VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Eset hlásí adware v Opeře - není schopen jej zlikvidovat

https://forum.viry.cz:443/viewtopic.php?t=157959

Stránka 1 z 2

Eset hlásí adware v Opeře - není schopen jej zlikvidovat

Napsal: 16 bře 2021 16:59
od Serifus
Hlášky Esetu:

Čas;Skener;Typ objektu;Objekt;Detekce;Akce;Uživatel;Informace;Hash;První výskyt
16.03.2021 12:37:07;HTTP filtr;soubor;https://lapypushistyye.com/?r=dir&zonei ... e.Agent.AA aplikace;přerušeno spojení;AH\j.gb;Tato událost nastala při pokusu o přístup na web aplikací: C:\Users\j.gb\AppData\Local\Programs\Opera\74.0.3911.218\opera.exe (1F03BA3ACC3BCD1209B8E3A662C43418DCE0C966).;46228597FDCFC5152DE2BDF64DD988637002C96A;

Čas;Skener;Typ objektu;Objekt;Detekce;Akce;Uživatel;Informace;Hash;První výskyt
16.03.2021 12:26:24;HTTP filtr;soubor;https://ribunews.com/d/2103160625030825 ... e.Agent.AA aplikace;přerušeno spojení;AH\j.gb;Tato událost nastala při pokusu o přístup na web aplikací: C:\Users\j.gb\AppData\Local\Programs\Opera\74.0.3911.218\opera.exe (1F03BA3ACC3BCD1209B8E3A662C43418DCE0C966).;7642C82A55CDC571E760ECA57FCCC55671436001;



Prosím o kontrolu:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-03-2021
Ran by j.gb (administrator) on 2B2MP73 (Dell Inc. Latitude 5410) (16-03-2021 16:06:18)
Running from C:\Users\j.gb\Desktop
Loaded Profiles: j.gb
Platform: Windows 10 Pro Version 20H2 19042.804 (X64) Language: Čeština (Česko)
Default browser: Opera
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

("STMicroelectronics Srl" -> ) C:\Windows\System32\drivers\DellFFDPWmiService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Systems, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\anipart client\application.exe
(Adobe Systems, Incorporated -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Autodesk, Inc. -> Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(Autodesk, Inc. -> Autodesk Inc.) C:\Windows\Temp\AdAppMgrUpdater.exe
(Autodesk, Inc. -> Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\AcWebBrowser.exe <3>
(Autodesk, Inc. -> Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe
(Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(CANON INC. -> CANON INC.) C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE
(Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\egui.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_f75fa513cf0ccec1\esif_uf.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_0b214be229a13e84\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_c0fd909ca6e7d672\LMS.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b8e01d9e8716d2a7\igfxCUIService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b8e01d9e8716d2a7\igfxEM.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_54b736e5be5b50b2\OneApp.IGCC.WinService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_3f9eae06dd582000\IntelCpHDCPSvc.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_3f9eae06dd582000\IntelCpHeciSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_42f9d9bfb72d84cf\RstMwService.exe
(Kvaser AB -> KVASER AB, Mölndal, SWEDEN) C:\Program Files\Kvaser\Drivers\32\KvEnumSrv.exe <2>
(Magic Control Technology Corp. -> ) C:\Windows\System32\mlpatch.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Users\j.gb\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\j.gb\AppData\Local\Microsoft\Teams\current\Teams.exe <9>
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.8.8.0_x64__8wekyb3d8bbwe\Microsoft.Notes.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2101.10.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20688.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20688.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Microsoft Update Health Tools\uhssvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Opera Software AS -> Opera Software) C:\Users\j.gb\AppData\Local\Programs\Opera\74.0.3911.218\opera.exe <67>
(Opera Software AS -> Opera Software) C:\Users\j.gb\AppData\Local\Programs\Opera\74.0.3911.218\opera_crashreporter.exe
(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7240.285\DSAPI.exe
(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7240.285\SystemIdleCheck.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_bc81681eb27bc1ae\RtkAudUService64.exe <3>
(Smart Sound Technology -> Intel) C:\Windows\System32\cAVS\IAS\IntelAudioService.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo9de.inf_amd64_177ab60f8bad72cc\WavesSvc64.exe
(Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo9de.inf_amd64_177ab60f8bad72cc\WavesSysSvc64.exe
(WhatsApp, Inc -> WhatsApp) C:\Users\j.gb\AppData\Local\WhatsApp\app-2.2108.8\WhatsApp.exe <6>
(WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
(WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG) C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
(WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG) C:\Program Files\CodeMeter\Runtime\bin\CmWebAdmin.exe
(win.rar GmbH -> Alexander Roshal) C:\Program Files\WinRAR\WinRAR.exe
(Winamp SA -> Winamp SA) C:\Program Files (x86)\Winamp\winamp.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_bc81681eb27bc1ae\RtkAudUService64.exe [1223224 2021-01-07] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Windows\System32\DriverStore\FileRepository\wavesapo9de.inf_amd64_177ab60f8bad72cc\WavesSvc64.exe [1776744 2020-12-24] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [175504 2020-11-11] (ESET, spol. s r.o. -> ESET)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [MFNetworkScanUtility] => C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE [508312 2009-12-15] (CANON INC. -> CANON INC.)
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [101284632 2020-09-16] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1313408 2017-07-05] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [664872 2020-03-04] (Autodesk, Inc. -> Autodesk, Inc.)
HKLM\...\RunOnce: [msedge_cleanup_{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}] => C:\Program Files (x86)\Microsoft\Edge\Application\89.0.774.54\Installer\setup.exe [3841424 2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-229502678-4061752961-2197657978-1117\...\Run: [Opera Browser Assistant] => C:\Users\j.gb\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3366424 2020-12-16] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-229502678-4061752961-2197657978-1117\...\Run: [com.squirrel.Teams.Teams] => C:\Users\j.gb\AppData\Local\Microsoft\Teams\Update.exe [2453720 2021-02-26] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-229502678-4061752961-2197657978-1117\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [2007576 2017-02-03] (Autodesk, Inc -> Autodesk, Inc.)
HKU\S-1-5-21-229502678-4061752961-2197657978-1117\...\Policies\Explorer: []
HKU\S-1-5-21-229502678-4061752961-2197657978-1117\...\MountPoints2: {17a33837-4907-11eb-9545-dc41a949503d} - "D:\WHLoader.exe"
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [2007576 2017-02-03] (Autodesk, Inc -> Autodesk, Inc.)
HKLM\...\Windows x64\Print Processors\Canon MG7100 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDBR.DLL [30208 2013-03-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [55432 2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG7100 series: C:\Windows\system32\CNMLMBR.DLL [391168 2013-03-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJNP Port: C:\Windows\system32\CNMN6PPM.DLL [359936 2013-01-24] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\Canon MFNP Port: C:\Windows\system32\CNCENPM6.dll [153088 2016-02-10] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\CPCA Language Monitor3b: C:\Windows\system32\CNAS0MOK.DLL [967168 2009-04-28] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2021-01-08]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2020-12-22]
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Network Server.lnk [2020-12-22]
ShortcutTarget: Network Server.lnk -> C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0945C09A-D144-4B8A-ABED-8C31F86CB13F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1511320 2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {2BF0450A-4FF4-410C-A347-C952B1BBCAE8} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23079792 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {2C9830F1-181C-40C6-980D-8920576FB3CB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {6309142C-DBAE-47D5-9BCF-6AB6F3B24D18} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23079792 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
"C:\Windows\System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202}" was unlocked. <==== ATTENTION
Task: {81474A3A-5E30-45A7-87FE-566AA8EE5360} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202} => C:\Windows\system32\gpupdate.exe [30720 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
Task: {A9A20BF5-C5CB-4E1E-B3DE-E122A38ACE13} - System32\Tasks\Opera scheduled assistant Autoupdate 1608627186 => C:\Users\j.gb\AppData\Local\Programs\Opera\launcher.exe [1793688 2021-03-11] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\j.gb\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {B1539CA3-A5EC-4DAC-A9F1-E5B1018A985E} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141136 2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {BC5E9969-1F6A-47D6-8DAD-3CB3AFACCCF1} - System32\Tasks\Opera scheduled Autoupdate 1608627185 => C:\Users\j.gb\AppData\Local\Programs\Opera\launcher.exe [1793688 2021-03-11] (Opera Software AS -> Opera Software)
"C:\Windows\System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}" was unlocked. <==== ATTENTION
Task: {CE9F5343-2192-46F9-B667-266D339EC1FF} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA} => C:\Windows\system32\gpupdate.exe [30720 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
Task: {D1F125C3-4FD4-4025-AD11-8714470B9A46} - System32\Tasks\GE_CloudProxySettings_1.1_V03 => C:\Windows\Options\Packages\GE_CloudProxySettings_1.1_V03\SchTasks.EXE [133195 2017-07-24] () [File not signed]
Task: {F4C778B2-134C-420D-85B7-7DE8D070B83E} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141136 2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {FCA4DB86-5AF9-4FE7-82B3-FC0F81A710F5} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [1059336 2021-01-09] (Dell Inc -> Dell Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.20.11 8.8.8.8
Tcpip\..\Interfaces\{1bf34c8a-8607-42d7-b794-f40506edffaa}: [DhcpNameServer] 192.168.20.11 8.8.8.8
Tcpip\..\Interfaces\{79338ff9-755c-4fc2-897b-b0f4ecadaa5f}: [DhcpNameServer] 192.168.20.11 8.8.8.8
Tcpip\..\Interfaces\{ac8bc92f-de38-4010-b14d-caf54f08c7da}: [DhcpNameServer] 192.168.20.11 8.8.8.8
HKLM\System\...\Parameters\PersistentRoutes: [169.254.0.0,255.255.0.0,192.168.18.111,1]
HKLM\System\...\Parameters\PersistentRoutes: [169.254.0.0,255.255.0.0,192.168.20.114,1]

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\j.gb\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-24]

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2021-01-08] [Legacy] [not signed]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2019-07-02] (CANON INC.) [File not signed]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-09-12] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-03-06] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems Incorporated -> Adobe Systems)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]

Opera:
=======
OPR Profile: C:\Users\j.gb\AppData\Roaming\Opera Software\Opera Stable [2021-03-16]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=o ... utEncoding}
OPR Extension: (Translator) - C:\Users\j.gb\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnbpedcoekjafichoehopgaaldogogch [2021-01-11]
OPR Extension: (Rich Hints Agent) - C:\Users\j.gb\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-03-11]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1046904 2020-03-04] (Autodesk, Inc. -> Autodesk Inc.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2021-01-08] () [File not signed]
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8988552 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
R2 CmWebAdmin.exe; C:\Program Files\CodeMeter\Runtime\bin\CmWebAdmin.exe [12002208 2019-12-16] (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [287776 2020-10-25] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3750944 2020-10-25] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [507936 2020-10-25] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7240.285\DSAPI.exe [985584 2021-01-13] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [38592 2020-10-29] (Dell Inc -> )
R2 DellFFDPWmiService; C:\Windows\System32\drivers\DellFFDPWmiService.exe [32528 2020-02-17] ("STMicroelectronics Srl" -> )
S3 EHttpSrv; C:\Program Files\ESET\ESET Security\ehttpsrv.exe [49448 2020-11-11] (ESET, spol. s r.o. -> ESET)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2595360 2020-11-11] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2595360 2020-11-11] (ESET, spol. s r.o. -> ESET)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140936 2013-05-14] (Canon Inc. -> )
R2 KvEnumSrv; C:\Program Files\Kvaser\Drivers\32\kvenumsrv.exe [553640 2020-09-09] (Kvaser AB -> KVASER AB, Mölndal, SWEDEN)
R2 KvWiFiPairingSrv; C:\Program Files\Kvaser\Drivers\32\kvenumsrv.exe [553640 2020-09-09] (Kvaser AB -> KVASER AB, Mölndal, SWEDEN)
R2 MlPatch; C:\Windows\system32\MlPatch.exe [2244912 2014-08-22] (Magic Control Technology Corp. -> )
R2 RtkAudioUniversalService; C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_bc81681eb27bc1ae\RtkAudUService64.exe [1223224 2021-01-07] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5198064 2021-01-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [39432 2021-01-09] (Dell Inc -> Dell Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12723480 2021-02-17] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-18] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-18] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R3 DDDriver; C:\Windows\System32\drivers\dddriver64Dcsa.sys [42376 2020-10-25] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [160992 2020-11-11] (ESET, spol. s r.o. -> ESET)
S0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [109360 2020-11-11] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [15824 2021-03-15] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [190464 2020-11-11] (ESET, spol. s r.o. -> ESET)
R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [70560 2020-11-11] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [108808 2020-11-11] (ESET, spol. s r.o. -> ESET)
S3 f5ipfw; C:\Windows\system32\drivers\urfltv64.sys [44440 2020-09-10] (F5 Networks Inc -> F5 Networks, Inc.)
U3 Healcea; no ImagePath
S3 kcane; C:\Windows\system32\DRIVERS\kcane.sys [119352 2020-09-17] (Kvaser AB -> KVASER AB, Mölndal, SWEDEN)
R3 kcanv; C:\Windows\system32\DRIVERS\kcanv.sys [98360 2020-09-17] (Kvaser AB -> KVASER AB, Mölndal, SWEDEN)
R3 kvnetenum; C:\Windows\system32\DRIVERS\kvnetenum.sys [58424 2020-09-17] (Kvaser AB -> KVASER AB, Mölndal, SWEDEN)
R2 kvsoftsync; C:\Windows\system32\Drivers\kvsoftsync.sys [32312 2020-09-17] (Kvaser AB -> KVASER AB, Mölndal, SWEDEN)
R3 LAN9500; C:\Windows\System32\drivers\lan9500-x64-n650f.sys [109408 2017-04-27] (Microchip Technology Inc. -> Microchip Technology Inc.)
R3 MctUsbAudio; C:\Windows\System32\drivers\MctFlt.sys [38680 2017-11-09] (Magic Control Technology Corp. -> Windows (R) Win 7 DDK provider)
R3 urvpndrv; C:\Windows\System32\drivers\covpnv64.sys [57736 2020-09-10] (F5 Networks Inc -> F5 Networks, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [48536 2020-12-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [429296 2020-12-18] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-18] (Microsoft Windows -> Microsoft Corporation)
R2 WIBUKEY; C:\Windows\System32\DRIVERS\WibuKey64.sys [118200 2020-03-18] (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
R3 WiManH; C:\Windows\System32\DriverStore\FileRepository\wiman.inf_amd64_4b0336d95f188e47\WiManH\WiManH.sys [168792 2020-09-02] (Intel Wireless Driver -> )

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-03-16 16:06 - 2021-03-16 16:06 - 000026621 _____ C:\Users\j.gb\Desktop\FRST.txt
2021-03-16 16:06 - 2021-03-16 16:06 - 000000000 ____D C:\FRST
2021-03-16 16:04 - 2021-03-16 16:04 - 002300928 _____ (Farbar) C:\Users\j.gb\Desktop\FRST64.exe
2021-03-16 11:58 - 2021-03-16 11:58 - 000000000 ____D C:\Users\j.gb\AppData\Local\Brice_Lambson
2021-03-16 11:56 - 2021-03-16 11:56 - 001083664 _____ (Brice Lambson) C:\Users\j.gb\Downloads\ImageResizerSetup-3.1.1.exe
2021-03-16 11:56 - 2021-03-16 11:56 - 000000000 ____D C:\Program Files\Image Resizer for Windows
2021-03-16 11:56 - 2021-03-16 11:56 - 000000000 ____D C:\Program Files (x86)\Image Resizer for Windows
2021-03-16 11:50 - 2021-03-16 11:58 - 000000000 ____D C:\Users\j.gb\Downloads\drive-download-20210316T104853Z-001
2021-03-16 11:49 - 2021-03-16 11:49 - 028919689 _____ C:\Users\j.gb\Downloads\drive-download-20210316T104853Z-001.zip
2021-03-15 10:22 - 2021-03-15 10:22 - 000000004 ____H C:\ProgramData\cm-lock
2021-03-15 10:21 - 2021-03-15 11:20 - 000307116 _____ C:\Users\j.gb\Desktop\29145583_Installation Protocol BC T200.pdf
2021-03-12 22:08 - 2021-03-12 22:10 - 000000000 ____D C:\Users\j.gb\Desktop\Fighting With My Family (2019) [WEBRip] [1080p] [YTS.AM]
2021-03-03 16:50 - 2021-03-03 16:50 - 000241456 _____ C:\Users\j.gb\Downloads\Dap2020Jenda.XLSX
2021-03-03 11:39 - 2021-03-03 11:39 - 000000000 ____D C:\Users\j.gb\AppData\Roaming\Media Player Classic
2021-03-03 11:38 - 2021-03-03 11:38 - 001969179 _____ C:\Users\j.gb\Downloads\mpc_6490+_2kXP_cze.zip
2021-02-24 15:57 - 2021-02-24 15:57 - 000000000 ____D C:\Users\j.gb\AppData\Local\GHISLER
2021-02-24 15:56 - 2021-02-24 15:57 - 000000000 ____D C:\totalcmd
2021-02-24 15:56 - 2021-02-24 15:56 - 008095960 _____ (Ghisler Software GmbH) C:\Users\j.gb\Downloads\tcmd951x32_64.exe
2021-02-24 15:56 - 2021-02-24 15:56 - 000000000 ____D C:\Users\j.gb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander
2021-02-24 15:56 - 2021-02-24 15:56 - 000000000 ____D C:\Users\j.gb\AppData\Roaming\GHISLER
2021-02-24 11:43 - 2021-02-24 11:44 - 000000000 ____D C:\SERVICEmgr32
2021-02-24 11:39 - 2021-03-15 10:23 - 000000000 ____D C:\ProgramData\boost_interprocess
2021-02-24 11:21 - 2021-02-24 11:21 - 013746920 _____ (Kvaser AB, Mölndal, Sweden) C:\Users\j.gb\Downloads\kvaser_drivers_setup.exe
2021-02-24 11:21 - 2021-02-24 11:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kvaser CAN Drivers
2021-02-24 11:21 - 2021-02-24 11:21 - 000000000 ____D C:\Program Files\Kvaser
2021-02-24 11:21 - 2020-09-17 08:28 - 000156216 _____ (KVASER AB, Mölndal, SWEDEN) C:\Windows\system32\Drivers\kcany.sys
2021-02-24 11:21 - 2020-09-17 08:28 - 000145976 _____ (KVASER AB, Mölndal, SWEDEN) C:\Windows\system32\Drivers\kcanyr.sys
2021-02-24 11:21 - 2020-09-17 08:28 - 000133176 _____ (KVASER AB, Mölndal, SWEDEN) C:\Windows\system32\Drivers\kcanl.sys
2021-02-24 11:21 - 2020-09-17 08:28 - 000126008 _____ (KVASER AB, Mölndal, SWEDEN) C:\Windows\system32\Drivers\kcanlr.sys
2021-02-24 11:21 - 2020-09-17 08:28 - 000119352 _____ (KVASER AB, Mölndal, SWEDEN) C:\Windows\system32\Drivers\kcanx.sys
2021-02-24 11:21 - 2020-09-17 08:28 - 000117816 _____ (KVASER AB, Mölndal, SWEDEN) C:\Windows\system32\Drivers\kcanf.sys
2021-02-24 11:21 - 2020-09-17 08:28 - 000112696 _____ (KVASER AB, Mölndal, SWEDEN) C:\Windows\system32\Drivers\kcanh.sys
2021-02-24 11:21 - 2020-09-17 08:28 - 000111160 _____ (KVASER AB, Mölndal, SWEDEN) C:\Windows\system32\Drivers\kcans.sys
2021-02-24 11:21 - 2020-09-17 08:28 - 000098360 _____ (KVASER AB, Mölndal, SWEDEN) C:\Windows\system32\Drivers\kcanv.sys
2021-02-24 11:21 - 2020-09-17 08:28 - 000058424 _____ (KVASER AB, Mölndal, SWEDEN) C:\Windows\system32\Drivers\kvnetenum.sys
2021-02-24 11:21 - 2020-09-17 08:28 - 000032312 _____ (KVASER AB, Mölndal, SWEDEN) C:\Windows\system32\Drivers\kvsoftsync.sys
2021-02-24 11:21 - 2020-09-09 23:09 - 000670888 _____ (KVASER AB, Mölndal, SWEDEN) C:\Windows\SysWOW64\kvalapw2.dll
2021-02-24 11:21 - 2020-09-09 23:09 - 000564904 _____ (KVASER AB, Mölndal, SWEDEN) C:\Windows\system32\kcanconf.exe
2021-02-24 11:21 - 2020-09-09 23:09 - 000538280 _____ (KVASER AB, Mölndal, SWEDEN) C:\Windows\SysWOW64\kvaser_vcndrvms.dll
2021-02-24 11:21 - 2020-09-09 23:09 - 000509608 _____ (KVASER AB, Mölndal, SWEDEN) C:\Windows\SysWOW64\canlib32.dll
2021-02-24 11:21 - 2020-09-09 23:09 - 000442024 _____ (KVASER AB, Mölndal, SWEDEN) C:\Windows\SysWOW64\kcanconf.exe
2021-02-24 11:18 - 2021-02-24 11:43 - 000262144 ____N (Microsoft Corporation) C:\Windows\Setup1.exe
2021-02-24 11:18 - 2021-02-24 11:43 - 000073216 _____ (Microsoft Corporation) C:\Windows\ST6UNST.EXE
2021-02-24 11:18 - 2021-02-24 11:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SERVICEmgr32
2021-02-24 11:18 - 2015-03-18 20:31 - 002896977 ____N C:\Windows\SERVIC~1.CAB
2021-02-23 12:48 - 2021-02-23 12:48 - 000665428 _____ C:\Users\j.gb\Downloads\potvrzeni (1).pdf
2021-02-23 11:51 - 2021-02-23 11:51 - 004526932 _____ C:\Users\j.gb\Downloads\SITUACE.pdf
2021-02-22 15:49 - 2021-02-22 15:49 - 000000000 ____D C:\Users\j.gb\Downloads\The-Prodigy---Diskografie-+Singly-(1991-2009)-(MP3-320kbps).Mp3_HQ-by-PiPeTamer
2021-02-22 11:14 - 2021-02-22 13:20 - 2277271356 _____ C:\Users\j.gb\Downloads\The-Prodigy---Diskografie-+Singly-(1991-2009)-(MP3-320kbps).Mp3_HQ-by-PiPeTamer.rar
2021-02-22 10:46 - 2021-02-22 10:46 - 001462176 _____ C:\Users\j.gb\Desktop\1_podlaží.psd
2021-02-22 10:45 - 2021-02-22 10:45 - 001695762 _____ C:\Users\j.gb\Desktop\1_podlaží.pdf
2021-02-16 12:09 - 2021-02-16 12:45 - 104941649 _____ C:\Users\j.gb\Downloads\PoR - PL.rar
2021-02-16 12:03 - 2021-02-16 12:23 - 354036255 _____ C:\Users\j.gb\Downloads\Mo-Do - Was Ist Das (1995)FLAC.rar
2021-02-16 12:00 - 2021-02-16 12:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoCAD 2018 – Čeština (Czech)
2021-02-16 11:59 - 2021-02-16 11:59 - 111747832 _____ (Autodesk, Inc.) C:\Users\j.gb\Downloads\AutoCAD_2018_Czech_LP_Win_64bit_dlm.sfx.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-03-16 16:04 - 2020-12-21 23:59 - 000000000 ____D C:\ProgramData\Adobe
2021-03-16 16:04 - 2020-12-21 23:26 - 000000000 ____D C:\Users\j.gb\AppData\Roaming\Adobe
2021-03-16 16:02 - 2021-01-04 10:00 - 000000000 ____D C:\Users\j.gb\AppData\Roaming\WhatsApp
2021-03-16 16:02 - 2020-12-21 23:17 - 000000136 _____ C:\Windows\system32\config\netlogon.ftl
2021-03-16 15:58 - 2020-11-18 23:46 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-03-16 15:58 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-03-16 11:56 - 2020-12-18 21:57 - 000000000 ____D C:\ProgramData\Package Cache
2021-03-16 11:50 - 2020-12-28 11:00 - 000000000 ____D C:\Program Files (x86)\anipart client
2021-03-16 11:50 - 2020-12-28 10:48 - 000000000 ____D C:\Users\j.gb\Documents\aniPart support
2021-03-16 08:58 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp
2021-03-16 08:50 - 2020-12-18 21:33 - 000000000 ____D C:\Windows\system32\MRT
2021-03-16 08:46 - 2020-12-18 21:33 - 131005360 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-03-15 20:40 - 2020-11-19 00:48 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-03-15 20:40 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-03-15 20:40 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2021-03-15 11:02 - 2021-01-04 10:00 - 000000000 ____D C:\Users\j.gb\AppData\Local\WhatsApp
2021-03-15 10:46 - 2020-11-08 12:08 - 000015824 _____ (ESET) C:\Windows\system32\Drivers\eelam.sys
2021-03-15 10:46 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2021-03-15 10:34 - 2021-02-12 13:27 - 000000000 ____D C:\ProgramData\Autodesk
2021-03-15 10:23 - 2020-12-21 23:30 - 000000000 ____D C:\Program Files\Microsoft Office
2021-03-15 10:23 - 2020-12-21 23:26 - 000000000 __SHD C:\Users\j.gb\IntelGraphicsProfiles
2021-03-15 10:23 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-03-15 10:22 - 2020-12-18 22:04 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-03-15 10:22 - 2020-12-18 21:39 - 000000000 ____D C:\Intel
2021-03-15 10:22 - 2020-12-18 21:26 - 000008192 ___SH C:\DumpStack.log.tmp
2021-03-15 10:22 - 2020-11-19 00:46 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-03-15 10:22 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ServiceState
2021-03-15 10:22 - 2019-12-07 10:03 - 000786432 _____ C:\Windows\system32\config\BBI
2021-03-15 10:06 - 2021-01-08 13:48 - 000000000 ____D C:\ProgramData\CanonIJPLM
2021-03-15 10:05 - 2020-12-22 00:00 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-03-15 10:04 - 2020-12-22 09:53 - 000004182 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1608627185
2021-03-15 10:04 - 2020-12-22 09:53 - 000001515 _____ C:\Users\j.gb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prohlížeč Opera.lnk
2021-03-08 22:02 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\LiveKernelReports
2021-03-08 17:29 - 2020-12-28 10:34 - 000000000 ____D C:\Users\j.gb\Documents\Pharmatech
2021-03-04 12:35 - 2020-11-19 00:48 - 000003584 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-03-04 12:35 - 2020-11-19 00:48 - 000003460 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-03-04 10:00 - 2020-12-21 23:26 - 000003368 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-229502678-4061752961-2197657978-1117
2021-03-04 10:00 - 2020-12-21 23:26 - 000002407 _____ C:\Users\j.gb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-03-04 10:00 - 2020-12-21 23:26 - 000000000 ___RD C:\Users\j.gb\OneDrive
2021-03-03 15:13 - 2020-12-28 10:32 - 000000000 ____D C:\Users\j.gb\Documents\Protokoly
2021-03-01 12:34 - 2020-12-21 23:26 - 000000000 ____D C:\Users\j.gb\AppData\Local\Packages
2021-03-01 11:51 - 2021-01-08 12:20 - 000000000 ____D C:\Users\j.gb\Desktop\Proformy
2021-02-26 03:29 - 2020-12-22 16:01 - 000002416 _____ C:\Users\j.gb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2021-02-24 16:05 - 2020-12-28 10:33 - 000000000 ____D C:\Users\j.gb\Documents\Projít
2021-02-24 12:02 - 2021-02-02 18:31 - 000000000 ____D C:\Users\j.gb\AppData\Local\Google
2021-02-24 12:02 - 2021-02-02 18:31 - 000000000 ____D C:\Program Files (x86)\Google
2021-02-24 11:43 - 2014-10-30 21:03 - 000001291 _____ C:\Windows\SERVICEmgr32.ini
2021-02-24 11:43 - 2006-01-19 13:22 - 000000526 _____ C:\Windows\Eptcan32.ini
2021-02-24 11:43 - 2003-11-04 15:56 - 000000259 _____ C:\Windows\xptcan32.ini
2021-02-24 11:39 - 2021-02-12 13:30 - 000000000 ____D C:\Users\j.gb\AppData\Local\Autodesk
2021-02-24 11:39 - 2021-02-12 13:23 - 000536984 _____ C:\Windows\system32\FNTCACHE.DAT
2021-02-24 11:37 - 2020-12-22 16:06 - 000000000 ____D C:\Users\j.gb\GRAPHISOFT
2021-02-24 11:37 - 2020-12-22 16:06 - 000000000 ____D C:\Users\j.gb\AppData\Roaming\GRAPHISOFT
2021-02-24 11:37 - 2020-12-22 16:06 - 000000000 ____D C:\Users\j.gb\AppData\Local\GRAPHISOFT
2021-02-24 11:18 - 2020-12-28 10:43 - 000000000 ____D C:\SERVICEmgr323
2021-02-23 13:34 - 2020-12-28 10:27 - 000000000 ____D C:\Users\j.gb\Documents\Dům
2021-02-22 11:33 - 2021-01-08 12:40 - 000000000 ____D C:\Users\j.gb\AppData\Local\CrashDumps
2021-02-17 14:29 - 2020-12-21 23:26 - 000000000 ____D C:\Users\j.gb
2021-02-16 12:00 - 2021-02-12 13:29 - 000000000 ____D C:\Program Files\Common Files\Autodesk Shared
2021-02-16 12:00 - 2021-02-12 13:29 - 000000000 ____D C:\Program Files\Autodesk
2021-02-16 12:00 - 2021-02-12 13:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2021-02-16 11:59 - 2021-02-12 12:37 - 000000000 ____D C:\Autodesk
2021-02-15 13:14 - 2020-12-28 10:32 - 000000000 ____D C:\Users\j.gb\Documents\Výkazy f
2021-02-15 13:14 - 2020-12-28 10:26 - 000000000 ____D C:\Users\j.gb\Documents\AutoDELFIA

==================== Files in the root of some directories ========

2021-01-08 10:08 - 2021-01-08 10:08 - 000003584 _____ () C:\Users\j.gb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2021-01-08 12:29 - 2021-01-08 12:29 - 000000017 _____ () C:\Users\j.gb\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Re: Eset hlásí adware v Opeře - není schopen jej zlikvidovat

Napsal: 16 bře 2021 17:07
od Serifus
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-03-2021
Ran by j.gb (16-03-2021 16:07:12)
Running from C:\Users\j.gb\Desktop
Windows 10 Pro Version 20H2 19042.804 (X64) (2020-12-18 20:27:58)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Admin (S-1-5-21-3689790936-738298057-1859486358-1001 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-3689790936-738298057-1859486358-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3689790936-738298057-1859486358-503 - Limited - Disabled)
Guest (S-1-5-21-3689790936-738298057-1859486358-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3689790936-738298057-1859486358-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Security (Enabled - Up to date) {89B55CC4-3881-78B2-11E2-479AE0371896}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

A360 Desktop (HKLM\...\{B65CD59E-A771-4354-AA4B-C3E01B496BCD}) (Version: 8.2.3.1800 - Autodesk)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.001.20145 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.09 - Adobe Systems)
Adobe Photoshop CS (HKLM-x32\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.)
ARCHICAD 23 Goodies Suite R1 CZE (HKLM\...\Goodies 23.0 CZE FULL R1 1) (Version: 23.0.0.3003 - GRAPHISOFT SE)
ARCHICAD 23 R1 CZE (HKLM\...\ARCHICAD 23.0 CZE FULL R1 1) (Version: 23.0.0.3003 - GRAPHISOFT SE)
ARCHICAD 24 R1 CZE (HKLM\...\ARCHICAD 24.0 CZE FULL R1 1) (Version: 24.0.0.3022 - GRAPHISOFT SE)
AutoCAD 2018 – Čeština (Czech) (HKLM\...\{28B89EEF-1001-0405-2102-CF3F3A09B77D}) (Version: 22.0.49.0 - Autodesk) Hidden
AutoCAD 2018 - English (HKLM\...\{28B89EEF-1001-0409-2102-CF3F3A09B77D}) (Version: 22.0.49.0 - Autodesk) Hidden
Autodesk Advanced Material Library Image Library 2018 (HKLM-x32\...\{177AD7F6-9C77-4E50-BA53-B7259C5F282D}) (Version: 16.11.1.0 - Autodesk)
Autodesk App Manager 2016-2018 (HKLM-x32\...\{20EC0CA2-346E-4660-9903-51B278DF15F6}) (Version: 2.4.0 - Autodesk)
Autodesk AutoCAD 2018 - English (HKLM\...\AutoCAD 2018 - English) (Version: 22.0.49.0 - Autodesk)
Autodesk AutoCAD 2018 Language Pack – Čeština (Czech) (HKLM\...\AutoCAD 2018 – Čeština (Czech)) (Version: 22.0.49.0 - Autodesk)
Autodesk AutoCAD 2018.0.2 (HKLM-x32\...\{b501e2dd-1001-0000-0102-2d66c6a9c722}) (Version: 22.0.72.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.8 (HKLM-x32\...\{214D3370-746E-4886-8EAA-5769EB87D044}) (Version: 1.2.8.0 - Autodesk)
Autodesk Material Library 2018 (HKLM-x32\...\{7847611E-92E9-4917-B395-71C91D523104}) (Version: 16.11.1.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2018 (HKLM-x32\...\{FCDED119-A969-4E48-8A32-D21AD6B03253}) (Version: 16.11.1.0 - Autodesk)
Autodesk ReCap (HKLM\...\Autodesk ReCap 360) (Version: 4.0.0.28 - Autodesk)
BIG-IP Edge Client Components (All Users) (HKLM-x32\...\F5 Networks Client Components) (Version: 72.2020.0910.1202 - F5 Networks, Inc.)
BIMTech Tools for ArchiCAD 2.0.0 verze 2.0.0 (HKLM-x32\...\{1D261017-1A97-44BF-852E-049E5D08BF13}_is1) (Version: 2.0.0 - BIM Technology s.r.o.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.1.0 - Canon Inc.)
Canon MF Toolbox 4.9.1.1.mf18 (HKLM-x32\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf18 - CANON INC.)
Canon MF8000 Series (HKLM\...\{5BE226B3-1722-4fd0-9E39-997712B68F67}) (Version: - )
Canon MG7100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG7100_series) (Version: 1.01 - Canon Inc.)
Canon MG7100 series On-screen Manual (HKLM-x32\...\Canon MG7100 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.6.4 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.6.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.8.5 - Canon Inc.)
CodeMeter Runtime Kit v7.00 (HKLM\...\{9054FBAC-C4FD-4FC2-B3F2-E4E41E49A20B}) (Version: 7.00.3918.500 - WIBU-SYSTEMS AG)
DEKSOFT BIM Plug-in (HKU\S-1-5-21-229502678-4061752961-2197657978-1117\...\DEKSOFT BIM Plug-in) (Version: 01.00.01.76 - DEKSOFT)
Dell SupportAssist (HKLM\...\{C5A70974-2F89-4BE0-90F7-749E62468C4D}) (Version: 3.8.1.23 - Dell Inc.)
Dynamic Application Loader Host Interface Service (HKLM\...\{ECFC785A-9107-4259-9288-0ABC86C0F6AB}) (Version: 1.0.0.0 - Intel Corporation) Hidden
ESET Endpoint Antivirus (HKLM\...\{CAC9C8AF-7485-48E0-AF87-FDC929B57E76}) (Version: 8.0.2028.0 - ESET, spol. s r.o.)
Excel (HKU\S-1-5-21-3689790936-738298057-1859486358-1001\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel)
FARO LS 1.1.600.6 (64bit) (HKLM-x32\...\{510A08AF-1649-4844-94E5-EAC43A023685}) (Version: 6.0.6.5 - FARO Scanner Production)
GRAPHISOFT BIMx Desktop Viewer (HKLM\...\BIMx Viewer 23.0 GEN FULL R1 1) (Version: 2019.2.2328.0 - GRAPHISOFT SE)
GRAPHISOFT License Manager Tool (HKLM\...\License Manager Tool 20.0 INT FULL R1 1) (Version: 20.0.0.4800 - GRAPHISOFT SE)
Image Resizer for Windows (64 bit) (HKLM\...\{2A1F3759-5792-469B-B895-7E29680F02F1}) (Version: 3.1.1.0 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{92916BDF-74CB-479C-B69E-32EACB074FFE}) (Version: 3.1.1.0 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{c624f5da-779e-4ccb-9ce1-34bc5ef0a6b9}) (Version: 3.1.1.0 - Brice Lambson)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{3DAC4F8C-80E6-4204-8A58-747FA4CBAA03}) (Version: 16.0.246 - Intel Corporation)
Intel(R) Dynamic Tuning (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.7.10400.15556 - Intel Corporation)
Intel(R) Dynamic Tuning Technology (HKLM-x32\...\{7a82309b-956d-4788-8207-25897660c3d6}) (Version: 8.7.10400.15556 - Intel) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2036.15.0.1835 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.2020.7 - Intel Corporation)
j5 USB Functional Docking Station 20.01.0620.3185 (HKLM-x32\...\{81C5AD1D-C7C6-48AC-AC85-8F04293B1780}) (Version: 20.01.0620.3185 - j5create)
Kvaser CAN Drivers WHCP (HKLM\...\Kvaser CAN Drivers) (Version: 5.34 - Kvaser AB)
Microsoft 365 Apps pro firmy - cs-cz (HKLM\...\O365BusinessRetail - cs-cz) (Version: 16.0.13801.20294 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.54 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-229502678-4061752961-2197657978-1117\...\OneDriveSetup.exe) (Version: 21.030.0211.0002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3689790936-738298057-1859486358-1001\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-229502678-4061752961-2197657978-1117\...\Teams) (Version: 1.4.00.4167 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13801.20274 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13801.20294 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.13801.20274 - Microsoft Corporation) Hidden
OpenRA (HKLM\...\OpenRA) (Version: release-20200503 - OpenRA developers)
Opera Stable 74.0.3911.218 (HKU\S-1-5-21-229502678-4061752961-2197657978-1117\...\Opera 74.0.3911.218) (Version: 74.0.3911.218 - Opera Software)
OptaneDowngradeGuard (HKLM\...\{86B0E6C1-32E0-42CC-BC4F-BF3C0730CECB}) (Version: 18.0.0.0 - Intel Corporation) Hidden
Outlook (HKU\S-1-5-21-3689790936-738298057-1859486358-1001\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook)
Počítačová aplikace Autodesk (HKLM-x32\...\Autodesk Desktop App) (Version: 8.0.0.46 - Autodesk)
PowerPoint (HKU\S-1-5-21-3689790936-738298057-1859486358-1001\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9098.1 - Realtek Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.18363.21333 - Realtek Semiconductor Corp.)
Registrace uživatele zařízení Canon MG7100 series (HKLM-x32\...\Registrace uživatele zařízení Canon MG7100 series) (Version: - ‭Canon Inc.)
RstDowngradeGuard (HKLM\...\{13C2A26E-7AD4-4D82-BB4F-DEA6E871B958}) (Version: 18.0.0.0 - Intel Corporation) Hidden
SERVICEmgr32 v2.46.1 (C:\SERVICEmgr32\) (HKLM-x32\...\ST6UNST #2) (Version: - )
SERVICEmgr32 v2.46.1 (HKLM-x32\...\ST6UNST #1) (Version: - )
Speciální aplikace Autodesk 2016-2018 (HKLM-x32\...\{384C4B74-B749-4AB6-9367-4D51A6AA9CB8}) (Version: 2.4.0 - Autodesk)
ST Microelectronics 3 Axis Digital Accelerometer Solution verze 4.10.0103 (HKLM\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}_is1) (Version: 4.10.0103 - ST Microelectronics)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.3.0.26064 - Microsoft Corporation)
TeamViewer Host (HKLM-x32\...\TeamViewer) (Version: 15.15.5 - TeamViewer)
Total Commander 64+32-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.51 - Ghisler Software GmbH)
WhatsApp (HKU\S-1-5-21-229502678-4061752961-2197657978-1117\...\WhatsApp) (Version: 2.2108.8 - WhatsApp)
WibuKey Setup (WibuKey Remove) (HKLM\...\{00060000-0000-1004-8002-0000C06B5161}) (Version: Version 6.40 of 2016-Dec-22 (Build 2402) (Setup) - WIBU-SYSTEMS AG)
Winamp (HKLM-x32\...\Winamp) (Version: 5.8 - Winamp SA)
WinRAR 6.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH)
Word (HKU\S-1-5-21-3689790936-738298057-1859486358-1001\...\1b837d0bf93d01407352736c91b7bf50) (Version: 1.0 - Word)

Packages:
=========
Dell Free Fall Data Protection -> C:\Program Files\WindowsApps\STMicroelectronicsMEMS.DellFreeFallDataProtection_1.0.26.0_x64__rp6h1c31mfy1y [2021-01-04] (STMICROELECTRONICS S.R.L.)
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.8.10.0_x64__htrsf667h5kn2 [2021-01-13] (Dell Inc)
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1015.0_x64__8j3eq9eme6ctt [2021-03-15] (INTEL CORP)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-01-30] (Microsoft Studios) [MS Ad]
Ovládací centrum grafiky Intel® -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3282.0_x64__8j3eq9eme6ctt [2021-01-04] (INTEL CORP) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-229502678-4061752961-2197657978-1117_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\j.gb\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20289.5\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-229502678-4061752961-2197657978-1117_Classes\CLSID\{9AAF0EB6-42D8-46C1-A2EF-679511B37A0D}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2018\acad.exe (Autodesk, Inc -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-229502678-4061752961-2197657978-1117_Classes\CLSID\{B6EB585B-B467-4E46-A9C7-48D7D6FD26CB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2018\acad.exe (Autodesk, Inc -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-229502678-4061752961-2197657978-1117_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\j.gb\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-229502678-4061752961-2197657978-1117_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2018\en-US\acadficn.dll (Autodesk, Inc -> Autodesk, Inc.)
ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Windows\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_a41f71ab3b5175b6\OptaneShellExt.dll [2020-06-18] (Intel(R) Rapid Storage Technology -> )
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2017-02-03] (Autodesk, Inc -> Autodesk, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2017-02-03] (Autodesk, Inc -> Autodesk)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-11-11] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [Image Resizer] -> {51B4D7E5-7568-4234-B4BB-47FB3C016A69} => C:\Program Files\Image Resizer for Windows\ShellExtensions.dll [2018-05-26] (Open Source Developer, Brice Lambson -> Brice Lambson)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-11-11] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Windows\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_a41f71ab3b5175b6\OptaneShellExt.dll [2020-06-18] (Intel(R) Rapid Storage Technology -> )
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-11-11] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2012-09-23 20:44 - 2012-09-23 20:44 - 000010240 _____ () [File not signed] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\cs_cz\acrotray.cze
2018-10-18 23:13 - 2018-10-18 23:13 - 000939008 _____ () [File not signed] C:\Program Files (x86)\Winamp\Plugins\in_mod.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000012800 _____ () [File not signed] C:\Program Files (x86)\Winamp\Plugins\out_wasapi.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000268288 _____ () [File not signed] C:\Program Files (x86)\Winamp\Shared\libFLAC.dll
2012-09-23 20:44 - 2012-09-23 20:44 - 000010240 _____ (Adobe Systems Inc.) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\cs_cz\Acrobat Elements\ContextMenuShim64.cze
2020-12-28 11:01 - 2014-11-20 16:09 - 000200704 _____ (Adobe Systems, Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\AudioMixer.x32
2020-12-28 11:01 - 2015-03-25 13:53 - 000098304 _____ (Adobe Systems, Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\BitmapFilters.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 000009216 _____ (Adobe Systems, Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\BMP Agent.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 001802240 _____ (Adobe Systems, Inc.) [File not signed] C:\Program Files (x86)\anipart client\Xtras\DIRAPI.dll
2020-12-28 11:01 - 2014-05-28 12:22 - 000030720 _____ (Adobe Systems, Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\FileIo.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 004355072 _____ (Adobe Systems, Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\Flash Asset.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 000069632 _____ (Adobe Systems, Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\Font Asset.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 000282624 _____ (Adobe Systems, Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\Font Xtra.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 001011712 _____ (Adobe Systems, Inc.) [File not signed] C:\Program Files (x86)\anipart client\Xtras\IML32.dll
2020-12-28 11:01 - 2014-05-28 12:22 - 000032256 _____ (Adobe Systems, Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\INetURL.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 000009216 _____ (Adobe Systems, Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\JPEG Agent.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 000081920 _____ (Adobe Systems, Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\Mix Services.x32
2020-12-28 11:01 - 2014-11-20 16:09 - 001462272 _____ (Adobe Systems, Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\MP4Asset.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 000262144 _____ (Adobe Systems, Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\Mui Dialog.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 000147456 _____ (Adobe Systems, Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\NetFile.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 000039936 _____ (Adobe Systems, Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\NetLingo.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 000446464 _____ (Adobe Systems, Inc.) [File not signed] C:\Program Files (x86)\anipart client\Xtras\proj.dll
2020-12-28 11:01 - 2014-05-28 12:22 - 000009216 _____ (Adobe Systems, Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\Script Agent.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 001691648 _____ (Adobe Systems, Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\Shockwave 3D Asset.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 000053248 _____ (Adobe Systems, Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\Sound Control.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 000073728 _____ (Adobe Systems, Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\SWADCmpr.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 000045568 _____ (Adobe Systems, Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\SWAStrm.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 000094208 _____ (Adobe Systems, Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\Text Asset.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 000802816 _____ (Adobe Systems, Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\TextXtra.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 000081920 _____ (Adobe Systems, Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\Windows Media Asset.x32
2021-01-08 14:22 - 2013-02-19 16:37 - 000008192 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNSS_CSY.DLL
2021-01-08 14:22 - 2013-02-19 16:36 - 000307200 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNSS_IMG.dll
2021-01-08 13:22 - 2009-12-14 13:49 - 000004608 _____ (CANON INC.) [File not signed] C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUR6.DLL
2021-01-08 13:25 - 2016-02-10 13:33 - 000153088 _____ (CANON INC.) [File not signed] C:\Windows\System32\CNCENPM6.dll
2021-01-08 13:25 - 2016-05-18 06:41 - 000155648 _____ (CANON INC.) [File not signed] C:\Windows\system32\CNCLSD36a.dll
2021-01-08 14:00 - 2013-01-24 16:24 - 000359936 _____ (CANON INC.) [File not signed] C:\Windows\System32\CNMN6PPM.DLL
2020-12-28 11:01 - 2014-05-28 12:22 - 000233472 _____ (DirectXtras, Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\DirectOS.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 000679936 _____ (Electronic Ink) [File not signed] C:\Program Files (x86)\anipart client\xtras\PrintOMatic Lite MX.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 000233472 _____ (Eugene Shoustrov) [File not signed] C:\Program Files (x86)\anipart client\xtras\VbScriptXtra.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 000906240 _____ (FreeImage) [File not signed] C:\Program Files (x86)\anipart client\xtras\FreeImage.dll
2021-01-01 15:50 - 2019-08-29 17:44 - 000076288 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 23\AlgMath.dll
2021-01-01 15:50 - 2019-08-29 17:49 - 001757184 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 23\GDL.dll
2021-01-01 15:50 - 2019-08-29 17:45 - 002967040 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 23\Geometry.dll
2021-01-01 15:50 - 2019-08-29 17:46 - 000916992 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 23\Graphix.dll
2021-01-01 15:50 - 2019-08-29 17:47 - 000039936 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 23\GSProfiler.dll
2021-01-01 15:50 - 2019-08-29 17:44 - 001792512 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 23\GSRoot.dll
2021-01-01 15:51 - 2019-08-29 19:11 - 003456512 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 23\GSShellX64.dll
2021-01-01 15:50 - 2019-08-29 19:13 - 000026112 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 23\GSTestEnvironment.dll
2021-01-01 15:50 - 2019-08-29 17:45 - 000612864 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 23\GSUtils.dll
2021-01-01 15:50 - 2019-08-29 17:44 - 002523648 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 23\GSXML.dll
2021-01-01 15:50 - 2019-08-29 17:45 - 000293376 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 23\GSXMLUtils.dll
2021-01-01 15:50 - 2019-08-29 17:44 - 000076288 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 23\GSZLib.dll
2021-01-01 15:50 - 2019-08-29 17:46 - 000061952 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 23\GX.dll
2021-01-01 15:50 - 2019-08-29 17:46 - 000060416 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 23\GXImageBase.dll
2021-01-01 15:50 - 2019-08-29 17:44 - 000693248 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 23\InputOutput.dll
2021-01-01 15:50 - 2019-08-29 17:48 - 000609792 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 23\JACK.dll
2021-01-01 15:50 - 2019-08-29 17:46 - 000135168 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 23\JSON.dll
2021-01-01 15:50 - 2019-08-29 17:47 - 000038400 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 23\JSONConversion.dll
2021-01-01 15:50 - 2019-08-29 17:45 - 000076800 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 23\Measure.dll
2021-01-01 15:50 - 2019-08-29 17:44 - 000154624 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 23\Network.dll
2021-01-01 15:50 - 2019-08-29 17:45 - 003585024 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 23\ObjectDatabase.dll
2021-01-01 15:50 - 2019-08-29 17:48 - 000108032 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 23\ProjectFile.dll
2021-01-01 15:50 - 2019-08-29 18:11 - 000323072 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 23\ProjectInfo.dll
2021-01-01 15:50 - 2019-08-29 18:10 - 000494592 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 23\ProjectIO.dll
2021-01-01 15:50 - 2019-08-29 17:45 - 000468480 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 23\TextEngine.dll
2021-01-01 15:50 - 2019-08-29 17:48 - 000247808 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 23\TWRoot.dll
2021-01-01 15:51 - 2019-08-29 17:49 - 000562176 _____ (GRAPHISOFT SE) [File not signed] C:\Program Files\GRAPHISOFT\ARCHICAD 23\VBUtils.dll
2020-12-28 11:01 - 2014-05-28 12:22 - 000126976 _____ (Integration New Media Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\SecureNet Xtra.x32
2020-12-28 11:01 - 2014-05-28 13:00 - 000032768 _____ (Macromedia, Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\DirectSound.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 000045056 _____ (Macromedia, Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\SWA Import Export.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 000192512 _____ (Macromedia, Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\SwaCmpr.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 000073728 _____ (Macromedia, Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\SWAOpt.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 000090112 _____ (Macromedia, Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\TextAuth.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 000045056 _____ (Macromedia, Inc.) [File not signed] C:\Program Files (x86)\anipart client\xtras\UIHelper.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 000585728 _____ (Magic Modules Pty Ltd) [File not signed] C:\Program Files (x86)\anipart client\xtras\Buddy API Xtra.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 000098304 _____ (Magic Modules Pty Ltd) [File not signed] C:\Program Files (x86)\anipart client\xtras\Buddy Menu Xtra.x32
2020-12-21 23:33 - 2020-12-21 23:33 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll
2020-12-21 23:33 - 2020-12-21 23:33 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\c2r64.dll
2020-12-28 11:01 - 2014-05-28 12:22 - 000136192 _____ (PiMZ) [File not signed] C:\Program Files (x86)\anipart client\xtras\OSControlXtra.X32
2020-12-28 11:01 - 2014-05-28 12:22 - 000311296 _____ (RavWare) [File not signed] C:\Program Files (x86)\anipart client\xtras\RavImageExport.x32
2020-12-01 00:14 - 2020-12-01 00:14 - 001638912 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\x64\SQLite.Interop.dll
2020-12-28 11:01 - 2014-05-28 12:22 - 000108544 _____ (Tabuleiro Prod Ltda) [File not signed] C:\Program Files (x86)\anipart client\xtras\vList.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 000056832 _____ (Tabuleiro Producoes) [File not signed] C:\Program Files (x86)\anipart client\xtras\WebXtra.x32
2020-12-28 11:01 - 2014-05-28 12:22 - 000421888 _____ (Valentin Schmidt) [File not signed] C:\Program Files (x86)\anipart client\xtras\ImgXtra.x32
2018-10-18 23:13 - 2018-10-18 23:13 - 000017408 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Components\ssdp.w6c
2018-10-18 23:13 - 2018-10-18 23:13 - 000338944 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\freeform\wacs\freetype\freetype.wac
2018-10-18 23:13 - 2018-10-18 23:13 - 000041984 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\gen_crasher.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 001770496 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\gen_ff.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000031232 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\gen_hotkeys.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000323072 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\gen_ml.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000026624 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\gen_tray.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000070144 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\in_avi.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000061440 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\in_cdda.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000072704 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\in_dshow.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000051200 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\in_flac.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000044032 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\in_flv.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000008192 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\in_linein.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000112128 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\in_midi.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000041472 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\in_mkv.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000150016 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\in_mp3.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000052224 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\in_mp4.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000077824 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\in_nsv.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000024064 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\in_swf.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000239104 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\in_vorbis.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000024064 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\in_wave.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000100864 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\in_wm.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000031744 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\ml_bookmarks.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000226816 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\ml_devices.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000165376 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\ml_disc.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000057856 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\ml_downloads.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000060928 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\ml_history.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000059904 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\ml_impex.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000329728 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\ml_local.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000139776 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\ml_online.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000111104 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\ml_playlists.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000287232 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\ml_pmp.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000038912 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\ml_rg.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000033792 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\ml_transcode.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000126464 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\ml_wire.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000024576 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\out_disk.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000053760 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\out_ds.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000019968 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\out_wave.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000058368 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\pmp_android.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000163840 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\pmp_ipod.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000020992 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\pmp_njb.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000113664 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\pmp_p4s.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000078336 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Plugins\pmp_wifi.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000867328 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Shared\jnetlib.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000212992 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Shared\libmp4v2.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000165376 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Shared\libmpg123.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000260096 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Shared\libsndfile.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000086016 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Shared\nde.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000418304 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Shared\nsutil.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000030208 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Shared\nxlite.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000094208 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Shared\tataki.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000051200 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\Shared\zlib.dll
2018-10-18 23:13 - 2018-10-18 23:13 - 000030208 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\System\aacdec.w5s
2018-10-18 23:13 - 2018-10-18 23:13 - 000026112 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\System\albumart.w5s
2018-10-18 23:13 - 2018-10-18 23:13 - 000018432 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\System\bmp.w5s
2018-10-18 23:13 - 2018-10-18 23:13 - 000034304 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\System\devices.w5s
2018-10-18 23:13 - 2018-10-18 23:13 - 000017920 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\System\dlmgr.w5s
2018-10-18 23:13 - 2018-10-18 23:13 - 000015360 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\System\filereader.w5s
2018-10-18 23:13 - 2018-10-18 23:13 - 000019456 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\System\gif.w5s
2018-10-18 23:13 - 2018-10-18 23:13 - 000869888 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\System\jnetlib.w5s
2018-10-18 23:13 - 2018-10-18 23:13 - 000156160 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\System\jpeg.w5s
2018-10-18 23:13 - 2018-10-18 23:13 - 000027648 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\System\mp3.w5s
2018-10-18 23:13 - 2018-10-18 23:13 - 000308224 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\System\ombrowser.w5s
2018-10-18 23:13 - 2018-10-18 23:13 - 000091648 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\System\playlist.w5s
2018-10-18 23:13 - 2018-10-18 23:13 - 000086528 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\System\png.w5s
2018-10-18 23:13 - 2018-10-18 23:13 - 000024064 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\System\tagz.w5s
2018-10-18 23:13 - 2018-10-18 23:13 - 000037376 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\System\timer.w5s
2018-10-18 23:13 - 2018-10-18 23:13 - 000048128 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\System\wasabi2.w5s
2018-10-18 23:13 - 2018-10-18 23:13 - 000088576 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\System\xml.w5s
2018-10-18 23:13 - 2018-10-18 23:13 - 000017408 _____ (Winamp SA) [File not signed] C:\Program Files (x86)\Winamp\System\xspf.w5s
2020-12-28 11:01 - 2014-05-28 12:22 - 000555520 _____ (www.cXtra.net) [File not signed] C:\Program Files (x86)\anipart client\xtras\cXtraTreeView.x32

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-229502678-4061752961-2197657978-1117\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
DPF: HKLM-x32 {2BCDB465-81F9-41CB-832C-8037A4064446} hxxps://amsterdam-01-nl.connectge.com/public/download/urxvpn.cab#version=7210,2020,910,1202
DPF: HKLM-x32 {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} hxxps://amsterdam-01-nl.connectge.com/public/download/f5tunsrv.cab#version=7210,2020,910,1202
DPF: HKLM-x32 {45B69029-F3AB-4204-92DE-D5140C3E8E74} hxxps://amsterdam-01-nl.connectge.com/public/download/InstallerControl.cab#7210,2020,910,1202
DPF: HKLM-x32 {E0FF21FA-B857-45C5-8621-F120A0C17FF2} hxxps://amsterdam-01-nl.connectge.com/public/download/urxhost.cab#version=7210,2020,910,1202
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-229502678-4061752961-2197657978-1117\...\connectge.com -> hxxps://amsterdam-01-nl.connectge.com
IE trusted site: HKU\S-1-5-21-229502678-4061752961-2197657978-1117\...\sharepoint.com -> hxxps://ah-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 10:14 - 2021-02-02 15:10 - 000000822 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %INTEL_DEV_REDIST%redist\intel64_win\compiler;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-229502678-4061752961-2197657978-1117\Control Panel\Desktop\\Wallpaper -> C:\Users\j.gb\Pictures\Dinan-E34-540i-s2.jpg
HKU\S-1-5-21-3689790936-738298057-1859486358-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.20.11 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{311F6012-4C76-4CDD-8D78-EBC6A461C19C}] => (Block) C:\Program Files\GRAPHISOFT\ARCHICAD 23\ARCHICAD.exe (GRAPHISOFT SE) [File not signed]
FirewallRules: [{83CD2ADE-1136-4B1D-84AF-E08AD39A9FB9}] => (Block) C:\Program Files\GRAPHISOFT\ARCHICAD 23\ARCHICAD Starter.exe (GRAPHISOFT SE) [File not signed]
FirewallRules: [{C9ACB768-AF65-4578-9222-D9C5ECCA3559}] => (Block) C:\Program Files\GRAPHISOFT\ARCHICAD 23\CineRender\CineRenderNEM.exe (MAXON Computer GmbH -> MAXON Computer GmbH)
FirewallRules: [{EADA26C8-949F-4390-8B39-C418EF62A8C9}] => (Block) C:\Program Files\GRAPHISOFT\ARCHICAD 23\BIMxUploader.exe (GRAPHISOFT SE) [File not signed]
FirewallRules: [{6B3A2953-84EF-409A-9405-681F5B44B92D}] => (Block) C:\Program Files\GRAPHISOFT\ARCHICAD 23\OverwatchServer.exe (GRAPHISOFT SE) [File not signed]
FirewallRules: [{1204A166-A9E5-41C3-BE0E-7AC3AEAFDAAE}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Winamp SA -> Winamp SA)
FirewallRules: [{8D533738-A694-41BD-A74D-7A9BD376B0B7}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Winamp SA -> Winamp SA)
FirewallRules: [TCP Query User{22005354-A75D-49CC-96EE-51AE46BB9D46}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe (Winamp SA -> Winamp SA)
FirewallRules: [UDP Query User{F984DA56-5BA0-40D3-9CB5-73D9CBE5084D}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe (Winamp SA -> Winamp SA)
FirewallRules: [{646F3500-7A64-4186-B8A3-B92B89ECC1EF}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{33AC4AF5-6A98-4ECA-819E-0AAD119D05E0}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{892A9898-72C2-4EBA-8EC7-BF76AA79325E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{56005ECC-40A9-4BC5-B514-918955945BFB}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2D6742A5-6ADC-469E-9A22-7F79102BDE86}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{D90DE8A8-6715-4624-B809-ADD511F9832F}C:\users\j.gb\appdata\local\programs\opera\73.0.3856.329\opera.exe] => (Allow) C:\users\j.gb\appdata\local\programs\opera\73.0.3856.329\opera.exe => No File
FirewallRules: [UDP Query User{634653FF-EC7C-4068-B6B0-BB82D838626F}C:\users\j.gb\appdata\local\programs\opera\73.0.3856.329\opera.exe] => (Allow) C:\users\j.gb\appdata\local\programs\opera\73.0.3856.329\opera.exe => No File
FirewallRules: [TCP Query User{54832A48-859B-4D22-B9C5-EEE506FD12F9}C:\program files\openra\redalert.exe] => (Allow) C:\program files\openra\redalert.exe () [File not signed]
FirewallRules: [UDP Query User{538F77F0-47FA-4EEE-8697-E7D90301DAF3}C:\program files\openra\redalert.exe] => (Allow) C:\program files\openra\redalert.exe () [File not signed]
FirewallRules: [TCP Query User{32C148C8-D68E-403E-8C86-78F2582DB68B}C:\program files\graphisoft\archicad 24\archicad.exe] => (Block) C:\program files\graphisoft\archicad 24\archicad.exe (GRAPHISOFT SE) [File not signed]
FirewallRules: [UDP Query User{6E6A20E6-B053-4F33-9FAB-60C81D7D0331}C:\program files\graphisoft\archicad 24\archicad.exe] => (Block) C:\program files\graphisoft\archicad 24\archicad.exe (GRAPHISOFT SE) [File not signed]
FirewallRules: [TCP Query User{6DC1A450-B073-430A-A47E-8B43258A13F5}C:\users\j.gb\appdata\local\programs\opera\73.0.3856.344\opera.exe] => (Allow) C:\users\j.gb\appdata\local\programs\opera\73.0.3856.344\opera.exe => No File
FirewallRules: [UDP Query User{6855CA14-A5C9-4742-AA19-CC690DF3E9FD}C:\users\j.gb\appdata\local\programs\opera\73.0.3856.344\opera.exe] => (Allow) C:\users\j.gb\appdata\local\programs\opera\73.0.3856.344\opera.exe => No File
FirewallRules: [{665C58A9-964F-4215-81A9-82D838FBD784}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{45C4C2E9-EFD8-467B-B8CE-A3CA719AA89B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A20B8BA8-8E03-4940-9A0C-79DC16A20070}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{391C29B5-9463-4585-9784-44CD4C6FEA45}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{F841472A-27BC-450F-A686-6932FEA11425}C:\users\j.gb\appdata\local\programs\opera\74.0.3911.107\opera.exe] => (Allow) C:\users\j.gb\appdata\local\programs\opera\74.0.3911.107\opera.exe => No File
FirewallRules: [UDP Query User{EF1E0099-537A-4FD1-A62B-A003D6F0D8EA}C:\users\j.gb\appdata\local\programs\opera\74.0.3911.107\opera.exe] => (Allow) C:\users\j.gb\appdata\local\programs\opera\74.0.3911.107\opera.exe => No File
FirewallRules: [{20C29C0A-B225-4B30-93D5-B2EB892520B1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{05111B94-FBEC-40CE-9F1E-EB5120EC4A82}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{F93A0420-331A-4911-AC43-1F6340BAC925}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{82D6A93E-5E50-420F-BAC4-4216EB5D4CBC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{701CF14F-7967-4BA2-8872-EE08A6DDEBAE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.154.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E7A6D376-894A-4A4B-8A42-EC504F5D1123}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.154.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{591F6934-B20D-4329-A1B3-218F6A974D66}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.154.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BFC3B97E-C552-4B71-AA3E-F0CD1E089921}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.154.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4846EB7A-538C-46A8-A0D0-3ABE52EED363}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.154.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D311C94A-B956-49C1-B424-960A9888070A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.154.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{196A39E4-69A3-4976-BEB7-3C3FAD9C1F2D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.154.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F27307BA-0F49-4D86-B5D4-3602A51489BC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.154.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{165A09A6-154E-4252-889A-DE9F503CE555}C:\users\j.gb\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\j.gb\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{7511A506-EFCE-4DCC-A4B9-FF858747672B}C:\users\j.gb\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\j.gb\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{6E89A2FA-1B0F-448A-ADCB-FCF3B3D4530A}C:\users\j.gb\appdata\local\programs\opera\74.0.3911.218\opera.exe] => (Allow) C:\users\j.gb\appdata\local\programs\opera\74.0.3911.218\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [UDP Query User{61E0C643-6946-4218-A167-7CD0591E8DBB}C:\users\j.gb\appdata\local\programs\opera\74.0.3911.218\opera.exe] => (Allow) C:\users\j.gb\appdata\local\programs\opera\74.0.3911.218\opera.exe (Opera Software AS -> Opera Software)
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server

==================== Restore Points =========================

15-03-2021 14:57:54 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (03/15/2021 10:07:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: OLicenseHeartbeat.exe, verze: 16.0.13801.20182, časové razítko: 0x602dd932
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.19041.804, časové razítko: 0x0e9c5eae
Kód výjimky: 0xc06d007e
Posun chyby: 0x000000000002d759
ID chybujícího procesu: 0x4c40
Čas spuštění chybující aplikace: 0x01d7197a93e4b05c
Cesta k chybující aplikaci: C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe
Cesta k chybujícímu modulu: C:\Windows\System32\KERNELBASE.dll
ID zprávy: 0d2c21ff-cd8b-463f-96c1-f19e7911f5b7
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (03/15/2021 10:04:30 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (03/15/2021 10:04:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: OLicenseHeartbeat.exe, verze: 16.0.13801.20182, časové razítko: 0x602dd932
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.19041.804, časové razítko: 0x0e9c5eae
Kód výjimky: 0xc06d007e
Posun chyby: 0x000000000002d759
ID chybujícího procesu: 0x5194
Čas spuštění chybující aplikace: 0x01d7197a2cca0881
Cesta k chybující aplikaci: C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe
Cesta k chybujícímu modulu: C:\Windows\System32\KERNELBASE.dll
ID zprávy: eccaed58-3fa5-44f7-8600-0da041a9cbda
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (03/11/2021 10:54:47 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (03/11/2021 10:54:47 AM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (03/02/2021 12:05:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program RedAlert.exe verze 0.0.0.0 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 61a8

Čas spuštění: 01d70f4f0e9c54f8

Čas ukončení: 8

Cesta k aplikaci: C:\Program Files\OpenRA\RedAlert.exe

ID hlášení: 0dbd82fb-d93b-4cb5-a016-f43c9bd3d891

Úplný název balíčku s chybou:

ID aplikace relativní podle balíčku s chybou:

Typ zablokování: Cross-thread

Error: (03/01/2021 12:25:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program OUTLOOK.EXE verze 16.0.13628.20448 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 1f0c

Čas spuštění: 01d70a9c6651cd2e

Čas ukončení: 0

Cesta k aplikaci: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE

ID hlášení: e74c077c-b13b-4acd-9dc8-67bbb78dd7c9

Úplný název balíčku s chybou:

ID aplikace relativní podle balíčku s chybou:

Typ zablokování: Cross-thread

Error: (02/22/2021 12:59:52 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddWin32ServiceFiles: Unable to back up image of service Bferor since QueryServiceConfig API failed

System Error:
Systém nemůže nalézt uvedený soubor.
.


System errors:
=============
Error: (03/16/2021 04:07:12 PM) (Source: disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk2\DR2.

Error: (03/16/2021 09:40:39 AM) (Source: cdrom) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\CdRom0.

Error: (03/16/2021 09:40:39 AM) (Source: cdrom) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\CdRom0.

Error: (03/16/2021 09:40:39 AM) (Source: cdrom) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\CdRom0.

Error: (03/16/2021 09:40:39 AM) (Source: cdrom) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\CdRom0.

Error: (03/16/2021 09:40:39 AM) (Source: cdrom) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\CdRom0.

Error: (03/16/2021 09:25:41 AM) (Source: cdrom) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\CdRom0.

Error: (03/16/2021 09:25:41 AM) (Source: cdrom) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\CdRom0.


CodeIntegrity:
===============
Date: 2021-03-16 11:11:24
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

BIOS: Dell Inc. 1.4.3 12/23/2020
Motherboard: Dell Inc. 06KF2W
Processor: Intel(R) Core(TM) i7-10610U CPU @ 1.80GHz
Percentage of memory in use: 76%
Total physical RAM: 15980.48 MB
Available physical RAM: 3758.86 MB
Total Virtual: 23812.84 MB
Available Virtual: 4440.06 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:476.34 GB) (Free:14.96 GB) NTFS
Drive d: (Wormhole) (CDROM) (Total:0 GB) (Free:0 GB) CDFS
Drive e: () (Removable) (Total:0 GB) (Free:0 GB) FAT

\\?\Volume{a88454d9-dec6-4491-8398-9148ba0a569c}\ () (Fixed) (Total:0.49 GB) (Free:0.07 GB) NTFS
\\?\Volume{e57f8ce7-b138-4521-b4c7-f9b03f0700df}\ () (Fixed) (Total:0.09 GB) (Free:0.05 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 0A4A703D)

Partition: GPT.

==========================================================
Disk: 1 (Size: 1026 KB) (Disk ID: 000A0D2E)

==================== End of Addition.txt =======================

Re: Eset hlásí adware v Opeře - není schopen jej zlikvidovat

Napsal: 16 bře 2021 17:29
od Rudy
Zdravím!
Spusťte teuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

Re: Eset hlásí adware v Opeře - není schopen jej zlikvidovat

Napsal: 16 bře 2021 19:17
od Serifus
Našlo to jen předinstalovaný SW od Dellu. Dell Update. Víc nic...

Re: Eset hlásí adware v Opeře - není schopen jej zlikvidovat

Napsal: 16 bře 2021 20:01
od Rudy
OK. Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
FirewallRules: [TCP Query User{D90DE8A8-6715-4624-B809-ADD511F9832F}C:\users\j.gb\appdata\local\programs\opera\73.0.3856.329\opera.exe] => (Allow) C:\users\j.gb\appdata\local\programs\opera\73.0.3856.329\opera.exe => No File
FirewallRules: [UDP Query User{634653FF-EC7C-4068-B6B0-BB82D838626F}C:\users\j.gb\appdata\local\programs\opera\73.0.3856.329\opera.exe] => (Allow) C:\users\j.gb\appdata\local\programs\opera\73.0.3856.329\opera.exe => No File
FirewallRules: [TCP Query User{6DC1A450-B073-430A-A47E-8B43258A13F5}C:\users\j.gb\appdata\local\programs\opera\73.0.3856.344\opera.exe] => (Allow) C:\users\j.gb\appdata\local\programs\opera\73.0.3856.344\opera.exe => No File
FirewallRules: [UDP Query User{6855CA14-A5C9-4742-AA19-CC690DF3E9FD}C:\users\j.gb\appdata\local\programs\opera\73.0.3856.344\opera.exe] => (Allow) C:\users\j.gb\appdata\local\programs\opera\73.0.3856.344\opera.exe => No File
FirewallRules: [TCP Query User{F841472A-27BC-450F-A686-6932FEA11425}C:\users\j.gb\appdata\local\programs\opera\74.0.3911.107\opera.exe] => (Allow) C:\users\j.gb\appdata\local\programs\opera\74.0.3911.107\opera.exe => No File
FirewallRules: [UDP Query User{EF1E0099-537A-4FD1-A62B-A003D6F0D8EA}C:\users\j.gb\appdata\local\programs\opera\74.0.3911.107\opera.exe] => (Allow) C:\users\j.gb\appdata\local\programs\opera\74.0.3911.107\opera.exe => No File
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-229502678-4061752961-2197657978-1117\...\Policies\Explorer: []
HKU\S-1-5-21-229502678-4061752961-2197657978-1117\...\MountPoints2: {17a33837-4907-11eb-9545-dc41a949503d} - "D:\WHLoader.exe"
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {6309142C-DBAE-47D5-9BCF-6AB6F3B24D18} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23079792 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
"C:\Windows\System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202}" was unlocked. <==== ATTENTION
Task: {BC5E9969-1F6A-47D6-8DAD-3CB3AFACCCF1} - System32\Tasks\Opera scheduled Autoupdate 1608627185 => C:\Users\j.gb\AppData\Local\Programs\Opera\launcher.exe [1793688 2021-03-11] (Opera Software AS -> Opera Software)
"C:\Windows\System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}" was unlocked. <==== ATTENTION
Task: {BC5E9969-1F6A-47D6-8DAD-3CB3AFACCCF1} - System32\Tasks\Opera scheduled Autoupdate 1608627185 => C:\Users\j.gb\AppData\Local\Programs\Opera\launcher.exe [1793688 2021-03-11] (Opera Software AS -> Opera Software)
"C:\Windows\System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}" was unlocked. <==== ATTENTION
C:\Users\j.gb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: Eset hlásí adware v Opeře - není schopen jej zlikvidovat

Napsal: 18 bře 2021 10:56
od Serifus
Fix result of Farbar Recovery Scan Tool (x64) Version: 17-03-2021
Ran by j.gb (18-03-2021 10:52:38) Run:1
Running from C:\Users\j.gb\Desktop
Loaded Profiles: j.gb & Admin
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
FirewallRules: [TCP Query User{D90DE8A8-6715-4624-B809-ADD511F9832F}C:\users\j.gb\appdata\local\programs\opera\73.0.3856.329\opera.exe] => (Allow) C:\users\j.gb\appdata\local\programs\opera\73.0.3856.329\opera.exe => No File
FirewallRules: [UDP Query User{634653FF-EC7C-4068-B6B0-BB82D838626F}C:\users\j.gb\appdata\local\programs\opera\73.0.3856.329\opera.exe] => (Allow) C:\users\j.gb\appdata\local\programs\opera\73.0.3856.329\opera.exe => No File
FirewallRules: [TCP Query User{6DC1A450-B073-430A-A47E-8B43258A13F5}C:\users\j.gb\appdata\local\programs\opera\73.0.3856.344\opera.exe] => (Allow) C:\users\j.gb\appdata\local\programs\opera\73.0.3856.344\opera.exe => No File
FirewallRules: [UDP Query User{6855CA14-A5C9-4742-AA19-CC690DF3E9FD}C:\users\j.gb\appdata\local\programs\opera\73.0.3856.344\opera.exe] => (Allow) C:\users\j.gb\appdata\local\programs\opera\73.0.3856.344\opera.exe => No File
FirewallRules: [TCP Query User{F841472A-27BC-450F-A686-6932FEA11425}C:\users\j.gb\appdata\local\programs\opera\74.0.3911.107\opera.exe] => (Allow) C:\users\j.gb\appdata\local\programs\opera\74.0.3911.107\opera.exe => No File
FirewallRules: [UDP Query User{EF1E0099-537A-4FD1-A62B-A003D6F0D8EA}C:\users\j.gb\appdata\local\programs\opera\74.0.3911.107\opera.exe] => (Allow) C:\users\j.gb\appdata\local\programs\opera\74.0.3911.107\opera.exe => No File
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-229502678-4061752961-2197657978-1117\...\Policies\Explorer: []
HKU\S-1-5-21-229502678-4061752961-2197657978-1117\...\MountPoints2: {17a33837-4907-11eb-9545-dc41a949503d} - "D:\WHLoader.exe"
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {6309142C-DBAE-47D5-9BCF-6AB6F3B24D18} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23079792 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
"C:\Windows\System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202}" was unlocked. <==== ATTENTION
Task: {BC5E9969-1F6A-47D6-8DAD-3CB3AFACCCF1} - System32\Tasks\Opera scheduled Autoupdate 1608627185 => C:\Users\j.gb\AppData\Local\Programs\Opera\launcher.exe [1793688 2021-03-11] (Opera Software AS -> Opera Software)
"C:\Windows\System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}" was unlocked. <==== ATTENTION
Task: {BC5E9969-1F6A-47D6-8DAD-3CB3AFACCCF1} - System32\Tasks\Opera scheduled Autoupdate 1608627185 => C:\Users\j.gb\AppData\Local\Programs\Opera\launcher.exe [1793688 2021-03-11] (Opera Software AS -> Opera Software)
"C:\Windows\System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}" was unlocked. <==== ATTENTION
C:\Users\j.gb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D90DE8A8-6715-4624-B809-ADD511F9832F}C:\users\j.gb\appdata\local\programs\opera\73.0.3856.329\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{634653FF-EC7C-4068-B6B0-BB82D838626F}C:\users\j.gb\appdata\local\programs\opera\73.0.3856.329\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6DC1A450-B073-430A-A47E-8B43258A13F5}C:\users\j.gb\appdata\local\programs\opera\73.0.3856.344\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{6855CA14-A5C9-4742-AA19-CC690DF3E9FD}C:\users\j.gb\appdata\local\programs\opera\73.0.3856.344\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F841472A-27BC-450F-A686-6932FEA11425}C:\users\j.gb\appdata\local\programs\opera\74.0.3911.107\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{EF1E0099-537A-4FD1-A62B-A003D6F0D8EA}C:\users\j.gb\appdata\local\programs\opera\74.0.3911.107\opera.exe" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKU\S-1-5-21-229502678-4061752961-2197657978-1117\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\" => removed successfully
HKU\S-1-5-21-229502678-4061752961-2197657978-1117\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{17a33837-4907-11eb-9545-dc41a949503d} => removed successfully
C:\ProgramData\NTUSER.pol => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6309142C-DBAE-47D5-9BCF-6AB6F3B24D18}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6309142C-DBAE-47D5-9BCF-6AB6F3B24D18}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office ClickToRun Service Monitor" => removed successfully
"C:\Windows\System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202}" was unlocked. <==== ATTENTION" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BC5E9969-1F6A-47D6-8DAD-3CB3AFACCCF1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC5E9969-1F6A-47D6-8DAD-3CB3AFACCCF1}" => removed successfully
C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1608627185 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 1608627185" => removed successfully
"C:\Windows\System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}" was unlocked. <==== ATTENTION" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC5E9969-1F6A-47D6-8DAD-3CB3AFACCCF1}" => not found
"C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1608627185" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 1608627185" => not found
"C:\Windows\System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}" was unlocked. <==== ATTENTION" => not found
C:\Users\j.gb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 82894475 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 178004407 B
Edge => 0 B
Firefox => 0 B
Opera => 310754936 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 57862 B
NetworkService => 60928 B
balcompc => 110790590 B
j.gb => 402607465 B
Admin => 403202522 B

RecycleBin => 195590031 B
EmptyTemp: => 1.6 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:53:20 ====

Re: Eset hlásí adware v Opeře - není schopen jej zlikvidovat

Napsal: 18 bře 2021 13:57
od Rudy
Smazáno. Nastala nějaká změna?

Re: Eset hlásí adware v Opeře - není schopen jej zlikvidovat

Napsal: 18 bře 2021 20:44
od Serifus
Zatím úplně nemohu říci. Hlášky eset sype občas dost náhodně. Rozhodně budu sledovat a dám vědět. Zatím moc děkuji.

Re: Eset hlásí adware v Opeře - není schopen jej zlikvidovat

Napsal: 18 bře 2021 20:58
od Rudy
OK, zatím nemáte zač! :)

Re: Eset hlásí adware v Opeře - není schopen jej zlikvidovat

Napsal: 28 bře 2021 17:40
od Serifus
Zdravím!

Tak bohužel zase hlášení:

Čas;Skener;Typ objektu;Objekt;Detekce;Akce;Uživatel;Informace;Hash;První výskyt
28.03.2021 18:38:33;HTTP filtr;soubor;https://lapypushistyye.com/?r=dir&zonei ... e.Agent.AA aplikace;přerušeno spojení;APCZECH\j.gb;Tato událost nastala při pokusu o přístup na web aplikací: C:\Users\j.gb\AppData\Local\Programs\Opera\74.0.3911.218\opera.exe (1F03BA3ACC3BCD1209B8E3A662C43418DCE0C966).;49B9A7729E01AEBC5C4CEEACC005B26BBC88BEB1;


A v logu jich je dost :-(

Re: Eset hlásí adware v Opeře - není schopen jej zlikvidovat

Napsal: 28 bře 2021 17:55
od Rudy
Zkusíme vyčistit prohlížeče. Spusťte postupně tyto utility:

1. Stahnete Zoek.exe , https://www.edisk.cz/stahni/21334/zoek.rar_1.3MB.html/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize




autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;





Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: https://www.stahuj.cz/utility_a_ostatni ... oval-tool/
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

Re: Eset hlásí adware v Opeře - není schopen jej zlikvidovat

Napsal: 29 bře 2021 11:58
od Serifus
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by j.gb on 29.03.2021 at 12:07:25,77.
Microsoft Windows 10 Pro 10.0.19042 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\j.gb\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

29.03.2021 12:07:52 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~3\Canon IJ Network Tool deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\PROGRA~3\ssh deleted successfully
C:\Users\Admin\AppData\Local\PeerDistRepub deleted successfully
C:\Users\Admin\AppData\Local\PlaceholderTileLogoFolder deleted successfully
C:\Users\Admin\AppData\Local\VirtualStore deleted successfully
C:\Users\balcompc\AppData\Local\Adobe deleted successfully
C:\Users\j.gb\AppData\Local\GHISLER deleted successfully
C:\Users\j.gb\AppData\Local\PeerDistRepub deleted successfully
C:\Users\j.gb\AppData\Local\PlaceholderTileLogoFolder deleted successfully
C:\Users\j.gb\AppData\Local\Saber deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\BIMTECH deleted
C:\PROGRA~3\Package Cache deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1138-2ca0-40de3c6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1138-2ca0-40de3c8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1138-2ca0-40de3ca.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1138-2ca0-40de3dc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1138-2ca0-40de3de.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1138-2ca0-40de3e0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1138-2ca0-40de3e2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1138-2ca0-40de3f3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1138-2ca0-40de3f5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1138-2ca0-40de3f7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1138-2ca0-40de409.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1138-2ca0-40de40b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1138-2ca0-40de40d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1138-2ca0-40de40f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1138-2ca0-40de421.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1138-2ca0-40de423.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1138-2ca0-40de434.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1138-2ca0-40de436.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1138-2ca0-40de438.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1138-2ca0-40de44a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-11fc-270c-608e54.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-11fc-270c-608e66.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-11fc-270c-608e77.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-11fc-270c-608e79.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-11fc-270c-608e8b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-11fc-270c-608e9d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-11fc-270c-608e9f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-11fc-270c-608eb0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-11fc-270c-608ec2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-11fc-270c-608ec4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-11fc-270c-608ed5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-11fc-270c-608ee7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-11fc-270c-608ef9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-11fc-270c-608f0a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-11fc-270c-608f0c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-11fc-270c-608f1e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-11fc-270c-608f30.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-11fc-270c-608f41.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-11fc-270c-608f43.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-11fc-270c-608f55.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1208-a24-112e4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1208-a24-112e6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1208-a24-112e8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1208-a24-112ea.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1208-a24-112ec.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1208-a24-112ee.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1208-a24-11300.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1208-a24-11302.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1208-a24-11304.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1208-a24-11306.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1208-a24-11308.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1208-a24-1130a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1208-a24-1131c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1208-a24-1131e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1208-a24-11320.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1208-a24-11322.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1208-a24-11324.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1208-a24-11326.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1208-a24-11337.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a0-2224-12e51a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a0-2224-12e52c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a0-2224-12e52e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a0-2224-12e530.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a0-2224-12e542.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a0-2224-12e544.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a0-2224-12e546.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a0-2224-12e557.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a0-2224-12e559.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a0-2224-12e55b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a0-2224-12e56d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a0-2224-12e56f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a0-2224-12e571.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a0-2224-12e582.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a0-2224-12e584.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a0-2224-12e586.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a0-2224-12e588.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a0-2224-12e59a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a0-2224-12e59c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-13a0-2224-12e5ae.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1524-20fc-299bae.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1524-20fc-299bb0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1524-20fc-299bc1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1524-20fc-299bc3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1524-20fc-299bc5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1524-20fc-299bd7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1524-20fc-299bd9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1524-20fc-299bdb.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1524-20fc-299bec.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1524-20fc-299bee.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1524-20fc-299bf0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1524-20fc-299c02.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1524-20fc-299c04.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1524-20fc-299c06.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1524-20fc-299c18.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1524-20fc-299c1a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1524-20fc-299c1c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1524-20fc-299c2d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1524-20fc-299c2f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1524-20fc-299c31.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1720-cd0-bb8cd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1720-cd0-bb8cf.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1720-cd0-bb8e0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1720-cd0-bb8e2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1720-cd0-bb8e4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1720-cd0-bb8e6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1720-cd0-bb8f8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1720-cd0-bb8fa.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1720-cd0-bb8fc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1720-cd0-bb90d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1720-cd0-bb90f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1720-cd0-bb911.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1720-cd0-bb923.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1720-cd0-bb925.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1720-cd0-bb927.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1720-cd0-bb939.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1720-cd0-bb93b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1720-cd0-bb93d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1720-cd0-bb94e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1720-cd0-bb950.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1758-f3c-fa0fb.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1758-f3c-fa0fd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1758-f3c-fa0ff.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1758-f3c-fa111.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1758-f3c-fa113.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1758-f3c-fa115.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1758-f3c-fa127.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1758-f3c-fa129.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1758-f3c-fa12b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1758-f3c-fa13c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1758-f3c-fa13e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1758-f3c-fa140.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1758-f3c-fa152.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1758-f3c-fa154.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1758-f3c-fa156.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1758-f3c-fa168.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1758-f3c-fa16a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1758-f3c-fa16c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1758-f3c-fa17d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1758-f3c-fa17f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1bbc-ee8-1885265.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1bbc-ee8-1885267.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1bbc-ee8-1885278.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1bbc-ee8-188527a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1bbc-ee8-188527c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1bbc-ee8-188527e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1bbc-ee8-1885290.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1bbc-ee8-1885292.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1bbc-ee8-1885294.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1bbc-ee8-1885296.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1bbc-ee8-1885298.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1bbc-ee8-18852a9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1bbc-ee8-18852ab.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1bbc-ee8-18852ad.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1bbc-ee8-18852af.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1bbc-ee8-18852b1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1bbc-ee8-18852c3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1bbc-ee8-18852c5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1bbc-ee8-18852c7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1bbc-ee8-18852c9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f4c-2e88-e3ab535.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f4c-2e88-e3ab537.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f4c-2e88-e3ab549.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f4c-2e88-e3ab54b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f4c-2e88-e3ab54d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f4c-2e88-e3ab55f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f4c-2e88-e3ab561.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f4c-2e88-e3ab5b1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f4c-2e88-e3ab5c2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f4c-2e88-e3ab5d4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f4c-2e88-e3ab605.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f4c-2e88-e3ab665.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f4c-2e88-e3ab686.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f4c-2e88-e3ab698.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f4c-2e88-e3ab69a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f4c-2e88-e3ab69c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f4c-2e88-e3ab6ad.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f4c-2e88-e3ab6bf.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f4c-2e88-e3ab6ff.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1f4c-2e88-e3ab75f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fe8-1f88-15e4ae.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fe8-1f88-15e4c0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fe8-1f88-15e4c2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fe8-1f88-15e4c4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fe8-1f88-15e4d6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fe8-1f88-15e4d8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fe8-1f88-15e4f9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fe8-1f88-15e4fb.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fe8-1f88-15e50c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fe8-1f88-15e50e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fe8-1f88-15e510.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fe8-1f88-15e512.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fe8-1f88-15e524.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fe8-1f88-15e526.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fe8-1f88-15e528.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fe8-1f88-15e52a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fe8-1f88-15e53c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fe8-1f88-15e53e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fe8-1f88-15e540.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-1fe8-1f88-15e551.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-28e4-638-e0ccf.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-28e4-638-e0cd1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-28e4-638-e0ce2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-28e4-638-e0ce4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-28e4-638-e0ce6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-28e4-638-e0cf8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-28e4-638-e0cfa.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-28e4-638-e0cfc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-28e4-638-e0d0e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-28e4-638-e0d10.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-28e4-638-e0d12.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-28e4-638-e0d23.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-28e4-638-e0d25.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-28e4-638-e0d27.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-28e4-638-e0d39.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-28e4-638-e0d3b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-28e4-638-e0d3d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-28e4-638-e0d3f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-28e4-638-e0d50.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-28e4-638-e0d52.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2a60-2678-7c83b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e44-1f4-4a1641.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e44-1f4-4a1652.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e44-1f4-4a1674.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e44-1f4-4a1676.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e44-1f4-4a1678.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e44-1f4-4a1689.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e44-1f4-4a168b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e44-1f4-4a168d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e44-1f4-4a169f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e44-1f4-4a16a1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e44-1f4-4a16a3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e44-1f4-4a16b5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e44-1f4-4a16b7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e44-1f4-4a16b9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e44-1f4-4a16ca.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e44-1f4-4a16cc.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e44-1f4-4a16ce.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e44-1f4-4a16d0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e44-1f4-4a16e2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2e44-1f4-4a16e4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2ec8-2730-98c67.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2ec8-2730-98c69.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2ec8-2730-98c7b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2ec8-2730-98c7d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2ec8-2730-98c7f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2ec8-2730-98c90.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2ec8-2730-98c92.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2ec8-2730-98c94.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2ec8-2730-98ca6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2ec8-2730-98ca8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2ec8-2730-98caa.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2ec8-2730-98cac.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2ec8-2730-98ccd.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2ec8-2730-98ccf.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2ec8-2730-98cd1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2ec8-2730-98ce3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2ec8-2730-98ce5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2ec8-2730-98ce7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2ec8-2730-98cf8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2ec8-2730-98cfa.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f94-948-af00e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f94-948-af010.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f94-948-af012.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f94-948-af024.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f94-948-af026.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f94-948-af028.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f94-948-af02a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f94-948-af02c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f94-948-af03d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f94-948-af03f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f94-948-af041.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f94-948-af043.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f94-948-af055.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f94-948-af057.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f94-948-af059.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f94-948-af05b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f94-948-af06c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f94-948-af06e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f94-948-af070.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-2f94-948-af072.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b40-a0c-47fdc1.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b40-a0c-47fdc3.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b40-a0c-47fdd5.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b40-a0c-47fdd7.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b40-a0c-47fdd9.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b40-a0c-47fddb.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b40-a0c-47fdec.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b40-a0c-47fdee.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b40-a0c-47fdf0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b40-a0c-47fdf2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b40-a0c-47fe04.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b40-a0c-47fe06.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b40-a0c-47fe08.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b40-a0c-47fe0a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b40-a0c-47fe1c.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b40-a0c-47fe1e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b40-a0c-47fe20.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b40-a0c-47fe22.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b40-a0c-47fe33.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-3b40-a0c-47fe35.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-4624-1e7c-278ce2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-4624-1e7c-278cf4.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-4624-1e7c-278cf6.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-4624-1e7c-278cf8.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-4624-1e7c-278cfa.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-4624-1e7c-278d0b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-4624-1e7c-278d0d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-4624-1e7c-278d0f.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-4624-1e7c-278d21.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-4624-1e7c-278d23.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-4624-1e7c-278d25.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-4624-1e7c-278d46.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-4624-1e7c-278d68.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-4624-1e7c-278d6a.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-4624-1e7c-278d7b.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-4624-1e7c-278d7d.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-4624-1e7c-278d9e.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-4624-1e7c-278db0.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-4624-1e7c-278db2.tmp deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\tw-4624-1e7c-278dc4.tmp deleted
C:\Windows\invcol.tmp deleted
C:\windows\SysNative\GroupPolicy\DataStore deleted
"C:\Windows\Installer\45b92.msi" deleted
"C:\ProgramData\cm-lock" not deleted
"C:\DumpStack.log.tmp" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Cookies" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\lockfile" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\main-process.log" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\QuotaManager" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\QuotaManager-journal" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Cache\data_0" deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Cache\data_1" deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Cache\data_2" deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Cache\data_3" deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Cache\index" deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\databases\Databases.db" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Dictionaries\cs-CZ-3-0.bdic" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\GPUCache\data_0" deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\GPUCache\data_1" deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\GPUCache\data_2" deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\GPUCache\data_3" deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\GPUCache\index" deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Session Storage\000003.log" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Session Storage\LOCK" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Session Storage\LOG" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Session Storage\MANIFEST-000001" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\File System\Origins\000003.log" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\File System\Origins\LOCK" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\File System\Origins\LOG" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\File System\Origins\MANIFEST-000001" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\000237.log" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\000239.ldb" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\000240.ldb" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\000241.ldb" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\000242.ldb" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\000243.ldb" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\000244.ldb" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\000245.ldb" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\LOCK" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\LOG" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\MANIFEST-000001" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Local Storage\leveldb\000005.ldb" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Local Storage\leveldb\000085.ldb" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Local Storage\leveldb\000087.ldb" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Local Storage\leveldb\000089.ldb" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Local Storage\leveldb\000090.log" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Local Storage\leveldb\000091.ldb" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Local Storage\leveldb\LOCK" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Local Storage\leveldb\LOG" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Local Storage\leveldb\MANIFEST-000001" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Cache" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\databases" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Dictionaries" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\File System" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\GPUCache" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\IndexedDB" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Local Storage" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Session Storage" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\File System\Origins" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Local Storage\leveldb" not deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"web2pdfextension@web2pdf.adobedotcom"="C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn" [08.01.2021 14:01]

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
efaidnbmnnnibpcajpcglclefindmkaj - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx[12.09.2014 11:43]

Outlook - Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb
Word - Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi
Excel - Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm
PowerPoint - Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf

==== Chromium Startpages ======================

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
00StG95LweksGcLBlFlYL46cHFVgHHj1gmzcpBtgsURdcrAC3V8yiE7GY4wtpOP+9l+adUGR+cyOG0mw9fLjyH+2Il0QqktsNXzkNiE1ogW4l0h4+PJc262j0vtm4hBzMvR0QScFWcAIcAErlUiWTt4jefXCAYqubV99ed5MvVMWBxe97wOa9hYwAhbCminOepA4RRTg9eyi0TiuHpq/bNI8C5qZgKIQNBAjgiFBaIx9hiMBFlK4NHUbFdgY6Qp/hSCMNurctwz1jpsXEnT4eHg1YWXfquoH8s4swIjkFCMBF6Ejc3cUkQIDAQAB","manifest_version":2,"name":"WebRTC Internals Extension","permissions":["webrtcInternalsPrivate"],"version":"2.0.0"},"never_activated_since_loaded":true,"path":"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\84.0.522.52\\resources\\webrtc_internals","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false},"nkeimhogjdpnpccoofpliimaahmaaome":{"active_permissions":{"api":["desktopCapture","processes","webrtcAudioPrivate","webrtcDesktopCapturePrivate","webrtcLoggingPrivate","system.cpu","enterprise.hardwarePlatform"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":["runtime.onConnectExternal"],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13252797053106230","location":5,"manifest":{"background":{"page":"background.html","persistent":false},"externally_connectable":{"matches":["https://*.google.com/*","https://*.microsoft.com/*","https://*.skype.com/*","*://localhost/*"]},"incognito":"split","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDAQt2ZDdPfoSe/JI6ID5bgLHRCnCu9T36aYczmhw/tnv6QZB2I6WnOCMZXJZlRdqWc7w9jo4BWhYS50Vb4weMfh/I0On7VcRwJUgfAxW2cHB+EkmtI1v4v/OU24OqIa1Nmv9uRVeX0GjhQukdLNhAE6ACWooaf5kqKlCeK+1GOkQIDAQAB","manifest_version":2,"name":"Google Hangouts","permissions":["desktopCapture","enterprise.hardwarePlatform","processes","system.cpu","webrtcAudioPrivate","webrtcDesktopCapturePrivate","webrtcLoggingPrivate"],"version":"1.3.15"},"never_activated_since_loaded":true,"path":"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\84.0.522.52\\resources\\hangout_services","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false},"opfacbhaojodjaojgocnibmklknchehf":{"active_permissions":{"api":[],"manifest_permissions":[]},"app_launcher_ordinal":"n","commands":{},"content_settings":[],"creation_flags":17,"events":[],"from_bookmark":true,"from_webstore":false,"granted_permissions":{"api":[],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13252798204373631","location":1,"manifest":{"app":{"display_mode":"browser","launch":{"web_url":"https://powerpoint.office.com/"},"linke ... D299A834E1"}}

C:\Users\j.gb\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
5BF7F05B86988C23E79B49EEA11D948C7760BAC58F","kmendfapggjehodndflmmgagdbamhnfd":"B4C84F520C6266F1DBC99857F050D605BF1E4960F5CD2F8F333342E6B24415CA","mhjfbmdgcfjbbpaeojofohoefgiehjai":"1A7F7743A4CE4BF348B20CE775D904E9754F42991A2C7588A86D156171FA3475","ncbjelpjchkpbikbpkcchkhkblodoama":"0C10A19570123FB2CEEB2CD1FF6B2AA5478EA5C78FEB1FB6AD8EF31FA05A446B","nkeimhogjdpnpccoofpliimaahmaaome":"15AF951D233110A942BB696611716D4C658AF14F5BDB0A490EB7E45CEE3364FF"}},"homepage":"7313723229CC157627717C3150491EFD19BE0BF5305F76A9224D3821CB326FAF","homepage_is_newtabpage":"AB88E354746CE59CF5536213EF8ED8C3880FC7227740375B0F9ACB31A1054D84","media":{"storage_id_salt":"154AC4B0A176204600B867A43DEA4F32D1772C2403A6C687E182DFA1C23D6CB4"},"pinned_tabs":"8A4ED53F4A1D16054A5D0B00D23448878AA064C5649D30432DC76888F96D2918","prefs":{"preference_reset_time":"B1D4EEAECCC0D851CA8ECE3EB88A4FCF0154609E13605DDD5C842B443BD67DAA"},"safebrowsing":{"incidents_sent":"7B20938625FD29BEA7FFFA39517FB169D49901824EFCDD5E628291ACAB704E36"},"search_provider_overrides":"240834AAB31487C6D327E7BF347FB3BB1EB557CE996D88232E7705C3BDB08B05","session":{"restore_on_startup":"39C0471CEBFEE9505FCF9222B38F5A4EE943514536F2777FD6F85106543BB968","startup_urls":"8D6EC921344958D0FC4A3FEE8051CE06DC165F453126A60A426722A8611A0A8F"},"settings_reset_prompt":{"last_triggered_for_default_search":"DCB63703C95860ABC931C87A19C351F8262CC09203B980DC16321DB4754CF671","last_triggered_for_homepage":"B4EB6BD14D1121E258E2B930C12C8E73B5CD394429F2C45F672C537D69F6B25C","last_triggered_for_startup_urls":"CFD88530AEAFA144E39218C2693DD82B106CC01F695B27AD0C3F5A834D054895","prompt_wave":"70AE68D356E52B723DFBA7AA1E099023E4E6E2AD8732C90CCC1FED986DEECBE7"},"software_reporter":{"prompt_seed":"B4C18DCCD2D41ACDE7FF7E1489000FAF88178893DF5B68428B2ACC0D3E1105C0","prompt_version":"9C208DBC06321D59F99E4D8979BD6109614D66D14C571A84EBCD13D8B8315FE0","reporting":"85493E297457987410199DDB944326EFE6D7E2603983D5D240B75C5F07E5E9B7"}}},"reset_prepopulated_engines":false,"safebrowsing":{"advanced_protection_last_refresh":"13258652103002492","metrics_last_log_time":"13258638125"},"settings":{"a11y":{"caretbrowsing":{"enabled":false}}},"signin":{"DiceMigrationComplete":true,"allowed":true},"spellcheck":{"dictionaries":["cs"],"dictionary":""},"sync":{"autofill":true,"bag_of_chips":"CgEw","birthday":"ProductionEnvironmentDefinition","bookmarks":true,"cache_guid":"5hLIci1GQ2vDrOJzV14RuA==","collections":true,"collections_edge_re_evaluated":true,"collections_edge_supported":true,"edge_account_type":2,"extensions":true,"extensions_edge_supported":true,"gaia_id":"eePPQwAE-NaxSPnI5vG-1_iQJpdnCJZeSXoR1C-kmDk","has_setup_completed":true,"history_edge_supported":true,"keep_everything_synced":false,"keystore_encryption_key_state":"eyJleHBpcmF0aW9uX3RpbWUiOjE2MjAwNzgwNDQuNTIzNTI4LCJpc19wZW5kaW5nIjpmYWxzZSwia2V5X2NvbmZsaWN0IjpmYWxzZSwic2VydmljZV9kaXNhYmxlZF9jb3VudCI6MH0=","last_poll_time":"13258652268361258","last_run_version":"88.0.705.74","last_synced_time":"13258652268361432","local_device_guids_with_timestamp":[{"cache_guid":"5hLIci1GQ2vDrOJzV14RuA==","timestamp":153456}],"passwords":true,"preferences":true,"requested":false,"short_poll_interval":"28800","tabs_edge_supported":true},"translate_accepted_count":{"en":0},"translate_denied_count_for_language":{"en":1},"translate_ignored_count_for_language":{"en":8},"translate_last_denied_time_for_language":{"en":[1.608627164430529e+12]},"translate_site_blacklist_with_time":{},"try_collections_bubble_shown_num_times":1,"unified_consent":{"migration_state":10},"web_apps":{"daily_metrics":{"https://www.office.com/?from=Homescreen ... d_up":true}}

C:\Users\J1757~1.HAL\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
5BF7F05B86988C23E79B49EEA11D948C7760BAC58F","kmendfapggjehodndflmmgagdbamhnfd":"B4C84F520C6266F1DBC99857F050D605BF1E4960F5CD2F8F333342E6B24415CA","mhjfbmdgcfjbbpaeojofohoefgiehjai":"1A7F7743A4CE4BF348B20CE775D904E9754F42991A2C7588A86D156171FA3475","ncbjelpjchkpbikbpkcchkhkblodoama":"0C10A19570123FB2CEEB2CD1FF6B2AA5478EA5C78FEB1FB6AD8EF31FA05A446B","nkeimhogjdpnpccoofpliimaahmaaome":"15AF951D233110A942BB696611716D4C658AF14F5BDB0A490EB7E45CEE3364FF"}},"homepage":"7313723229CC157627717C3150491EFD19BE0BF5305F76A9224D3821CB326FAF","homepage_is_newtabpage":"AB88E354746CE59CF5536213EF8ED8C3880FC7227740375B0F9ACB31A1054D84","media":{"storage_id_salt":"154AC4B0A176204600B867A43DEA4F32D1772C2403A6C687E182DFA1C23D6CB4"},"pinned_tabs":"8A4ED53F4A1D16054A5D0B00D23448878AA064C5649D30432DC76888F96D2918","prefs":{"preference_reset_time":"B1D4EEAECCC0D851CA8ECE3EB88A4FCF0154609E13605DDD5C842B443BD67DAA"},"safebrowsing":{"incidents_sent":"7B20938625FD29BEA7FFFA39517FB169D49901824EFCDD5E628291ACAB704E36"},"search_provider_overrides":"240834AAB31487C6D327E7BF347FB3BB1EB557CE996D88232E7705C3BDB08B05","session":{"restore_on_startup":"39C0471CEBFEE9505FCF9222B38F5A4EE943514536F2777FD6F85106543BB968","startup_urls":"8D6EC921344958D0FC4A3FEE8051CE06DC165F453126A60A426722A8611A0A8F"},"settings_reset_prompt":{"last_triggered_for_default_search":"DCB63703C95860ABC931C87A19C351F8262CC09203B980DC16321DB4754CF671","last_triggered_for_homepage":"B4EB6BD14D1121E258E2B930C12C8E73B5CD394429F2C45F672C537D69F6B25C","last_triggered_for_startup_urls":"CFD88530AEAFA144E39218C2693DD82B106CC01F695B27AD0C3F5A834D054895","prompt_wave":"70AE68D356E52B723DFBA7AA1E099023E4E6E2AD8732C90CCC1FED986DEECBE7"},"software_reporter":{"prompt_seed":"B4C18DCCD2D41ACDE7FF7E1489000FAF88178893DF5B68428B2ACC0D3E1105C0","prompt_version":"9C208DBC06321D59F99E4D8979BD6109614D66D14C571A84EBCD13D8B8315FE0","reporting":"85493E297457987410199DDB944326EFE6D7E2603983D5D240B75C5F07E5E9B7"}}},"reset_prepopulated_engines":false,"safebrowsing":{"advanced_protection_last_refresh":"13258652103002492","metrics_last_log_time":"13258638125"},"settings":{"a11y":{"caretbrowsing":{"enabled":false}}},"signin":{"DiceMigrationComplete":true,"allowed":true},"spellcheck":{"dictionaries":["cs"],"dictionary":""},"sync":{"autofill":true,"bag_of_chips":"CgEw","birthday":"ProductionEnvironmentDefinition","bookmarks":true,"cache_guid":"5hLIci1GQ2vDrOJzV14RuA==","collections":true,"collections_edge_re_evaluated":true,"collections_edge_supported":true,"edge_account_type":2,"extensions":true,"extensions_edge_supported":true,"gaia_id":"eePPQwAE-NaxSPnI5vG-1_iQJpdnCJZeSXoR1C-kmDk","has_setup_completed":true,"history_edge_supported":true,"keep_everything_synced":false,"keystore_encryption_key_state":"eyJleHBpcmF0aW9uX3RpbWUiOjE2MjAwNzgwNDQuNTIzNTI4LCJpc19wZW5kaW5nIjpmYWxzZSwia2V5X2NvbmZsaWN0IjpmYWxzZSwic2VydmljZV9kaXNhYmxlZF9jb3VudCI6MH0=","last_poll_time":"13258652268361258","last_run_version":"88.0.705.74","last_synced_time":"13258652268361432","local_device_guids_with_timestamp":[{"cache_guid":"5hLIci1GQ2vDrOJzV14RuA==","timestamp":153456}],"passwords":true,"preferences":true,"requested":false,"short_poll_interval":"28800","tabs_edge_supported":true},"translate_accepted_count":{"en":0},"translate_denied_count_for_language":{"en":1},"translate_ignored_count_for_language":{"en":8},"translate_last_denied_time_for_language":{"en":[1.608627164430529e+12]},"translate_site_blacklist_with_time":{},"try_collections_bubble_shown_num_times":1,"unified_consent":{"migration_state":10},"web_apps":{"daily_metrics":{"https://www.office.com/?from=Homescreen ... d_up":true}}


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IESR02"

==== Reset Google Chrome ======================

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences was reset successfully
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences was reset successfully
C:\Users\j.gb\AppData\Local\Microsoft\Edge\User Data\Default\Preferences was reset successfully
C:\Users\j.gb\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences was reset successfully
C:\Users\J1757~1.HAL\AppData\Local\Microsoft\Edge\User Data\Default\Preferences was reset successfully
C:\Users\J1757~1.HAL\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences was reset successfully
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data was reset successfully
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data-journal was reset successfully
C:\Users\j.gb\AppData\Local\Microsoft\Edge\User Data\Default\Web Data was reset successfully
C:\Users\j.gb\AppData\Local\Microsoft\Edge\User Data\Default\Web Data-journal was reset successfully
C:\Users\J1757~1.HAL\AppData\Local\Microsoft\Edge\User Data\Default\Web Data was reset successfully
C:\Users\J1757~1.HAL\AppData\Local\Microsoft\Edge\User Data\Default\Web Data-journal was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FEE98B82400100001520FCF3A3907BD7 deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28B89EEF-1004-0000-5102-CF3F3A09B77D} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FEE98B82400100001520FCF3A3907BD7 deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\balcompc\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\j.gb\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\j.gb\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Users\J1757~1.HAL\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\J1757~1.HAL\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\j.gb\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\j.gb\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Users\J1757~1.HAL\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\J1757~1.HAL\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\j.gb\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\J1757~1.HAL\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache emptied successfully
C:\Users\j.gb\AppData\Local\Microsoft\Edge\User Data\Default\Cache emptied successfully
C:\Users\J1757~1.HAL\AppData\Local\Microsoft\Edge\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=414 folders=422 247572483 bytes)

==== Empty Temp Folders ======================

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\J1757~1.HAL\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\ProgramData\cm-lock" not deleted
"C:\DumpStack.log.tmp" not deleted
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Cookies" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\lockfile" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\main-process.log" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\QuotaManager" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\QuotaManager-journal" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\databases\Databases.db" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Dictionaries\cs-CZ-3-0.bdic" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Session Storage\000003.log" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Session Storage\LOCK" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Session Storage\LOG" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Session Storage\MANIFEST-000001" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\File System\Origins\000003.log" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\File System\Origins\LOCK" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\File System\Origins\LOG" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\File System\Origins\MANIFEST-000001" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\000237.log" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\000239.ldb" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\000240.ldb" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\000241.ldb" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\000242.ldb" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\000243.ldb" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\000244.ldb" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\000245.ldb" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\LOCK" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\LOG" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\MANIFEST-000001" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Local Storage\leveldb\000005.ldb" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Local Storage\leveldb\000085.ldb" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Local Storage\leveldb\000087.ldb" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Local Storage\leveldb\000089.ldb" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Local Storage\leveldb\000090.log" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Local Storage\leveldb\000091.ldb" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Local Storage\leveldb\LOCK" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Local Storage\leveldb\LOG" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp\Local Storage\leveldb\MANIFEST-000001" not found
"C:\Users\j.gb\AppData\Roaming\WhatsApp" not found

==== EOF on 29.03.2021 at 12:52:28,75 ======================

Re: Eset hlásí adware v Opeře - není schopen jej zlikvidovat

Napsal: 29 bře 2021 12:00
od Serifus
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Enterprise x64
Ran by j.gb (Administrator) on 29.03.2021 at 12:58:08,61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 2

Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.03.2021 at 12:58:47,10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Re: Eset hlásí adware v Opeře - není schopen jej zlikvidovat

Napsal: 29 bře 2021 12:02
od Rudy
OK. Změnilo se něco?

Re: Eset hlásí adware v Opeře - není schopen jej zlikvidovat

Napsal: 30 bře 2021 16:09
od Serifus
Teď opět hláška:

Čas;Skener;Typ objektu;Objekt;Detekce;Akce;Uživatel;Informace;Hash;První výskyt
30.03.2021 17:07:03;HTTP filtr;soubor;https://lapypushistyye.com/?r=dir&zonei ... e.Agent.AA aplikace;přerušeno spojení;APC\j.gb;Tato událost nastala při pokusu o přístup na web aplikací: C:\Users\j.gb\AppData\Local\Programs\Opera\74.0.3911.218\opera.exe (1F03BA3ACC3BCD1209B8E3A662C43418DCE0C966).;1729557A284DA5045E1C806C2262316ECDCFF338;


:o :?: :boxed:

Mám odinstalovat Operu a zkusit nainstalovat znovu? Děkuji předem.
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz