB8E046BA5}C:\users\hp\.lunarclient\jre\zulu8.50.0.53-ca-fx-jre8.0.275-win_x64\bin\javaw.exe] => (Allow) C:\users\hp\.lunarclient\jre\zulu8.50.0.53-ca-fx-jre8.0.275-win_x64\bin\javaw.exe => No File
FirewallRules: [TCP Query User{00CF5812-9051-498A-A1EC-3EAB8E046BA5}C:\users\hp\.lunarclient\jre\zulu8.50.0.53-ca-fx-jre8.0.275-win_x64\bin\javaw.exe] => (Allow) C:\users\hp\.lunarclient\jre\zulu8.50.0.53-ca-fx-jre8.0.275-win_x64\bin\javaw.exe => No File
FirewallRules: [{732E3A9C-4F9C-428D-8A06-3EF6A8982D00}] => (Allow) C:\WINDOWS\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{CCEE9EC1-F27E-4710-8139-8116C7A0D1C4}] => (Allow) C:\WINDOWS\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{924AB1BA-A4F5-4B14-B4A9-DC201D3F9BE9}] => (Allow) C:\WINDOWS\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{9F6DAF95-2725-49D4-92A5-BEE9D43820E0}E:\muszynaa\aria2c.exe] => (Allow) E:\muszynaa\aria2c.exe => No File
FirewallRules: [TCP Query User{20C50109-F6E9-494C-AD34-D94AB20FF585}E:\muszynaa\aria2c.exe] => (Allow) E:\muszynaa\aria2c.exe => No File
FirewallRules: [{5A00857F-F577-4F2C-9CCB-8FF9048E59FB}] => (Allow) LPort=8317
FirewallRules: [{897020E7-EF45-4195-A974-ACB8144050AC}] => (Allow) LPort=8321
FirewallRules: [{71EA636F-2AED-44B7-BE5B-5D47D13E812E}] => (Allow) C:\Users\HP\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{61D13419-4222-4CDB-8EDE-3C40D81615A6}] => (Allow) C:\Users\HP\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{BF74313C-C6E9-4B57-8FA4-0F3450B95C2C}] => (Allow) E:\Steam\steamapps\common\Business Tour\BusinessTour.exe => No File
FirewallRules: [{1E0536A6-903E-462E-B3DE-48804F948D0D}] => (Allow) E:\Steam\steamapps\common\Business Tour\BusinessTour.exe => No File
FirewallRules: [UDP Query User{7F5B2D56-3E2F-41B5-A4AB-6ED2E9005FD7}E:\tanky xd\wargaming.net\gamecenter\dlls\wgc_renderer.exe] => (Allow) E:\tanky xd\wargaming.net\gamecenter\dlls\wgc_renderer.exe => No File
FirewallRules: [TCP Query User{96925CA7-8850-4C14-8694-A409C9DAAE67}E:\tanky xd\wargaming.net\gamecenter\dlls\wgc_renderer.exe] => (Allow) E:\tanky xd\wargaming.net\gamecenter\dlls\wgc_renderer.exe => No File
FirewallRules: [UDP Query User{FA43E5EC-F13D-4D38-BEE5-00000E4B136B}E:\civilization 6\sidmeierscivilizationvi\base\binaries\win64eos\civilizationvi.exe] => (Allow) E:\civilization 6\sidmeierscivilizationvi\base\binaries\win64eos\civilizationvi.exe => No File
FirewallRules: [TCP Query User{A292C440-3626-4423-8989-D15C8972229B}E:\civilization 6\sidmeierscivilizationvi\base\binaries\win64eos\civilizationvi.exe] => (Allow) E:\civilization 6\sidmeierscivilizationvi\base\binaries\win64eos\civilizationvi.exe => No File
FirewallRules: [UDP Query User{439D1DA3-D258-4156-8305-798C35BD744E}C:\program files\java\jre1.8.0_251\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_251\bin\javaw.exe => No File
FirewallRules: [TCP Query User{CD549AAE-9449-4708-BB5A-4967DBA1160C}C:\program files\java\jre1.8.0_251\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_251\bin\javaw.exe => No File
FirewallRules: [UDP Query User{83974DB5-6433-4FEF-B7A1-97F0AA46BCC8}E:\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) E:\steam\steamapps\common\war thunder\win64\aces.exe => No File
FirewallRules: [TCP Query User{4EEBBA88-54A0-478D-A03B-22326E3F6B6D}E:\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) E:\steam\steamapps\common\war thunder\win64\aces.exe => No File
FirewallRules: [{0339CE6C-4140-4F6F-8896-90003F0D33FD}] => (Allow) E:\Steam\steamapps\common\War Thunder\launcher.exe => No File
FirewallRules: [{900C7958-866B-46F5-9467-8D641A32F8CC}] => (Allow) E:\Steam\steamapps\common\War Thunder\launcher.exe => No File
FirewallRules: [{93D06912-E1E9-446B-A111-651A59E4E529}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\Xerox.CDAS2PC.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{7DD42B98-BCF9-4045-AF7D-760B25803DD4}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\Xerox.CDAS2PC.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{682B8C99-FB32-4E53-94B2-DB612A59C679}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\uninstall.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{323C7B84-EB18-452B-A2E4-4D51047B828E}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\uninstall.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{43E727E8-317A-432A-B6F6-F974CB57CFF1}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Alert.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{3915B04A-DA81-40FB-BF8E-33EC31EC853B}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Alert.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{AB0AF94E-D358-443E-82EB-14A13663E747}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.OrderSupplies.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{584CCB32-BA2A-465D-8852-C191A1C0C301}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.OrderSupplies.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{1EB45B36-015A-41D2-8828-FE2BD5BF9329}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Application.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{FCA7613A-D595-4A9C-926F-82360C570787}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Application.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{1656BE3C-725D-4460-A510-AED664C6E9CB}] => (Allow) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{01A9F9DA-42CA-44E2-BE9B-0BBA9B6728DD}] => (Allow) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [TCP Query User{CA25105E-9302-41E3-A733-68F484755F83}C:\users\hp\desktop\anydesk.exe] => (Allow) C:\users\hp\desktop\anydesk.exe => No File
FirewallRules: [UDP Query User{EC0E8DC1-B289-4B97-94BB-E6E5602696EB}C:\users\hp\desktop\anydesk.exe] => (Allow) C:\users\hp\desktop\anydesk.exe => No File
FirewallRules: [{0AA0B297-7F8E-4A31-BE39-09F20D2A6B97}] => (Allow) C:\Users\HP\AppData\Local\Programs\Opera\74.0.3911.203\opera.exe => No File
FirewallRules: [TCP Query User{9595F069-827C-43BE-814E-A655A98A0981}C:\users\hp\downloads\mapyczforts.exe] => (Allow) C:\users\hp\downloads\mapyczforts.exe => No File
FirewallRules: [UDP Query User{8DFF68D7-64BC-42AC-8DD0-A39D72657F15}C:\users\hp\downloads\mapyczforts.exe] => (Allow) C:\users\hp\downloads\mapyczforts.exe => No File
FirewallRules: [{103D2127-1F60-4D32-A4EC-E486FF05ED8F}] => (Allow) C:\Users\HP\AppData\Roaming\uTorrent Web\utweb.exe => No File
FirewallRules: [{D0A9B7D8-4EE8-4412-8402-516837BD8BAD}] => (Allow) C:\Users\HP\AppData\Roaming\uTorrent Web\utweb.exe => No File
FirewallRules: [{96822F68-15D5-4994-9480-244410EEDDD4}] => (Allow) C:\Users\HP\AppData\Local\Programs\Opera\74.0.3911.203_0\opera.exe => No File
FirewallRules: [TCP Query User{9B43EF9E-F6C3-43F2-85D7-939A00BAA461}C:\program files\java\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_281\bin\javaw.exe => No File
FirewallRules: [UDP Query User{D31A038F-9437-46C4-B299-324E274623CB}C:\program files\java\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_281\bin\javaw.exe => No File
FirewallRules: [{8C7F5F84-48C6-4639-827E-E97CDA8E1E14}] => (Allow) C:\Users\HP\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{C63F3316-ABEF-41D2-83CD-2EEF95F1E1AC}] => (Allow) C:\Users\HP\AppData\Local\Programs\Opera\74.0.3911.232\opera.exe => No File
FirewallRules: [{2608BA71-A2C0-435D-923B-6B65A46A18CE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{391FEBAB-5879-4AB4-8D95-4E05344889B7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{078C9388-3DE3-430D-BBB8-25CEF20E008C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{6624F3B9-B539-4228-9E6A-5E0E41248F88}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)

EmptyTemp:
Hosts:

Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Maty44
Návštěvník
Návštěvník
Příspěvky: 7
Registrován: 04 čer 2021 18:55

Re: Kontrola Logu :)

#8 Příspěvek od Maty44 »

Kód: Vybrat vše

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-06-2021
Ran by HP (21-06-2021 18:39:33) Run:2
Running from C:\Users\HP\Desktop\FRST
Loaded Profiles: HP & postgres
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706288 2021-04-09] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {032435BF-B3E7-4267-9F7C-6ACECDC3EA06} - System32\Tasks\Opera scheduled assistant Autoupdate 1616416552 => C:\Users\HP\AppData\Local\Programs\Opera\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\HP\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {21DB8893-F20A-4F6E-934F-26D53B59937D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {0D7EA97A-0A6C-41D3-8562-F6E72A966B26} - System32\Tasks\Opera scheduled Autoupdate 1616416544 => C:\Users\HP\AppData\Local\Programs\Opera\launcher.exe
Task: {406EE30A-036F-4688-9648-70817AB1F571} - System32\Tasks\Opera scheduled assistant Autoupdate 1613585807 => C:\Users\HP\AppData\Local\Programs\Opera\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\HP\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {46BEBC81-E676-4C23-9419-01F07DFB92F4} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2493272 2021-05-18] (Overwolf Ltd -> Overwolf LTD)
Task: {68B35E6F-3D8E-40FF-9A9C-FC2C20C0F956} - System32\Tasks\Opera scheduled assistant Autoupdate 1615056220 => C:\Users\HP\AppData\Local\Programs\Opera\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\HP\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {5C5956F5-A3F9-49B7-96C2-566D2957A906} - System32\Tasks\Opera scheduled Autoupdate 1613585797 => C:\Users\HP\AppData\Local\Programs\Opera\launcher.exe
Task: {8094E15C-C9B4-4370-B555-9F6CF7B1AE18} - System32\Tasks\Opera scheduled Autoupdate 1615729237 => C:\Users\HP\AppData\Local\Programs\Opera\launcher.exe
Task: {A5683E32-74A9-4324-BD4E-DE8F7C5DEE68} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-05-20] (Google LLC -> Google LLC)
Task: {AAA4F552-E52D-44E5-B859-687F9586BE91} - System32\Tasks\Opera scheduled assistant Autoupdate 1615729246 => C:\Users\HP\AppData\Local\Programs\Opera\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\HP\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {BA3152C2-A02A-4F62-81A0-E1D96F7E683A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-05-20] (Google LLC -> Google LLC)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
CHR Notifications: Default -> hxxps://www74.darenjarvis.pro
S3 RivaTuner64; \??\E:\RIVA\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [X]
Task: {6431D597-9A49-4E75-9758-CDAECDF8F7A4} - System32\Tasks\RTSS => E:\Riva No fake\RivaTuner Statistics Server\RTSS.exe [261264 2019-09-09] (Alexey Nicolaychuk -> )
HKLM\...\StartupApproved\Run: => "Riot Vanguard"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "RadminVPN"
HKU\S-1-5-21-3196039111-1982186927-2852310541-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-3196039111-1982186927-2852310541-1001\...\StartupApproved\Run: => "SIMDashboardServer"
HKU\S-1-5-21-3196039111-1982186927-2852310541-1001\...\StartupApproved\Run: => "Spotify"
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [488]
FirewallRules: [{6F25BCAE-81B2-4CD3-99A9-8471EE1DC2B4}] => (Allow) C:\Users\HP\AppData\Local\Programs\Opera\74.0.3911.139\opera.exe => No File
FirewallRules: [{E9432CBD-CCA1-4316-A835-E189022F9A14}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe => No File
FirewallRules: [UDP Query User{6E65B35D-7B1C-40C5-B23A-EDDF41C60914}C:\users\hp\.lunarclient\jre\zulu8.50.0.53-ca-fx-jre8.0.275-win_x64\bin\javaw.exe] => (Allow) C:\users\hp\.lunarclient\jre\zulu8.50.0.53-ca-fx-jre8.0.275-win_x64\bin\javaw.exe => No File
FirewallRules: [TCP Query User{00CF5812-9051-498A-A1EC-3EAB8E046BA5}C:\users\hp\.lunarclient\jre\zulu8.50.0.53-ca-fx-jre8.0.275-win_x64\bin\javaw.exe] => (Allow) C:\users\hp\.lunarclient\jre\zulu8.50.0.53-ca-fx-jre8.0.275-win_x64\bin\javaw.exe => No File
FirewallRules: [TCP Query User{00CF5812-9051-498A-A1EC-3EAB8E046BA5}C:\users\hp\.lunarclient\jre\zulu8.50.0.53-ca-fx-jre8.0.275-win_x64\bin\javaw.exe] => (Allow) C:\users\hp\.lunarclient\jre\zulu8.50.0.53-ca-fx-jre8.0.275-win_x64\bin\javaw.exe => No File
FirewallRules: [{732E3A9C-4F9C-428D-8A06-3EF6A8982D00}] => (Allow) C:\WINDOWS\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{CCEE9EC1-F27E-4710-8139-8116C7A0D1C4}] => (Allow) C:\WINDOWS\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{924AB1BA-A4F5-4B14-B4A9-DC201D3F9BE9}] => (Allow) C:\WINDOWS\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{9F6DAF95-2725-49D4-92A5-BEE9D43820E0}E:\muszynaa\aria2c.exe] => (Allow) E:\muszynaa\aria2c.exe => No File
FirewallRules: [TCP Query User{20C50109-F6E9-494C-AD34-D94AB20FF585}E:\muszynaa\aria2c.exe] => (Allow) E:\muszynaa\aria2c.exe => No File
FirewallRules: [{5A00857F-F577-4F2C-9CCB-8FF9048E59FB}] => (Allow) LPort=8317
FirewallRules: [{897020E7-EF45-4195-A974-ACB8144050AC}] => (Allow) LPort=8321
FirewallRules: [{71EA636F-2AED-44B7-BE5B-5D47D13E812E}] => (Allow) C:\Users\HP\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{61D13419-4222-4CDB-8EDE-3C40D81615A6}] => (Allow) C:\Users\HP\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{BF74313C-C6E9-4B57-8FA4-0F3450B95C2C}] => (Allow) E:\Steam\steamapps\common\Business Tour\BusinessTour.exe => No File
FirewallRules: [{1E0536A6-903E-462E-B3DE-48804F948D0D}] => (Allow) E:\Steam\steamapps\common\Business Tour\BusinessTour.exe => No File
FirewallRules: [UDP Query User{7F5B2D56-3E2F-41B5-A4AB-6ED2E9005FD7}E:\tanky xd\wargaming.net\gamecenter\dlls\wgc_renderer.exe] => (Allow) E:\tanky xd\wargaming.net\gamecenter\dlls\wgc_renderer.exe => No File
FirewallRules: [TCP Query User{96925CA7-8850-4C14-8694-A409C9DAAE67}E:\tanky xd\wargaming.net\gamecenter\dlls\wgc_renderer.exe] => (Allow) E:\tanky xd\wargaming.net\gamecenter\dlls\wgc_renderer.exe => No File
FirewallRules: [UDP Query User{FA43E5EC-F13D-4D38-BEE5-00000E4B136B}E:\civilization 6\sidmeierscivilizationvi\base\binaries\win64eos\civilizationvi.exe] => (Allow) E:\civilization 6\sidmeierscivilizationvi\base\binaries\win64eos\civilizationvi.exe => No File
FirewallRules: [TCP Query User{A292C440-3626-4423-8989-D15C8972229B}E:\civilization 6\sidmeierscivilizationvi\base\binaries\win64eos\civilizationvi.exe] => (Allow) E:\civilization 6\sidmeierscivilizationvi\base\binaries\win64eos\civilizationvi.exe => No File
FirewallRules: [UDP Query User{439D1DA3-D258-4156-8305-798C35BD744E}C:\program files\java\jre1.8.0_251\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_251\bin\javaw.exe => No File
FirewallRules: [TCP Query User{CD549AAE-9449-4708-BB5A-4967DBA1160C}C:\program files\java\jre1.8.0_251\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_251\bin\javaw.exe => No File
FirewallRules: [UDP Query User{83974DB5-6433-4FEF-B7A1-97F0AA46BCC8}E:\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) E:\steam\steamapps\common\war thunder\win64\aces.exe => No File
FirewallRules: [TCP Query User{4EEBBA88-54A0-478D-A03B-22326E3F6B6D}E:\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) E:\steam\steamapps\common\war thunder\win64\aces.exe => No File
FirewallRules: [{0339CE6C-4140-4F6F-8896-90003F0D33FD}] => (Allow) E:\Steam\steamapps\common\War Thunder\launcher.exe => No File
FirewallRules: [{900C7958-866B-46F5-9467-8D641A32F8CC}] => (Allow) E:\Steam\steamapps\common\War Thunder\launcher.exe => No File
FirewallRules: [{93D06912-E1E9-446B-A111-651A59E4E529}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\Xerox.CDAS2PC.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{7DD42B98-BCF9-4045-AF7D-760B25803DD4}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\Xerox.CDAS2PC.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{682B8C99-FB32-4E53-94B2-DB612A59C679}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\uninstall.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{323C7B84-EB18-452B-A2E4-4D51047B828E}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\uninstall.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{43E727E8-317A-432A-B6F6-F974CB57CFF1}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Alert.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{3915B04A-DA81-40FB-BF8E-33EC31EC853B}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Alert.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{AB0AF94E-D358-443E-82EB-14A13663E747}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.OrderSupplies.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{584CCB32-BA2A-465D-8852-C191A1C0C301}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.OrderSupplies.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{1EB45B36-015A-41D2-8828-FE2BD5BF9329}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Application.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{FCA7613A-D595-4A9C-926F-82360C570787}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Application.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{1656BE3C-725D-4460-A510-AED664C6E9CB}] => (Allow) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{01A9F9DA-42CA-44E2-BE9B-0BBA9B6728DD}] => (Allow) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [TCP Query User{CA25105E-9302-41E3-A733-68F484755F83}C:\users\hp\desktop\anydesk.exe] => (Allow) C:\users\hp\desktop\anydesk.exe => No File
FirewallRules: [UDP Query User{EC0E8DC1-B289-4B97-94BB-E6E5602696EB}C:\users\hp\desktop\anydesk.exe] => (Allow) C:\users\hp\desktop\anydesk.exe => No File
FirewallRules: [{0AA0B297-7F8E-4A31-BE39-09F20D2A6B97}] => (Allow) C:\Users\HP\AppData\Local\Programs\Opera\74.0.3911.203\opera.exe => No File
FirewallRules: [TCP Query User{9595F069-827C-43BE-814E-A655A98A0981}C:\users\hp\downloads\mapyczforts.exe] => (Allow) C:\users\hp\downloads\mapyczforts.exe => No File
FirewallRules: [UDP Query User{8DFF68D7-64BC-42AC-8DD0-A39D72657F15}C:\users\hp\downloads\mapyczforts.exe] => (Allow) C:\users\hp\downloads\mapyczforts.exe => No File
FirewallRules: [{103D2127-1F60-4D32-A4EC-E486FF05ED8F}] => (Allow) C:\Users\HP\AppData\Roaming\uTorrent Web\utweb.exe => No File
FirewallRules: [{D0A9B7D8-4EE8-4412-8402-516837BD8BAD}] => (Allow) C:\Users\HP\AppData\Roaming\uTorrent Web\utweb.exe => No File
FirewallRules: [{96822F68-15D5-4994-9480-244410EEDDD4}] => (Allow) C:\Users\HP\AppData\Local\Programs\Opera\74.0.3911.203_0\opera.exe => No File
FirewallRules: [TCP Query User{9B43EF9E-F6C3-43F2-85D7-939A00BAA461}C:\program files\java\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_281\bin\javaw.exe => No File
FirewallRules: [UDP Query User{D31A038F-9437-46C4-B299-324E274623CB}C:\program files\java\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_281\bin\javaw.exe => No File
FirewallRules: [{8C7F5F84-48C6-4639-827E-E97CDA8E1E14}] => (Allow) C:\Users\HP\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{C63F3316-ABEF-41D2-83CD-2EEF95F1E1AC}] => (Allow) C:\Users\HP\AppData\Local\Programs\Opera\74.0.3911.232\opera.exe => No File
FirewallRules: [{2608BA71-A2C0-435D-923B-6B65A46A18CE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{391FEBAB-5879-4AB4-8D95-4E05344889B7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{078C9388-3DE3-430D-BBB8-25CEF20E008C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{6624F3B9-B539-4228-9E6A-5E0E41248F88}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)

EmptyTemp:
Hosts:

*****************

Processes closed successfully.
Restore point was successfully created.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{032435BF-B3E7-4267-9F7C-6ACECDC3EA06}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{032435BF-B3E7-4267-9F7C-6ACECDC3EA06}" => removed successfully
C:\WINDOWS\System32\Tasks\Opera scheduled assistant Autoupdate 1616416552 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled assistant Autoupdate 1616416552" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{21DB8893-F20A-4F6E-934F-26D53B59937D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21DB8893-F20A-4F6E-934F-26D53B59937D}" => removed successfully
C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0D7EA97A-0A6C-41D3-8562-F6E72A966B26}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D7EA97A-0A6C-41D3-8562-F6E72A966B26}" => removed successfully
C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1616416544 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 1616416544" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{406EE30A-036F-4688-9648-70817AB1F571}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{406EE30A-036F-4688-9648-70817AB1F571}" => removed successfully
C:\WINDOWS\System32\Tasks\Opera scheduled assistant Autoupdate 1613585807 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled assistant Autoupdate 1613585807" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{46BEBC81-E676-4C23-9419-01F07DFB92F4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46BEBC81-E676-4C23-9419-01F07DFB92F4}" => removed successfully
C:\WINDOWS\System32\Tasks\Overwolf Updater Task => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Overwolf Updater Task" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{68B35E6F-3D8E-40FF-9A9C-FC2C20C0F956}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68B35E6F-3D8E-40FF-9A9C-FC2C20C0F956}" => removed successfully
C:\WINDOWS\System32\Tasks\Opera scheduled assistant Autoupdate 1615056220 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled assistant Autoupdate 1615056220" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5C5956F5-A3F9-49B7-96C2-566D2957A906}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C5956F5-A3F9-49B7-96C2-566D2957A906}" => removed successfully
C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1613585797 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 1613585797" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8094E15C-C9B4-4370-B555-9F6CF7B1AE18}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8094E15C-C9B4-4370-B555-9F6CF7B1AE18}" => removed successfully
C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1615729237 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 1615729237" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A5683E32-74A9-4324-BD4E-DE8F7C5DEE68}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5683E32-74A9-4324-BD4E-DE8F7C5DEE68}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AAA4F552-E52D-44E5-B859-687F9586BE91}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AAA4F552-E52D-44E5-B859-687F9586BE91}" => removed successfully
C:\WINDOWS\System32\Tasks\Opera scheduled assistant Autoupdate 1615729246 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled assistant Autoupdate 1615729246" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BA3152C2-A02A-4F62-81A0-E1D96F7E683A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA3152C2-A02A-4F62-81A0-E1D96F7E683A}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
"Chrome Notifications" => removed successfully
HKLM\System\CurrentControlSet\Services\RivaTuner64 => removed successfully
RivaTuner64 => service removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6431D597-9A49-4E75-9758-CDAECDF8F7A4}" => not found
C:\WINDOWS\System32\Tasks\RTSS => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RTSS" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Riot Vanguard" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Riot Vanguard" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\LogMeIn Hamachi Ui" => removed successfully
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\LogMeIn Hamachi Ui" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\RadminVPN" => removed successfully
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\RadminVPN" => removed successfully
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk => moved successfully
"HKU\S-1-5-21-3196039111-1982186927-2852310541-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\MEGAsync.lnk" => removed successfully
"HKU\S-1-5-21-3196039111-1982186927-2852310541-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\SIMDashboardServer" => removed successfully
"HKU\S-1-5-21-3196039111-1982186927-2852310541-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SIMDashboardServer" => removed successfully
"HKU\S-1-5-21-3196039111-1982186927-2852310541-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Spotify" => removed successfully
"HKU\S-1-5-21-3196039111-1982186927-2852310541-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Spotify" => removed successfully
C:\Users\Public\Shared Files => ":VersionCache" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6F25BCAE-81B2-4CD3-99A9-8471EE1DC2B4}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E9432CBD-CCA1-4316-A835-E189022F9A14}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{6E65B35D-7B1C-40C5-B23A-EDDF41C60914}C:\users\hp\.lunarclient\jre\zulu8.50.0.53-ca-fx-jre8.0.275-win_x64\bin\javaw.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{00CF5812-9051-498A-A1EC-3EAB8E046BA5}C:\users\hp\.lunarclient\jre\zulu8.50.0.53-ca-fx-jre8.0.275-win_x64\bin\javaw.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{00CF5812-9051-498A-A1EC-3EAB8E046BA5}C:\users\hp\.lunarclient\jre\zulu8.50.0.53-ca-fx-jre8.0.275-win_x64\bin\javaw.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{732E3A9C-4F9C-428D-8A06-3EF6A8982D00}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CCEE9EC1-F27E-4710-8139-8116C7A0D1C4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{924AB1BA-A4F5-4B14-B4A9-DC201D3F9BE9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{9F6DAF95-2725-49D4-92A5-BEE9D43820E0}E:\muszynaa\aria2c.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{20C50109-F6E9-494C-AD34-D94AB20FF585}E:\muszynaa\aria2c.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5A00857F-F577-4F2C-9CCB-8FF9048E59FB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{897020E7-EF45-4195-A974-ACB8144050AC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{71EA636F-2AED-44B7-BE5B-5D47D13E812E}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{61D13419-4222-4CDB-8EDE-3C40D81615A6}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BF74313C-C6E9-4B57-8FA4-0F3450B95C2C}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1E0536A6-903E-462E-B3DE-48804F948D0D}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{7F5B2D56-3E2F-41B5-A4AB-6ED2E9005FD7}E:\tanky xd\wargaming.net\gamecenter\dlls\wgc_renderer.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{96925CA7-8850-4C14-8694-A409C9DAAE67}E:\tanky xd\wargaming.net\gamecenter\dlls\wgc_renderer.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{FA43E5EC-F13D-4D38-BEE5-00000E4B136B}E:\civilization 6\sidmeierscivilizationvi\base\binaries\win64eos\civilizationvi.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{A292C440-3626-4423-8989-D15C8972229B}E:\civilization 6\sidmeierscivilizationvi\base\binaries\win64eos\civilizationvi.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{439D1DA3-D258-4156-8305-798C35BD744E}C:\program files\java\jre1.8.0_251\bin\javaw.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{CD549AAE-9449-4708-BB5A-4967DBA1160C}C:\program files\java\jre1.8.0_251\bin\javaw.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{83974DB5-6433-4FEF-B7A1-97F0AA46BCC8}E:\steam\steamapps\common\war thunder\win64\aces.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{4EEBBA88-54A0-478D-A03B-22326E3F6B6D}E:\steam\steamapps\common\war thunder\win64\aces.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0339CE6C-4140-4F6F-8896-90003F0D33FD}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{900C7958-866B-46F5-9467-8D641A32F8CC}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{93D06912-E1E9-446B-A111-651A59E4E529}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7DD42B98-BCF9-4045-AF7D-760B25803DD4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{682B8C99-FB32-4E53-94B2-DB612A59C679}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{323C7B84-EB18-452B-A2E4-4D51047B828E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{43E727E8-317A-432A-B6F6-F974CB57CFF1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3915B04A-DA81-40FB-BF8E-33EC31EC853B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AB0AF94E-D358-443E-82EB-14A13663E747}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{584CCB32-BA2A-465D-8852-C191A1C0C301}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1EB45B36-015A-41D2-8828-FE2BD5BF9329}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FCA7613A-D595-4A9C-926F-82360C570787}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1656BE3C-725D-4460-A510-AED664C6E9CB}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{01A9F9DA-42CA-44E2-BE9B-0BBA9B6728DD}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{CA25105E-9302-41E3-A733-68F484755F83}C:\users\hp\desktop\anydesk.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{EC0E8DC1-B289-4B97-94BB-E6E5602696EB}C:\users\hp\desktop\anydesk.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0AA0B297-7F8E-4A31-BE39-09F20D2A6B97}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{9595F069-827C-43BE-814E-A655A98A0981}C:\users\hp\downloads\mapyczforts.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8DFF68D7-64BC-42AC-8DD0-A39D72657F15}C:\users\hp\downloads\mapyczforts.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{103D2127-1F60-4D32-A4EC-E486FF05ED8F}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D0A9B7D8-4EE8-4412-8402-516837BD8BAD}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{96822F68-15D5-4994-9480-244410EEDDD4}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{9B43EF9E-F6C3-43F2-85D7-939A00BAA461}C:\program files\java\jre1.8.0_281\bin\javaw.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D31A038F-9437-46C4-B299-324E274623CB}C:\program files\java\jre1.8.0_281\bin\javaw.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8C7F5F84-48C6-4639-827E-E97CDA8E1E14}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C63F3316-ABEF-41D2-83CD-2EEF95F1E1AC}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2608BA71-A2C0-435D-923B-6B65A46A18CE}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{391FEBAB-5879-4AB4-8D95-4E05344889B7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{078C9388-3DE3-430D-BBB8-25CEF20E008C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6624F3B9-B539-4228-9E6A-5E0E41248F88}" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 34915274 B
Java, Flash, Steam htmlcache => 469045434 B
Windows/system/drivers => 0 B
Edge => 32295 B
Chrome => 465637536 B
Firefox => 0 B
Opera => 4996987 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 5072 B
HP => 1460641508 B
postgres => 1460641508 B

RecycleBin => 340 B
EmptyTemp: => 3.6 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:41:43 ====

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Kontrola Logu :)

#9 Příspěvek od Diallix »

Mozem poprosit o nove logy FRST + ADDITION?
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Maty44
Návštěvník
Návštěvník
Příspěvky: 7
Registrován: 04 čer 2021 18:55

Re: Kontrola Logu :)

#10 Příspěvek od Maty44 »

Diallix píše: 21 čer 2021 17:52 Mozem poprosit o nove logy FRST + ADDITION?
Samozrejme
Nová položka WinRAR archiv.rar
(30.54 KiB) Staženo 61 x

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Kontrola Logu :)

#11 Příspěvek od Diallix »

tieto veci poznate?

FirewallRules: [{0D0C3C8A-CA07-4E6B-9DDC-050E3DB12B14}] => (Allow) E:\Davinvii\DPDecoder.exe () [File not signed]
FirewallRules: [{8817B291-C82D-44CB-8011-B16AB0953283}] => (Allow) E:\Davinvii\fuscript.exe (Blackmagic Design Pty. Ltd.) [File not signed]
FirewallRules: [{3CAD9FF0-26E0-45EE-A95D-59A7DBD36B2D}] => (Allow) E:\Davinvii\TangentPanelDaemon.exe () [File not signed]
FirewallRules: [{B6355857-2721-4244-BAB2-5385ACDE316E}] => (Allow) E:\Davinvii\EuphonixPanelDaemon.exe () [File not signed]
FirewallRules: [{DBED2285-71BF-419A-A3FC-06553F52AE80}] => (Allow) E:\Davinvii\JLCooperPanelDaemon.exe () [File not signed]
FirewallRules: [{26190E13-BD3E-42E7-B531-B465D2180E05}] => (Allow) E:\Davinvii\DaVinciPanelDaemon.exe () [File not signed]
FirewallRules: [{0190D909-CADE-4082-A003-03991725E21E}] => (Allow) E:\Davinvii\bmdpaneld.exe () [File not signed]
FirewallRules: [{4F8EC546-4888-4247-8EFA-CD109B2F047D}] => (Allow) E:\Davinvii\Resolve.exe (Blackmagic Design Pty. Ltd.) [File not signed]
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Maty44
Návštěvník
Návštěvník
Příspěvky: 7
Registrován: 04 čer 2021 18:55

Re: Kontrola Logu :)

#12 Příspěvek od Maty44 »

Diallix píše: 24 čer 2021 17:59 tieto veci poznate?

FirewallRules: [{0D0C3C8A-CA07-4E6B-9DDC-050E3DB12B14}] => (Allow) E:\Davinvii\DPDecoder.exe () [File not signed]
FirewallRules: [{8817B291-C82D-44CB-8011-B16AB0953283}] => (Allow) E:\Davinvii\fuscript.exe (Blackmagic Design Pty. Ltd.) [File not signed]
FirewallRules: [{3CAD9FF0-26E0-45EE-A95D-59A7DBD36B2D}] => (Allow) E:\Davinvii\TangentPanelDaemon.exe () [File not signed]
FirewallRules: [{B6355857-2721-4244-BAB2-5385ACDE316E}] => (Allow) E:\Davinvii\EuphonixPanelDaemon.exe () [File not signed]
FirewallRules: [{DBED2285-71BF-419A-A3FC-06553F52AE80}] => (Allow) E:\Davinvii\JLCooperPanelDaemon.exe () [File not signed]
FirewallRules: [{26190E13-BD3E-42E7-B531-B465D2180E05}] => (Allow) E:\Davinvii\DaVinciPanelDaemon.exe () [File not signed]
FirewallRules: [{0190D909-CADE-4082-A003-03991725E21E}] => (Allow) E:\Davinvii\bmdpaneld.exe () [File not signed]
FirewallRules: [{4F8EC546-4888-4247-8EFA-CD109B2F047D}] => (Allow) E:\Davinvii\Resolve.exe (Blackmagic Design Pty. Ltd.) [File not signed]
Pravdepodobne to patrí programu Davinci Resolve 17.

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Kontrola Logu :)

#13 Příspěvek od Diallix »

Do poznamkoveho bloku skopirujte obsah dole:

Kód: Vybrat vše

Task: {7AB51301-DEAA-4E4E-8182-5C4E886DBDFA} - \RTSS -> No File <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}

EmptyTemp:

Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Odpovědět