Fix result of Farbar Recovery Scan Tool (x64) Version: 18-03-2023
Ran by Ales (19-03-2023 08:18:03) Run:1
Running from C:\Users\Ales\Desktop
Loaded Profiles: Ales
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTIONHKU\S-1-5-21-3352564528-3040097530-3919066381-1001\...\MountPoints2: D - "D:\setup.exe"
HKU\S-1-5-21-3352564528-3040097530-3919066381-1001\...\MountPoints2: E - "E:\Autorun.exe"
HKU\S-1-5-21-3352564528-3040097530-3919066381-1001\...\MountPoints2: G - "G:\Setup.exe"
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {7AA9200F-FAAF-42B2-9BD4-4E7CE9873785} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe scan upload mininterval:2880 (No File)
C:\Users\Ales\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
AlternateDataStreams: C:\Users\Ales\Documents\Obrázek (2).bmp:3or4kl4x13tuuug3Byamue2s4b [97]
AlternateDataStreams: C:\Users\Ales\Documents\Obrázek (2).bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Ales\Documents\Obrázek (3).bmp:3or4kl4x13tuuug3Byamue2s4b [97]
AlternateDataStreams: C:\Users\Ales\Documents\Obrázek (3).bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Ales\Documents\Obrázek.bmp:3or4kl4x13tuuug3Byamue2s4b [97]
AlternateDataStreams: C:\Users\Ales\Documents\Obrázek.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Ales\Documents\Obrázek.bmp.bmp:3or4kl4x13tuuug3Byamue2s4b [97]
AlternateDataStreams: C:\Users\Ales\Documents\Obrázek.bmp.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
FirewallRules: [{D8548FF5-043E-4B44-ADC8-89EE7DD737F9}] => (Allow) C:\Programy\Microsoft Office\Office12\GROOVE.EXE => No File
FirewallRules: [{3DACFC97-D250-40E3-9239-737C913AEBAE}] => (Allow) C:\Programy\Microsoft Office\Office12\GROOVE.EXE => No File
FirewallRules: [{EE6856D5-ACEF-4884-A4CE-CF99C51D8975}] => (Allow) C:\Programy\Microsoft Office\Office12\ONENOTE.EXE => No File
FirewallRules: [{D6D2AE73-9142-49EB-BCBD-86BDE3A8982C}] => (Allow) C:\Programy\Microsoft Office\Office12\ONENOTE.EXE => No File
FirewallRules: [TCP Query User{65280F92-98BF-4650-9880-216D90649401}C:\hry\anno - history collection\anno 1701\anno1701.exe] => (Allow) C:\hry\anno - history collection\anno 1701\anno1701.exe => No File
FirewallRules: [UDP Query User{165F8E1B-675D-440F-B912-B5156E64B1A3}C:\hry\anno - history collection\anno 1701\anno1701.exe] => (Allow) C:\hry\anno - history collection\anno 1701\anno1701.exe => No File
FirewallRules: [TCP Query User{DCA112C9-8D5A-41C4-9353-325DAEE79C5F}C:\hry\anno - history collection\anno 1602\anno1602.exe] => (Allow) C:\hry\anno - history collection\anno 1602\anno1602.exe => No File
FirewallRules: [UDP Query User{22833491-CFCE-4C0F-AAB6-B24BE5CAE629}C:\hry\anno - history collection\anno 1602\anno1602.exe] => (Allow) C:\hry\anno - history collection\anno 1602\anno1602.exe => No File
FirewallRules: [TCP Query User{823FD50D-D775-402E-8B48-B29192D476AD}C:\hry\anno - history collection\anno 1503\anno1503.exe] => (Allow) C:\hry\anno - history collection\anno 1503\anno1503.exe => No File
FirewallRules: [UDP Query User{866C8773-D874-4DF1-BF56-ED4963A0AC9C}C:\hry\anno - history collection\anno 1503\anno1503.exe] => (Allow) C:\hry\anno - history collection\anno 1503\anno1503.exe => No File
FirewallRules: [TCP Query User{1269DC85-9D68-43F5-A8FD-D6398AC6E3BF}C:\hry\anno - history collection\anno 1404\anno1404addon.exe] => (Allow) C:\hry\anno - history collection\anno 1404\anno1404addon.exe => No File
FirewallRules: [UDP Query User{840F4779-2A2D-4FC9-99A0-A30BA14B9A45}C:\hry\anno - history collection\anno 1404\anno1404addon.exe] => (Allow) C:\hry\anno - history collection\anno 1404\anno1404addon.exe => No File
FirewallRules: [TCP Query User{6614076E-4FC0-4478-A59F-B60042453D81}C:\hry\anno - history collection\anno 1404\anno1404.exe] => (Allow) C:\hry\anno - history collection\anno 1404\anno1404.exe => No File
FirewallRules: [UDP Query User{7A42FE06-2E9B-47ED-9CC6-799F3CCA4682}C:\hry\anno - history collection\anno 1404\anno1404.exe] => (Allow) C:\hry\anno - history collection\anno 1404\anno1404.exe => No File

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiSpyware"="0" => value restored successfully
"HKU\HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTIONS-1-5-21-3352564528-3040097530-3919066381-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTIOND" => not found
HKU\S-1-5-21-3352564528-3040097530-3919066381-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E => removed successfully
HKU\S-1-5-21-3352564528-3040097530-3919066381-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7AA9200F-FAAF-42B2-9BD4-4E7CE9873785}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7AA9200F-FAAF-42B2-9BD4-4E7CE9873785}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\OfficeTelemetryAgentFallBack" => removed successfully
C:\Users\Ales\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\Users\Ales\Documents\Obrázek (2).bmp => ":3or4kl4x13tuuug3Byamue2s4b" ADS could not remove.
C:\Users\Ales\Documents\Obrázek (2).bmp => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Ales\Documents\Obrázek (3).bmp => ":3or4kl4x13tuuug3Byamue2s4b" ADS could not remove.
C:\Users\Ales\Documents\Obrázek (3).bmp => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Ales\Documents\Obrázek.bmp => ":3or4kl4x13tuuug3Byamue2s4b" ADS could not remove.
C:\Users\Ales\Documents\Obrázek.bmp => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\Ales\Documents\Obrázek.bmp.bmp => ":3or4kl4x13tuuug3Byamue2s4b" ADS could not remove.
C:\Users\Ales\Documents\Obrázek.bmp.bmp => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D8548FF5-043E-4B44-ADC8-89EE7DD737F9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3DACFC97-D250-40E3-9239-737C913AEBAE}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EE6856D5-ACEF-4884-A4CE-CF99C51D8975}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D6D2AE73-9142-49EB-BCBD-86BDE3A8982C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{65280F92-98BF-4650-9880-216D90649401}C:\hry\anno - history collection\anno 1701\anno1701.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{165F8E1B-675D-440F-B912-B5156E64B1A3}C:\hry\anno - history collection\anno 1701\anno1701.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{DCA112C9-8D5A-41C4-9353-325DAEE79C5F}C:\hry\anno - history collection\anno 1602\anno1602.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{22833491-CFCE-4C0F-AAB6-B24BE5CAE629}C:\hry\anno - history collection\anno 1602\anno1602.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{823FD50D-D775-402E-8B48-B29192D476AD}C:\hry\anno - history collection\anno 1503\anno1503.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{866C8773-D874-4DF1-BF56-ED4963A0AC9C}C:\hry\anno - history collection\anno 1503\anno1503.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{1269DC85-9D68-43F5-A8FD-D6398AC6E3BF}C:\hry\anno - history collection\anno 1404\anno1404addon.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{840F4779-2A2D-4FC9-99A0-A30BA14B9A45}C:\hry\anno - history collection\anno 1404\anno1404addon.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6614076E-4FC0-4478-A59F-B60042453D81}C:\hry\anno - history collection\anno 1404\anno1404.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{7A42FE06-2E9B-47ED-9CC6-799F3CCA4682}C:\hry\anno - history collection\anno 1404\anno1404.exe" => removed successfully

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 1572864 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 923466609 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 521880157 B
Windows/system/drivers => 6755999 B
Edge => 0 B
Firefox => 1389086374 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 243220 B
NetworkService => 245102 B
Ales => 20959536 B

RecycleBin => 7497772134 B
EmptyTemp: => 9.7 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 08:22:28 ====