Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Preventívka T-Bag

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
T-Bag
Návštěvník
Návštěvník
Příspěvky: 33
Registrován: 14 pro 2014 09:54

Preventívka T-Bag

#1 Příspěvek od T-Bag »

Zdravím, prosím o preventívnu kontrolu, ntb je akýsi pomalý a prehliadače opera/chrome mi velmi žeru Ram/Cpu.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-12-2021
Ran by Tibor (administrator) on TIBOR (Acer Aspire E5-573G) (02-01-2022 12:53:02)
Running from C:\Users\Tibor\Desktop
Loaded Profiles: Tibor
Platform: Microsoft Windows 10 Home Version 21H1 19043.1415 (X64) Language: Slovenčina (Slovensko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\ASUS\USB-AC51 WLAN Card Utilities\Common\ASUSService.exe
() [File not signed] C:\Program Files (x86)\Remote Mouse\RemoteMouseService.exe
() [File not signed] C:\Users\Tibor\Desktop\GSAutoClicker.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\USB-AC51 WLAN Card Utilities\Common\RaUI.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <3>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(Discord Inc. -> Discord Inc.) C:\Users\Tibor\AppData\Local\Discord\app-1.0.9003\Discord.exe <6>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <23>
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(LAVASOFT SOFTWARE CANADA INC -> ) C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2110.13603.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIGCE.EXE
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Ralink Technology, Corp.) [File not signed] C:\Program Files (x86)\ASUS\USB-AC51 WLAN Card Utilities\Common\RaRegistry64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp. -> ) C:\Windows\runSW.exe
(Realtek Semiconductor Corp. -> Realtek) C:\Windows\SwUSB.exe
(RemoteMouse.net) [File not signed] C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14049536 2015-07-09] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [157464 2021-12-28] (Avast Software s.r.o. -> AVAST Software)
HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [8442464 2020-12-12] (LAVASOFT SOFTWARE CANADA INC -> Lavasoft)
HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\Run: [EPSON1D24F2 (Epson Stylus SX420W)] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE [224768 2009-09-14] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32414392 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\Run: [Discord] => C:\Users\Tibor\AppData\Local\Discord\Update.exe [1512608 2021-09-21] (Discord Inc. -> GitHub)
HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\Run: [utweb] => "C:\Users\Tibor\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED (No File)
HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\Run: [Opera Browser Assistant] => C:\Users\Tibor\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [4095184 2021-08-11] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\Run: [ut] => "C:\Users\Tibor\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED (No File)
HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\Run: [EPSON SX420W Series] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE [224768 2009-09-14] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\EPSON SX420W Series 64MonitorBE: C:\WINDOWS\system32\E_ILMGCE.DLL [118784 2008-11-12] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\96.0.4664.110\Installer\chrmstp.exe [2021-12-13] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ASUS USB-AC51 WLAN Control Center.lnk [2020-12-22]
ShortcutTarget: ASUS USB-AC51 WLAN Control Center.lnk -> C:\Program Files (x86)\ASUS\USB-AC51 WLAN Card Utilities\Common\RaUI.exe (ASUSTeK Computer Inc.) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TREZOR Bridge.lnk [2021-01-08]
ShortcutTarget: TREZOR Bridge.lnk -> C:\Program Files (x86)\TREZOR Bridge\trezord.exe (SatoshiLabs, s.r.o. -> )
Startup: C:\Users\Tibor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2020-10-08]
ShortcutTarget: MEGAsync.lnk -> C:\Windows.old\Users\Tibor\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited -> Mega Limited)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {073BDFFE-C5A9-43DA-A4EF-E881E69890EA} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {0E3885D1-8826-4E7B-9FF0-2CCB4A06583D} - System32\Tasks\Opera scheduled assistant Autoupdate 1602954848 => C:\Users\Tibor\AppData\Local\Programs\Opera\launcher.exe [2256592 2021-12-14] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Tibor\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {19A4EE05-2984-4BF6-9CE1-1F420DCCAB61} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646896 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1AC05320-3413-4ACD-A9D4-0A09BD13966F} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-2813316739-561623387-2885406294-1001 => C:\Windows.old\Users\Tibor\AppData\Local\MEGAsync\MEGAupdater.exe [1303800 2020-12-12] (Mega Limited -> Mega Limited)
Task: {4351048E-0DB9-4F81-99B7-704A0FFED913} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {52EAE05D-FE15-45C3-ACB1-4F88E273BF4D} - System32\Tasks\Opera scheduled Autoupdate 1602954829 => C:\Users\Tibor\AppData\Local\Programs\Opera\launcher.exe [2256592 2021-12-14] (Opera Software AS -> Opera Software)
Task: {5E12C1DA-42E7-4EA3-9085-DB1714E0BFE9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26896568 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {639C6B9E-1E7A-4BE9-92F9-ED7157D9C0F4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-10-08] (Google LLC -> Google LLC)
Task: {84C939F4-D939-4F2B-B01B-92F2B4E69124} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe [918288 2020-04-22] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {906F5B73-7B83-4DFC-B6EF-18A13442BF75} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9B92D60A-DECD-4709-A1BD-4C2566A84D02} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B09642EC-734A-427C-AC0F-3F0DB7B7AF58} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2021-01-11] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {BA7B6BF4-0B80-4C26-9C83-904870744383} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C1E0276D-1BC8-41D1-9949-5EFD12FAFB3D} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {C35E4ED4-521B-48EC-8AE2-18587E4AADB3} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3302128 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C61E8B24-30DF-43FE-A848-2841AD26F90A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-10-08] (Google LLC -> Google LLC)
Task: {C7500535-9F5F-43B3-A022-E3D1723DBAE3} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906480 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D4D51C84-FC3E-40F5-82DF-565134B7CC9D} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906480 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D54452D8-0618-4F7A-9DD5-F40E09C478FD} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4969240 2021-12-28] (Avast Software s.r.o. -> AVAST Software)
Task: {D54CF93E-D2CB-4CD1-88BE-8C48CBA2EC11} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2021-01-11] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {FC3949A2-53FB-463B-8958-3E3BB9BC5465} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {FE82577C-64CC-4550-A27A-CD7443349B65} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1790184 2021-04-29] (Avast Software s.r.o. -> Avast Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{38361781-665b-4bac-baa9-7292d430fe54}: [DhcpNameServer] 192.168.2.254
Tcpip\..\Interfaces\{7f91a368-a36a-489f-985d-b120411bfc58}: [DhcpNameServer] 195.146.132.59 8.8.8.8
Tcpip\..\Interfaces\{a791c8d3-0280-49a8-90c0-2ee0a4245225}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Tibor\AppData\Local\Microsoft\Edge\User Data\Default [2021-12-26]
Edge Session Restore: Default -> is enabled.
Edge Extension: (Outlook) - C:\Users\Tibor\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2020-10-15]
Edge Extension: (Word) - C:\Users\Tibor\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2020-10-15]
Edge Extension: (Excel) - C:\Users\Tibor\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2020-10-15]
Edge Extension: (PowerPoint) - C:\Users\Tibor\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2020-10-15]

FireFox:
========
FF DefaultProfile: umm8z632.default
FF ProfilePath: C:\Users\Tibor\AppData\Roaming\Mozilla\Firefox\Profiles\umm8z632.default [2020-10-10]
FF NewTab: Mozilla\Firefox\Profiles\umm8z632.default -> hxxps://securesearch.org/homepage?hp=2&pId=BT170603&iDate=2020-10-10 06:06:17&bName=
FF ProfilePath: C:\Users\Tibor\AppData\Roaming\Mozilla\Firefox\Profiles\tcp1p373.default-release-1610529294751 [2021-10-29]
FF Session Restore: Mozilla\Firefox\Profiles\tcp1p373.default-release-1610529294751 -> is enabled.
FF Extension: (Facebook Container) - C:\Users\Tibor\AppData\Roaming\Mozilla\Firefox\Profiles\tcp1p373.default-release-1610529294751\Extensions\@contain-facebook.xpi [2021-08-23]
FF Extension: (Enhancer for YouTube™) - C:\Users\Tibor\AppData\Roaming\Mozilla\Firefox\Profiles\tcp1p373.default-release-1610529294751\Extensions\enhancerforyoutube@maximerf.addons.mozilla.org.xpi [2021-08-23]
FF Extension: (MetaMask) - C:\Users\Tibor\AppData\Roaming\Mozilla\Firefox\Profiles\tcp1p373.default-release-1610529294751\Extensions\webextension@metamask.io.xpi [2021-08-23]
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Tibor\AppData\Local\Google\Chrome\User Data\Default [2022-01-02]
CHR Notifications: Default -> hxxps://app.anchorprotocol.com
CHR Extension: (Prezentácie) - C:\Users\Tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-01-10]
CHR Extension: (Terra Station) - C:\Users\Tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiifbnbfobpmeekipheeijimdpnlpgpp [2021-12-18]
CHR Extension: (Dokumenty) - C:\Users\Tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-01-10]
CHR Extension: (Disk Google) - C:\Users\Tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-01-10]
CHR Extension: (Phantom) - C:\Users\Tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfnaelmomeimhlpmgjnjophhpkkoljpa [2021-12-29]
CHR Extension: (Authenticator) - C:\Users\Tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhghoamapcdpbohphigoooaddinpkbai [2021-11-11]
CHR Extension: (YouTube) - C:\Users\Tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-01-10]
CHR Extension: (Tabuľky) - C:\Users\Tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-01-10]
CHR Extension: (Binance Wallet) - C:\Users\Tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhbohimaelbohpjbbldcngcnapndodjp [2021-12-28]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\Tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-12-05]
CHR Extension: (IE Tab) - C:\Users\Tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2021-11-20]
CHR Extension: (Nastavenie hlasitosti) - C:\Users\Tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\kedfglpbemacpmmdhkhmichimibbhnge [2021-12-11]
CHR Extension: (MetaMask) - C:\Users\Tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2021-12-21]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-15]
CHR Extension: (Gmail) - C:\Users\Tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-01-10]

Opera:
=======
OPR Profile: C:\Users\Tibor\AppData\Roaming\Opera Software\Opera Stable [2022-01-02]
OPR Notifications: Opera Stable -> hxxps://bridge.renproject.io; hxxps://www.tradingview.com
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=o ... utEncoding}
OPR Extension: (Terra Station) - C:\Users\Tibor\AppData\Roaming\Opera Software\Opera Stable\Extensions\aiifbnbfobpmeekipheeijimdpnlpgpp [2021-12-29]
OPR Extension: (Phantom) - C:\Users\Tibor\AppData\Roaming\Opera Software\Opera Stable\Extensions\bfnaelmomeimhlpmgjnjophhpkkoljpa [2021-12-17]
OPR Extension: (Keplr) - C:\Users\Tibor\AppData\Roaming\Opera Software\Opera Stable\Extensions\dmkamcknogkgcdfhhbddcghachkejeap [2021-12-30]
OPR Extension: (Rich Hints Agent) - C:\Users\Tibor\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-12-30]
OPR Extension: (Harmony Chrome Extension Wallet) - C:\Users\Tibor\AppData\Roaming\Opera Software\Opera Stable\Extensions\fnnegphlobjdpkhecapkijjdkgcjhkib [2021-11-06]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\Tibor\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-08-13]
OPR Extension: (Install Chrome Extensions) - C:\Users\Tibor\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2021-03-22]
OPR Extension: (MetaMask) - C:\Users\Tibor\AppData\Roaming\Opera Software\Opera Stable\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2021-12-29]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
R2 ASUSWireless; C:\Program Files (x86)\ASUS\USB-AC51 WLAN Card Utilities\Common\ASUSService.exe [184320 2014-03-05] () [File not signed]
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8480848 2021-12-28] (Avast Software s.r.o. -> AVAST Software)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [323152 2015-05-29] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed]
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [452888 2021-12-28] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [452888 2021-12-28] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2021-06-03] (Avast Software s.r.o. -> AVAST Software)
S2 ibtsiva; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [165104 2015-06-30] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7901368 2021-12-13] (Malwarebytes Inc -> Malwarebytes)
R2 RalinkRegistryWriter; C:\Program Files (x86)\ASUS\USB-AC51 WLAN Card Utilities\Common\RaRegistry64.exe [447488 2014-03-05] (Ralink Technology, Corp.) [File not signed]
S2 RaMediaServer; C:\Program Files (x86)\ASUS\USB-AC51 WLAN Card Utilities\Common\RaMediaServer.exe [1863680 2014-03-05] (Ralink) [File not signed]
R2 RemoteMouseService; C:\Program Files (x86)\Remote Mouse\RemoteMouseService.exe [11264 2020-09-23] () [File not signed]
R2 RunSwUSB; C:\Windows\runSW.exe [59232 2018-05-02] (Realtek Semiconductor Corp. -> )
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [29280 2020-12-12] (LAVASOFT SOFTWARE CANADA INC -> )
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [36784 2021-12-28] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [223176 2021-12-28] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [369216 2021-12-28] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [252992 2021-12-28] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [100416 2021-12-28] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [21936 2021-10-05] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42416 2021-12-28] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [186280 2021-12-28] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [540056 2021-12-28] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [108912 2021-12-28] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [83976 2021-12-28] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [853800 2021-12-28] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [545176 2021-12-28] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [215432 2021-12-28] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [318760 2021-12-28] (Avast Software s.r.o. -> AVAST Software)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21360 2013-07-18] (Acer Incorporated -> Acer Incorporated)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210352 2021-12-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-12-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-07-12] (Malwarebytes Inc -> Malwarebytes)
S3 qcusbser; C:\WINDOWS\System32\drivers\qcusbser.sys [242688 2016-05-18] (Xiaomi Technology Inc -> QUALCOMM Incorporated)
S3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14680 2013-07-18] (Acer Incorporated -> Acer Incorporated)
R3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [7148872 2018-05-04] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-01-02 12:50 - 2022-01-02 12:56 - 000027619 _____ C:\Users\Tibor\Desktop\FRST.txt
2022-01-02 12:50 - 2022-01-02 12:50 - 000000000 ___HD C:\$AV_ASW
2022-01-02 12:50 - 2022-01-02 12:50 - 000000000 ____D C:\Users\Tibor\Desktop\FRST-OlderVersion
2022-01-02 12:41 - 2022-01-02 12:41 - 002311168 _____ (Farbar) C:\Users\Tibor\Desktop\FRST64 (1).exe
2021-12-30 08:31 - 2021-12-30 08:31 - 000007334 _____ C:\Users\Tibor\Desktop\Nová položka OpenDocument Text.odt
2021-12-29 17:30 - 2021-12-29 17:47 - 000012698 _____ C:\Users\Tibor\Desktop\Nová položka OpenDocument Zošit.ods
2021-12-29 16:27 - 2021-12-29 16:27 - 060249906 _____ C:\Users\Tibor\Downloads\bybit.apk
2021-12-29 13:07 - 2021-12-29 13:37 - 000000000 ____D C:\Users\Tibor\AppData\Roaming\Authy Desktop
2021-12-29 13:07 - 2021-12-29 13:07 - 000000000 ____D C:\Users\Tibor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Twilio Inc
2021-12-29 13:06 - 2021-12-29 13:07 - 000000000 ____D C:\Users\Tibor\AppData\Local\authy
2021-12-29 13:06 - 2021-12-29 13:06 - 070878224 _____ (Twilio Inc.) C:\Users\Tibor\Downloads\Authy Desktop Setup 1.9.0.exe
2021-12-29 10:00 - 2021-12-29 10:00 - 000850651 _____ C:\Users\Tibor\Downloads\EPH263847226_adresne_stitky_a4.pdf
2021-12-28 13:18 - 2021-12-28 13:18 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2021-12-28 13:17 - 2021-12-28 13:17 - 000340248 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2021-12-28 13:17 - 2021-12-28 13:17 - 000215432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2021-12-26 06:49 - 2021-12-26 06:49 - 000210352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-12-21 19:26 - 2021-12-21 19:26 - 000850398 _____ C:\Users\Tibor\Downloads\NZ0176011_adresne_stitky_a4.pdf
2021-12-21 19:26 - 2021-12-21 19:26 - 000850397 _____ C:\Users\Tibor\Downloads\NZ0176011_adresne_stitky_c6.pdf
2021-12-21 19:25 - 2021-12-21 19:25 - 000850399 _____ C:\Users\Tibor\Downloads\NZ0176011_adresne_stitky_dl.pdf
2021-12-18 12:07 - 2021-12-18 12:07 - 000000000 ____D C:\WINDOWS\SystemTemp
2021-12-18 08:53 - 2021-12-18 12:05 - 000000243 _____ C:\Users\Tibor\Desktop\new.txt
2021-12-17 12:58 - 2021-12-17 12:58 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-12-17 12:58 - 2021-12-17 12:58 - 000011979 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-12-17 12:56 - 2021-12-17 12:56 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-12-17 12:56 - 2021-12-17 12:56 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-12-17 12:10 - 2021-12-17 12:10 - 000000000 ___HD C:\$WinREAgent
2021-12-11 17:25 - 2022-01-02 00:36 - 000003062 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2813316739-561623387-2885406294-1001
2021-12-09 19:28 - 2021-12-09 19:28 - 000007554 _____ C:\Users\Tibor\Downloads\export-0xb1aa469f612f5b50517dfc94f23c184f2be96d7a.csv
2021-12-05 22:00 - 2021-12-05 21:29 - 000867241 _____ C:\Users\Tibor\Desktop\GSAutoClicker.exe
2021-12-05 21:29 - 2021-12-05 21:29 - 002617784 _____ (Opera Software) C:\Users\Tibor\Downloads\OperaSetup (2).exe
2021-12-05 21:29 - 2021-12-05 21:29 - 000867241 _____ C:\Users\Tibor\Downloads\GSAutoClicker.exe
2021-12-05 19:50 - 2021-12-05 19:50 - 000002080 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2021-12-05 18:06 - 2021-12-29 13:46 - 000000000 ____D C:\Users\Tibor\AppData\Roaming\Anchor Wallet
2021-12-05 18:05 - 2021-12-05 20:37 - 000000000 ____D C:\Program Files\Anchor Wallet
2021-12-05 18:05 - 2021-12-05 20:35 - 000000000 ____D C:\Users\Tibor\AppData\Local\anchor-wallet-updater
2021-12-05 18:05 - 2021-12-05 18:05 - 001048904 _____ (Greymass) C:\Users\Tibor\Downloads\win-anchor-wallet-1.3.1.exe
2021-12-05 18:05 - 2021-12-05 18:05 - 000002126 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anchor Wallet.lnk
2021-12-05 18:05 - 2021-12-05 18:05 - 000002114 _____ C:\Users\Public\Desktop\Anchor Wallet.lnk

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-01-02 13:02 - 2021-06-09 14:59 - 000000000 ____D C:\Users\Tibor\AppData\Roaming\Discord
2022-01-02 12:55 - 2020-10-08 19:03 - 000000000 ____D C:\Program Files (x86)\Google
2022-01-02 12:55 - 2019-10-14 19:51 - 000000000 ____D C:\FRST
2022-01-02 12:49 - 2021-06-09 14:59 - 000000000 ____D C:\Users\Tibor\AppData\Local\Discord
2022-01-02 12:43 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-01-02 12:05 - 2020-10-08 16:41 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-01-02 01:19 - 2020-10-08 18:55 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2022-01-02 01:13 - 2021-06-06 11:06 - 000000000 ____D C:\Users\Tibor\AppData\Local\Avast Software
2022-01-02 00:40 - 2020-10-08 16:54 - 000000000 ____D C:\ProgramData\NVIDIA
2022-01-02 00:39 - 2020-10-08 16:53 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2022-01-02 00:39 - 2015-09-17 16:40 - 000000000 __SHD C:\Users\Tibor\IntelGraphicsProfiles
2022-01-02 00:38 - 2020-10-08 16:49 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-01-02 00:38 - 2020-09-20 20:33 - 000008192 ___SH C:\DumpStack.log.tmp
2022-01-02 00:36 - 2020-10-17 18:14 - 000003484 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1602954829
2022-01-02 00:36 - 2020-10-14 21:14 - 000003504 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-01-02 00:36 - 2020-10-14 21:14 - 000003280 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-01-02 00:36 - 2020-10-08 19:03 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2022-01-02 00:36 - 2020-10-08 19:03 - 000003386 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2022-01-02 00:36 - 2020-10-08 19:03 - 000003162 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2022-01-02 00:36 - 2020-10-08 18:01 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2813316739-561623387-2885406294-1001
2022-01-01 13:27 - 2020-10-08 18:56 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2021-12-30 08:10 - 2020-10-08 18:52 - 000000000 ____D C:\ProgramData\Avast Software
2021-12-30 08:06 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-12-29 14:09 - 2021-07-31 11:21 - 000000158 _____ C:\Users\Tibor\Desktop\tera.txt
2021-12-29 13:55 - 2021-03-29 22:22 - 000000000 ____D C:\Users\Tibor\AppData\Roaming\tor
2021-12-29 13:46 - 2020-10-10 19:01 - 000000000 ____D C:\Users\Tibor\AppData\Local\CrashDumps
2021-12-29 13:07 - 2020-11-10 14:33 - 000000000 ____D C:\Users\Tibor\AppData\Local\SquirrelTemp
2021-12-28 13:17 - 2020-10-08 18:54 - 000545176 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2021-12-28 13:17 - 2020-10-08 18:54 - 000540056 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2021-12-28 13:17 - 2020-10-08 18:54 - 000318760 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2021-12-28 13:17 - 2020-10-08 18:54 - 000252992 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2021-12-28 13:17 - 2020-10-08 18:54 - 000186280 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2021-12-28 13:17 - 2020-10-08 18:54 - 000108912 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2021-12-28 13:17 - 2020-10-08 18:54 - 000100416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2021-12-28 13:17 - 2020-10-08 18:54 - 000083976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2021-12-28 13:17 - 2020-10-08 18:54 - 000042416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2021-12-28 13:17 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-12-28 13:16 - 2020-10-08 18:54 - 000853800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2021-12-28 13:16 - 2020-10-08 18:54 - 000369216 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2021-12-28 13:16 - 2020-10-08 18:54 - 000223176 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2021-12-28 13:16 - 2020-10-08 18:54 - 000036784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2021-12-26 06:55 - 2020-10-08 17:18 - 000840602 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-12-26 06:55 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-12-26 05:16 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-12-24 09:35 - 2021-07-20 19:07 - 000000000 ____D C:\Users\Tibor\AppData\LocalLow\IGDump
2021-12-22 20:20 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-12-22 20:20 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-12-18 22:21 - 2020-10-14 21:14 - 000002448 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-12-18 12:11 - 2020-10-08 16:41 - 000294472 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-12-18 12:07 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-12-18 12:07 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-12-18 12:07 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-12-18 12:07 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-12-18 12:07 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-12-18 12:07 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-12-18 12:07 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-12-18 12:07 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-12-18 12:07 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-12-18 12:07 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-12-17 13:11 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-12-17 12:37 - 2020-10-17 18:13 - 000001409 _____ C:\Users\Tibor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prehliadač Opera.lnk
2021-12-17 12:01 - 2020-10-11 12:00 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-12-17 11:56 - 2020-10-11 11:59 - 137938848 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-12-15 13:26 - 2019-09-17 10:27 - 000000000 ____D C:\Users\Tibor\Downloads\Adobe Photoshop CS6 13.0.1 Final Multilanguage(cracked dll)
2021-12-13 21:57 - 2021-01-10 14:39 - 000002263 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-12-13 21:57 - 2021-01-10 14:39 - 000002222 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-12-13 20:21 - 2021-07-12 19:39 - 000002025 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-12-13 20:21 - 2020-12-23 16:42 - 000002037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-12-13 20:20 - 2020-12-23 16:41 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-12-13 20:20 - 2020-12-23 16:15 - 000000000 ____D C:\Program Files\Malwarebytes
2021-12-05 21:29 - 2018-03-14 20:16 - 000000000 ____D C:\Users\Tibor\Documents\AutomaticSolution Software
2021-12-05 20:54 - 2020-10-10 19:06 - 000000000 ____D C:\Users\Tibor\AppData\Local\BitTorrentHelper
2021-12-05 19:50 - 2020-10-08 19:00 - 000002092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2021-12-04 17:04 - 2020-10-08 17:05 - 000002371 _____ C:\Users\Tibor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
Nahoru
T-Bag
Návštěvník
Návštěvník
Příspěvky: 33
Registrován: 14 pro 2014 09:54

Re: Preventívka T-Bag

#2 Příspěvek od T-Bag »

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-12-2021
Ran by Tibor (02-01-2022 13:02:22)
Running from C:\Users\Tibor\Desktop
Microsoft Windows 10 Home Version 21H1 19043.1415 (X64) (2020-10-08 16:31:48)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2813316739-561623387-2885406294-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2813316739-561623387-2885406294-503 - Limited - Disabled)
Guest (S-1-5-21-2813316739-561623387-2885406294-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2813316739-561623387-2885406294-1003 - Limited - Enabled)
Tibor (S-1-5-21-2813316739-561623387-2885406294-1001 - Administrator - Enabled) => C:\Users\Tibor
WDAGUtilityAccount (S-1-5-21-2813316739-561623387-2885406294-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Slovak (HKLM-x32\...\{AC76BA86-7AD7-1051-7B44-AC0F074E4100}) (Version: 21.007.20099 - Adobe Systems Incorporated)
Anchor Wallet 1.3.2 (HKLM\...\6746d429-38cb-5f4a-81c2-172a4e87bdc7) (Version: 1.3.2 - Greymass)
ASUS USB-AC51 WLAN Card Utilities & Driver (HKLM-x32\...\{DDEA12A2-E130-4318-ABE3-8D4E20367E66}) (Version: 1.0.1.6 - ASUS)
Authy Desktop (HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\authy) (Version: 1.9.0 - Twilio Inc.)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 21.11.2500 - Avast Software)
Bisq (HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\{bisq}}_is1) (Version: 1.5.4 - Bisq)
CCleaner (HKLM\...\CCleaner) (Version: 5.75 - Piriform)
Discord (HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\Discord) (Version: 0.0.311 - Discord Inc.)
EPSON SX420W Series Printer Uninstall (HKLM\...\EPSON SX420W Series) (Version: - SEIKO EPSON Corporation)
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Excel (HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel)
FreeYourMusic 6.0.9 (HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\eea5e4fa-a0b3-5935-9ed7-a1bc19a244f5) (Version: 6.0.9 - freeyourmusic)
Google Earth Pro (HKLM\...\{9BFB06CD-3925-49E2-BAB7-EA695821CE4C}) (Version: 7.3.4.8248 - Google)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 96.0.4664.110 - Google LLC)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{31C74FA2-2AB9-41C3-BFBE-693283E4C28B}) (Version: 17.1.1527.1534 - Intel Corporation)
Kingo ROOT version 1.5.8.3353 (HKLM-x32\...\{AE7675D6-0B31-494F-ABFA-822E1A0FDF17}_is1) (Version: 1.5.8.3353 - Kingosoft Technology Ltd.)
KingRoot °ć±ľ 3.5.0.1157 (HKLM-x32\...\{FA3B7324-9EB4-4ADC-84D0-5461BE113832}_is1) (Version: 3.5.0.1157 - KingRoot)
Malwarebytes version 4.5.0.152 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.0.152 - Malwarebytes)
MetaTrader 4 Terminal ICMarketsEU (HKLM-x32\...\MetaTrader 4 Terminal ICMarketsEU) (Version: 4.00 - MetaQuotes Ltd.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 96.0.1054.62 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\OneDriveSetup.exe) (Version: 21.230.1107.0004 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
Mozilla Firefox (x64 sk) (HKLM\...\Mozilla Firefox 91.0.1 (x64 sk)) (Version: 91.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 81.0.1 - Mozilla)
NVIDIA FrameView SDK 1.1.4923.29548709 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29548709 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.21.0.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.21.0.36 - NVIDIA Corporation)
NVIDIA Grafický ovládač 461.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 461.92 - NVIDIA Corporation)
NVIDIA Softvér systému s podporou technológie PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
OpenOffice 4.1.8 (HKLM-x32\...\{D00D3099-365F-4B6D-8512-F393994DB3D1}) (Version: 4.18.9803 - Apache Software Foundation)
Opera Stable 82.0.4227.33 (HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\Opera 82.0.4227.33) (Version: 82.0.4227.33 - Opera Software)
Outlook (HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook)
PowerPoint (HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.65 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31222 - Realtek Semiconduct Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
Remote Mouse version 3.015 (HKLM-x32\...\{01E4BC6D-3ACC-45E1-8928-C2FF626F63F3}_is1) (Version: 3.015 - Remote Mouse)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TP-Link Archer T3U Driver (HKLM-x32\...\{CEB0679A-4607-4705-9D40-86734A7E94EA}) (Version: 2.1.0 - TP-Link)
Trezor Suite 21.8.1 (HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\978be57b-9286-5cd7-a60b-54c81352a986) (Version: 21.8.1 - SatoshiLabs)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Vysor (HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\vysor) (Version: 3.1.4 - Vysor Inc.)
Web Companion (HKLM-x32\...\{edb94bca-af20-42be-8ba0-ce1c4b9f44b6}) (Version: 7.0.2388.4219 - Lavasoft)
whirlpool-gui 0.10.3 (HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\7dc52277-ffa6-5281-9c2d-e59577bdfa8b) (Version: 0.10.3 - zeroleak)
Windows Kontrola stavu počítača (HKLM\...\{BDBC15A5-E9F1-485F-A0D3-7526052FB2B2}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Word (HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\1b837d0bf93d01407352736c91b7bf50) (Version: 1.0 - Word)

Packages:
=========
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_133.1.340.0_x64__v10z8vjag6ke6 [2021-12-13] (HP Inc.)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.11.12030.0_x64__8wekyb3d8bbwe [2021-12-11] (Microsoft Studios) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2813316739-561623387-2885406294-1001_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) [File not signed]
CustomCLSID: HKU\S-1-5-21-2813316739-561623387-2885406294-1001_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) [File not signed]
CustomCLSID: HKU\S-1-5-21-2813316739-561623387-2885406294-1001_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) [File not signed]
CustomCLSID: HKU\S-1-5-21-2813316739-561623387-2885406294-1001_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation) [File not signed]
CustomCLSID: HKU\S-1-5-21-2813316739-561623387-2885406294-1001_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation) [File not signed]
CustomCLSID: HKU\S-1-5-21-2813316739-561623387-2885406294-1001_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) [File not signed]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-12-28] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-12-28] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-12-28] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-12-28] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-12-23] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-09-25] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2021-03-11] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-12-28] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-12-23] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Tibor\Desktop\Curve.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=mbokphlkmchefpiipgilfkfgheigmadi
ShortcutWithArgument: C:\Users\Tibor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=leffmjdabcgaflkikcefahmlgpodjkdm
ShortcutWithArgument: C:\Users\Tibor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bjhmmnoficofgoiacjaajpkfndojknpb
ShortcutWithArgument: C:\Users\Tibor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=opfacbhaojodjaojgocnibmklknchehf
ShortcutWithArgument: C:\Users\Tibor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hikhggiobiflkdfdgdajcfklmcibbopi
ShortcutWithArgument: C:\Users\Tibor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikácie Chrome\Curve.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=mbokphlkmchefpiipgilfkfgheigmadi

==================== Loaded Modules (Whitelisted) =============

2020-12-22 13:34 - 2014-03-05 14:47 - 001069056 _____ (Cisco Systems, Inc.) [File not signed] C:\Program Files (x86)\ASUS\USB-AC51 WLAN Card Utilities\Common\CiscoEapFast.dll
2021-01-02 14:46 - 2019-04-19 17:12 - 001391104 _____ (Remote Mouse) [File not signed] C:\Program Files (x86)\Remote Mouse\windows_api.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-2813316739-561623387-2885406294-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://securesearch.org/homepage?hp=2&pId=BT170603&iDate=2020-10-10 06:06:17&bName=

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 10:14 - 2019-12-07 10:12 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2813316739-561623387-2885406294-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tibor\Documents\MOJE\grafika\LP\soul.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "TREZOR Bridge.lnk"
HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\StartupApproved\Run: => "Web Companion"
HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\StartupApproved\Run: => "Opera Browser Assistant"
HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\StartupApproved\Run: => "EPSON1D24F2 (Epson Stylus SX420W)"
HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{7D061C90-3D70-4853-BC4F-CB0757CB07E1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B94FB95A-5ED4-4F7F-B90E-7E373746DC44}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{4514E595-D995-4ADC-9B27-4BC0E1EC392D}C:\users\tibor\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tibor\appdata\roaming\spotify\spotify.exe => No File
FirewallRules: [UDP Query User{56AF6791-032A-41CE-8005-848FCE3D2AAF}C:\users\tibor\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tibor\appdata\roaming\spotify\spotify.exe => No File
FirewallRules: [{83CC309D-80BC-4D38-9EE8-E3FF3CD8B19C}] => (Allow) C:\Users\Tibor\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{3D615B81-5A2E-476E-8D52-5C83E9F92BA2}] => (Allow) C:\Users\Tibor\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [TCP Query User{11C1E296-10F3-47D9-B5A2-322A41684285}C:\users\tibor\appdata\local\programs\opera\71.0.3770.271\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\71.0.3770.271\opera.exe => No File
FirewallRules: [UDP Query User{86F37B8D-1EF8-4A42-A9CA-643D1249B97E}C:\users\tibor\appdata\local\programs\opera\71.0.3770.271\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\71.0.3770.271\opera.exe => No File
FirewallRules: [TCP Query User{7F066300-1C7F-42D9-9A9C-EC1C61AE2C05}C:\program files (x86)\heroes of the storm\versions\base82169\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base82169\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{9004CE0D-E594-480E-ABFF-47151985196F}C:\program files (x86)\heroes of the storm\versions\base82169\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base82169\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{4D9B21A7-1930-45B8-BE3C-FBEC70B247F5}C:\users\tibor\appdata\local\programs\opera\71.0.3770.284\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\71.0.3770.284\opera.exe => No File
FirewallRules: [UDP Query User{3ABB7685-3F53-41E6-9D4C-B2777A8538DA}C:\users\tibor\appdata\local\programs\opera\71.0.3770.284\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\71.0.3770.284\opera.exe => No File
FirewallRules: [{8A3EF0EB-F258-43B4-AFB7-D23851E1B3C0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{BAF879E4-1578-46C4-85D3-4C7AB8209160}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{3AAE6F48-B024-4461-AF21-6B372F84E4DF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{603BD7EC-9D9D-441D-B4B0-2CB1146A1310}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{7D590BFA-7FE9-408B-AE4F-DBB79CCFA016}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
FirewallRules: [{6ECDA67D-C114-4382-B72E-B6548EEE6F5F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
FirewallRules: [{4AEADD62-041D-4640-9B55-0C0FE50810B3}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\125\tencentdl.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{BC1476A9-595F-449C-9BFF-A81F2749C737}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{40073C69-A303-4786-BA7F-07147345508B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{122116D3-C3F6-4FFD-9B33-5F0E5BBA680C}C:\users\tibor\appdata\local\programs\opera\72.0.3815.186\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\72.0.3815.186\opera.exe => No File
FirewallRules: [UDP Query User{DA347C06-DD82-4893-AE94-7A4668BB45E2}C:\users\tibor\appdata\local\programs\opera\72.0.3815.186\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\72.0.3815.186\opera.exe => No File
FirewallRules: [TCP Query User{1EBCB1DE-EB40-46F7-92E0-11C849332B25}C:\users\tibor\appdata\local\vysor\app-3.1.4\vysor.exe] => (Allow) C:\users\tibor\appdata\local\vysor\app-3.1.4\vysor.exe (Vysor Inc.) [File not signed]
FirewallRules: [UDP Query User{F4D4D39F-3342-4F41-AF8F-95C986D1F97F}C:\users\tibor\appdata\local\vysor\app-3.1.4\vysor.exe] => (Allow) C:\users\tibor\appdata\local\vysor\app-3.1.4\vysor.exe (Vysor Inc.) [File not signed]
FirewallRules: [TCP Query User{C3F1F020-0828-4A85-A208-BC33C34E6A8D}C:\users\tibor\appdata\local\programs\opera\72.0.3815.320\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\72.0.3815.320\opera.exe => No File
FirewallRules: [UDP Query User{723A9B87-3011-426B-811C-46E8152F8859}C:\users\tibor\appdata\local\programs\opera\72.0.3815.320\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\72.0.3815.320\opera.exe => No File
FirewallRules: [TCP Query User{30F1AF5E-0CEE-4E10-858E-6276F0BBD4E1}C:\users\tibor\appdata\local\programs\opera\72.0.3815.400\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\72.0.3815.400\opera.exe => No File
FirewallRules: [UDP Query User{406F9982-70F7-41D6-BBEE-5B2E45CE4F3A}C:\users\tibor\appdata\local\programs\opera\72.0.3815.400\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\72.0.3815.400\opera.exe => No File
FirewallRules: [TCP Query User{04BAE72E-3F48-4F9E-A681-BE89EA56ED07}C:\users\tibor\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tibor\appdata\roaming\spotify\spotify.exe => No File
FirewallRules: [UDP Query User{9ACFACCF-D812-407B-B7DD-BA7257ADE726}C:\users\tibor\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tibor\appdata\roaming\spotify\spotify.exe => No File
FirewallRules: [{EFEEF5D2-DAA5-49F3-A490-A10D0C3D14BB}] => (Allow) C:\Program Files (x86)\ASUS\USB-AC51 WLAN Card Utilities\Common\RaMediaServer.exe (Ralink) [File not signed]
FirewallRules: [{AC93B3F2-AEF4-4415-A2ED-7A59F505CFBB}] => (Allow) C:\Program Files (x86)\ASUS\USB-AC51 WLAN Card Utilities\Common\RaMediaServer.exe (Ralink) [File not signed]
FirewallRules: [TCP Query User{8F14CFE9-E5F0-48F7-A4D1-854C0CC97B87}C:\users\tibor\appdata\local\programs\opera\73.0.3856.284\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\73.0.3856.284\opera.exe => No File
FirewallRules: [UDP Query User{8E43D987-0747-4BEF-A246-C743DE94AD3E}C:\users\tibor\appdata\local\programs\opera\73.0.3856.284\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\73.0.3856.284\opera.exe => No File
FirewallRules: [{7DD953C1-BB75-4A71-88F9-BC22B74F6552}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe (remotemouse.net) [File not signed]
FirewallRules: [{5BA753D8-9E7A-4A46-9DDE-98D2620A451C}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe (remotemouse.net) [File not signed]
FirewallRules: [{1EB8FFF6-6330-461B-B40B-247DA6F3A8C7}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe (RemoteMouse.net) [File not signed]
FirewallRules: [{851F88B7-098A-4E9A-838D-FE1100B9E475}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe (RemoteMouse.net) [File not signed]
FirewallRules: [TCP Query User{87D2337B-28C5-414F-9B7B-E70CFF5F1DB9}C:\users\tibor\appdata\local\bisq\bisq.exe] => (Allow) C:\users\tibor\appdata\local\bisq\bisq.exe (Bisq) [File not signed]
FirewallRules: [UDP Query User{1545FC6A-0CD9-480D-B352-D90ED91680AD}C:\users\tibor\appdata\local\bisq\bisq.exe] => (Allow) C:\users\tibor\appdata\local\bisq\bisq.exe (Bisq) [File not signed]
FirewallRules: [TCP Query User{8B8FD2AE-6E8A-43D8-913F-6B9813CD8AC4}C:\users\tibor\appdata\local\programs\opera\74.0.3911.203\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\74.0.3911.203\opera.exe => No File
FirewallRules: [UDP Query User{CE52ACCE-75C0-43C5-95C4-31EB525D7E29}C:\users\tibor\appdata\local\programs\opera\74.0.3911.203\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\74.0.3911.203\opera.exe => No File
FirewallRules: [TCP Query User{7257FB22-E1C8-4F6E-960D-21147FE5AAFB}C:\users\tibor\appdata\local\programs\opera\74.0.3911.218\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\74.0.3911.218\opera.exe => No File
FirewallRules: [UDP Query User{E03198C1-5E5E-45A6-995A-6A2E30D45E13}C:\users\tibor\appdata\local\programs\opera\74.0.3911.218\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\74.0.3911.218\opera.exe => No File
FirewallRules: [{947D4782-CC28-4AB7-8476-15C67835CD3B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{55B5FC0A-ACBC-4E7F-BB01-2DC92A093B07}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{BA29B58C-DBC7-4AAD-A304-A0CD05A0C33C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{6A146C84-6BB8-49CA-BA5D-88B675F5BAAE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{BC578045-4C16-40B8-9383-3C3673645451}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{E1906D2B-728C-43A1-A3BB-2020744FCBA5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{4A00FF4C-3E70-48E3-9D8A-21D60697EF7B}C:\users\tibor\appdata\local\programs\opera\75.0.3969.171\opera.exe] => (Block) C:\users\tibor\appdata\local\programs\opera\75.0.3969.171\opera.exe => No File
FirewallRules: [UDP Query User{0851C6C0-960F-418F-A96E-DA40182EA01F}C:\users\tibor\appdata\local\programs\opera\75.0.3969.171\opera.exe] => (Block) C:\users\tibor\appdata\local\programs\opera\75.0.3969.171\opera.exe => No File
FirewallRules: [TCP Query User{859154BE-0E20-4D5D-B665-D459F21FB1FE}C:\users\tibor\appdata\local\programs\opera\75.0.3969.218\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\75.0.3969.218\opera.exe => No File
FirewallRules: [UDP Query User{0DE457A4-F175-40C1-B9FE-D806BBFAFD27}C:\users\tibor\appdata\local\programs\opera\75.0.3969.218\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\75.0.3969.218\opera.exe => No File
FirewallRules: [TCP Query User{60224FC7-E07E-44CC-A5F6-7F41B7CAEBA1}C:\users\tibor\appdata\local\programs\opera\75.0.3969.243\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\75.0.3969.243\opera.exe => No File
FirewallRules: [UDP Query User{EF7A0D2D-F492-4B6D-9D18-3EDB485F6E02}C:\users\tibor\appdata\local\programs\opera\75.0.3969.243\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\75.0.3969.243\opera.exe => No File
FirewallRules: [TCP Query User{9D627A3B-FE39-4EF4-BE1A-CF8E4A4F294A}C:\users\tibor\appdata\local\programs\opera\76.0.4017.154\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\76.0.4017.154\opera.exe => No File
FirewallRules: [UDP Query User{2F317100-8B46-44CE-9CF7-DA6430089297}C:\users\tibor\appdata\local\programs\opera\76.0.4017.154\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\76.0.4017.154\opera.exe => No File
FirewallRules: [TCP Query User{56E3B14A-F5CD-41F3-989C-91832DCCE933}C:\users\tibor\appdata\local\programs\opera\76.0.4017.177\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\76.0.4017.177\opera.exe => No File
FirewallRules: [UDP Query User{08EB3EA2-6C64-4D1D-B2E1-445D6585230A}C:\users\tibor\appdata\local\programs\opera\76.0.4017.177\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\76.0.4017.177\opera.exe => No File
FirewallRules: [TCP Query User{A8404056-562A-41DC-A391-F394E0C6CB3C}C:\users\tibor\appdata\local\programs\opera\77.0.4054.90\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\77.0.4054.90\opera.exe => No File
FirewallRules: [UDP Query User{32B8F76D-1BBA-4DF3-A9B8-D5B18551FBB1}C:\users\tibor\appdata\local\programs\opera\77.0.4054.90\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\77.0.4054.90\opera.exe => No File
FirewallRules: [TCP Query User{92A4E330-C6AA-4030-BD12-0A7F7EE21200}C:\users\tibor\appdata\local\programs\opera\77.0.4054.203\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\77.0.4054.203\opera.exe => No File
FirewallRules: [UDP Query User{895E8C7C-7808-4839-A4E6-CC48C01DB5E1}C:\users\tibor\appdata\local\programs\opera\77.0.4054.203\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\77.0.4054.203\opera.exe => No File
FirewallRules: [TCP Query User{FCC0912F-D548-4EC1-A47D-78EEE8BF1AC7}C:\users\tibor\appdata\local\programs\opera\77.0.4054.203\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\77.0.4054.203\opera.exe => No File
FirewallRules: [UDP Query User{5AB6E1E4-C01F-47D0-A077-9511514916ED}C:\users\tibor\appdata\local\programs\opera\77.0.4054.203\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\77.0.4054.203\opera.exe => No File
FirewallRules: [TCP Query User{82C6A0CD-32CF-45EB-B6CC-E2707933F60B}C:\users\tibor\appdata\local\programs\opera\77.0.4054.277\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\77.0.4054.277\opera.exe => No File
FirewallRules: [UDP Query User{987673C4-2174-4B8A-8B8B-06EE7BABCF1A}C:\users\tibor\appdata\local\programs\opera\77.0.4054.277\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\77.0.4054.277\opera.exe => No File
FirewallRules: [TCP Query User{BFFF3FA0-D7C5-4F0F-B96F-946908CD2365}C:\users\tibor\appdata\local\programs\opera\77.0.4054.277\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\77.0.4054.277\opera.exe => No File
FirewallRules: [UDP Query User{3BEDF369-976E-4442-8F38-2413CECBD487}C:\users\tibor\appdata\local\programs\opera\77.0.4054.277\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\77.0.4054.277\opera.exe => No File
FirewallRules: [{1B372B3F-60EF-4436-AFB6-00FB136E1E3E}] => (Allow) C:\Users\Tibor\AppData\Roaming\uTorrent Web\utweb.exe => No File
FirewallRules: [{A9B13CB4-FC84-4A5C-B169-8F15164DD1D7}] => (Allow) C:\Users\Tibor\AppData\Roaming\uTorrent Web\utweb.exe => No File
FirewallRules: [TCP Query User{EEB47CE6-ADB2-4585-BB1D-746E06AE5255}C:\users\tibor\appdata\local\programs\opera\78.0.4093.147\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\78.0.4093.147\opera.exe => No File
FirewallRules: [UDP Query User{15CE35C5-77D6-4C47-B158-5C57C4A14416}C:\users\tibor\appdata\local\programs\opera\78.0.4093.147\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\78.0.4093.147\opera.exe => No File
FirewallRules: [TCP Query User{11C389CE-5851-4833-B9EE-6A19DE6712FC}C:\users\tibor\appdata\local\programs\opera\78.0.4093.147\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\78.0.4093.147\opera.exe => No File
FirewallRules: [UDP Query User{8A492BC5-57B8-4F93-9148-C094D2F9E1EB}C:\users\tibor\appdata\local\programs\opera\78.0.4093.147\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\78.0.4093.147\opera.exe => No File
FirewallRules: [TCP Query User{381030C5-162D-4EC3-8352-AE37F38319FD}C:\users\tibor\appdata\local\programs\opera\78.0.4093.184\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\78.0.4093.184\opera.exe => No File
FirewallRules: [UDP Query User{DF275825-C840-4196-9D17-C20A016416A7}C:\users\tibor\appdata\local\programs\opera\78.0.4093.184\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\78.0.4093.184\opera.exe => No File
FirewallRules: [TCP Query User{F8FACD62-E8AA-43B8-AF73-D645BA920DAC}C:\users\tibor\appdata\local\programs\opera\78.0.4093.184\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\78.0.4093.184\opera.exe => No File
FirewallRules: [UDP Query User{0A16DD11-1B71-418E-AF2D-4AD2C7E6A368}C:\users\tibor\appdata\local\programs\opera\78.0.4093.184\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\78.0.4093.184\opera.exe => No File
FirewallRules: [{66B37E3E-263C-4576-A0C9-07B05D51CE4C}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{5D39D931-434C-4B69-A2A4-7185CECF7EC5}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{9EE99D8F-B523-40E4-B390-8829BDD9B974}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{53999245-666B-42FF-AA06-551F2F7A45A3}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [TCP Query User{DBC6CA50-5DB3-45C2-B113-8B6DE16B9E69}C:\users\tibor\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [UDP Query User{EDE68C86-2D96-4AD8-9D5E-72C1AD1839E1}C:\users\tibor\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [TCP Query User{C7BFE3A0-B1B5-4220-9039-94BD04286725}C:\users\tibor\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [UDP Query User{FA23FBA2-0F7D-4BE6-B7D7-2D0A810FA9B9}C:\users\tibor\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{B8C0A686-5765-4C28-A881-6F142B8C8A4C}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{77350590-3D7B-4870-96AA-368DB03D6B02}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{9497E1C2-FE44-4DBE-9C38-ACD9256F3930}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{ECC1EA1D-86D1-4743-AFEC-7124D5444A1F}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{1B88E428-3D20-445C-A42E-C0BA2ABED306}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{8147701B-745E-4286-8AF9-7CA2EA4B2D13}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A03A4463-006F-40F9-8D76-158D1B2BC23F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CAAF47EF-316F-461A-82BB-36FDC8BC489F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8848F3E8-A518-4D26-B71E-7445AEBAB6FB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D2BC449B-143D-47C9-9575-A045547BF244}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{E9456A08-5780-4B62-8D9D-57EC85642953}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)

==================== Restore Points =========================

17-12-2021 12:22:21 Inštalátor modulov systému Windows
26-12-2021 18:53:23 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (01/02/2022 03:05:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: WLANExt.exe, verzia: 10.0.19041.1, časová značka: 0x45c477dd
Názov chybujúceho modulu: ntdll.dll, verzia: 10.0.19041.1288, časová značka: 0xa280d1d6
Kód výnimky: 0xc0000374
Odstup chyby: 0x00000000000ff199
Identifikácia chybujúceho procesu: 0x25bc
Čas spustenia chybujúcej aplikácie: 0x01d7ff7d266ad5c8
Cesta chybujúcej aplikácie: C:\WINDOWS\system32\WLANExt.exe
Cesta chybujúceho modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
Identifikácia hlásenia: 8c4c57e2-e962-44ed-8962-e4e34fb4db98
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (01/01/2022 04:19:05 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiska nemohol dokončiť opätovné vystrihnutie v Záloha (F:), pretože: Hardvér, ktorý podporuje tento zväzok, nepodporuje požadovanú operáciu. (0x8900002A)

Error: (01/01/2022 04:19:04 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiska nemohol dokončiť opätovné vystrihnutie v Acer (C:), pretože: Hardvér, ktorý podporuje tento zväzok, nepodporuje požadovanú operáciu. (0x8900002A)

Error: (12/30/2021 08:07:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: WLANExt.exe, verzia: 10.0.19041.1, časová značka: 0x45c477dd
Názov chybujúceho modulu: ntdll.dll, verzia: 10.0.19041.1288, časová značka: 0xa280d1d6
Kód výnimky: 0xc0000374
Odstup chyby: 0x00000000000ff199
Identifikácia chybujúceho procesu: 0x284
Čas spustenia chybujúcej aplikácie: 0x01d7fd4bec12ffa9
Cesta chybujúcej aplikácie: C:\WINDOWS\system32\WLANExt.exe
Cesta chybujúceho modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
Identifikácia hlásenia: 8188db82-bd0f-4c0f-8b03-0dd90630581a
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (12/29/2021 09:52:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Cortana.exe version 3.2110.13603.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1acc

Start Time: 01d7fcf5ddbe49d2

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2110.13603.0_x64__8wekyb3d8bbwe\Cortana.exe

Report Id: eccab70f-27da-4d37-87aa-894fbee7690c

Faulting package full name: Microsoft.549981C3F5F10_3.2110.13603.0_x64__8wekyb3d8bbwe

Faulting package-relative application ID: App

Hang type: Quiesce

Error: (12/29/2021 02:29:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: WLANExt.exe, verzia: 10.0.19041.1, časová značka: 0x45c477dd
Názov chybujúceho modulu: ntdll.dll, verzia: 10.0.19041.1288, časová značka: 0xa280d1d6
Kód výnimky: 0xc0000374
Odstup chyby: 0x00000000000ff199
Identifikácia chybujúceho procesu: 0xd70
Čas spustenia chybujúcej aplikácie: 0x01d7fcb25dae8a25
Cesta chybujúcej aplikácie: C:\WINDOWS\system32\WLANExt.exe
Cesta chybujúceho modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
Identifikácia hlásenia: dd552e29-3c68-448c-b687-394fe7857885
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (12/29/2021 01:46:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: Anchor Wallet.exe, verzia: 1.3.2.0, časová značka: 0x6109868f
Názov chybujúceho modulu: ntdll.dll, verzia: 10.0.19041.1288, časová značka: 0xa280d1d6
Kód výnimky: 0xc0000374
Odstup chyby: 0x00000000000ff199
Identifikácia chybujúceho procesu: 0x197c
Čas spustenia chybujúcej aplikácie: 0x01d7fc1734c3e596
Cesta chybujúcej aplikácie: C:\Program Files\Anchor Wallet\Anchor Wallet.exe
Cesta chybujúceho modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
Identifikácia hlásenia: d5db052f-6138-4eb1-8d9b-a80fdfff8218
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (12/28/2021 01:05:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: WLANExt.exe, verzia: 10.0.19041.1, časová značka: 0x45c477dd
Názov chybujúceho modulu: ntdll.dll, verzia: 10.0.19041.1288, časová značka: 0xa280d1d6
Kód výnimky: 0xc0000374
Odstup chyby: 0x00000000000ff199
Identifikácia chybujúceho procesu: 0x14e0
Čas spustenia chybujúcej aplikácie: 0x01d7fbe33a5e20df
Cesta chybujúcej aplikácie: C:\WINDOWS\system32\WLANExt.exe
Cesta chybujúceho modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
Identifikácia hlásenia: c98a9d9c-4853-47d9-bb65-892a854e22d3
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:


System errors:
=============
Error: (01/02/2022 01:22:10 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

Error: (01/02/2022 12:42:11 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Správca stiahnutých máp sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.

Error: (01/02/2022 12:39:25 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Počas čakania na pripojenie služby RaMediaServer bol dosiahnutý časový limit (45000 ms).

Error: (01/02/2022 12:37:51 AM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 3221225684A fatal error occurred processing the restoration data.

Error: (01/02/2022 12:38:32 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 0:07:24 on ‎2.‎1.‎2022 was unexpected.

Error: (01/02/2022 12:37:05 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Modul WLAN Extensibility Module sa neočakávane zastavil.

Cesta k modulu: C:\WINDOWS\system32\Rtlihvs.dll

Error: (01/02/2022 12:36:57 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Modul WLAN Extensibility Module sa neočakávane zastavil.

Cesta k modulu: C:\WINDOWS\system32\Rtlihvs.dll

Error: (12/31/2021 04:56:07 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.


CodeIntegrity:
===============
Date: 2022-01-02 00:44:19
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2022-01-02 00:41:57
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: Insyde Corp. V1.11 04/20/2015
Motherboard: Acer ZORO_BH
Processor: Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz
Percentage of memory in use: 86%
Total physical RAM: 8106.7 MB
Available physical RAM: 1132.91 MB
Total Virtual: 18858.7 MB
Available Virtual: 8163.1 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:814.21 GB) (Free:290.07 GB) NTFS
Drive f: (Záloha) (Fixed) (Total:100 GB) (Free:25.38 GB) NTFS

\\?\Volume{1306b144-0e03-49b6-aed4-69658cf79121}\ (Recovery) (Fixed) (Total:0.59 GB) (Free:0.28 GB) NTFS
\\?\Volume{bb1b77a1-c939-4a61-b2af-a5d42064ba4d}\ (Push Button Reset) (Fixed) (Total:16.29 GB) (Free:1.66 GB) NTFS
\\?\Volume{eeb75141-f900-40d1-b25c-a3cc7b18018f}\ (ESP) (Fixed) (Total:0.29 GB) (Free:0.24 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 4E2DB25E)

Partition: GPT.

==================== End of Addition.txt =======================
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118275
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Preventívka T-Bag

#3 Příspěvek od Rudy »

Zdravím!
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
T-Bag
Návštěvník
Návštěvník
Příspěvky: 33
Registrován: 14 pro 2014 09:54

Re: Preventívka T-Bag

#4 Příspěvek od T-Bag »

# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build: 11-18-2021
# Database: 2021-12-02.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 01-06-2022
# Duration: 00:00:28
# OS: Windows 10 Home
# Cleaned: 35
# Awaiting reboot:3
# Failed: 0


***** [ Services ] *****

Deleted WCAssistantService

***** [ Folders ] *****

Deleted C:\Program Files (x86)\Common Files\Tencent
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion
Deleted C:\ProgramData\Tencent
Deleted C:\Users\Tibor\AppData\Local\Lavasoft\WEBCOMPANION.EXE_URL_SIQ0LWF3TZGXP2KHFKLLYBK3IDTBEHNG
Deleted C:\Users\Tibor\AppData\Roaming\Lavasoft\Web Companion
Deleted C:\Users\Tibor\AppData\Roaming\Tencent
Needs Reboot C:\Program Files (x86)\Lavasoft\Web Companion
Needs Reboot C:\ProgramData\Application Data\Lavasoft\Web Companion
Needs Reboot C:\ProgramData\Lavasoft\Web Companion

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
Deleted HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{4AEADD62-041D-4640-9B55-0C0FE50810B3}
Deleted HKLM\Software\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
Deleted HKLM\Software\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Deleted HKLM\Software\Classes\METNSD
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{edb94bca-af20-42be-8ba0-ce1c4b9f44b6}|DisplayIcon
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{edb94bca-af20-42be-8ba0-ce1c4b9f44b6}|DisplayName
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{edb94bca-af20-42be-8ba0-ce1c4b9f44b6}|UninstallString
Deleted HKLM\Software\Wow6432Node\\Classes\AppID\DownloadProxy.EXE
Deleted HKLM\Software\Wow6432Node\\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{B9E49847-9822-4139-BC55-7173ED1ADA11}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{B9E49847-9822-4139-BC55-7173ED1ADA11}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION|AndroidServer.exe
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKU\.DEFAULT\Software\Mozilla\NativeMessagingHosts\com.webcompanion.native
Deleted HKU\S-1-5-18\SOFTWARE\Mozilla\NativeMessagingHosts\com.webcompanion.native
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

***** Reboot Required to Complete *****


***** [ Folders ] *****

Cleaning failed C:\Program Files (x86)\Lavasoft\Web Companion
Cleaning failed C:\ProgramData\Application Data\Lavasoft\Web Companion
Cleaning failed C:\ProgramData\Lavasoft\Web Companion

*************************

AdwCleaner_Debug.log - [24593 octets] - [15/10/2019 15:20:19]
AdwCleaner[S00].txt - [3755 octets] - [15/10/2019 15:21:40]
AdwCleaner[C00].txt - [3425 octets] - [15/10/2019 15:32:37]
AdwCleaner[S01].txt - [5214 octets] - [06/01/2022 10:39:24]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118275
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Preventívka T-Bag

#5 Příspěvek od Rudy »

OK. Dejte nové logy FRST+Addition.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
T-Bag
Návštěvník
Návštěvník
Příspěvky: 33
Registrován: 14 pro 2014 09:54

Re: Preventívka T-Bag

#6 Příspěvek od T-Bag »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-12-2021
Ran by Tibor (administrator) on TIBOR (Acer Aspire E5-573G) (06-01-2022 15:06:43)
Running from C:\Users\Tibor\Desktop
Loaded Profiles: Tibor
Platform: Microsoft Windows 10 Home Version 21H1 19043.1415 (X64) Language: Slovenčina (Slovensko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\ASUS\USB-AC51 WLAN Card Utilities\Common\ASUSService.exe
() [File not signed] C:\Program Files (x86)\Remote Mouse\RemoteMouseService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\USB-AC51 WLAN Card Utilities\Common\RaUI.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <3>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <44>
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2110.13603.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIGCE.EXE
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Ralink Technology, Corp.) [File not signed] C:\Program Files (x86)\ASUS\USB-AC51 WLAN Card Utilities\Common\RaRegistry64.exe
(Ralink) [File not signed] C:\Program Files (x86)\ASUS\USB-AC51 WLAN Card Utilities\Common\RaMediaServer.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp. -> ) C:\Windows\runSW.exe
(Realtek Semiconductor Corp. -> Realtek) C:\Windows\SwUSB.exe
(RemoteMouse.net) [File not signed] C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14049536 2015-07-09] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [157464 2021-12-28] (Avast Software s.r.o. -> AVAST Software)
HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\Run: [EPSON1D24F2 (Epson Stylus SX420W)] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE [224768 2009-09-14] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32414392 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\Run: [Discord] => C:\Users\Tibor\AppData\Local\Discord\Update.exe [1512608 2021-09-21] (Discord Inc. -> GitHub)
HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\Run: [utweb] => "C:\Users\Tibor\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED (No File)
HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\Run: [Opera Browser Assistant] => C:\Users\Tibor\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [4095184 2021-08-11] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\Run: [ut] => "C:\Users\Tibor\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED (No File)
HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\Run: [EPSON SX420W Series] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE [224768 2009-09-14] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\EPSON SX420W Series 64MonitorBE: C:\WINDOWS\system32\E_ILMGCE.DLL [118784 2008-11-12] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\96.0.4664.110\Installer\chrmstp.exe [2021-12-13] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ASUS USB-AC51 WLAN Control Center.lnk [2020-12-22]
ShortcutTarget: ASUS USB-AC51 WLAN Control Center.lnk -> C:\Program Files (x86)\ASUS\USB-AC51 WLAN Card Utilities\Common\RaUI.exe (ASUSTeK Computer Inc.) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TREZOR Bridge.lnk [2021-01-08]
ShortcutTarget: TREZOR Bridge.lnk -> C:\Program Files (x86)\TREZOR Bridge\trezord.exe (SatoshiLabs, s.r.o. -> )
Startup: C:\Users\Tibor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2020-10-08]
ShortcutTarget: MEGAsync.lnk -> C:\Windows.old\Users\Tibor\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited -> Mega Limited)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {073BDFFE-C5A9-43DA-A4EF-E881E69890EA} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {0E3885D1-8826-4E7B-9FF0-2CCB4A06583D} - System32\Tasks\Opera scheduled assistant Autoupdate 1602954848 => C:\Users\Tibor\AppData\Local\Programs\Opera\launcher.exe [2256592 2021-12-21] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Tibor\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {19A4EE05-2984-4BF6-9CE1-1F420DCCAB61} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646896 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1AC05320-3413-4ACD-A9D4-0A09BD13966F} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-2813316739-561623387-2885406294-1001 => C:\Windows.old\Users\Tibor\AppData\Local\MEGAsync\MEGAupdater.exe [1303800 2020-12-12] (Mega Limited -> Mega Limited)
Task: {268363FB-F994-4CF8-8A92-CD595542DF55} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\Adobe Acrobat Update Task" /ENABLE
Task: {268363FB-F994-4CF8-8A92-CD595542DF55} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
Task: {268363FB-F994-4CF8-8A92-CD595542DF55} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
Task: {268363FB-F994-4CF8-8A92-CD595542DF55} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore" /ENABLE
Task: {268363FB-F994-4CF8-8A92-CD595542DF55} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineUA" /ENABLE
Task: {268363FB-F994-4CF8-8A92-CD595542DF55} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\OneDrive Reporting Task-S-1-5-21-2813316739-561623387-2885406294-1001" /ENABLE
Task: {268363FB-F994-4CF8-8A92-CD595542DF55} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-2813316739-561623387-2885406294-1001" /ENABLE
Task: {268363FB-F994-4CF8-8A92-CD595542DF55} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\Opera scheduled Autoupdate 1602954829" /ENABLE
Task: {268363FB-F994-4CF8-8A92-CD595542DF55} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {4351048E-0DB9-4F81-99B7-704A0FFED913} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5E12C1DA-42E7-4EA3-9085-DB1714E0BFE9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26896568 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {639C6B9E-1E7A-4BE9-92F9-ED7157D9C0F4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-10-08] (Google LLC -> Google LLC)
Task: {84C939F4-D939-4F2B-B01B-92F2B4E69124} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\IntelPTTEKRecertification.exe [818008 2021-09-15] (Intel Corporation -> Intel(R) Corporation)
Task: {906F5B73-7B83-4DFC-B6EF-18A13442BF75} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9B92D60A-DECD-4709-A1BD-4C2566A84D02} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B09642EC-734A-427C-AC0F-3F0DB7B7AF58} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2021-01-11] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {BA7B6BF4-0B80-4C26-9C83-904870744383} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C1E0276D-1BC8-41D1-9949-5EFD12FAFB3D} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {C35E4ED4-521B-48EC-8AE2-18587E4AADB3} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3302128 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C61E8B24-30DF-43FE-A848-2841AD26F90A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-10-08] (Google LLC -> Google LLC)
Task: {C7500535-9F5F-43B3-A022-E3D1723DBAE3} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906480 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D4D51C84-FC3E-40F5-82DF-565134B7CC9D} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906480 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D54452D8-0618-4F7A-9DD5-F40E09C478FD} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4969240 2021-12-28] (Avast Software s.r.o. -> AVAST Software)
Task: {D54CF93E-D2CB-4CD1-88BE-8C48CBA2EC11} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2021-01-11] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {E3D9D280-57DD-4E00-BFEE-3A16D324D92B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-17] (Adobe Inc. -> Adobe Inc.)
Task: {FE82577C-64CC-4550-A27A-CD7443349B65} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1790184 2021-04-29] (Avast Software s.r.o. -> Avast Software)
Task: {FF92DE96-097F-4629-BB44-66096BB60F5F} - System32\Tasks\Opera scheduled Autoupdate 1602954829 => C:\Users\Tibor\AppData\Local\Programs\Opera\launcher.exe [2256592 2021-12-21] (Opera Software AS -> Opera Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 195.146.132.59 8.8.8.8
Tcpip\..\Interfaces\{38361781-665b-4bac-baa9-7292d430fe54}: [DhcpNameServer] 192.168.2.254
Tcpip\..\Interfaces\{7f91a368-a36a-489f-985d-b120411bfc58}: [DhcpNameServer] 195.146.132.59 8.8.8.8
Tcpip\..\Interfaces\{a791c8d3-0280-49a8-90c0-2ee0a4245225}: [DhcpNameServer] 195.146.132.59 8.8.8.8

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Tibor\AppData\Local\Microsoft\Edge\User Data\Default [2021-12-26]
Edge Session Restore: Default -> is enabled.
Edge Extension: (Outlook) - C:\Users\Tibor\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2020-10-15]
Edge Extension: (Word) - C:\Users\Tibor\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2020-10-15]
Edge Extension: (Excel) - C:\Users\Tibor\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2020-10-15]
Edge Extension: (PowerPoint) - C:\Users\Tibor\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2020-10-15]

FireFox:
========
FF DefaultProfile: umm8z632.default
FF ProfilePath: C:\Users\Tibor\AppData\Roaming\Mozilla\Firefox\Profiles\umm8z632.default [2020-10-10]
FF NewTab: Mozilla\Firefox\Profiles\umm8z632.default -> hxxps://securesearch.org/homepage?hp=2&pId=BT170603&iDate=2020-10-10 06:06:17&bName=
FF ProfilePath: C:\Users\Tibor\AppData\Roaming\Mozilla\Firefox\Profiles\tcp1p373.default-release-1610529294751 [2021-10-29]
FF Session Restore: Mozilla\Firefox\Profiles\tcp1p373.default-release-1610529294751 -> is enabled.
FF Extension: (Facebook Container) - C:\Users\Tibor\AppData\Roaming\Mozilla\Firefox\Profiles\tcp1p373.default-release-1610529294751\Extensions\@contain-facebook.xpi [2021-08-23]
FF Extension: (Enhancer for YouTube™) - C:\Users\Tibor\AppData\Roaming\Mozilla\Firefox\Profiles\tcp1p373.default-release-1610529294751\Extensions\enhancerforyoutube@maximerf.addons.mozilla.org.xpi [2021-08-23]
FF Extension: (MetaMask) - C:\Users\Tibor\AppData\Roaming\Mozilla\Firefox\Profiles\tcp1p373.default-release-1610529294751\Extensions\webextension@metamask.io.xpi [2021-08-23]
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Tibor\AppData\Local\Google\Chrome\User Data\Default [2022-01-06]
CHR Notifications: Default -> hxxps://app.anchorprotocol.com; hxxps://dexscreener.com
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Session Restore: Default -> is enabled.
CHR Extension: (Prezentácie) - C:\Users\Tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-01-10]
CHR Extension: (Terra Station) - C:\Users\Tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiifbnbfobpmeekipheeijimdpnlpgpp [2021-12-18]
CHR Extension: (Dokumenty) - C:\Users\Tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-01-10]
CHR Extension: (Disk Google) - C:\Users\Tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-01-10]
CHR Extension: (Phantom) - C:\Users\Tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfnaelmomeimhlpmgjnjophhpkkoljpa [2022-01-04]
CHR Extension: (Authenticator) - C:\Users\Tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhghoamapcdpbohphigoooaddinpkbai [2021-11-11]
CHR Extension: (YouTube) - C:\Users\Tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-01-10]
CHR Extension: (iMacros for Chrome) - C:\Users\Tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp [2022-01-04]
CHR Extension: (Keplr) - C:\Users\Tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmkamcknogkgcdfhhbddcghachkejeap [2022-01-04]
CHR Extension: (Tabuľky) - C:\Users\Tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-01-10]
CHR Extension: (Binance Wallet) - C:\Users\Tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhbohimaelbohpjbbldcngcnapndodjp [2021-12-28]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\Tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-12-05]
CHR Extension: (IE Tab) - C:\Users\Tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2021-11-20]
CHR Extension: (Nastavenie hlasitosti) - C:\Users\Tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\kedfglpbemacpmmdhkhmichimibbhnge [2021-12-11]
CHR Extension: (MetaMask) - C:\Users\Tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2021-12-21]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-15]
CHR Extension: (Gmail) - C:\Users\Tibor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-01-10]

Opera:
=======
OPR Profile: C:\Users\Tibor\AppData\Roaming\Opera Software\Opera Stable [2022-01-05]
OPR Notifications: Opera Stable -> hxxps://bridge.renproject.io; hxxps://www.tradingview.com
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=o ... utEncoding}
OPR Extension: (Terra Station) - C:\Users\Tibor\AppData\Roaming\Opera Software\Opera Stable\Extensions\aiifbnbfobpmeekipheeijimdpnlpgpp [2021-12-29]
OPR Extension: (Phantom) - C:\Users\Tibor\AppData\Roaming\Opera Software\Opera Stable\Extensions\bfnaelmomeimhlpmgjnjophhpkkoljpa [2022-01-05]
OPR Extension: (Keplr) - C:\Users\Tibor\AppData\Roaming\Opera Software\Opera Stable\Extensions\dmkamcknogkgcdfhhbddcghachkejeap [2021-12-30]
OPR Extension: (Rich Hints Agent) - C:\Users\Tibor\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-12-30]
OPR Extension: (Harmony Chrome Extension Wallet) - C:\Users\Tibor\AppData\Roaming\Opera Software\Opera Stable\Extensions\fnnegphlobjdpkhecapkijjdkgcjhkib [2021-11-06]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\Tibor\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-08-13]
OPR Extension: (Install Chrome Extensions) - C:\Users\Tibor\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2021-03-22]
OPR Extension: (MetaMask) - C:\Users\Tibor\AppData\Roaming\Opera Software\Opera Stable\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2021-12-29]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-17] (Adobe Inc. -> Adobe Inc.)
R2 ASUSWireless; C:\Program Files (x86)\ASUS\USB-AC51 WLAN Card Utilities\Common\ASUSService.exe [184320 2014-03-05] () [File not signed]
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8480848 2021-12-28] (Avast Software s.r.o. -> AVAST Software)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [323152 2015-05-29] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed]
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [452888 2021-12-28] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [452888 2021-12-28] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2021-06-03] (Avast Software s.r.o. -> AVAST Software)
S2 ibtsiva; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [165104 2015-06-30] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7901368 2021-12-13] (Malwarebytes Inc -> Malwarebytes)
R2 RalinkRegistryWriter; C:\Program Files (x86)\ASUS\USB-AC51 WLAN Card Utilities\Common\RaRegistry64.exe [447488 2014-03-05] (Ralink Technology, Corp.) [File not signed]
R2 RaMediaServer; C:\Program Files (x86)\ASUS\USB-AC51 WLAN Card Utilities\Common\RaMediaServer.exe [1863680 2014-03-05] (Ralink) [File not signed]
R2 RemoteMouseService; C:\Program Files (x86)\Remote Mouse\RemoteMouseService.exe [11264 2020-09-23] () [File not signed]
R2 RunSwUSB; C:\Windows\runSW.exe [59232 2018-05-02] (Realtek Semiconductor Corp. -> )
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [36784 2021-12-28] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [223176 2021-12-28] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [369216 2021-12-28] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [252992 2021-12-28] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [100416 2021-12-28] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [21936 2021-10-05] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42416 2021-12-28] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [186280 2021-12-28] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [540056 2021-12-28] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [108912 2021-12-28] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [83976 2021-12-28] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [853800 2021-12-28] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [545176 2021-12-28] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [215432 2021-12-28] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [318760 2021-12-28] (Avast Software s.r.o. -> AVAST Software)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21360 2013-07-18] (Acer Incorporated -> Acer Incorporated)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210352 2021-12-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-12-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-07-12] (Malwarebytes Inc -> Malwarebytes)
S3 qcusbser; C:\WINDOWS\System32\drivers\qcusbser.sys [242688 2016-05-18] (Xiaomi Technology Inc -> QUALCOMM Incorporated)
S3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14680 2013-07-18] (Acer Incorporated -> Acer Incorporated)
R3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [7148872 2018-05-04] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-01-06 15:06 - 2022-01-06 15:06 - 002311168 _____ (Farbar) C:\Users\Tibor\Desktop\FRST64.exe
2022-01-06 10:36 - 2022-01-06 10:36 - 008540344 _____ (Malwarebytes) C:\Users\Tibor\Downloads\adwcleaner_8.3.1.exe
2022-01-02 13:02 - 2022-01-02 13:10 - 000046072 _____ C:\Users\Tibor\Desktop\Addition.txt
2022-01-02 12:50 - 2022-01-06 15:08 - 000029510 _____ C:\Users\Tibor\Desktop\FRST.txt
2022-01-02 12:50 - 2022-01-02 12:50 - 000000000 ___HD C:\$AV_ASW
2022-01-02 12:50 - 2022-01-02 12:50 - 000000000 ____D C:\Users\Tibor\Desktop\FRST-OlderVersion
2021-12-30 08:31 - 2021-12-30 08:31 - 000007334 _____ C:\Users\Tibor\Desktop\Nová položka OpenDocument Text.odt
2021-12-29 17:30 - 2022-01-04 19:35 - 000012905 _____ C:\Users\Tibor\Desktop\Nová položka OpenDocument Zošit.ods
2021-12-29 16:27 - 2021-12-29 16:27 - 060249906 _____ C:\Users\Tibor\Downloads\bybit.apk
2021-12-29 13:07 - 2021-12-29 13:37 - 000000000 ____D C:\Users\Tibor\AppData\Roaming\Authy Desktop
2021-12-29 13:07 - 2021-12-29 13:07 - 000000000 ____D C:\Users\Tibor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Twilio Inc
2021-12-29 13:06 - 2021-12-29 13:07 - 000000000 ____D C:\Users\Tibor\AppData\Local\authy
2021-12-29 13:06 - 2021-12-29 13:06 - 070878224 _____ (Twilio Inc.) C:\Users\Tibor\Downloads\Authy Desktop Setup 1.9.0.exe
2021-12-29 10:00 - 2021-12-29 10:00 - 000850651 _____ C:\Users\Tibor\Downloads\EPH263847226_adresne_stitky_a4.pdf
2021-12-28 13:18 - 2021-12-28 13:18 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2021-12-28 13:17 - 2021-12-28 13:17 - 000340248 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2021-12-28 13:17 - 2021-12-28 13:17 - 000215432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2021-12-26 06:49 - 2021-12-26 06:49 - 000210352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-12-21 19:26 - 2021-12-21 19:26 - 000850398 _____ C:\Users\Tibor\Downloads\NZ0176011_adresne_stitky_a4.pdf
2021-12-21 19:26 - 2021-12-21 19:26 - 000850397 _____ C:\Users\Tibor\Downloads\NZ0176011_adresne_stitky_c6.pdf
2021-12-21 19:25 - 2021-12-21 19:25 - 000850399 _____ C:\Users\Tibor\Downloads\NZ0176011_adresne_stitky_dl.pdf
2021-12-18 12:07 - 2021-12-18 12:07 - 000000000 ____D C:\WINDOWS\SystemTemp
2021-12-18 08:53 - 2021-12-18 12:05 - 000000243 _____ C:\Users\Tibor\Desktop\new.txt
2021-12-17 12:58 - 2021-12-17 12:58 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-12-17 12:58 - 2021-12-17 12:58 - 000011979 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-12-17 12:56 - 2021-12-17 12:56 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-12-17 12:56 - 2021-12-17 12:56 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-12-17 12:10 - 2021-12-17 12:10 - 000000000 ___HD C:\$WinREAgent
2021-12-11 17:25 - 2022-01-06 12:02 - 000003122 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2813316739-561623387-2885406294-1001
2021-12-09 19:28 - 2021-12-09 19:28 - 000007554 _____ C:\Users\Tibor\Downloads\export-0xb1aa469f612f5b50517dfc94f23c184f2be96d7a.csv

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-01-06 15:07 - 2019-10-14 19:51 - 000000000 ____D C:\FRST
2022-01-06 14:59 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-01-06 14:44 - 2020-10-08 16:41 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-01-06 12:52 - 2021-06-09 14:59 - 000000000 ____D C:\Users\Tibor\AppData\Roaming\Discord
2022-01-06 12:35 - 2021-06-09 14:59 - 000000000 ____D C:\Users\Tibor\AppData\Local\Discord
2022-01-06 12:02 - 2020-10-17 18:14 - 000003544 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1602954829
2022-01-06 12:02 - 2020-10-14 21:14 - 000003564 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-01-06 12:02 - 2020-10-14 21:14 - 000003340 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-01-06 12:02 - 2020-10-08 19:03 - 000003542 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2022-01-06 12:02 - 2020-10-08 19:03 - 000003446 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2022-01-06 12:02 - 2020-10-08 19:03 - 000003222 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2022-01-06 12:02 - 2020-10-08 18:56 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2022-01-06 12:02 - 2020-10-08 18:01 - 000002918 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2813316739-561623387-2885406294-1001
2022-01-06 11:55 - 2020-10-08 19:03 - 000000000 ____D C:\Program Files (x86)\Google
2022-01-06 11:49 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2022-01-06 11:18 - 2021-06-06 11:06 - 000000000 ____D C:\Users\Tibor\AppData\Local\Avast Software
2022-01-06 10:45 - 2020-10-08 16:53 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2022-01-06 10:45 - 2015-09-17 16:40 - 000000000 __SHD C:\Users\Tibor\IntelGraphicsProfiles
2022-01-06 10:44 - 2020-11-12 23:53 - 000003842 _____ C:\WINDOWS\system32\Tasks\Intel PTT EK Recertification
2022-01-06 10:44 - 2020-10-08 18:52 - 000000000 ____D C:\ProgramData\Avast Software
2022-01-06 10:44 - 2020-10-08 16:54 - 000000000 ____D C:\ProgramData\NVIDIA
2022-01-06 10:43 - 2020-10-08 16:49 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-01-06 10:43 - 2020-09-20 20:33 - 000008192 ___SH C:\DumpStack.log.tmp
2022-01-06 10:41 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-01-06 10:40 - 2020-10-10 19:06 - 000000000 ____D C:\Users\Tibor\AppData\Roaming\Lavasoft
2022-01-06 10:40 - 2020-10-10 19:06 - 000000000 ____D C:\Users\Tibor\AppData\Local\Lavasoft
2022-01-06 10:40 - 2020-10-10 19:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2022-01-06 05:19 - 2020-10-08 18:55 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2022-01-05 23:00 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-01-05 23:00 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-01-04 12:38 - 2020-10-17 18:13 - 000001409 _____ C:\Users\Tibor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prehliadač Opera.lnk
2022-01-03 18:07 - 2021-06-10 19:43 - 000000000 ____D C:\Users\Tibor\AppData\Roaming\MetaQuotes
2022-01-02 14:53 - 2020-10-08 17:55 - 000000000 ____D C:\Users\Tibor\AppData\Local\Packages
2021-12-29 14:09 - 2021-07-31 11:21 - 000000158 _____ C:\Users\Tibor\Desktop\tera.txt
2021-12-29 13:55 - 2021-03-29 22:22 - 000000000 ____D C:\Users\Tibor\AppData\Roaming\tor
2021-12-29 13:46 - 2020-10-10 19:01 - 000000000 ____D C:\Users\Tibor\AppData\Local\CrashDumps
2021-12-29 13:07 - 2020-11-10 14:33 - 000000000 ____D C:\Users\Tibor\AppData\Local\SquirrelTemp
2021-12-28 13:17 - 2020-10-08 18:54 - 000545176 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2021-12-28 13:17 - 2020-10-08 18:54 - 000540056 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2021-12-28 13:17 - 2020-10-08 18:54 - 000318760 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2021-12-28 13:17 - 2020-10-08 18:54 - 000252992 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2021-12-28 13:17 - 2020-10-08 18:54 - 000186280 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2021-12-28 13:17 - 2020-10-08 18:54 - 000108912 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2021-12-28 13:17 - 2020-10-08 18:54 - 000100416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2021-12-28 13:17 - 2020-10-08 18:54 - 000083976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2021-12-28 13:17 - 2020-10-08 18:54 - 000042416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2021-12-28 13:17 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-12-28 13:16 - 2020-10-08 18:54 - 000853800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2021-12-28 13:16 - 2020-10-08 18:54 - 000369216 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2021-12-28 13:16 - 2020-10-08 18:54 - 000223176 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2021-12-28 13:16 - 2020-10-08 18:54 - 000036784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2021-12-26 06:55 - 2020-10-08 17:18 - 000840602 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-12-26 05:16 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-12-24 09:35 - 2021-07-20 19:07 - 000000000 ____D C:\Users\Tibor\AppData\LocalLow\IGDump
2021-12-18 22:21 - 2020-10-14 21:14 - 000002448 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-12-18 12:11 - 2020-10-08 16:41 - 000294472 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-12-18 12:07 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-12-18 12:07 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-12-18 12:07 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-12-18 12:07 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-12-18 12:07 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-12-18 12:07 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-12-18 12:07 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-12-18 12:07 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-12-18 12:07 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-12-18 12:07 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-12-17 13:11 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-12-17 12:01 - 2020-10-11 12:00 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-12-17 11:56 - 2020-10-11 11:59 - 137938848 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-12-15 13:26 - 2019-09-17 10:27 - 000000000 ____D C:\Users\Tibor\Downloads\Adobe Photoshop CS6 13.0.1 Final Multilanguage(cracked dll)
2021-12-13 21:57 - 2021-01-10 14:39 - 000002263 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-12-13 21:57 - 2021-01-10 14:39 - 000002222 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-12-13 20:21 - 2021-07-12 19:39 - 000002025 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-12-13 20:21 - 2020-12-23 16:42 - 000002037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-12-13 20:20 - 2020-12-23 16:41 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-12-13 20:20 - 2020-12-23 16:15 - 000000000 ____D C:\Program Files\Malwarebytes

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
Nahoru
T-Bag
Návštěvník
Návštěvník
Příspěvky: 33
Registrován: 14 pro 2014 09:54

Re: Preventívka T-Bag

#7 Příspěvek od T-Bag »

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-12-2021
Ran by Tibor (06-01-2022 15:11:29)
Running from C:\Users\Tibor\Desktop
Microsoft Windows 10 Home Version 21H1 19043.1415 (X64) (2020-10-08 16:31:48)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2813316739-561623387-2885406294-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2813316739-561623387-2885406294-503 - Limited - Disabled)
Guest (S-1-5-21-2813316739-561623387-2885406294-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2813316739-561623387-2885406294-1003 - Limited - Enabled)
Tibor (S-1-5-21-2813316739-561623387-2885406294-1001 - Administrator - Enabled) => C:\Users\Tibor
WDAGUtilityAccount (S-1-5-21-2813316739-561623387-2885406294-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Slovak (HKLM-x32\...\{AC76BA86-7AD7-1051-7B44-AC0F074E4100}) (Version: 21.007.20099 - Adobe Systems Incorporated)
ASUS USB-AC51 WLAN Card Utilities & Driver (HKLM-x32\...\{DDEA12A2-E130-4318-ABE3-8D4E20367E66}) (Version: 1.0.1.6 - ASUS)
Authy Desktop (HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\authy) (Version: 1.9.0 - Twilio Inc.)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 21.11.2500 - Avast Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.75 - Piriform)
Discord (HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\Discord) (Version: 0.0.311 - Discord Inc.)
EPSON SX420W Series Printer Uninstall (HKLM\...\EPSON SX420W Series) (Version: - SEIKO EPSON Corporation)
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Excel (HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel)
FreeYourMusic 6.0.9 (HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\eea5e4fa-a0b3-5935-9ed7-a1bc19a244f5) (Version: 6.0.9 - freeyourmusic)
Google Earth Pro (HKLM\...\{9BFB06CD-3925-49E2-BAB7-EA695821CE4C}) (Version: 7.3.4.8248 - Google)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 96.0.4664.110 - Google LLC)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{31C74FA2-2AB9-41C3-BFBE-693283E4C28B}) (Version: 17.1.1527.1534 - Intel Corporation)
Kingo ROOT version 1.5.8.3353 (HKLM-x32\...\{AE7675D6-0B31-494F-ABFA-822E1A0FDF17}_is1) (Version: 1.5.8.3353 - Kingosoft Technology Ltd.)
KingRoot °ć±ľ 3.5.0.1157 (HKLM-x32\...\{FA3B7324-9EB4-4ADC-84D0-5461BE113832}_is1) (Version: 3.5.0.1157 - KingRoot)
Malwarebytes version 4.5.0.152 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.0.152 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 96.0.1054.62 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\OneDriveSetup.exe) (Version: 21.230.1107.0004 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
Mozilla Firefox (x64 sk) (HKLM\...\Mozilla Firefox 91.0.1 (x64 sk)) (Version: 91.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 81.0.1 - Mozilla)
NVIDIA FrameView SDK 1.1.4923.29548709 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29548709 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.21.0.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.21.0.36 - NVIDIA Corporation)
NVIDIA Grafický ovládač 461.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 461.92 - NVIDIA Corporation)
NVIDIA Softvér systému s podporou technológie PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
OpenOffice 4.1.8 (HKLM-x32\...\{D00D3099-365F-4B6D-8512-F393994DB3D1}) (Version: 4.18.9803 - Apache Software Foundation)
Opera Stable 82.0.4227.43 (HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\Opera 82.0.4227.43) (Version: 82.0.4227.43 - Opera Software)
Outlook (HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook)
PowerPoint (HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.65 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31222 - Realtek Semiconduct Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
Remote Mouse version 3.015 (HKLM-x32\...\{01E4BC6D-3ACC-45E1-8928-C2FF626F63F3}_is1) (Version: 3.015 - Remote Mouse)
TP-Link Archer T3U Driver (HKLM-x32\...\{CEB0679A-4607-4705-9D40-86734A7E94EA}) (Version: 2.1.0 - TP-Link)
Trezor Suite 21.8.1 (HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\978be57b-9286-5cd7-a60b-54c81352a986) (Version: 21.8.1 - SatoshiLabs)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Vysor (HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\vysor) (Version: 3.1.4 - Vysor Inc.)
whirlpool-gui 0.10.3 (HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\7dc52277-ffa6-5281-9c2d-e59577bdfa8b) (Version: 0.10.3 - zeroleak)
Windows Kontrola stavu počítača (HKLM\...\{BDBC15A5-E9F1-485F-A0D3-7526052FB2B2}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Word (HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\1b837d0bf93d01407352736c91b7bf50) (Version: 1.0 - Word)

Packages:
=========
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_133.1.340.0_x64__v10z8vjag6ke6 [2021-12-13] (HP Inc.)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.11.12030.0_x64__8wekyb3d8bbwe [2021-12-11] (Microsoft Studios) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2813316739-561623387-2885406294-1001_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) [File not signed]
CustomCLSID: HKU\S-1-5-21-2813316739-561623387-2885406294-1001_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) [File not signed]
CustomCLSID: HKU\S-1-5-21-2813316739-561623387-2885406294-1001_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) [File not signed]
CustomCLSID: HKU\S-1-5-21-2813316739-561623387-2885406294-1001_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation) [File not signed]
CustomCLSID: HKU\S-1-5-21-2813316739-561623387-2885406294-1001_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation) [File not signed]
CustomCLSID: HKU\S-1-5-21-2813316739-561623387-2885406294-1001_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) [File not signed]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-12-28] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-12-28] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-12-28] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-12-28] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-12-23] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-09-25] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2021-03-11] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-12-28] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-12-23] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Tibor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=leffmjdabcgaflkikcefahmlgpodjkdm
ShortcutWithArgument: C:\Users\Tibor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bjhmmnoficofgoiacjaajpkfndojknpb
ShortcutWithArgument: C:\Users\Tibor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=opfacbhaojodjaojgocnibmklknchehf
ShortcutWithArgument: C:\Users\Tibor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hikhggiobiflkdfdgdajcfklmcibbopi
ShortcutWithArgument: C:\Users\Tibor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikácie Chrome\Curve.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=mbokphlkmchefpiipgilfkfgheigmadi

==================== Loaded Modules (Whitelisted) =============

2020-12-22 13:34 - 2014-03-05 14:47 - 001069056 _____ (Cisco Systems, Inc.) [File not signed] C:\Program Files (x86)\ASUS\USB-AC51 WLAN Card Utilities\Common\CiscoEapFast.dll
2021-01-02 14:46 - 2019-04-19 17:12 - 001391104 _____ (Remote Mouse) [File not signed] C:\Program Files (x86)\Remote Mouse\windows_api.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-2813316739-561623387-2885406294-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://securesearch.org/homepage?hp=2&pId=BT170603&iDate=2020-10-10 06:06:17&bName=

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\localhost -> localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 10:14 - 2019-12-07 10:12 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2813316739-561623387-2885406294-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tibor\Documents\MOJE\grafika\LP\soul.jpg
DNS Servers: 195.146.132.59 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "TREZOR Bridge.lnk"
HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\StartupApproved\Run: => "Opera Browser Assistant"
HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\StartupApproved\Run: => "EPSON1D24F2 (Epson Stylus SX420W)"
HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{7D061C90-3D70-4853-BC4F-CB0757CB07E1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B94FB95A-5ED4-4F7F-B90E-7E373746DC44}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{4514E595-D995-4ADC-9B27-4BC0E1EC392D}C:\users\tibor\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tibor\appdata\roaming\spotify\spotify.exe => No File
FirewallRules: [UDP Query User{56AF6791-032A-41CE-8005-848FCE3D2AAF}C:\users\tibor\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tibor\appdata\roaming\spotify\spotify.exe => No File
FirewallRules: [{83CC309D-80BC-4D38-9EE8-E3FF3CD8B19C}] => (Allow) C:\Users\Tibor\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{3D615B81-5A2E-476E-8D52-5C83E9F92BA2}] => (Allow) C:\Users\Tibor\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [TCP Query User{11C1E296-10F3-47D9-B5A2-322A41684285}C:\users\tibor\appdata\local\programs\opera\71.0.3770.271\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\71.0.3770.271\opera.exe => No File
FirewallRules: [UDP Query User{86F37B8D-1EF8-4A42-A9CA-643D1249B97E}C:\users\tibor\appdata\local\programs\opera\71.0.3770.271\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\71.0.3770.271\opera.exe => No File
FirewallRules: [TCP Query User{7F066300-1C7F-42D9-9A9C-EC1C61AE2C05}C:\program files (x86)\heroes of the storm\versions\base82169\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base82169\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{9004CE0D-E594-480E-ABFF-47151985196F}C:\program files (x86)\heroes of the storm\versions\base82169\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base82169\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{4D9B21A7-1930-45B8-BE3C-FBEC70B247F5}C:\users\tibor\appdata\local\programs\opera\71.0.3770.284\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\71.0.3770.284\opera.exe => No File
FirewallRules: [UDP Query User{3ABB7685-3F53-41E6-9D4C-B2777A8538DA}C:\users\tibor\appdata\local\programs\opera\71.0.3770.284\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\71.0.3770.284\opera.exe => No File
FirewallRules: [{8A3EF0EB-F258-43B4-AFB7-D23851E1B3C0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{BAF879E4-1578-46C4-85D3-4C7AB8209160}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{3AAE6F48-B024-4461-AF21-6B372F84E4DF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{603BD7EC-9D9D-441D-B4B0-2CB1146A1310}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{7D590BFA-7FE9-408B-AE4F-DBB79CCFA016}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe => No File
FirewallRules: [{6ECDA67D-C114-4382-B72E-B6548EEE6F5F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe => No File
FirewallRules: [{BC1476A9-595F-449C-9BFF-A81F2749C737}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{40073C69-A303-4786-BA7F-07147345508B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [TCP Query User{122116D3-C3F6-4FFD-9B33-5F0E5BBA680C}C:\users\tibor\appdata\local\programs\opera\72.0.3815.186\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\72.0.3815.186\opera.exe => No File
FirewallRules: [UDP Query User{DA347C06-DD82-4893-AE94-7A4668BB45E2}C:\users\tibor\appdata\local\programs\opera\72.0.3815.186\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\72.0.3815.186\opera.exe => No File
FirewallRules: [TCP Query User{1EBCB1DE-EB40-46F7-92E0-11C849332B25}C:\users\tibor\appdata\local\vysor\app-3.1.4\vysor.exe] => (Allow) C:\users\tibor\appdata\local\vysor\app-3.1.4\vysor.exe (Vysor Inc.) [File not signed]
FirewallRules: [UDP Query User{F4D4D39F-3342-4F41-AF8F-95C986D1F97F}C:\users\tibor\appdata\local\vysor\app-3.1.4\vysor.exe] => (Allow) C:\users\tibor\appdata\local\vysor\app-3.1.4\vysor.exe (Vysor Inc.) [File not signed]
FirewallRules: [TCP Query User{C3F1F020-0828-4A85-A208-BC33C34E6A8D}C:\users\tibor\appdata\local\programs\opera\72.0.3815.320\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\72.0.3815.320\opera.exe => No File
FirewallRules: [UDP Query User{723A9B87-3011-426B-811C-46E8152F8859}C:\users\tibor\appdata\local\programs\opera\72.0.3815.320\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\72.0.3815.320\opera.exe => No File
FirewallRules: [TCP Query User{30F1AF5E-0CEE-4E10-858E-6276F0BBD4E1}C:\users\tibor\appdata\local\programs\opera\72.0.3815.400\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\72.0.3815.400\opera.exe => No File
FirewallRules: [UDP Query User{406F9982-70F7-41D6-BBEE-5B2E45CE4F3A}C:\users\tibor\appdata\local\programs\opera\72.0.3815.400\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\72.0.3815.400\opera.exe => No File
FirewallRules: [TCP Query User{04BAE72E-3F48-4F9E-A681-BE89EA56ED07}C:\users\tibor\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tibor\appdata\roaming\spotify\spotify.exe => No File
FirewallRules: [UDP Query User{9ACFACCF-D812-407B-B7DD-BA7257ADE726}C:\users\tibor\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tibor\appdata\roaming\spotify\spotify.exe => No File
FirewallRules: [{EFEEF5D2-DAA5-49F3-A490-A10D0C3D14BB}] => (Allow) C:\Program Files (x86)\ASUS\USB-AC51 WLAN Card Utilities\Common\RaMediaServer.exe (Ralink) [File not signed]
FirewallRules: [{AC93B3F2-AEF4-4415-A2ED-7A59F505CFBB}] => (Allow) C:\Program Files (x86)\ASUS\USB-AC51 WLAN Card Utilities\Common\RaMediaServer.exe (Ralink) [File not signed]
FirewallRules: [TCP Query User{8F14CFE9-E5F0-48F7-A4D1-854C0CC97B87}C:\users\tibor\appdata\local\programs\opera\73.0.3856.284\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\73.0.3856.284\opera.exe => No File
FirewallRules: [UDP Query User{8E43D987-0747-4BEF-A246-C743DE94AD3E}C:\users\tibor\appdata\local\programs\opera\73.0.3856.284\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\73.0.3856.284\opera.exe => No File
FirewallRules: [{7DD953C1-BB75-4A71-88F9-BC22B74F6552}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe (remotemouse.net) [File not signed]
FirewallRules: [{5BA753D8-9E7A-4A46-9DDE-98D2620A451C}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe (remotemouse.net) [File not signed]
FirewallRules: [{1EB8FFF6-6330-461B-B40B-247DA6F3A8C7}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe (RemoteMouse.net) [File not signed]
FirewallRules: [{851F88B7-098A-4E9A-838D-FE1100B9E475}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe (RemoteMouse.net) [File not signed]
FirewallRules: [TCP Query User{87D2337B-28C5-414F-9B7B-E70CFF5F1DB9}C:\users\tibor\appdata\local\bisq\bisq.exe] => (Allow) C:\users\tibor\appdata\local\bisq\bisq.exe => No File
FirewallRules: [UDP Query User{1545FC6A-0CD9-480D-B352-D90ED91680AD}C:\users\tibor\appdata\local\bisq\bisq.exe] => (Allow) C:\users\tibor\appdata\local\bisq\bisq.exe => No File
FirewallRules: [TCP Query User{8B8FD2AE-6E8A-43D8-913F-6B9813CD8AC4}C:\users\tibor\appdata\local\programs\opera\74.0.3911.203\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\74.0.3911.203\opera.exe => No File
FirewallRules: [UDP Query User{CE52ACCE-75C0-43C5-95C4-31EB525D7E29}C:\users\tibor\appdata\local\programs\opera\74.0.3911.203\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\74.0.3911.203\opera.exe => No File
FirewallRules: [TCP Query User{7257FB22-E1C8-4F6E-960D-21147FE5AAFB}C:\users\tibor\appdata\local\programs\opera\74.0.3911.218\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\74.0.3911.218\opera.exe => No File
FirewallRules: [UDP Query User{E03198C1-5E5E-45A6-995A-6A2E30D45E13}C:\users\tibor\appdata\local\programs\opera\74.0.3911.218\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\74.0.3911.218\opera.exe => No File
FirewallRules: [{947D4782-CC28-4AB7-8476-15C67835CD3B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{55B5FC0A-ACBC-4E7F-BB01-2DC92A093B07}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{BA29B58C-DBC7-4AAD-A304-A0CD05A0C33C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{6A146C84-6BB8-49CA-BA5D-88B675F5BAAE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{BC578045-4C16-40B8-9383-3C3673645451}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{E1906D2B-728C-43A1-A3BB-2020744FCBA5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{4A00FF4C-3E70-48E3-9D8A-21D60697EF7B}C:\users\tibor\appdata\local\programs\opera\75.0.3969.171\opera.exe] => (Block) C:\users\tibor\appdata\local\programs\opera\75.0.3969.171\opera.exe => No File
FirewallRules: [UDP Query User{0851C6C0-960F-418F-A96E-DA40182EA01F}C:\users\tibor\appdata\local\programs\opera\75.0.3969.171\opera.exe] => (Block) C:\users\tibor\appdata\local\programs\opera\75.0.3969.171\opera.exe => No File
FirewallRules: [TCP Query User{859154BE-0E20-4D5D-B665-D459F21FB1FE}C:\users\tibor\appdata\local\programs\opera\75.0.3969.218\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\75.0.3969.218\opera.exe => No File
FirewallRules: [UDP Query User{0DE457A4-F175-40C1-B9FE-D806BBFAFD27}C:\users\tibor\appdata\local\programs\opera\75.0.3969.218\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\75.0.3969.218\opera.exe => No File
FirewallRules: [TCP Query User{60224FC7-E07E-44CC-A5F6-7F41B7CAEBA1}C:\users\tibor\appdata\local\programs\opera\75.0.3969.243\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\75.0.3969.243\opera.exe => No File
FirewallRules: [UDP Query User{EF7A0D2D-F492-4B6D-9D18-3EDB485F6E02}C:\users\tibor\appdata\local\programs\opera\75.0.3969.243\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\75.0.3969.243\opera.exe => No File
FirewallRules: [TCP Query User{9D627A3B-FE39-4EF4-BE1A-CF8E4A4F294A}C:\users\tibor\appdata\local\programs\opera\76.0.4017.154\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\76.0.4017.154\opera.exe => No File
FirewallRules: [UDP Query User{2F317100-8B46-44CE-9CF7-DA6430089297}C:\users\tibor\appdata\local\programs\opera\76.0.4017.154\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\76.0.4017.154\opera.exe => No File
FirewallRules: [TCP Query User{56E3B14A-F5CD-41F3-989C-91832DCCE933}C:\users\tibor\appdata\local\programs\opera\76.0.4017.177\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\76.0.4017.177\opera.exe => No File
FirewallRules: [UDP Query User{08EB3EA2-6C64-4D1D-B2E1-445D6585230A}C:\users\tibor\appdata\local\programs\opera\76.0.4017.177\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\76.0.4017.177\opera.exe => No File
FirewallRules: [TCP Query User{A8404056-562A-41DC-A391-F394E0C6CB3C}C:\users\tibor\appdata\local\programs\opera\77.0.4054.90\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\77.0.4054.90\opera.exe => No File
FirewallRules: [UDP Query User{32B8F76D-1BBA-4DF3-A9B8-D5B18551FBB1}C:\users\tibor\appdata\local\programs\opera\77.0.4054.90\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\77.0.4054.90\opera.exe => No File
FirewallRules: [TCP Query User{92A4E330-C6AA-4030-BD12-0A7F7EE21200}C:\users\tibor\appdata\local\programs\opera\77.0.4054.203\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\77.0.4054.203\opera.exe => No File
FirewallRules: [UDP Query User{895E8C7C-7808-4839-A4E6-CC48C01DB5E1}C:\users\tibor\appdata\local\programs\opera\77.0.4054.203\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\77.0.4054.203\opera.exe => No File
FirewallRules: [TCP Query User{FCC0912F-D548-4EC1-A47D-78EEE8BF1AC7}C:\users\tibor\appdata\local\programs\opera\77.0.4054.203\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\77.0.4054.203\opera.exe => No File
FirewallRules: [UDP Query User{5AB6E1E4-C01F-47D0-A077-9511514916ED}C:\users\tibor\appdata\local\programs\opera\77.0.4054.203\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\77.0.4054.203\opera.exe => No File
FirewallRules: [TCP Query User{82C6A0CD-32CF-45EB-B6CC-E2707933F60B}C:\users\tibor\appdata\local\programs\opera\77.0.4054.277\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\77.0.4054.277\opera.exe => No File
FirewallRules: [UDP Query User{987673C4-2174-4B8A-8B8B-06EE7BABCF1A}C:\users\tibor\appdata\local\programs\opera\77.0.4054.277\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\77.0.4054.277\opera.exe => No File
FirewallRules: [TCP Query User{BFFF3FA0-D7C5-4F0F-B96F-946908CD2365}C:\users\tibor\appdata\local\programs\opera\77.0.4054.277\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\77.0.4054.277\opera.exe => No File
FirewallRules: [UDP Query User{3BEDF369-976E-4442-8F38-2413CECBD487}C:\users\tibor\appdata\local\programs\opera\77.0.4054.277\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\77.0.4054.277\opera.exe => No File
FirewallRules: [{1B372B3F-60EF-4436-AFB6-00FB136E1E3E}] => (Allow) C:\Users\Tibor\AppData\Roaming\uTorrent Web\utweb.exe => No File
FirewallRules: [{A9B13CB4-FC84-4A5C-B169-8F15164DD1D7}] => (Allow) C:\Users\Tibor\AppData\Roaming\uTorrent Web\utweb.exe => No File
FirewallRules: [TCP Query User{EEB47CE6-ADB2-4585-BB1D-746E06AE5255}C:\users\tibor\appdata\local\programs\opera\78.0.4093.147\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\78.0.4093.147\opera.exe => No File
FirewallRules: [UDP Query User{15CE35C5-77D6-4C47-B158-5C57C4A14416}C:\users\tibor\appdata\local\programs\opera\78.0.4093.147\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\78.0.4093.147\opera.exe => No File
FirewallRules: [TCP Query User{11C389CE-5851-4833-B9EE-6A19DE6712FC}C:\users\tibor\appdata\local\programs\opera\78.0.4093.147\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\78.0.4093.147\opera.exe => No File
FirewallRules: [UDP Query User{8A492BC5-57B8-4F93-9148-C094D2F9E1EB}C:\users\tibor\appdata\local\programs\opera\78.0.4093.147\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\78.0.4093.147\opera.exe => No File
FirewallRules: [TCP Query User{381030C5-162D-4EC3-8352-AE37F38319FD}C:\users\tibor\appdata\local\programs\opera\78.0.4093.184\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\78.0.4093.184\opera.exe => No File
FirewallRules: [UDP Query User{DF275825-C840-4196-9D17-C20A016416A7}C:\users\tibor\appdata\local\programs\opera\78.0.4093.184\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\78.0.4093.184\opera.exe => No File
FirewallRules: [TCP Query User{F8FACD62-E8AA-43B8-AF73-D645BA920DAC}C:\users\tibor\appdata\local\programs\opera\78.0.4093.184\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\78.0.4093.184\opera.exe => No File
FirewallRules: [UDP Query User{0A16DD11-1B71-418E-AF2D-4AD2C7E6A368}C:\users\tibor\appdata\local\programs\opera\78.0.4093.184\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\78.0.4093.184\opera.exe => No File
FirewallRules: [{66B37E3E-263C-4576-A0C9-07B05D51CE4C}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{5D39D931-434C-4B69-A2A4-7185CECF7EC5}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{9EE99D8F-B523-40E4-B390-8829BDD9B974}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{53999245-666B-42FF-AA06-551F2F7A45A3}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [TCP Query User{DBC6CA50-5DB3-45C2-B113-8B6DE16B9E69}C:\users\tibor\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [UDP Query User{EDE68C86-2D96-4AD8-9D5E-72C1AD1839E1}C:\users\tibor\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [TCP Query User{C7BFE3A0-B1B5-4220-9039-94BD04286725}C:\users\tibor\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [UDP Query User{FA23FBA2-0F7D-4BE6-B7D7-2D0A810FA9B9}C:\users\tibor\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{B8C0A686-5765-4C28-A881-6F142B8C8A4C}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{77350590-3D7B-4870-96AA-368DB03D6B02}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{9497E1C2-FE44-4DBE-9C38-ACD9256F3930}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{ECC1EA1D-86D1-4743-AFEC-7124D5444A1F}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{1B88E428-3D20-445C-A42E-C0BA2ABED306}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{8147701B-745E-4286-8AF9-7CA2EA4B2D13}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A03A4463-006F-40F9-8D76-158D1B2BC23F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CAAF47EF-316F-461A-82BB-36FDC8BC489F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8848F3E8-A518-4D26-B71E-7445AEBAB6FB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D2BC449B-143D-47C9-9575-A045547BF244}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{E9456A08-5780-4B62-8D9D-57EC85642953}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)

==================== Restore Points =========================

17-12-2021 12:22:21 Inštalátor modulov systému Windows
26-12-2021 18:53:23 Scheduled Checkpoint
04-01-2022 17:03:58 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (01/02/2022 08:04:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchApp.exe version 10.0.19041.1387 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 168

Start Time: 01d7ff6b376a28f9

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

Report Id: c5fe1959-64fa-4b04-bf34-23892bac13d7

Faulting package full name: Microsoft.Windows.Search_1.14.2.19041_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: ShellFeedsUI

Hang type: Quiesce

Error: (01/02/2022 03:05:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: WLANExt.exe, verzia: 10.0.19041.1, časová značka: 0x45c477dd
Názov chybujúceho modulu: ntdll.dll, verzia: 10.0.19041.1288, časová značka: 0xa280d1d6
Kód výnimky: 0xc0000374
Odstup chyby: 0x00000000000ff199
Identifikácia chybujúceho procesu: 0x25bc
Čas spustenia chybujúcej aplikácie: 0x01d7ff7d266ad5c8
Cesta chybujúcej aplikácie: C:\WINDOWS\system32\WLANExt.exe
Cesta chybujúceho modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
Identifikácia hlásenia: 8c4c57e2-e962-44ed-8962-e4e34fb4db98
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (01/01/2022 04:19:05 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiska nemohol dokončiť opätovné vystrihnutie v Záloha (F:), pretože: Hardvér, ktorý podporuje tento zväzok, nepodporuje požadovanú operáciu. (0x8900002A)

Error: (01/01/2022 04:19:04 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiska nemohol dokončiť opätovné vystrihnutie v Acer (C:), pretože: Hardvér, ktorý podporuje tento zväzok, nepodporuje požadovanú operáciu. (0x8900002A)

Error: (12/30/2021 08:07:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: WLANExt.exe, verzia: 10.0.19041.1, časová značka: 0x45c477dd
Názov chybujúceho modulu: ntdll.dll, verzia: 10.0.19041.1288, časová značka: 0xa280d1d6
Kód výnimky: 0xc0000374
Odstup chyby: 0x00000000000ff199
Identifikácia chybujúceho procesu: 0x284
Čas spustenia chybujúcej aplikácie: 0x01d7fd4bec12ffa9
Cesta chybujúcej aplikácie: C:\WINDOWS\system32\WLANExt.exe
Cesta chybujúceho modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
Identifikácia hlásenia: 8188db82-bd0f-4c0f-8b03-0dd90630581a
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (12/29/2021 09:52:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Cortana.exe version 3.2110.13603.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1acc

Start Time: 01d7fcf5ddbe49d2

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2110.13603.0_x64__8wekyb3d8bbwe\Cortana.exe

Report Id: eccab70f-27da-4d37-87aa-894fbee7690c

Faulting package full name: Microsoft.549981C3F5F10_3.2110.13603.0_x64__8wekyb3d8bbwe

Faulting package-relative application ID: App

Hang type: Quiesce

Error: (12/29/2021 02:29:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: WLANExt.exe, verzia: 10.0.19041.1, časová značka: 0x45c477dd
Názov chybujúceho modulu: ntdll.dll, verzia: 10.0.19041.1288, časová značka: 0xa280d1d6
Kód výnimky: 0xc0000374
Odstup chyby: 0x00000000000ff199
Identifikácia chybujúceho procesu: 0xd70
Čas spustenia chybujúcej aplikácie: 0x01d7fcb25dae8a25
Cesta chybujúcej aplikácie: C:\WINDOWS\system32\WLANExt.exe
Cesta chybujúceho modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
Identifikácia hlásenia: dd552e29-3c68-448c-b687-394fe7857885
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (12/29/2021 01:46:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: Anchor Wallet.exe, verzia: 1.3.2.0, časová značka: 0x6109868f
Názov chybujúceho modulu: ntdll.dll, verzia: 10.0.19041.1288, časová značka: 0xa280d1d6
Kód výnimky: 0xc0000374
Odstup chyby: 0x00000000000ff199
Identifikácia chybujúceho procesu: 0x197c
Čas spustenia chybujúcej aplikácie: 0x01d7fc1734c3e596
Cesta chybujúcej aplikácie: C:\Program Files\Anchor Wallet\Anchor Wallet.exe
Cesta chybujúceho modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
Identifikácia hlásenia: d5db052f-6138-4eb1-8d9b-a80fdfff8218
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:


System errors:
=============
Error: (01/06/2022 10:45:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby Windows Presentation Foundation Font Cache 3.0.0.0 zlyhalo kvôli nasledujúcej chybe:
The service did not respond to the start or control request in a timely fashion.

Error: (01/06/2022 10:45:05 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Počas čakania na pripojenie služby Windows Presentation Foundation Font Cache 3.0.0.0 bol dosiahnutý časový limit (30000 ms).

Error: (01/06/2022 10:43:46 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Počas čakania na odpoveď transakcie od služby avast! Tools bol dosiahnutý časový limit (30000 ms).

Error: (01/06/2022 10:40:54 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Služba Avast Antivirus sa po prijatí ovládacieho príkazu pred vypnutím nevypla správne.

Error: (01/06/2022 10:40:23 AM) (Source: DCOM) (EventID: 10010) (User: TIBOR)
Description: The server {D63B10C5-BB46-4990-A94F-E40B9D520160} did not register with DCOM within the required timeout.

Error: (01/06/2022 10:39:48 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba RunSwUSB sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.

Error: (01/06/2022 10:39:44 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA Display Container LS sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 6000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.

Error: (01/06/2022 10:39:44 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA LocalSystem Container sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 6000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.


CodeIntegrity:
===============
Date: 2022-01-06 10:46:01
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2022-01-06 10:45:28
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: Insyde Corp. V1.11 04/20/2015
Motherboard: Acer ZORO_BH
Processor: Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz
Percentage of memory in use: 66%
Total physical RAM: 8106.7 MB
Available physical RAM: 2716.27 MB
Total Virtual: 24490.7 MB
Available Virtual: 17389.66 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:814.21 GB) (Free:309.5 GB) NTFS
Drive f: (Záloha) (Fixed) (Total:100 GB) (Free:25.38 GB) NTFS

\\?\Volume{1306b144-0e03-49b6-aed4-69658cf79121}\ (Recovery) (Fixed) (Total:0.59 GB) (Free:0.28 GB) NTFS
\\?\Volume{bb1b77a1-c939-4a61-b2af-a5d42064ba4d}\ (Push Button Reset) (Fixed) (Total:16.29 GB) (Free:1.66 GB) NTFS
\\?\Volume{eeb75141-f900-40d1-b25c-a3cc7b18018f}\ (ESP) (Fixed) (Total:0.29 GB) (Free:0.24 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 4E2DB25E)

Partition: GPT.

==================== End of Addition.txt =======================
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118275
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Preventívka T-Bag

#8 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
FirewallRules: [TCP Query User{4514E595-D995-4ADC-9B27-4BC0E1EC392D}C:\users\tibor\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tibor\appdata\roaming\spotify\spotify.exe => No File
FirewallRules: [UDP Query User{56AF6791-032A-41CE-8005-848FCE3D2AAF}C:\users\tibor\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tibor\appdata\roaming\spotify\spotify.exe => No File
FirewallRules: [{83CC309D-80BC-4D38-9EE8-E3FF3CD8B19C}] => (Allow) C:\Users\Tibor\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{3D615B81-5A2E-476E-8D52-5C83E9F92BA2}] => (Allow) C:\Users\Tibor\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [TCP Query User{11C1E296-10F3-47D9-B5A2-322A41684285}C:\users\tibor\appdata\local\programs\opera\71.0.3770.271\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\71.0.3770.271\opera.exe => No File
FirewallRules: [UDP Query User{86F37B8D-1EF8-4A42-A9CA-643D1249B97E}C:\users\tibor\appdata\local\programs\opera\71.0.3770.271\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\71.0.3770.271\opera.exe => No File
FirewallRules: [TCP Query User{7F066300-1C7F-42D9-9A9C-EC1C61AE2C05}C:\program files (x86)\heroes of the storm\versions\base82169\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base82169\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{9004CE0D-E594-480E-ABFF-47151985196F}C:\program files (x86)\heroes of the storm\versions\base82169\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base82169\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{4D9B21A7-1930-45B8-BE3C-FBEC70B247F5}C:\users\tibor\appdata\local\programs\opera\71.0.3770.284\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\71.0.3770.284\opera.exe => No File
FirewallRules: [UDP Query User{3ABB7685-3F53-41E6-9D4C-B2777A8538DA}C:\users\tibor\appdata\local\programs\opera\71.0.3770.284\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\71.0.3770.284\opera.exe => No File
FirewallRules: [{8A3EF0EB-F258-43B4-AFB7-D23851E1B3C0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{BAF879E4-1578-46C4-85D3-4C7AB8209160}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{3AAE6F48-B024-4461-AF21-6B372F84E4DF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{603BD7EC-9D9D-441D-B4B0-2CB1146A1310}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{7D590BFA-7FE9-408B-AE4F-DBB79CCFA016}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe => No File
FirewallRules: [{6ECDA67D-C114-4382-B72E-B6548EEE6F5F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe => No File
FirewallRules: [{BC1476A9-595F-449C-9BFF-A81F2749C737}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{40073C69-A303-4786-BA7F-07147345508B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [TCP Query User{122116D3-C3F6-4FFD-9B33-5F0E5BBA680C}C:\users\tibor\appdata\local\programs\opera\72.0.3815.186\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\72.0.3815.186\opera.exe => No File
FirewallRules: [UDP Query User{DA347C06-DD82-4893-AE94-7A4668BB45E2}C:\users\tibor\appdata\local\programs\opera\72.0.3815.186\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\72.0.3815.186\opera.exe => No File
FirewallRules: [TCP Query User{C3F1F020-0828-4A85-A208-BC33C34E6A8D}C:\users\tibor\appdata\local\programs\opera\72.0.3815.320\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\72.0.3815.320\opera.exe => No File
FirewallRules: [UDP Query User{723A9B87-3011-426B-811C-46E8152F8859}C:\users\tibor\appdata\local\programs\opera\72.0.3815.320\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\72.0.3815.320\opera.exe => No File
FirewallRules: [TCP Query User{30F1AF5E-0CEE-4E10-858E-6276F0BBD4E1}C:\users\tibor\appdata\local\programs\opera\72.0.3815.400\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\72.0.3815.400\opera.exe => No File
FirewallRules: [UDP Query User{406F9982-70F7-41D6-BBEE-5B2E45CE4F3A}C:\users\tibor\appdata\local\programs\opera\72.0.3815.400\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\72.0.3815.400\opera.exe => No File
FirewallRules: [TCP Query User{04BAE72E-3F48-4F9E-A681-BE89EA56ED07}C:\users\tibor\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tibor\appdata\roaming\spotify\spotify.exe => No File
FirewallRules: [UDP Query User{9ACFACCF-D812-407B-B7DD-BA7257ADE726}C:\users\tibor\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tibor\appdata\roaming\spotify\spotify.exe => No File
FirewallRules: [TCP Query User{8F14CFE9-E5F0-48F7-A4D1-854C0CC97B87}C:\users\tibor\appdata\local\programs\opera\73.0.3856.284\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\73.0.3856.284\opera.exe => No File
FirewallRules: [UDP Query User{8E43D987-0747-4BEF-A246-C743DE94AD3E}C:\users\tibor\appdata\local\programs\opera\73.0.3856.284\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\73.0.3856.284\opera.exe => No File
FirewallRules: [TCP Query User{87D2337B-28C5-414F-9B7B-E70CFF5F1DB9}C:\users\tibor\appdata\local\bisq\bisq.exe] => (Allow) C:\users\tibor\appdata\local\bisq\bisq.exe => No File
FirewallRules: [UDP Query User{1545FC6A-0CD9-480D-B352-D90ED91680AD}C:\users\tibor\appdata\local\bisq\bisq.exe] => (Allow) C:\users\tibor\appdata\local\bisq\bisq.exe => No File
FirewallRules: [TCP Query User{8B8FD2AE-6E8A-43D8-913F-6B9813CD8AC4}C:\users\tibor\appdata\local\programs\opera\74.0.3911.203\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\74.0.3911.203\opera.exe => No File
FirewallRules: [UDP Query User{CE52ACCE-75C0-43C5-95C4-31EB525D7E29}C:\users\tibor\appdata\local\programs\opera\74.0.3911.203\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\74.0.3911.203\opera.exe => No File
FirewallRules: [TCP Query User{7257FB22-E1C8-4F6E-960D-21147FE5AAFB}C:\users\tibor\appdata\local\programs\opera\74.0.3911.218\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\74.0.3911.218\opera.exe => No File
FirewallRules: [UDP Query User{E03198C1-5E5E-45A6-995A-6A2E30D45E13}C:\users\tibor\appdata\local\programs\opera\74.0.3911.218\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\74.0.3911.218\opera.exe => No File
FirewallRules: [TCP Query User{4A00FF4C-3E70-48E3-9D8A-21D60697EF7B}C:\users\tibor\appdata\local\programs\opera\75.0.3969.171\opera.exe] => (Block) C:\users\tibor\appdata\local\programs\opera\75.0.3969.171\opera.exe => No File
FirewallRules: [UDP Query User{0851C6C0-960F-418F-A96E-DA40182EA01F}C:\users\tibor\appdata\local\programs\opera\75.0.3969.171\opera.exe] => (Block) C:\users\tibor\appdata\local\programs\opera\75.0.3969.171\opera.exe => No File
FirewallRules: [TCP Query User{859154BE-0E20-4D5D-B665-D459F21FB1FE}C:\users\tibor\appdata\local\programs\opera\75.0.3969.218\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\75.0.3969.218\opera.exe => No File
FirewallRules: [UDP Query User{0DE457A4-F175-40C1-B9FE-D806BBFAFD27}C:\users\tibor\appdata\local\programs\opera\75.0.3969.218\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\75.0.3969.218\opera.exe => No File
FirewallRules: [TCP Query User{60224FC7-E07E-44CC-A5F6-7F41B7CAEBA1}C:\users\tibor\appdata\local\programs\opera\75.0.3969.243\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\75.0.3969.243\opera.exe => No File
FirewallRules: [UDP Query User{EF7A0D2D-F492-4B6D-9D18-3EDB485F6E02}C:\users\tibor\appdata\local\programs\opera\75.0.3969.243\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\75.0.3969.243\opera.exe => No File
FirewallRules: [TCP Query User{9D627A3B-FE39-4EF4-BE1A-CF8E4A4F294A}C:\users\tibor\appdata\local\programs\opera\76.0.4017.154\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\76.0.4017.154\opera.exe => No File
FirewallRules: [UDP Query User{2F317100-8B46-44CE-9CF7-DA6430089297}C:\users\tibor\appdata\local\programs\opera\76.0.4017.154\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\76.0.4017.154\opera.exe => No File
FirewallRules: [TCP Query User{56E3B14A-F5CD-41F3-989C-91832DCCE933}C:\users\tibor\appdata\local\programs\opera\76.0.4017.177\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\76.0.4017.177\opera.exe => No File
FirewallRules: [UDP Query User{08EB3EA2-6C64-4D1D-B2E1-445D6585230A}C:\users\tibor\appdata\local\programs\opera\76.0.4017.177\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\76.0.4017.177\opera.exe => No File
FirewallRules: [TCP Query User{A8404056-562A-41DC-A391-F394E0C6CB3C}C:\users\tibor\appdata\local\programs\opera\77.0.4054.90\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\77.0.4054.90\opera.exe => No File
FirewallRules: [UDP Query User{32B8F76D-1BBA-4DF3-A9B8-D5B18551FBB1}C:\users\tibor\appdata\local\programs\opera\77.0.4054.90\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\77.0.4054.90\opera.exe => No File
FirewallRules: [TCP Query User{92A4E330-C6AA-4030-BD12-0A7F7EE21200}C:\users\tibor\appdata\local\programs\opera\77.0.4054.203\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\77.0.4054.203\opera.exe => No File
FirewallRules: [UDP Query User{895E8C7C-7808-4839-A4E6-CC48C01DB5E1}C:\users\tibor\appdata\local\programs\opera\77.0.4054.203\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\77.0.4054.203\opera.exe => No File
FirewallRules: [TCP Query User{FCC0912F-D548-4EC1-A47D-78EEE8BF1AC7}C:\users\tibor\appdata\local\programs\opera\77.0.4054.203\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\77.0.4054.203\opera.exe => No File
FirewallRules: [UDP Query User{5AB6E1E4-C01F-47D0-A077-9511514916ED}C:\users\tibor\appdata\local\programs\opera\77.0.4054.203\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\77.0.4054.203\opera.exe => No File
FirewallRules: [TCP Query User{82C6A0CD-32CF-45EB-B6CC-E2707933F60B}C:\users\tibor\appdata\local\programs\opera\77.0.4054.277\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\77.0.4054.277\opera.exe => No File
FirewallRules: [UDP Query User{987673C4-2174-4B8A-8B8B-06EE7BABCF1A}C:\users\tibor\appdata\local\programs\opera\77.0.4054.277\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\77.0.4054.277\opera.exe => No File
FirewallRules: [TCP Query User{BFFF3FA0-D7C5-4F0F-B96F-946908CD2365}C:\users\tibor\appdata\local\programs\opera\77.0.4054.277\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\77.0.4054.277\opera.exe => No File
FirewallRules: [UDP Query User{3BEDF369-976E-4442-8F38-2413CECBD487}C:\users\tibor\appdata\local\programs\opera\77.0.4054.277\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\77.0.4054.277\opera.exe => No File
FirewallRules: [{1B372B3F-60EF-4436-AFB6-00FB136E1E3E}] => (Allow) C:\Users\Tibor\AppData\Roaming\uTorrent Web\utweb.exe => No File
FirewallRules: [{A9B13CB4-FC84-4A5C-B169-8F15164DD1D7}] => (Allow) C:\Users\Tibor\AppData\Roaming\uTorrent Web\utweb.exe => No File
FirewallRules: [TCP Query User{EEB47CE6-ADB2-4585-BB1D-746E06AE5255}C:\users\tibor\appdata\local\programs\opera\78.0.4093.147\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\78.0.4093.147\opera.exe => No File
FirewallRules: [UDP Query User{15CE35C5-77D6-4C47-B158-5C57C4A14416}C:\users\tibor\appdata\local\programs\opera\78.0.4093.147\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\78.0.4093.147\opera.exe => No File
FirewallRules: [TCP Query User{11C389CE-5851-4833-B9EE-6A19DE6712FC}C:\users\tibor\appdata\local\programs\opera\78.0.4093.147\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\78.0.4093.147\opera.exe => No File
FirewallRules: [UDP Query User{8A492BC5-57B8-4F93-9148-C094D2F9E1EB}C:\users\tibor\appdata\local\programs\opera\78.0.4093.147\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\78.0.4093.147\opera.exe => No File
FirewallRules: [TCP Query User{381030C5-162D-4EC3-8352-AE37F38319FD}C:\users\tibor\appdata\local\programs\opera\78.0.4093.184\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\78.0.4093.184\opera.exe => No File
FirewallRules: [UDP Query User{DF275825-C840-4196-9D17-C20A016416A7}C:\users\tibor\appdata\local\programs\opera\78.0.4093.184\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\78.0.4093.184\opera.exe => No File
FirewallRules: [TCP Query User{F8FACD62-E8AA-43B8-AF73-D645BA920DAC}C:\users\tibor\appdata\local\programs\opera\78.0.4093.184\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\78.0.4093.184\opera.exe => No File
FirewallRules: [UDP Query User{0A16DD11-1B71-418E-AF2D-4AD2C7E6A368}C:\users\tibor\appdata\local\programs\opera\78.0.4093.184\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\78.0.4093.184\opera.exe => No File
HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\Run: [utweb] => "C:\Users\Tibor\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED (No File)
HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\Run: [ut] => "C:\Users\Tibor\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED (No File)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {C61E8B24-30DF-43FE-A848-2841AD26F90A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-10-08] (Google LLC -> Google LLC)
Task: {639C6B9E-1E7A-4BE9-92F9-ED7157D9C0F4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-10-08] (Google LLC -> Google LLC)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
FF NewTab: Mozilla\Firefox\Profiles\umm8z632.default -> hxxps://securesearch.org/homepage?hp=2&pId=BT170603&iDate=2020-10-10 06:06:17&bName=
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
T-Bag
Návštěvník
Návštěvník
Příspěvky: 33
Registrován: 14 pro 2014 09:54

Re: Preventívka T-Bag

#9 Příspěvek od T-Bag »

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-12-2021
Ran by Tibor (06-01-2022 22:31:26) Run:2
Running from C:\Users\Tibor\Desktop
Loaded Profiles: Tibor
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
FirewallRules: [TCP Query User{4514E595-D995-4ADC-9B27-4BC0E1EC392D}C:\users\tibor\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tibor\appdata\roaming\spotify\spotify.exe => No File
FirewallRules: [UDP Query User{56AF6791-032A-41CE-8005-848FCE3D2AAF}C:\users\tibor\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tibor\appdata\roaming\spotify\spotify.exe => No File
FirewallRules: [{83CC309D-80BC-4D38-9EE8-E3FF3CD8B19C}] => (Allow) C:\Users\Tibor\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{3D615B81-5A2E-476E-8D52-5C83E9F92BA2}] => (Allow) C:\Users\Tibor\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [TCP Query User{11C1E296-10F3-47D9-B5A2-322A41684285}C:\users\tibor\appdata\local\programs\opera\71.0.3770.271\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\71.0.3770.271\opera.exe => No File
FirewallRules: [UDP Query User{86F37B8D-1EF8-4A42-A9CA-643D1249B97E}C:\users\tibor\appdata\local\programs\opera\71.0.3770.271\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\71.0.3770.271\opera.exe => No File
FirewallRules: [TCP Query User{7F066300-1C7F-42D9-9A9C-EC1C61AE2C05}C:\program files (x86)\heroes of the storm\versions\base82169\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base82169\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{9004CE0D-E594-480E-ABFF-47151985196F}C:\program files (x86)\heroes of the storm\versions\base82169\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base82169\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{4D9B21A7-1930-45B8-BE3C-FBEC70B247F5}C:\users\tibor\appdata\local\programs\opera\71.0.3770.284\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\71.0.3770.284\opera.exe => No File
FirewallRules: [UDP Query User{3ABB7685-3F53-41E6-9D4C-B2777A8538DA}C:\users\tibor\appdata\local\programs\opera\71.0.3770.284\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\71.0.3770.284\opera.exe => No File
FirewallRules: [{8A3EF0EB-F258-43B4-AFB7-D23851E1B3C0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{BAF879E4-1578-46C4-85D3-4C7AB8209160}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{3AAE6F48-B024-4461-AF21-6B372F84E4DF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{603BD7EC-9D9D-441D-B4B0-2CB1146A1310}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{7D590BFA-7FE9-408B-AE4F-DBB79CCFA016}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe => No File
FirewallRules: [{6ECDA67D-C114-4382-B72E-B6548EEE6F5F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe => No File
FirewallRules: [{BC1476A9-595F-449C-9BFF-A81F2749C737}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{40073C69-A303-4786-BA7F-07147345508B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [TCP Query User{122116D3-C3F6-4FFD-9B33-5F0E5BBA680C}C:\users\tibor\appdata\local\programs\opera\72.0.3815.186\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\72.0.3815.186\opera.exe => No File
FirewallRules: [UDP Query User{DA347C06-DD82-4893-AE94-7A4668BB45E2}C:\users\tibor\appdata\local\programs\opera\72.0.3815.186\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\72.0.3815.186\opera.exe => No File
FirewallRules: [TCP Query User{C3F1F020-0828-4A85-A208-BC33C34E6A8D}C:\users\tibor\appdata\local\programs\opera\72.0.3815.320\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\72.0.3815.320\opera.exe => No File
FirewallRules: [UDP Query User{723A9B87-3011-426B-811C-46E8152F8859}C:\users\tibor\appdata\local\programs\opera\72.0.3815.320\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\72.0.3815.320\opera.exe => No File
FirewallRules: [TCP Query User{30F1AF5E-0CEE-4E10-858E-6276F0BBD4E1}C:\users\tibor\appdata\local\programs\opera\72.0.3815.400\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\72.0.3815.400\opera.exe => No File
FirewallRules: [UDP Query User{406F9982-70F7-41D6-BBEE-5B2E45CE4F3A}C:\users\tibor\appdata\local\programs\opera\72.0.3815.400\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\72.0.3815.400\opera.exe => No File
FirewallRules: [TCP Query User{04BAE72E-3F48-4F9E-A681-BE89EA56ED07}C:\users\tibor\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tibor\appdata\roaming\spotify\spotify.exe => No File
FirewallRules: [UDP Query User{9ACFACCF-D812-407B-B7DD-BA7257ADE726}C:\users\tibor\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tibor\appdata\roaming\spotify\spotify.exe => No File
FirewallRules: [TCP Query User{8F14CFE9-E5F0-48F7-A4D1-854C0CC97B87}C:\users\tibor\appdata\local\programs\opera\73.0.3856.284\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\73.0.3856.284\opera.exe => No File
FirewallRules: [UDP Query User{8E43D987-0747-4BEF-A246-C743DE94AD3E}C:\users\tibor\appdata\local\programs\opera\73.0.3856.284\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\73.0.3856.284\opera.exe => No File
FirewallRules: [TCP Query User{87D2337B-28C5-414F-9B7B-E70CFF5F1DB9}C:\users\tibor\appdata\local\bisq\bisq.exe] => (Allow) C:\users\tibor\appdata\local\bisq\bisq.exe => No File
FirewallRules: [UDP Query User{1545FC6A-0CD9-480D-B352-D90ED91680AD}C:\users\tibor\appdata\local\bisq\bisq.exe] => (Allow) C:\users\tibor\appdata\local\bisq\bisq.exe => No File
FirewallRules: [TCP Query User{8B8FD2AE-6E8A-43D8-913F-6B9813CD8AC4}C:\users\tibor\appdata\local\programs\opera\74.0.3911.203\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\74.0.3911.203\opera.exe => No File
FirewallRules: [UDP Query User{CE52ACCE-75C0-43C5-95C4-31EB525D7E29}C:\users\tibor\appdata\local\programs\opera\74.0.3911.203\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\74.0.3911.203\opera.exe => No File
FirewallRules: [TCP Query User{7257FB22-E1C8-4F6E-960D-21147FE5AAFB}C:\users\tibor\appdata\local\programs\opera\74.0.3911.218\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\74.0.3911.218\opera.exe => No File
FirewallRules: [UDP Query User{E03198C1-5E5E-45A6-995A-6A2E30D45E13}C:\users\tibor\appdata\local\programs\opera\74.0.3911.218\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\74.0.3911.218\opera.exe => No File
FirewallRules: [TCP Query User{4A00FF4C-3E70-48E3-9D8A-21D60697EF7B}C:\users\tibor\appdata\local\programs\opera\75.0.3969.171\opera.exe] => (Block) C:\users\tibor\appdata\local\programs\opera\75.0.3969.171\opera.exe => No File
FirewallRules: [UDP Query User{0851C6C0-960F-418F-A96E-DA40182EA01F}C:\users\tibor\appdata\local\programs\opera\75.0.3969.171\opera.exe] => (Block) C:\users\tibor\appdata\local\programs\opera\75.0.3969.171\opera.exe => No File
FirewallRules: [TCP Query User{859154BE-0E20-4D5D-B665-D459F21FB1FE}C:\users\tibor\appdata\local\programs\opera\75.0.3969.218\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\75.0.3969.218\opera.exe => No File
FirewallRules: [UDP Query User{0DE457A4-F175-40C1-B9FE-D806BBFAFD27}C:\users\tibor\appdata\local\programs\opera\75.0.3969.218\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\75.0.3969.218\opera.exe => No File
FirewallRules: [TCP Query User{60224FC7-E07E-44CC-A5F6-7F41B7CAEBA1}C:\users\tibor\appdata\local\programs\opera\75.0.3969.243\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\75.0.3969.243\opera.exe => No File
FirewallRules: [UDP Query User{EF7A0D2D-F492-4B6D-9D18-3EDB485F6E02}C:\users\tibor\appdata\local\programs\opera\75.0.3969.243\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\75.0.3969.243\opera.exe => No File
FirewallRules: [TCP Query User{9D627A3B-FE39-4EF4-BE1A-CF8E4A4F294A}C:\users\tibor\appdata\local\programs\opera\76.0.4017.154\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\76.0.4017.154\opera.exe => No File
FirewallRules: [UDP Query User{2F317100-8B46-44CE-9CF7-DA6430089297}C:\users\tibor\appdata\local\programs\opera\76.0.4017.154\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\76.0.4017.154\opera.exe => No File
FirewallRules: [TCP Query User{56E3B14A-F5CD-41F3-989C-91832DCCE933}C:\users\tibor\appdata\local\programs\opera\76.0.4017.177\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\76.0.4017.177\opera.exe => No File
FirewallRules: [UDP Query User{08EB3EA2-6C64-4D1D-B2E1-445D6585230A}C:\users\tibor\appdata\local\programs\opera\76.0.4017.177\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\76.0.4017.177\opera.exe => No File
FirewallRules: [TCP Query User{A8404056-562A-41DC-A391-F394E0C6CB3C}C:\users\tibor\appdata\local\programs\opera\77.0.4054.90\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\77.0.4054.90\opera.exe => No File
FirewallRules: [UDP Query User{32B8F76D-1BBA-4DF3-A9B8-D5B18551FBB1}C:\users\tibor\appdata\local\programs\opera\77.0.4054.90\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\77.0.4054.90\opera.exe => No File
FirewallRules: [TCP Query User{92A4E330-C6AA-4030-BD12-0A7F7EE21200}C:\users\tibor\appdata\local\programs\opera\77.0.4054.203\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\77.0.4054.203\opera.exe => No File
FirewallRules: [UDP Query User{895E8C7C-7808-4839-A4E6-CC48C01DB5E1}C:\users\tibor\appdata\local\programs\opera\77.0.4054.203\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\77.0.4054.203\opera.exe => No File
FirewallRules: [TCP Query User{FCC0912F-D548-4EC1-A47D-78EEE8BF1AC7}C:\users\tibor\appdata\local\programs\opera\77.0.4054.203\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\77.0.4054.203\opera.exe => No File
FirewallRules: [UDP Query User{5AB6E1E4-C01F-47D0-A077-9511514916ED}C:\users\tibor\appdata\local\programs\opera\77.0.4054.203\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\77.0.4054.203\opera.exe => No File
FirewallRules: [TCP Query User{82C6A0CD-32CF-45EB-B6CC-E2707933F60B}C:\users\tibor\appdata\local\programs\opera\77.0.4054.277\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\77.0.4054.277\opera.exe => No File
FirewallRules: [UDP Query User{987673C4-2174-4B8A-8B8B-06EE7BABCF1A}C:\users\tibor\appdata\local\programs\opera\77.0.4054.277\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\77.0.4054.277\opera.exe => No File
FirewallRules: [TCP Query User{BFFF3FA0-D7C5-4F0F-B96F-946908CD2365}C:\users\tibor\appdata\local\programs\opera\77.0.4054.277\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\77.0.4054.277\opera.exe => No File
FirewallRules: [UDP Query User{3BEDF369-976E-4442-8F38-2413CECBD487}C:\users\tibor\appdata\local\programs\opera\77.0.4054.277\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\77.0.4054.277\opera.exe => No File
FirewallRules: [{1B372B3F-60EF-4436-AFB6-00FB136E1E3E}] => (Allow) C:\Users\Tibor\AppData\Roaming\uTorrent Web\utweb.exe => No File
FirewallRules: [{A9B13CB4-FC84-4A5C-B169-8F15164DD1D7}] => (Allow) C:\Users\Tibor\AppData\Roaming\uTorrent Web\utweb.exe => No File
FirewallRules: [TCP Query User{EEB47CE6-ADB2-4585-BB1D-746E06AE5255}C:\users\tibor\appdata\local\programs\opera\78.0.4093.147\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\78.0.4093.147\opera.exe => No File
FirewallRules: [UDP Query User{15CE35C5-77D6-4C47-B158-5C57C4A14416}C:\users\tibor\appdata\local\programs\opera\78.0.4093.147\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\78.0.4093.147\opera.exe => No File
FirewallRules: [TCP Query User{11C389CE-5851-4833-B9EE-6A19DE6712FC}C:\users\tibor\appdata\local\programs\opera\78.0.4093.147\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\78.0.4093.147\opera.exe => No File
FirewallRules: [UDP Query User{8A492BC5-57B8-4F93-9148-C094D2F9E1EB}C:\users\tibor\appdata\local\programs\opera\78.0.4093.147\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\78.0.4093.147\opera.exe => No File
FirewallRules: [TCP Query User{381030C5-162D-4EC3-8352-AE37F38319FD}C:\users\tibor\appdata\local\programs\opera\78.0.4093.184\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\78.0.4093.184\opera.exe => No File
FirewallRules: [UDP Query User{DF275825-C840-4196-9D17-C20A016416A7}C:\users\tibor\appdata\local\programs\opera\78.0.4093.184\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\78.0.4093.184\opera.exe => No File
FirewallRules: [TCP Query User{F8FACD62-E8AA-43B8-AF73-D645BA920DAC}C:\users\tibor\appdata\local\programs\opera\78.0.4093.184\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\78.0.4093.184\opera.exe => No File
FirewallRules: [UDP Query User{0A16DD11-1B71-418E-AF2D-4AD2C7E6A368}C:\users\tibor\appdata\local\programs\opera\78.0.4093.184\opera.exe] => (Allow) C:\users\tibor\appdata\local\programs\opera\78.0.4093.184\opera.exe => No File
HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\Run: [utweb] => "C:\Users\Tibor\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED (No File)
HKU\S-1-5-21-2813316739-561623387-2885406294-1001\...\Run: [ut] => "C:\Users\Tibor\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED (No File)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {C61E8B24-30DF-43FE-A848-2841AD26F90A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-10-08] (Google LLC -> Google LLC)
Task: {639C6B9E-1E7A-4BE9-92F9-ED7157D9C0F4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-10-08] (Google LLC -> Google LLC)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
FF NewTab: Mozilla\Firefox\Profiles\umm8z632.default -> hxxps://securesearch.org/homepage?hp=2&pId=BT170603&iDate=2020-10-10 06:06:17&bName=
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{4514E595-D995-4ADC-9B27-4BC0E1EC392D}C:\users\tibor\appdata\roaming\spotify\spotify.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{56AF6791-032A-41CE-8005-848FCE3D2AAF}C:\users\tibor\appdata\roaming\spotify\spotify.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{83CC309D-80BC-4D38-9EE8-E3FF3CD8B19C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3D615B81-5A2E-476E-8D52-5C83E9F92BA2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{11C1E296-10F3-47D9-B5A2-322A41684285}C:\users\tibor\appdata\local\programs\opera\71.0.3770.271\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{86F37B8D-1EF8-4A42-A9CA-643D1249B97E}C:\users\tibor\appdata\local\programs\opera\71.0.3770.271\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7F066300-1C7F-42D9-9A9C-EC1C61AE2C05}C:\program files (x86)\heroes of the storm\versions\base82169\heroesofthestorm_x64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{9004CE0D-E594-480E-ABFF-47151985196F}C:\program files (x86)\heroes of the storm\versions\base82169\heroesofthestorm_x64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{4D9B21A7-1930-45B8-BE3C-FBEC70B247F5}C:\users\tibor\appdata\local\programs\opera\71.0.3770.284\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{3ABB7685-3F53-41E6-9D4C-B2777A8538DA}C:\users\tibor\appdata\local\programs\opera\71.0.3770.284\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8A3EF0EB-F258-43B4-AFB7-D23851E1B3C0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BAF879E4-1578-46C4-85D3-4C7AB8209160}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3AAE6F48-B024-4461-AF21-6B372F84E4DF}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{603BD7EC-9D9D-441D-B4B0-2CB1146A1310}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7D590BFA-7FE9-408B-AE4F-DBB79CCFA016}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6ECDA67D-C114-4382-B72E-B6548EEE6F5F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BC1476A9-595F-449C-9BFF-A81F2749C737}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{40073C69-A303-4786-BA7F-07147345508B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{122116D3-C3F6-4FFD-9B33-5F0E5BBA680C}C:\users\tibor\appdata\local\programs\opera\72.0.3815.186\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{DA347C06-DD82-4893-AE94-7A4668BB45E2}C:\users\tibor\appdata\local\programs\opera\72.0.3815.186\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C3F1F020-0828-4A85-A208-BC33C34E6A8D}C:\users\tibor\appdata\local\programs\opera\72.0.3815.320\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{723A9B87-3011-426B-811C-46E8152F8859}C:\users\tibor\appdata\local\programs\opera\72.0.3815.320\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{30F1AF5E-0CEE-4E10-858E-6276F0BBD4E1}C:\users\tibor\appdata\local\programs\opera\72.0.3815.400\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{406F9982-70F7-41D6-BBEE-5B2E45CE4F3A}C:\users\tibor\appdata\local\programs\opera\72.0.3815.400\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{04BAE72E-3F48-4F9E-A681-BE89EA56ED07}C:\users\tibor\appdata\roaming\spotify\spotify.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{9ACFACCF-D812-407B-B7DD-BA7257ADE726}C:\users\tibor\appdata\roaming\spotify\spotify.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{8F14CFE9-E5F0-48F7-A4D1-854C0CC97B87}C:\users\tibor\appdata\local\programs\opera\73.0.3856.284\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8E43D987-0747-4BEF-A246-C743DE94AD3E}C:\users\tibor\appdata\local\programs\opera\73.0.3856.284\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{87D2337B-28C5-414F-9B7B-E70CFF5F1DB9}C:\users\tibor\appdata\local\bisq\bisq.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{1545FC6A-0CD9-480D-B352-D90ED91680AD}C:\users\tibor\appdata\local\bisq\bisq.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{8B8FD2AE-6E8A-43D8-913F-6B9813CD8AC4}C:\users\tibor\appdata\local\programs\opera\74.0.3911.203\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{CE52ACCE-75C0-43C5-95C4-31EB525D7E29}C:\users\tibor\appdata\local\programs\opera\74.0.3911.203\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7257FB22-E1C8-4F6E-960D-21147FE5AAFB}C:\users\tibor\appdata\local\programs\opera\74.0.3911.218\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{E03198C1-5E5E-45A6-995A-6A2E30D45E13}C:\users\tibor\appdata\local\programs\opera\74.0.3911.218\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{4A00FF4C-3E70-48E3-9D8A-21D60697EF7B}C:\users\tibor\appdata\local\programs\opera\75.0.3969.171\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{0851C6C0-960F-418F-A96E-DA40182EA01F}C:\users\tibor\appdata\local\programs\opera\75.0.3969.171\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{859154BE-0E20-4D5D-B665-D459F21FB1FE}C:\users\tibor\appdata\local\programs\opera\75.0.3969.218\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{0DE457A4-F175-40C1-B9FE-D806BBFAFD27}C:\users\tibor\appdata\local\programs\opera\75.0.3969.218\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{60224FC7-E07E-44CC-A5F6-7F41B7CAEBA1}C:\users\tibor\appdata\local\programs\opera\75.0.3969.243\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{EF7A0D2D-F492-4B6D-9D18-3EDB485F6E02}C:\users\tibor\appdata\local\programs\opera\75.0.3969.243\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{9D627A3B-FE39-4EF4-BE1A-CF8E4A4F294A}C:\users\tibor\appdata\local\programs\opera\76.0.4017.154\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{2F317100-8B46-44CE-9CF7-DA6430089297}C:\users\tibor\appdata\local\programs\opera\76.0.4017.154\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{56E3B14A-F5CD-41F3-989C-91832DCCE933}C:\users\tibor\appdata\local\programs\opera\76.0.4017.177\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{08EB3EA2-6C64-4D1D-B2E1-445D6585230A}C:\users\tibor\appdata\local\programs\opera\76.0.4017.177\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{A8404056-562A-41DC-A391-F394E0C6CB3C}C:\users\tibor\appdata\local\programs\opera\77.0.4054.90\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{32B8F76D-1BBA-4DF3-A9B8-D5B18551FBB1}C:\users\tibor\appdata\local\programs\opera\77.0.4054.90\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{92A4E330-C6AA-4030-BD12-0A7F7EE21200}C:\users\tibor\appdata\local\programs\opera\77.0.4054.203\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{895E8C7C-7808-4839-A4E6-CC48C01DB5E1}C:\users\tibor\appdata\local\programs\opera\77.0.4054.203\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{FCC0912F-D548-4EC1-A47D-78EEE8BF1AC7}C:\users\tibor\appdata\local\programs\opera\77.0.4054.203\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{5AB6E1E4-C01F-47D0-A077-9511514916ED}C:\users\tibor\appdata\local\programs\opera\77.0.4054.203\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{82C6A0CD-32CF-45EB-B6CC-E2707933F60B}C:\users\tibor\appdata\local\programs\opera\77.0.4054.277\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{987673C4-2174-4B8A-8B8B-06EE7BABCF1A}C:\users\tibor\appdata\local\programs\opera\77.0.4054.277\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{BFFF3FA0-D7C5-4F0F-B96F-946908CD2365}C:\users\tibor\appdata\local\programs\opera\77.0.4054.277\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{3BEDF369-976E-4442-8F38-2413CECBD487}C:\users\tibor\appdata\local\programs\opera\77.0.4054.277\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1B372B3F-60EF-4436-AFB6-00FB136E1E3E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A9B13CB4-FC84-4A5C-B169-8F15164DD1D7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{EEB47CE6-ADB2-4585-BB1D-746E06AE5255}C:\users\tibor\appdata\local\programs\opera\78.0.4093.147\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{15CE35C5-77D6-4C47-B158-5C57C4A14416}C:\users\tibor\appdata\local\programs\opera\78.0.4093.147\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{11C389CE-5851-4833-B9EE-6A19DE6712FC}C:\users\tibor\appdata\local\programs\opera\78.0.4093.147\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8A492BC5-57B8-4F93-9148-C094D2F9E1EB}C:\users\tibor\appdata\local\programs\opera\78.0.4093.147\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{381030C5-162D-4EC3-8352-AE37F38319FD}C:\users\tibor\appdata\local\programs\opera\78.0.4093.184\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{DF275825-C840-4196-9D17-C20A016416A7}C:\users\tibor\appdata\local\programs\opera\78.0.4093.184\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F8FACD62-E8AA-43B8-AF73-D645BA920DAC}C:\users\tibor\appdata\local\programs\opera\78.0.4093.184\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{0A16DD11-1B71-418E-AF2D-4AD2C7E6A368}C:\users\tibor\appdata\local\programs\opera\78.0.4093.184\opera.exe" => removed successfully
"HKU\S-1-5-21-2813316739-561623387-2885406294-1001\Software\Microsoft\Windows\CurrentVersion\Run\\utweb" => removed successfully
"HKU\S-1-5-21-2813316739-561623387-2885406294-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ut" => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C61E8B24-30DF-43FE-A848-2841AD26F90A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C61E8B24-30DF-43FE-A848-2841AD26F90A}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{639C6B9E-1E7A-4BE9-92F9-ED7157D9C0F4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{639C6B9E-1E7A-4BE9-92F9-ED7157D9C0F4}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
"Firefox newtab" => removed successfully
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore" => not found
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 102250805 B
Java, Flash, Steam htmlcache => 76097477 B
Windows/system/drivers => 706 B
Edge => 87565 B
Chrome => 760797252 B
Firefox => 1141414354 B
Opera => 373783734 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 321728 B
NetworkService => 321728 B
Tibor => 32686264 B

RecycleBin => 2332895 B
EmptyTemp: => 2.3 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 22:35:45 ====
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118275
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Preventívka T-Bag

#10 Příspěvek od Rudy »

Smazáno, log by již měl být OK.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
T-Bag
Návštěvník
Návštěvník
Příspěvky: 33
Registrován: 14 pro 2014 09:54

Re: Preventívka T-Bag

#11 Příspěvek od T-Bag »

Dakujem, niečo malo poslané na :all_coholic:
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118275
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Preventívka T-Bag

#12 Příspěvek od Rudy »

Za příspěvek děkujeme a vy nemáte zač! :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Zamčeno

Zpět na „Preventivní kontroly logů“