kontrola prosím logu (leze na mě vir)

Zpráva

domd2u · #1 Příspěvek od **domd2u** » 15 dub 2020 18:28

díky moc!
LOG ZDE + příloha

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-04-2020
Ran by admin (administrator) (15-04-2020 17:43:51)
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available Profiles: admin)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(ALPS ELECTRIC CO., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(ALPS ELECTRIC CO., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(ALPS ELECTRIC CO., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(GFI Software Development Ltd. -> Kerio Technologies Inc.) C:\Program Files (x86)\Kerio\VPN Client\kvpncsvc.exe
(Intel Corporation -> ) C:\Windows\System32\igfxTray.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel Corporation -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Software -> Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Intel(R) Software -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 20.0\avp.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 20.0\avpui.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_tray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\110\LocalDB\Binn\sqlservr.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.) C:\Windows\V0770Mon.exe
(Node.js Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\67.0.3575.137\opera.exe <24>
(Opera Software AS -> Opera Software) C:\Program Files\Opera\67.0.3575.137\opera_crashreporter.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <5>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(SatoshiLabs, s.r.o. -> ) C:\Program Files (x86)\TREZOR Bridge\trezord.exe
(Synology Inc. -> ) [File not signed] C:\Program Files (x86)\Synology\SynologyDrive\bin\vss-service-x64.exe
(Synology Inc. -> Synology Inc.) C:\Users\admin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\cloud-drive-connect.exe
(Synology Inc. -> Synology Inc.) C:\Users\admin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\cloud-drive-daemon.exe
(Synology Inc. -> Synology Inc.) C:\Users\admin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\cloud-drive-ui.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Veeam Software AG -> Veeam Software AG) C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Service.exe
(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [776224 2018-10-24] (ALPS ELECTRIC CO., LTD. -> Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9230280 2017-06-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1489384 2017-06-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => c:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [723928 2017-01-26] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3022416 2020-03-04] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7953504 2018-05-16] (Intel Corporation -> Motorola Solutions, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [309560 2020-03-22] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [6287872 2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [5314096 2020-03-06] (Adobe Inc. -> Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [V0770Mon.exe] => C:\Windows\V0770Mon.exe [32884 2012-06-01] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.)
HKLM-x32\...\Run: [Opera Browser Assistant] => C:\Program Files\Opera\assistant\browser_assistant.exe [3024920 2020-04-08] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-122242894-4265345237-2629763782-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22245560 2020-03-19] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-122242894-4265345237-2629763782-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-122242894-4265345237-2629763782-1000\...\Run: [CCXProcess] => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [648328 2020-03-09] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-122242894-4265345237-2629763782-1000\...\Run: [electron.app.Loom] => C:\Users\admin\AppData\Local\Programs\Loom\Loom.exe [99985288 2020-04-02] (Loom, Inc. -> Loom, Inc.)
HKU\S-1-5-21-122242894-4265345237-2629763782-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3370272 2020-03-27] (Valve -> Valve Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.163\Installer\chrmstp.exe [2020-04-08] (Google LLC -> Google LLC)
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Synology Drive Client.lnk [2020-04-15]
ShortcutTarget: Synology Drive Client.lnk -> C:\Program Files (x86)\Synology\SynologyDrive\bin\launcher.exe (Synology Inc.) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TREZOR Bridge.lnk [2019-12-30]
ShortcutTarget: TREZOR Bridge.lnk -> C:\Program Files (x86)\TREZOR Bridge\trezord.exe (SatoshiLabs, s.r.o. -> )
GroupPolicy: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0400AB4B-23AC-4E8E-809E-576AAA9CC77B} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-03-19] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {191473A0-6BC3-4EED-8B0E-DCAFCCDA93B6} - System32\Tasks\Opera scheduled assistant Autoupdate 1582802302 => C:\Program Files\Opera\launcher.exe [1538584 2020-04-08] (Opera Software AS -> Opera Software)
Task: {269071B8-CFB1-4BFE-A35D-ED8CC329006B} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-04-13] (Dropbox, Inc -> Dropbox, Inc.)
Task: {3DA73EE8-4EDF-4201-A7EC-EFD6204C51F1} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [791232 2019-12-08] (Kaspersky Lab -> AO Kaspersky Lab)
Task: {3DD51CD3-73AA-45E5-B901-43FA0B63EFD0} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1489384 2017-06-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {4EEB50E9-7924-4BD5-8494-414D4822F854} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-04-13] (Dropbox, Inc -> Dropbox, Inc.)
Task: {57997F11-4BA1-4D8B-8FD6-A5626AF97333} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-12] (Google Inc -> Google Inc.)
Task: {64E92CA2-1242-41CF-81A9-DE571EDDA86A} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3022416 2020-03-04] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {6814DAB6-9EB5-448A-AEA6-485D97431E19} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {71DA2293-9C35-45A9-9684-51909CB89FB9} - System32\Tasks\kpm_tray.exe => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_tray.exe [629352 2020-04-01] (Kaspersky Lab -> AO Kaspersky Lab)
Task: {72D01CFD-7AB6-470C-946E-33A5C4E47325} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1242704 2020-02-25] (Adobe Inc. -> Adobe Systems)
Task: {7A4E4B69-15F9-4768-B70D-AE3A85D6933C} - System32\Tasks\AdobeAAMUpdater-1.0-admin-PC-admin => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {85B102B5-E0A5-4737-8E2F-1CFC528D4201} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task
Task: {B4658765-C6F7-45B1-BA42-EE7C3757F8CB} - System32\Tasks\Opera scheduled Autoupdate 1523440318 => C:\Program Files\Opera\launcher.exe [1538584 2020-04-08] (Opera Software AS -> Opera Software)
Task: {BF91FF56-6FEE-4935-819A-3D053264BB7B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-04-12] (Google Inc -> Google Inc.)
Task: {D8F792C4-BB18-46FD-B162-9398A4C926BA} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [668464 2017-02-24] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {FBE62B31-F4DC-4C43-9AB8-990E8F3E2ADC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18227896 2020-03-19] (Piriform Software Ltd -> Piriform Software Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Hosts: 192.168.168.1 gorila
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0EEE0634-442D-450E-92EE-CC5CB6EF655B}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{4D9422D4-0842-41C1-BB0F-AFE5BBE07AC5}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8B5D3372-9F7D-47B9-8E35-9978EFB65167}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E996A08C-4A3D-4B72-B234-E422A753276C}: [DhcpNameServer] 172.20.10.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-122242894-4265345237-2629763782-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_241\bin\ssv.dll [2020-01-19] (Oracle America, Inc. -> Oracle Corporation)
BHO: Kaspersky Protection -> {9F904093-6E18-4536-BF5F-B03689CF00F0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 20.0\x64\IEExt\ie_plugin.dll [2019-12-19] (Kaspersky Lab -> AO Kaspersky Lab)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2018-02-22] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_241\bin\jp2ssv.dll [2020-01-19] (Oracle America, Inc. -> Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2018-02-22] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Kaspersky Protection -> {9F904093-6E18-4536-BF5F-B03689CF00F0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 20.0\IEExt\ie_plugin.dll [2019-12-19] (Kaspersky Lab -> AO Kaspersky Lab)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2018-02-22] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2018-02-22] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2018-02-22] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Kaspersky Protection Toolbar - {EF293C5A-9F37-49FD-91C4-2B867063FC54} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 20.0\x64\IEExt\ie_plugin.dll [2019-12-19] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2018-02-22] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {EF293C5A-9F37-49FD-91C4-2B867063FC54} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 20.0\IEExt\ie_plugin.dll [2019-12-19] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-122242894-4265345237-2629763782-1000 -> No Name - {C500C267-63BF-451F-8797-4D720C9A2ED9} - No File
Toolbar: HKU\S-1-5-21-122242894-4265345237-2629763782-1000 -> Kaspersky Protection Toolbar - {EF293C5A-9F37-49FD-91C4-2B867063FC54} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 20.0\x64\IEExt\ie_plugin.dll [2019-12-19] (Kaspersky Lab -> AO Kaspersky Lab)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab

FireFox:
========
FF DefaultProfile: hlrllo12.default
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hlrllo12.default [2020-04-15]
FF Extension: (Video DownloadHelper) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hlrllo12.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2020-03-31]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2019-05-02]
FF HKLM\...\Firefox\Extensions: [light_plugin_A07576A3CEBC4A72A8CF2C925907DB05@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_A07576A3CEBC4A72A8CF2C925907DB05@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi => not found
FF Plugin: @java.com/DTPlugin,version=11.241.2 -> C:\Program Files\Java\jre1.8.0_241\bin\dtplugin\npDeployJava1.dll [2020-01-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.241.2 -> C:\Program Files\Java\jre1.8.0_241\bin\plugin2\npjp2.dll [2020-01-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2019-07-05] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2020-03-06] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2019-07-05] (Adobe Inc. -> Adobe Systems)
FF Plugin HKU\S-1-5-21-122242894-4265345237-2629763782-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\admin\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-04-09] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2018-12-31] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2018-12-31] <==== ATTENTION

Chrome:
=======
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default [2020-04-15]
CHR DownloadDir: C:\Users\admin\Desktop
CHR Extension: (Slides) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-04-12]
CHR Extension: (The Flash Video DÐ¾wnlÐ¾ader) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\amjcoehkcacocffpmhnefgoeanepjfkf [2019-05-17]
CHR Extension: (Docs) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-18]
CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-04-18]
CHR Extension: (Video Downloader Plus) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\baejfnndpekpkaaancgpakjaengfpopk [2019-05-05]
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-18]
CHR Extension: (Kaspersky Protection) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elhpdacimkjpccooodognopfhbdgnpbk [2020-02-16]
CHR Extension: (Video Downloader professional) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2019-04-13]
CHR Extension: (Facebook Pixel Helper) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2019-10-06]
CHR Extension: (Full Page Screen Capture) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2019-12-03]
CHR Extension: (Sheets) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-12]
CHR Extension: (Google Docs Offline) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-03-16]
CHR Extension: (Video DownloadHelper) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2020-04-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (VLC Video Downloader) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pggkpkppiimfmjhlnkdhaleiomejgedd [2018-12-31]
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-30]
CHR Extension: (Chrome Media Router) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-03]
CHR HKLM\...\Chrome\Extension: [elhpdacimkjpccooodognopfhbdgnpbk] - hxxps://chrome.google.com/webstore/detail/elhpdacimkjpccooodognopfhbdgnpbk
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [elhpdacimkjpccooodognopfhbdgnpbk] - hxxps://chrome.google.com/webstore/detail/elhpdacimkjpccooodognopfhbdgnpbk

Opera:
=======
OPR DownloadDir: C:\Users\admin\Desktop
OPR Extension: (ColorPicker Eyedropper) - C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Extensions\cipppkeobpmlmliibpodfhifcanklcog [2019-06-04]
OPR Extension: (Facebook Pixel Helper) - C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2020-03-19]
OPR Extension: (Nimbus Screenshot & Screen Video Recorder) - C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Extensions\gjpihpkhgfngnbhhfdehlcmgfahbciip [2019-07-31]
OPR Extension: (Google Analytics Opt-out (by Google)) - C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Extensions\hmffjpdmbgflojiohllanjaggdenggdo [2019-12-12]
OPR Extension: (LastPass: Free Password Manager) - C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Extensions\hnjalnkldgigidggphhmacmimbdlafdo [2020-04-08]
OPR Extension: (Install Chrome Extensions) - C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2020-02-17]
OPR Extension: (Vimeo Video Downloader) - C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Extensions\mpgjfjgapmmhnhbbmhcoocbpcjmcbcmg [2019-05-05]
OPR Extension: (Joxi Full Page Screen Capture) - C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Extensions\olcjlnemiokabjjpoapmehgbmkdglimf [2019-07-31]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [816184 2019-07-05] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3374160 2020-03-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3103824 2020-03-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [104800 2018-10-24] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-03-12] (Apple Inc. -> Apple Inc.)
R2 AVP20.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 20.0\avp.exe [357416 2019-03-21] (Kaspersky Lab -> AO Kaspersky Lab)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-04-13] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-04-13] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [44552 2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1392792 2018-03-01] (Intel(R) Software -> Intel Corporation)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [532968 2018-05-19] (Intel Corporation -> Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [353768 2018-12-22] (Intel Corporation -> Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [732448 2017-02-24] (Intel(R) Trust Services -> Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [548648 2017-02-24] (Intel(R) Trust Services -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [197264 2017-06-26] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
S3 klvssbridge64_20.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 20.0\x64\vssbridge64.exe [438928 2019-03-21] (Kaspersky Lab -> AO Kaspersky Lab)
S3 kpm_launch_service; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_service.exe [354152 2020-04-01] (Kaspersky Lab -> AO Kaspersky Lab)
S3 KSDE2.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe [354672 2017-01-24] (Kaspersky Lab -> AO Kaspersky Lab)
R2 KVPNCSvc; C:\Program Files (x86)\Kerio\VPN Client\kvpncsvc.exe [1988456 2019-01-30] (GFI Software Development Ltd. -> Kerio Technologies Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [309984 2017-06-21] (Realtek Semiconductor Corp -> Realtek Semiconductor)
R2 Synology Drive VSS Service x64; C:\Program Files (x86)\Synology\SynologyDrive\bin\vss-service-x64.exe [365080 2019-07-23] (Synology Inc. -> ) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13216784 2020-04-09] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 VeeamEndpointBackupSvc; C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Service.exe [114952 2017-04-23] (Veeam Software AG -> Veeam Software AG)
R2 WavesSysSvc; c:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [615384 2017-02-07] (Waves Inc -> Waves Audio Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [99272 2018-05-16] (Intel Corporation -> Motorola Solutions, Inc.)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [156616 2018-05-16] (Intel Corporation -> Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1566152 2018-05-16] (Intel Corporation -> Motorola Solutions, Inc.)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [246912 2019-02-16] (Kaspersky Lab -> AO Kaspersky Lab)
S3 dbx; C:\Windows\System32\DRIVERS\dbx.sys [47600 2019-10-15] (Microsoft Windows Hardware Compatibility Publisher -> Dropbox, Inc.)
S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [41608 2019-02-28] (Techporch Incorporated -> Dell Inc.)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [41208 2019-02-28] (Techporch Incorporated -> Dell Computer Corporation)
R3 dptf_acpi; C:\Windows\System32\DRIVERS\dptf_acpi.sys [55784 2018-03-01] (Intel(R) Software -> Intel Corporation)
R3 dptf_cpu; C:\Windows\System32\DRIVERS\dptf_cpu.sys [52200 2018-03-01] (Intel(R) Software -> Intel Corporation)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [525800 2017-03-19] (Intel(R) INTELND1617 -> Intel Corporation)
R3 esif_lf; C:\Windows\System32\DRIVERS\esif_lf.sys [260072 2018-03-01] (Intel(R) Software -> Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [31712 2018-03-01] (Intel(R) Rapid Storage Technology -> Intel Corporation)
R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [124872 2018-05-17] (Intel Corporation -> Intel Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [2682824 2017-06-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [531584 2019-03-18] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [79768 2020-04-13] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [145504 2020-02-12] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [93312 2019-03-13] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [251800 2020-04-13] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klgse; C:\Windows\System32\DRIVERS\klgse.sys [586496 2020-01-27] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLHK; C:\Windows\System32\DRIVERS\klhk.sys [1163216 2020-01-24] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [998296 2020-04-13] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klim6; C:\Windows\System32\DRIVERS\klim6.sys [58192 2019-03-19] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [79760 2020-04-13] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [59512 2019-03-18] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [51328 2019-03-13] (Kaspersky Lab -> AO Kaspersky Lab)
R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [52152 2016-06-07] (AnchorFree Inc -> The OpenVPN Project)
R1 klwfp; C:\Windows\System32\DRIVERS\klwfp.sys [105600 2019-03-05] (Kaspersky Lab -> AO Kaspersky Lab)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [211048 2019-12-19] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [232344 2020-04-13] (Kaspersky Lab -> AO Kaspersky Lab)
R3 kvnet; C:\Windows\System32\DRIVERS\kvnet.sys [48552 2018-05-15] (GFI Software Development Limited -> Kerio Technologies Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [200792 2018-03-01] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [23040 2018-02-01] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw04.sys [3441424 2018-03-01] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
S3 RT-USB; C:\Windows\System32\drivers\RT-USB64.SYS [70984 2010-06-16] (Ross-Tech, LLC -> Ross-Tech LLC)
R0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [22128 2011-07-15] (STMicroelectronics -> ST Microelectronics)
R3 ST_Accel; C:\Windows\System32\DRIVERS\ST_Accel.sys [75952 2018-03-01] (STMicroelectronics -> STMicroelectronics)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2018-02-01] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 V0770Vid; C:\Windows\System32\DRIVERS\V0770Vid.sys [379776 2012-06-01] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.)
R1 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [828688 2018-04-13] (IDRIX -> IDRIX)
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64_prewin8.sys [31920 2018-02-26] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
S3 CtClsFlt; system32\DRIVERS\CtClsFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-04-15 17:43 - 2020-04-15 17:44 - 000037547 _____ C:\Users\admin\Desktop\FRST.txt
2020-04-15 17:43 - 2020-04-15 17:44 - 000000000 ____D C:\FRST
2020-04-15 17:43 - 2020-04-15 17:43 - 002281472 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2020-04-11 09:32 - 2020-04-11 09:32 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2020-04-10 18:41 - 2020-04-15 17:22 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-04-09 16:55 - 2020-04-09 16:55 - 000000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2020-04-04 11:27 - 2020-04-04 11:27 - 007650630 _____ C:\Users\admin\Desktop\PriruckaProUzivatele.pdf
2020-04-03 00:31 - 2020-04-03 00:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2020-04-02 15:23 - 2020-04-02 15:23 - 000000000 ____D C:\Users\admin\Desktop\www.eurosnack.cz
2020-04-02 15:09 - 2020-04-15 17:37 - 000000000 ____D C:\Users\admin\AppData\Roaming\Creative
2020-04-02 15:09 - 2020-04-02 15:10 - 000000000 ____D C:\ProgramData\Creative
2020-04-02 13:50 - 2020-04-02 13:50 - 000000000 ____D C:\Windows\CtDrvInstall
2020-04-02 13:50 - 2011-04-28 16:29 - 000392192 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\V0770Afx.sys
2020-04-02 13:50 - 2006-10-06 14:17 - 000053248 ____N (Creative Technology Ltd ) C:\Windows\Ctregrun.exe
2020-04-02 13:50 - 2003-06-12 23:25 - 000007062 _____ C:\Windows\SysWOW64\audiopid.vxd
2020-04-02 13:50 - 2000-05-22 16:58 - 000647872 ____N (Microsoft Corporation) C:\Windows\SysWOW64\Mscomct2.ocx
2020-04-02 13:48 - 2020-04-15 17:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2020-04-02 13:48 - 2020-04-15 17:41 - 000000000 ____D C:\Program Files (x86)\Creative
2020-04-02 13:48 - 2006-09-19 13:56 - 000057656 ____N C:\Windows\system32\Drivers\FilterPC.bmp
2020-04-01 18:19 - 2020-04-01 18:19 - 000000000 ____D C:\Users\admin\Desktop\IMPORT clenu
2020-04-01 14:20 - 2020-04-01 14:20 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2020-04-01 14:20 - 2020-04-01 14:20 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2020-04-01 14:20 - 2020-04-01 14:20 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2020-04-01 14:20 - 2020-04-01 14:20 - 000044552 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2020-04-01 08:19 - 2020-04-01 08:19 - 000026309 _____ C:\Users\admin\Desktop\export_7.csv
2020-04-01 08:13 - 2020-04-01 08:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 6.3
2020-03-31 14:25 - 2020-04-14 12:41 - 000000000 ____D C:\Users\admin\Desktop\RH finalni PDF - NEMAZAT
2020-03-29 21:05 - 2020-03-29 21:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2020-03-29 21:05 - 2020-03-29 21:05 - 000000000 ____D C:\Program Files\qBittorrent
2020-03-29 16:47 - 2020-03-29 16:47 - 005505660 _____ C:\Users\admin\Desktop\VIRUS-PROTECTION.pdf
2020-03-28 19:23 - 2020-04-15 17:38 - 000000000 ____D C:\Program Files (x86)\Steam
2020-03-28 19:23 - 2020-03-28 19:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2020-03-25 11:31 - 2020-03-31 19:15 - 000000000 ____D C:\Users\admin\Desktop\1 tyden plneni
2020-03-25 10:11 - 2020-03-25 10:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2020-03-25 10:10 - 2020-03-25 10:10 - 000000000 ____D C:\Program Files\iTunes
2020-03-25 10:10 - 2020-03-25 10:10 - 000000000 ____D C:\Program Files\iPod
2020-03-24 12:41 - 2020-03-24 12:41 - 000001047 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer.lnk
2020-03-21 21:42 - 2020-03-21 21:42 - 000001040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2019.lnk
2020-03-21 13:33 - 2020-03-21 13:33 - 000001031 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2020.lnk

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-04-15 17:44 - 2018-04-12 13:32 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2020-04-15 17:44 - 2009-07-14 07:13 - 000782010 _____ C:\Windows\system32\PerfStringBackup.INI
2020-04-15 17:44 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2020-04-15 17:41 - 2019-10-10 20:52 - 000000000 ____D C:\Users\admin\Justinmind
2020-04-15 17:41 - 2019-10-10 20:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Justinmind
2020-04-15 17:41 - 2019-10-10 20:51 - 000000000 ____D C:\Program Files (x86)\Justinmind
2020-04-15 17:40 - 2019-08-26 14:24 - 000000000 ____D C:\ProgramData\PCDr
2020-04-15 17:40 - 2019-08-26 14:23 - 000000000 ____D C:\ProgramData\SupportAssist
2020-04-15 17:40 - 2019-08-26 14:23 - 000000000 ____D C:\Program Files\Dell
2020-04-15 17:40 - 2018-04-11 11:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2020-04-15 17:38 - 2019-12-08 11:34 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2020-04-15 17:38 - 2019-10-16 15:44 - 000000000 ____D C:\Users\admin\AppData\Roaming\Loom
2020-04-15 17:38 - 2019-08-31 10:54 - 000000000 ____D C:\Users\admin\AppData\Local\SynologyDrive
2020-04-15 17:38 - 2018-04-13 16:06 - 000000902 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2020-04-15 17:38 - 2018-04-11 12:26 - 000000000 __SHD C:\Users\admin\IntelGraphicsProfiles
2020-04-15 17:38 - 2018-04-11 12:01 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2020-04-15 17:38 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-04-15 17:32 - 2019-11-02 16:39 - 000012288 _____ C:\Windows\SysWOW64\antimalware.patch_management.product_registry.kvdb
2020-04-15 17:32 - 2019-04-09 11:16 - 000000000 ____D C:\Program Files\trend micro
2020-04-15 17:30 - 2009-07-14 06:45 - 000030704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-04-15 17:30 - 2009-07-14 06:45 - 000030704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-04-15 17:22 - 2018-04-12 13:42 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-04-15 17:22 - 2018-04-11 11:51 - 000000000 ____D C:\Program Files\Opera
2020-04-15 17:17 - 2019-12-15 16:51 - 000000000 ____D C:\Users\admin\Desktop\BIN novÃ½
2020-04-15 17:16 - 2019-01-28 21:45 - 000000000 ____D C:\Users\admin\AppData\Roaming\TeamViewer
2020-04-15 17:15 - 2018-04-13 15:40 - 000000000 ____D C:\Users\admin\AppData\Roaming\qBittorrent
2020-04-15 16:53 - 2018-04-13 16:06 - 000000906 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2020-04-15 12:37 - 2019-10-03 17:00 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2020-04-15 12:37 - 2019-10-03 17:00 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2020-04-15 10:16 - 2019-04-03 16:22 - 000000000 ___HD C:\adobeTemp
2020-04-15 10:15 - 2018-11-05 17:53 - 000000000 ___RD C:\Users\admin\Creative Cloud Files
2020-04-15 10:15 - 2018-04-15 12:10 - 000000000 ____D C:\Users\admin\AppData\Local\Adobe
2020-04-15 01:14 - 2019-03-12 22:10 - 000000000 ____D C:\Users\admin\AppData\Roaming\vlc
2020-04-13 12:33 - 2019-10-28 21:21 - 000998296 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2020-04-13 12:33 - 2019-10-28 21:21 - 000251800 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2020-04-13 12:33 - 2019-03-19 03:31 - 000232344 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\kneps.sys
2020-04-13 12:33 - 2019-03-19 03:01 - 000079768 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klbackupdisk.sys
2020-04-13 12:33 - 2019-03-18 03:11 - 000079760 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klkbdflt.sys
2020-04-12 19:21 - 2018-04-12 13:42 - 000000000 ____D C:\Users\admin\AppData\LocalLow\Mozilla
2020-04-11 14:29 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\NDF
2020-04-10 13:20 - 2018-04-11 11:51 - 000003834 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1523440318
2020-04-09 16:55 - 2018-06-28 19:51 - 000000000 ____D C:\Users\admin\AppData\Roaming\Zoom
2020-04-09 09:54 - 2018-04-15 20:00 - 000000000 ____D C:\Users\admin\Desktop\#### NEMAZAT Ztko ####
2020-04-08 18:23 - 2020-02-27 13:18 - 000004026 _____ C:\Windows\system32\Tasks\Opera scheduled assistant Autoupdate 1582802302
2020-04-08 12:45 - 2019-10-02 18:25 - 000000000 ____D C:\Users\admin\Documents\Adobe
2020-04-08 07:18 - 2018-04-12 13:41 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-04-03 00:31 - 2018-04-13 16:06 - 000000000 ____D C:\Program Files (x86)\Dropbox
2020-04-02 15:48 - 2018-04-13 15:37 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2020-04-02 15:10 - 2009-07-14 07:32 - 000000000 ____D C:\Windows\Downloaded Program Files
2020-04-02 14:57 - 2019-08-28 08:03 - 001041616 _____ C:\Windows\system32\FNTCACHE.DAT
2020-04-02 14:57 - 2009-07-14 07:08 - 000032612 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2020-04-02 01:49 - 2018-07-04 10:09 - 000744808 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2020-04-01 11:02 - 2018-04-12 10:58 - 000182816 _____ C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2020-04-01 08:13 - 2018-04-12 13:18 - 000004128 _____ C:\Windows\system32\Tasks\CCleaner Update
2020-04-01 08:12 - 2018-04-13 16:36 - 000000000 ____D C:\Program Files\LibreOffice
2020-03-29 21:05 - 2018-04-13 15:40 - 000000000 ____D C:\Users\admin\AppData\Local\qBittorrent
2020-03-25 11:50 - 2019-10-03 17:00 - 000003446 _____ C:\Windows\system32\Tasks\AdobeGCInvoker-1.0
2020-03-24 20:12 - 2018-04-12 13:18 - 000000000 ____D C:\Program Files\CCleaner
2020-03-24 14:24 - 2018-11-05 17:48 - 000000000 ____D C:\Program Files\Adobe
2020-03-24 12:42 - 2019-12-04 00:04 - 000000000 ____D C:\Users\admin\AppData\Local\TeamViewer
2020-03-22 14:35 - 2019-11-02 16:39 - 000012288 _____ C:\Windows\SysWOW64\antimalware.unwanted_products.product_registry.kvdb
2020-03-22 12:14 - 2018-04-15 12:10 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2020-03-21 13:25 - 2018-04-12 13:41 - 000003334 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-03-21 13:25 - 2018-04-12 13:41 - 000003206 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2020-03-20 13:50 - 2018-04-15 12:10 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2020-03-20 13:50 - 2018-04-15 12:09 - 000002455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2020-03-20 13:50 - 2018-04-15 12:09 - 000002037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk

==================== Files in the root of some directories ========

2018-04-19 17:06 - 2018-10-03 17:10 - 000003584 _____ () C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-09-28 19:41 - 2018-09-28 19:41 - 000000000 _____ () C:\Users\admin\AppData\Local\oobelibMkey.log
2019-07-16 13:09 - 2019-07-16 13:09 - 000000032 RSHOT () C:\Users\admin\AppData\Local\t90.dat

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2020-04-07 22:25
==================== End of FRST.txt ========================

#2 Příspěvek od **Conder** » 16 dub 2020 01:20

Ahoj

Su s PC nejake konkretne problemy alebo preco mas podozrenie na virus?

Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/

Uloz na plochu a ukonci vsetky programy
Spusti AdwCleaner ako spravca
Odsuhlas licencne podmienky
Klikni na Skenovat nyni (Scan now) a pockaj na dokoncenie
V pripade nalezov nechaj vsetky nalezy oznacene a klikni na Karantena
Ak nebudu ziadne nalezy, klikni na
Pockaj na dokoncenie a potvrd restartovanie PC
Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
Otvori sa log, jeho obsah sem skopiruj

domd2u · #3 Příspěvek od **domd2u** » 06 čer 2020 06:01

Sorry za prutahy, mel jsem korona trable. Práve jsem udelal a zde je log + prispevek.

System mam teda ok?

Diky za peci,
Dominik

# -------------------------------
# Malwarebytes AdwCleaner 8.0.5.0
# -------------------------------
# Build: 05-25-2020
# Database: 2020-05-26.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 06-06-2020
# Duration: 00:00:00
# OS: Windows 7 Professional
# Cleaned: 1
# Failed: 0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Users\admin\AppData\Local\Seznam.cz

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1257 octets] - [09/04/2019 23:59:33]
AdwCleaner[S01].txt - [1318 octets] - [15/05/2019 10:54:23]
AdwCleaner[S02].txt - [1379 octets] - [29/05/2019 11:00:47]
AdwCleaner[S03].txt - [1440 octets] - [17/06/2019 20:15:26]
AdwCleaner[C03].txt - [1626 octets] - [17/06/2019 20:15:42]
AdwCleaner[S04].txt - [1562 octets] - [21/06/2019 11:46:14]
AdwCleaner[C04].txt - [1748 octets] - [21/06/2019 11:46:32]
AdwCleaner[S05].txt - [1684 octets] - [22/07/2019 12:19:37]
AdwCleaner[C05].txt - [1870 octets] - [22/07/2019 12:20:05]
AdwCleaner[S06].txt - [1806 octets] - [22/07/2019 12:27:43]
AdwCleaner[S07].txt - [1944 octets] - [05/08/2019 12:15:25]
AdwCleaner[C07].txt - [2143 octets] - [05/08/2019 12:15:53]
AdwCleaner[S08].txt - [2065 octets] - [06/08/2019 21:12:30]
AdwCleaner[C08].txt - [2253 octets] - [06/08/2019 21:12:44]
AdwCleaner[S09].txt - [2187 octets] - [16/08/2019 00:47:32]
AdwCleaner[S10].txt - [2248 octets] - [16/08/2019 00:48:16]
AdwCleaner[C10].txt - [2436 octets] - [16/08/2019 00:48:33]
AdwCleaner[S11].txt - [2375 octets] - [02/10/2019 16:12:34]
AdwCleaner[C11].txt - [2574 octets] - [02/10/2019 16:12:47]
AdwCleaner[S12].txt - [2497 octets] - [14/10/2019 21:22:28]
AdwCleaner[C12].txt - [2696 octets] - [14/10/2019 22:03:20]
AdwCleaner[S13].txt - [2751 octets] - [15/04/2020 17:34:10]
AdwCleaner[C13].txt - [2952 octets] - [15/04/2020 17:34:27]
AdwCleaner[S14].txt - [2873 octets] - [15/04/2020 17:39:22]
AdwCleaner[S15].txt - [2920 octets] - [06/06/2020 06:56:52]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C15].txt ##########

#4 Příspěvek od **Conder** » 06 čer 2020 15:25

Logy v prvom prispevku vyzeraju OK, ale kedze odvtedy ubehli uz 2 mesiace, tak je vhodne skontrolovat aj aktualne logy z FRST. A mozeme este precistit rozne zbytocnosti.

domd2u · #5 Příspěvek od **domd2u** » 14 čer 2020 07:16

Díky moc, přikládám přílohu

Desktop.zip: (22.56 KiB) Staženo 73 x

#6 Příspěvek od **Conder** » 16 čer 2020 02:54

Otvor poznamkovy blok (Win+R -> notepad -> enter)

Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

Kód: Vybrat vše

Start::
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
CMD: type "C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js"
CMD: type "C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg"
ExportKey: HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj
File: C:\Users\admin\AppData\Local\t90.dat
CMD: type "C:\Users\admin\AppData\Local\t90.dat"

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-122242894-4265345237-2629763782-1000\...\Run: [AdobeBridge] => [X]
GroupPolicy: Restriction ? <==== ATTENTION
Toolbar: HKU\S-1-5-21-122242894-4265345237-2629763782-1000 -> No Name - {C500C267-63BF-451F-8797-4D720C9A2ED9} -  No File
FF HKLM\...\Firefox\Extensions: [light_plugin_A07576A3CEBC4A72A8CF2C925907DB05@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_A07576A3CEBC4A72A8CF2C925907DB05@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S3 CtClsFlt; system32\DRIVERS\CtClsFlt.sys [X]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File

EmptyTemp:
End::

Uloz na plochu s nazvom fixlist.txt
Spusti znovu FRST a klikni na Fix
Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

domd2u · #7 Příspěvek od **domd2u** » 21 čer 2020 17:10

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-06-2020
Ran by admin (21-06-2020 18:06:18) Run:1
Running from C:\Users\admin\Desktop
Loaded Profiles: admin
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
CMD: type "C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js"
CMD: type "C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg"
ExportKey: HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj
File: C:\Users\admin\AppData\Local\t90.dat
CMD: type "C:\Users\admin\AppData\Local\t90.dat"
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-122242894-4265345237-2629763782-1000\...\Run: [AdobeBridge] => [X]
GroupPolicy: Restriction ? <==== ATTENTION
Toolbar: HKU\S-1-5-21-122242894-4265345237-2629763782-1000 -> No Name - {C500C267-63BF-451F-8797-4D720C9A2ED9} - No File
FF HKLM\...\Firefox\Extensions: [light_plugin_A07576A3CEBC4A72A8CF2C925907DB05@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_A07576A3CEBC4A72A8CF2C925907DB05@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S3 CtClsFlt; system32\DRIVERS\CtClsFlt.sys [X]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
EmptyTemp:

*****************

Processes closed successfully.
Restore point was successfully created.

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========

Count : 8672
Average :
Sum : 17002570350
Maximum :
Minimum :
Property : Length

========= End of Powershell: =========

========= type "C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js" =========

// kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js
pref("general.config.obscure_value", 0);
pref("general.config.filename", "kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg");

========= End of CMD: =========

========= type "C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg" =========

// kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg
lockPref("security.enterprise_roots.enabled", true);

========= End of CMD: =========

================== ExportKey: ===================

[HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj]
"update_url"="https://clients2.google.com/service/update2/crx"

=== End of ExportKey ===

========================= File: C:\Users\admin\AppData\Local\t90.dat ========================

C:\Users\admin\AppData\Local\t90.dat
File not signed
MD5: 9E9EE98561B44C7B29200ACDF32CFAB0
Creation and modification date: 2019-07-16 13:09 - 2019-07-16 13:09
Size: 000000032
Attributes: RASHOT
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0

====== End of File: ======

========= type "C:\Users\admin\AppData\Local\t90.dat" =========

8c3/2hotuUOXViX/lVLYzBdKr/corkTg
========= End of CMD: =========

"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKU\S-1-5-21-122242894-4265345237-2629763782-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge" => removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
"HKU\S-1-5-21-122242894-4265345237-2629763782-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C500C267-63BF-451F-8797-4D720C9A2ED9}" => removed successfully
"HKLM\Software\Mozilla\Firefox\Extensions\\light_plugin_A07576A3CEBC4A72A8CF2C925907DB05@kaspersky.com" => removed successfully
"HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\light_plugin_A07576A3CEBC4A72A8CF2C925907DB05@kaspersky.com" => removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\System\CurrentControlSet\Services\CtClsFlt => removed successfully
CtClsFlt => service removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 61494563 B
Java, Flash, Steam htmlcache => 144497282 B
Windows/system/drivers => 18680098 B
Edge => 0 B
Chrome => 64757740 B
Firefox => 62029714 B
Opera => 432892185 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 66228 B
ProgramData => 66228 B
systemprofile => 58624634 B
systemprofile32 => 58690990 B
LocalService => 58757218 B
NetworkService => 58763450 B
admin => 84905107 B

RecycleBin => 5060882670 B
EmptyTemp: => 5.7 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 18:07:02 ====

domd2u · #8 Příspěvek od **domd2u** » 21 čer 2020 17:10

Díky moc!

#9 Příspěvek od **Conder** » 22 čer 2020 01:19

Plocha ma cca 15 GB, co je prilis vela. Odporucam presunut vsetky subory a zlozky z plochy do dokumentov a na ploche nechat iba odkazy/zastupcov. Prilis velka velkost plochy moze sposobit spomalenie systemu.

Ako to vyzera s PC? Su nejake problemy?

domd2u · #10 Příspěvek od **domd2u** » 22 čer 2020 07:01

Diky, plocha presunuta.

Jinak vse bezi jak ma

Diky moc posilam na pivko

#11 Příspěvek od **Conder** » 23 čer 2020 01:10

Nie je zaco a za prispevok pre forum velmi pekne dakujeme!

Tak este upraceme po pouzitych nastrojoch:

Stiahni DelFix: https://toolslib.net/downloads/finish/2-delfix/
Uloz na plochu a spusti
Nechaj oznacenu moznost "Remove disinfection tools"
Klikni na "Run"

VIRY.CZ

kontrola prosím logu (leze na mě vir)

kontrola prosím logu (leze na mě vir)

Re: kontrola prosím logu (leze na mě vir)

Re: kontrola prosím logu (leze na mě vir)

Re: kontrola prosím logu (leze na mě vir)

Re: kontrola prosím logu (leze na mě vir)

Re: kontrola prosím logu (leze na mě vir)

Re: kontrola prosím logu (leze na mě vir)

Re: kontrola prosím logu (leze na mě vir)

Re: kontrola prosím logu (leze na mě vir)

Re: kontrola prosím logu (leze na mě vir)

Re: kontrola prosím logu (leze na mě vir)