Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-02-2020
Ran by ritchi (28-02-2020 21:36:50)
Running from C:\Users\ritchi\Documents\viry
Windows 7 Ultimate Service Pack 1 (X64) (2018-09-29 10:29:13)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3665770440-1904150843-605179995-500 - Administrator - Disabled)
Guest (S-1-5-21-3665770440-1904150843-605179995-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3665770440-1904150843-605179995-1002 - Limited - Enabled)
ritchi (S-1-5-21-3665770440-1904150843-605179995-1000 - Administrator - Enabled) => C:\Users\ritchi

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1.25534 - emc, uTorrent.CZ)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 19.010.20098 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.114 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.114 - Adobe Systems Incorporated)
Adobe Photoshop CC 2018 (HKLM-x32\...\PHSP_19_0) (Version: 19.0 - Adobe Systems Incorporated)
Advertising Center (HKLM-x32\...\{b2ec4a38-b545-4a00-8214-13fe0e915e6d}) (Version: 0.0.0.1 - Nero AG) Hidden
Any Video Converter Professional 5.7.8 (HKLM-x32\...\Any Video Converter Professional_is1) (Version:  - Any-Video-Converter.com)
aTube Catcher verze 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
Balíček ovladače systému Windows - Nokia Modem  (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Balíček ovladače systému Windows - Nokia Modem  (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Balíček ovladače systému Windows - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
CCleaner (HKLM\...\CCleaner) (Version: 5.47 - Piriform)
ConvertHelper 3.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version:  - DownloadHelper)
CPUID CPU-Z 1.85 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.85 - CPUID, Inc.)
DolbyFiles (HKLM-x32\...\{b1adf008-e898-4fe2-8a1f-690d9a06acaf}) (Version: 2.0 - Nero AG) Hidden
FastStone Photo Resizer 3.8 (HKLM-x32\...\FastStone Photo Resizer) (Version: 3.8 - FastStone Soft.)
FileZilla Client 3.47.1 (HKLM-x32\...\FileZilla Client) (Version: 3.47.1 - Tim Kosse)
ImagXpress (HKLM-x32\...\{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}) (Version: 7.0.74.0 - Nero AG) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
IObit Unlocker (HKLM-x32\...\IObit Unlocker_is1) (Version: Beta 1.0 - IObit)
Java 8 Update 181 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes)
Maxthon 3 (HKLM-x32\...\Maxthon3) (Version:  - Maxthon International Limited)
Memory Cleaner 2.20 (HKLM-x32\...\MemClean) (Version: 2.20 - KoshyJohn.com)
Menu Templates - Starter Kit (HKLM-x32\...\{b78120a0-cf84-4366-a393-4d0a59bc546c}) (Version: 9.4.2.0 - Nero AG) Hidden
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27012 (HKLM-x32\...\{427ada59-85e7-4bc8-b8d5-ebf59db60423}) (Version: 14.16.27012.6 - Microsoft Corporation)
Movie Templates - Starter Kit (HKLM-x32\...\{e498385e-1c51-459a-b45f-1721e37aa1a0}) (Version: 9.4.2.0 - Nero AG) Hidden
Mozilla Firefox 68.5.0 ESR (x64 cs) (HKLM\...\Mozilla Firefox 68.5.0 ESR (x64 cs)) (Version: 68.5.0 - Mozilla)
Mozilla Thunderbird 60.0 (x64 cs) (HKLM\...\Mozilla Thunderbird 60.0 (x64 cs)) (Version: 60.0 - Mozilla)
MSVC90_x64 (HKLM\...\{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}) (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (HKLM-x32\...\{AF111648-99A1-453E-81DD-80DBBF6DAD0D}) (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 9 (HKLM-x32\...\{45aae672-0b0c-46b8-824c-b5367c5358c5}) (Version:  - Nero AG)
Nexus 18.8 (HKLM-x32\...\Winstep Xtreme_is1) (Version:  - )
Nokia Connectivity Cable Driver (HKLM-x32\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia)
Nokia PC Suite (HKLM-x32\...\{866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}) (Version: 7.1.180.94 - Nokia) Hidden
Nokia PC Suite (HKLM-x32\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia)
OpenShot Video Editor verze 2.4.4 (HKLM\...\{4BB0DCDC-BC24-49EC-8937-72956C33A470}_is1) (Version: 2.4.4 - OpenShot Studios, LLC)
Pale Moon 28.2.1 (x64 en-US) (HKLM\...\Pale Moon 28.2.1 (x64 en-US)) (Version: 28.2.1 - Moonchild Productions)
PC Connectivity Solution (HKLM-x32\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia)
PotPlayer-64 bit (HKLM\...\PotPlayer64) (Version: 1.7.18958 - Kakao Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5911 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.8 - VS Revo Group, Ltd.)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)
Screen Grab Pro Deluxe (HKLM-x32\...\{581125F9-D1C6-4797-93DD-47A992D69AA8}) (Version:  - )
SMPlayer 17.4.0 (x64) (HKLM\...\SMPlayer) (Version: 17.4.0 - Ricardo Villalba)
SoundTrax (HKLM-x32\...\{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}) (Version: 4.4.23.0 - Nero AG) Hidden
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.2.14327 - TeamViewer)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
VdhCoApp 1.2.4 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version:  - DownloadHelper)
VisualLightBox (HKLM-x32\...\VisualLightBox_is1) (Version:  - )
Vivaldi (HKU\S-1-5-21-3665770440-1904150843-605179995-1000\...\Vivaldi) (Version: 2.0.1309.37 - Vivaldi) <==== ATTENTION
Waterfox 55.2.0 (x64 en-US) (HKLM\...\Waterfox 55.2.0 (x64 en-US)) (Version: 55.2.0 - Waterfox Ltd)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3665770440-1904150843-605179995-1000_Classes\CLSID\{BCA9D37C-CA60-4160-9115-97A00F24702D}\localserver32 -> C:\Users\ritchi\AppData\Local\Vivaldi\Application\2.0.1309.37\notification_helper.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.9.1.12\buShell.dll [2017-03-16] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.9.1.12\buShell.dll [2017-03-16] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.9.1.12\buShell.dll [2017-03-16] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.9.1.12\buShell.dll [2017-03-16] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.9.1.12\buShell.dll [2017-03-16] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.9.1.12\buShell.dll [2017-03-16] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} =>  -> No File
ContextMenuHandlers2: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-02-27] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} =>  -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-02-27] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.FMVC] => C:\Windows\SysWOW64\fmcodec.dll [77824 2008-08-18] (Fox Magic Software) [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2015-03-17 01:34 - 2015-03-17 01:34 - 000010240 _____ () [File not signed] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\locale\cs_cz\AcroTray.cze
2018-09-30 07:18 - 2007-09-02 12:57 - 000069632 _____ () [File not signed] C:\Program Files (x86)\RocketDock\RocketDock.dll
2015-03-17 01:34 - 2015-03-17 01:34 - 000013312 _____ (Adobe Systems Inc.) [File not signed] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\locale\cs_cz\Acrobat Elements\ContextMenuShim64.cze
2012-06-26 12:08 - 2012-06-26 12:08 - 000026624 _____ (Nokia) [File not signed] C:\Program Files (x86)\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
2012-06-26 10:58 - 2012-06-26 10:58 - 001262592 _____ (Nokia) [File not signed] C:\Program Files (x86)\Nokia\Nokia PC Suite 7\NGSCM64.DLL
2012-06-26 12:08 - 2012-06-26 12:08 - 000572928 _____ (Nokia) [File not signed] C:\Program Files (x86)\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
2018-09-29 13:40 - 2017-11-24 17:43 - 000026624 _____ (Winstep Software Technologies) [File not signed] C:\Program Files (x86)\Winstep\WsxMMTimer.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\ritchi\Local Settings:{65003700-7900-6D00-5900-4D006E007700} [832]
AlternateDataStreams: C:\Users\ritchi\AppData\Local:{65003700-7900-6D00-5900-4D006E007700} [832]
AlternateDataStreams: C:\Users\ritchi\AppData\Local\Data aplikací:{65003700-7900-6D00-5900-4D006E007700} [832]
AlternateDataStreams: C:\Users\ritchi\AppData\Local\Temp:{65003700-7900-6D00-5900-4D006E007700} [832]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\01364193.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\20564051.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\53402365.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\78540487.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\85374124.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\01364193.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\20564051.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\53402365.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\78540487.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\85374124.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\PC Connectivity Solution\;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
HKU\S-1-5-21-3665770440-1904150843-605179995-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ritchi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.255.255.20 - 10.255.255.10
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: CertPropSvc => 3
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: FontCache3.0.0.0 => 3
MSCONFIG\Services: idsvc => 3
MSCONFIG\Services: QWAVE => 3
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: WerSvc => 3
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\startupreg: AutoKMS => C:\Windows\AutoKMS.exe
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{66471FEA-8437-4B20-A947-D9B2E9CE5D73}] => (Allow) C:\Users\ritchi\AppData\Local\Vivaldi\Application\vivaldi.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
FirewallRules: [{C8B93A35-3B0A-4C11-9A4A-FE818D319024}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{168F0BD9-E917-4946-85E6-541B87B4FFFB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{F4E88506-7EA7-4A7D-89EC-4249AE6FAFDD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{5CB9407D-6FD0-408D-81BB-43725BC2D52E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{88B25E8B-57C1-4703-9E78-92698285B83E}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{7CC5A9DB-655B-483D-90A6-B37A3D49A90C}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{624B067D-5490-41F8-96D7-0B7B376E559A}] => (Allow) K:\Opera\56.0.3051.36\opera.exe No File
FirewallRules: [{720E40E8-2CD7-4C65-A00D-0834E0A082A2}] => (Allow) C:\TRANSLAT\WDICT32.EXE () [File not signed]
FirewallRules: [{60BA4439-ADCE-4239-A860-4FA95FF8412B}] => (Allow) C:\TRANSLAT\WDICT32.EXE () [File not signed]
FirewallRules: [{019F0365-718C-4011-9D5B-39B7C1399E41}] => (Block) %SystemDrive%\TRANSLAT\WTRAN32.EXE () [File not signed]
FirewallRules: [{93AD54DC-1B26-4A90-98F9-A2C2F74CD2E8}] => (Block) %SystemDrive%\TRANSLAT\WDICT32.EXE () [File not signed]
FirewallRules: [{49874CE5-6E4A-4901-8EBE-4EE075E0E312}] => (Allow) C:\TRANSLAT\WTRAN32.EXE () [File not signed]
FirewallRules: [{3CF30845-D482-486C-9502-7D4877898655}] => (Allow) C:\TRANSLAT\WTRAN32.EXE () [File not signed]
FirewallRules: [{8131BC35-BA2B-4747-8ADC-BFB1D13651CF}] => (Allow) C:\TRANSLAT\WTRAN32.EXE () [File not signed]
FirewallRules: [{5F64E7B6-C0CF-426C-858B-9AC1BA928711}] => (Allow) C:\TRANSLAT\WTRAN32.EXE () [File not signed]
FirewallRules: [{5B98CA41-8F4C-4172-A27F-4D3144BAD035}] => (Allow) C:\TRANSLAT\WDICT32.EXE () [File not signed]
FirewallRules: [{4144B652-A6CB-4044-9922-22BDE5F8C939}] => (Allow) C:\TRANSLAT\WDICT32.EXE () [File not signed]
FirewallRules: [{A3CBFD64-ECA5-4480-AD71-A5E3F2CED468}] => (Allow) C:\TRANSLAT\WDICT32.EXE () [File not signed]
FirewallRules: [{DFAD9EAA-0F99-4C27-9024-5430275E5ABE}] => (Allow) C:\TRANSLAT\WDICT32.EXE () [File not signed]
FirewallRules: [{9A69E28E-F313-4400-AE5F-474CD7F8C037}] => (Allow) C:\Users\ritchi\AppData\Roaming\uTorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{1DF49B80-9E94-49CC-BFB4-F43494005A9D}] => (Allow) C:\Users\ritchi\AppData\Roaming\uTorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{1BF4DD30-A995-4A7D-90C5-6C4E1FDE9C8A}] => (Allow) %APPDATA%\uTorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{84E24549-43B4-4391-8518-089F85CA7C3F}] => (Allow) C:\Program Files\Pale Moon\palemoon.exe (Moonchild Productions) [File not signed]
FirewallRules: [{37C5DA5A-3666-4D3A-BAA1-64E2897A7DF6}] => (Allow) C:\Program Files\Pale Moon\palemoon.exe (Moonchild Productions) [File not signed]
FirewallRules: [{752E0023-66BC-4B2B-B638-01549544D3BD}] => (Allow) C:\Program Files (x86)\Maxthon3\Bin\MxUp.exe (Maxthon (Asia) Limited. -> Maxthon International ltd.)
FirewallRules: [{669B613B-5A87-48D8-9E95-44C615E533D9}] => (Allow) C:\Program Files (x86)\Maxthon3\Bin\MxUp.exe (Maxthon (Asia) Limited. -> Maxthon International ltd.)
FirewallRules: [{D2797BB3-18DE-4B2A-9066-A18A31F63AF4}] => (Allow) C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe (Maxthon (Asia) Limited. -> Maxthon International ltd.)
FirewallRules: [{137708CF-B40D-4A15-B415-C73211053EFA}] => (Allow) C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe (Maxthon (Asia) Limited. -> Maxthon International ltd.)
FirewallRules: [TCP Query User{E84D9848-81D2-4DDB-8E1A-90A7DD28E008}C:\program files\openshot video editor\launch.exe] => (Block) C:\program files\openshot video editor\launch.exe () [File not signed]
FirewallRules: [UDP Query User{5D332C8A-908F-4322-9836-079982BF87B0}C:\program files\openshot video editor\launch.exe] => (Block) C:\program files\openshot video editor\launch.exe () [File not signed]
FirewallRules: [{C4A8D6E6-29F1-4DC8-99F8-EB2A05B1066D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{2EF314B2-95E0-4429-BAB1-D7A10AD14EF2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5EFC21FB-5A23-43EB-8AAE-24217A1EE94D}] => (Allow) I:\PORTABLE_EXPLOITER\OperaPortable64-65.0.3467.78\OperaPortable64\66.0.3515.72\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{0D122DDF-C44B-412C-9102-F47C4F657BB3}] => (Allow) I:\PORTABLE_EXPLOITER\OperaPortable64-65.0.3467.78\OperaPortable64\66.0.3515.103\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{DF73B30F-61CD-44B5-ACEE-D19F1905BD98}] => (Allow) C:\Program Files\Waterfox\waterfox.exe (Waterfox Ltd -> Mozilla Corporation)
FirewallRules: [{59EF2A23-4570-4682-922E-1B6D3E2599F1}] => (Allow) C:\Program Files\Waterfox\waterfox.exe (Waterfox Ltd -> Mozilla Corporation)

==================== Restore Points =========================

25-02-2020 18:30:43 adobe acrobat dc
25-02-2020 18:31:42 Installed Adobe Acrobat DC.
25-02-2020 21:35:39 Revo Uninstaller Pro's restore point - Adobe Acrobat DC
25-02-2020 21:36:17 Removed Adobe Acrobat DC.
25-02-2020 22:19:41 Operace obnovení
25-02-2020 22:36:55 Windows Update
26-02-2020 00:03:14 Installed Adobe Acrobat DC.
26-02-2020 20:26:36 Revo Uninstaller Pro's restore point - Malwarebytes Anti-Malware verze 2.1.4.1018
26-02-2020 20:30:51 Revo Uninstaller Pro's restore point - Malwarebytes verze 3.8.3.2965
27-02-2020 09:25:49 Revo Uninstaller Pro's restore point - Adobe Photoshop CC 2018
27-02-2020 11:49:16 Windows Update
28-02-2020 18:58:21 Windows Update
28-02-2020 19:29:34 Windows Update
28-02-2020 19:46:47 Windows Update
28-02-2020 19:59:56 Windows Update
28-02-2020 20:21:13 Windows Update

==================== Faulty Device Manager Devices ============

Name: Myš Microsoft pro port PS/2
Description: Myš Microsoft pro port PS/2
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: ========================

Application errors:
==================
Error: (02/28/2020 12:43:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: waterfox.exe, verze: 55.2.0.6485, časové razítko: 0x59d305c2
Název chybujícího modulu: xul.dll, verze: 55.2.0.6485, časové razítko: 0x59d3063e
Kód výjimky: 0x80000003
Posun chyby: 0x0000000002844e8d
ID chybujícího procesu: 0xc84
Čas spuštění chybující aplikace: 0x01d5edc5bdfe66c3
Cesta k chybující aplikaci: C:\Program Files\Waterfox\waterfox.exe
Cesta k chybujícímu modulu: C:\Program Files\Waterfox\xul.dll
ID zprávy: fb34eaac-59ba-11ea-8987-00113b0a737c

Error: (02/27/2020 10:54:03 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Index nebyl inicializován.

Podrobnosti:
	Katalog indexu obsahu je poškozený.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/27/2020 10:54:03 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Aplikace nebyla inicializována.

Kontext: aplikace Windows

Podrobnosti:
	Katalog indexu obsahu je poškozený.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/27/2020 10:54:03 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Objekt indexování nebyl inicializován.

Kontext: aplikace Windows, katalog SystemIndex

Podrobnosti:
	Katalog indexu obsahu je poškozený.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/27/2020 10:54:03 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Modul plug-in v <Search.TripoliIndexer> nebyl inicializován.

Kontext: aplikace Windows, katalog SystemIndex

Podrobnosti:
	Prvek nebyl nalezen.  (HRESULT : 0x80070490) (0x80070490)

Error: (02/27/2020 10:54:02 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Modul plug-in v <Search.JetPropStore> nebyl inicializován.

Kontext: aplikace Windows, katalog SystemIndex

Podrobnosti:
	Katalog indexu obsahu je poškozený.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/27/2020 10:54:02 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Služba Windows Search nenačetla informace o úložišti vlastností.

Kontext: aplikace Windows, katalog SystemIndex

Podrobnosti:
	Databáze indexu obsahu je poškozená.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (02/27/2020 10:54:02 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Služba Windows Search byla zastavena, protože došlo k problému s indexovacím modulem The catalog is corrupt.

Podrobnosti:
	Katalog indexu obsahu je poškozený.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (02/28/2020 09:13:38 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 40.

Error: (02/28/2020 09:13:38 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.

Error: (02/28/2020 08:58:40 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Při pokusu o načtení souboru místních hostitelů došlo k chybě.

Error: (02/28/2020 08:58:38 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Při pokusu o načtení souboru místních hostitelů došlo k chybě.

Error: (02/28/2020 08:58:34 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (02/28/2020 08:58:34 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (02/28/2020 08:28:09 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80092004): Aktualizace zabezpečení systému Windows (KB4516065).

Error: (02/28/2020 08:02:40 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80092004): 2020-01, kum. akt. zab. a kval. pro .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 pro Windows 7 a Server 2008 R2 pro x64 (KB4535102).


Windows Defender:
===================================
Date: 2019-12-18 10:09:54.196
Description: 
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání:{022B87FA-6F1D-4F72-9369-461DE8CD8915}
Typ prohledávání:Antispywarový program
Parametry prohledávání:Rychlé prohledávání
Uživatel:NT AUTHORITY\NETWORK SERVICE

Date: 2020-02-25 15:29:36.464
Description: 
Prohledávání Windows Defender zjistilo chybu při pokusu o načtení podpisů a pokusí se o obnovení sady podpisů, jejichž správnost je potvrzena.
Podpisy, které se měly načíst:Aktuální
Kód chyby:0x80070002
Popis chyby:Systém nemůže nalézt uvedený soubor. 
Verze podpisu:0.0.0.0
Verze modulu:0.0.0.0

Date: 2018-12-17 15:38:32.893
Description: 
Modul programu %1 byl ukončen v důsledku neočekávané chyby.
Typ chyby:%5
Kód výjimky:%6
Zdroj:%3

Date: 2018-10-09 12:16:59.841
Description: 
Prohledávání Windows Defender zjistilo chybu při pokusu o načtení podpisů a pokusí se o obnovení sady podpisů, jejichž správnost je potvrzena.
Podpisy, které se měly načíst:Aktuální
Kód chyby:0x80070002
Popis chyby:Systém nemůže nalézt uvedený soubor. 
Verze podpisu:0.0.0.0
Verze modulu:0.0.0.0

CodeIntegrity:
===================================

Date: 2019-04-27 00:33:32.034
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Common Files\adaware\adaware antivirus\updater\12.6.1005.11662\AdAwareUpdater.exe because the set of per-page image hashes could not be found on the system.

Date: 2019-03-08 16:07:42.108
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\PORTABLE_EXPLOITER\AIDA64-Engineer-590\aida64engineer590\kerneld.x64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-03-08 16:07:42.049
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\PORTABLE_EXPLOITER\AIDA64-Engineer-590\aida64engineer590\kerneld.x64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-11-05 15:39:54.420
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\PORTABLE_EXPLOITER\AIDA64-Engineer-590\aida64engineer590\kerneld.x64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-11-05 15:39:54.357
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\PORTABLE_EXPLOITER\AIDA64-Engineer-590\aida64engineer590\kerneld.x64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-10-09 11:53:20.632
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-10-09 11:53:20.567
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-10-09 11:47:39.384
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info =========================== 

BIOS: American Megatrends Inc. 1003 08/23/2010
Motherboard: ASUSTeK Computer INC. P5KPL-VM
Processor: Intel(R) Core(TM)2 Duo CPU E8500 @ 3.16GHz
Percentage of memory in use: 90%
Total physical RAM: 4095.24 MB
Available physical RAM: 378.04 MB
Total Virtual: 8188.63 MB
Available Virtual: 3553.96 MB

==================== Drives ================================

Drive c: (SYSTEMx64) (Fixed) (Total:106.36 GB) (Free:17.59 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DATA-Exp) (Fixed) (Total:239.12 GB) (Free:32.69 GB) NTFS
Drive e: (OFFICE-Exp) (Fixed) (Total:97.66 GB) (Free:21.3 GB) NTFS
Drive f: (WORK) (Fixed) (Total:97.66 GB) (Free:19.87 GB) NTFS
Drive g: (STORAGE) (Fixed) (Total:292.97 GB) (Free:25 GB) NTFS
Drive i: (INSTAL) (Fixed) (Total:97.66 GB) (Free:12.5 GB) NTFS
Drive j: (Seagate Expansion Drive) (Fixed) (Total:1863.02 GB) (Free:36.2 GB) NTFS


==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: A9357F51)
Partition 1: (Active) - (Size=106.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=239.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=390.6 GB) - (Type=0F Extended)

==========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 908B2E79)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================