Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prevence

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zpráva
Autor
Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prevence

#16 Příspěvek od Diallix »

Super, docistime.

Do poznamkoveho bloku skopirujte obsah dole:

Kód: Vybrat vše

CustomCLSID: HKU\S-1-5-21-171863584-1344761036-1501396969-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Pavel\AppData\Local\Microsoft\OneDrive\19.232.1124.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-171863584-1344761036-1501396969-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Pavel\AppData\Local\Microsoft\OneDrive\19.232.1124.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-171863584-1344761036-1501396969-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Pavel\AppData\Local\Microsoft\OneDrive\19.232.1124.0008\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
FirewallRules: [UDP Query User{66982354-DE60-435C-A722-563503BEB969}C:\users\pavel\desktop\war3-cesky 1.27\warcraft iii\war3.exe] => (Block) C:\users\pavel\desktop\war3-cesky 1.27\warcraft iii\war3.exe => No File
FirewallRules: [TCP Query User{9D1D2D8D-98D0-4952-A2F6-243C3CD285D6}C:\users\pavel\desktop\war3-cesky 1.27\warcraft iii\war3.exe] => (Block) C:\users\pavel\desktop\war3-cesky 1.27\warcraft iii\war3.exe => No File

EmptyTemp:

Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Uživatelský avatar
PavelP
Návštěvník
Návštěvník
Příspěvky: 377
Registrován: 05 pro 2007 17:59

Re: Prevence

#17 Příspěvek od PavelP »

Fix result of Farbar Recovery Scan Tool (x64) Version: 23-02-2021
Ran by Pavel (23-02-2021 18:51:28) Run:2
Running from C:\Users\Pavel\Desktop
Loaded Profiles: Pavel
Boot Mode: Normal
==============================================

fixlist content:
*****************
CustomCLSID: HKU\S-1-5-21-171863584-1344761036-1501396969-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Pavel\AppData\Local\Microsoft\OneDrive\19.232.1124.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-171863584-1344761036-1501396969-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Pavel\AppData\Local\Microsoft\OneDrive\19.232.1124.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-171863584-1344761036-1501396969-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Pavel\AppData\Local\Microsoft\OneDrive\19.232.1124.0008\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
FirewallRules: [UDP Query User{66982354-DE60-435C-A722-563503BEB969}C:\users\pavel\desktop\war3-cesky 1.27\warcraft iii\war3.exe] => (Block) C:\users\pavel\desktop\war3-cesky 1.27\warcraft iii\war3.exe => No File
FirewallRules: [TCP Query User{9D1D2D8D-98D0-4952-A2F6-243C3CD285D6}C:\users\pavel\desktop\war3-cesky 1.27\warcraft iii\war3.exe] => (Block) C:\users\pavel\desktop\war3-cesky 1.27\warcraft iii\war3.exe => No File

EmptyTemp:

*****************

HKU\S-1-5-21-171863584-1344761036-1501396969-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => removed successfully
HKU\S-1-5-21-171863584-1344761036-1501396969-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => removed successfully
HKU\S-1-5-21-171863584-1344761036-1501396969-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{66982354-DE60-435C-A722-563503BEB969}C:\users\pavel\desktop\war3-cesky 1.27\warcraft iii\war3.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{9D1D2D8D-98D0-4952-A2F6-243C3CD285D6}C:\users\pavel\desktop\war3-cesky 1.27\warcraft iii\war3.exe" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 10248192 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9509837 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 44 B
Edge => 0 B
Chrome => 377654379 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 4440 B
NetworkService => 4440 B
Pavel => 358736 B

RecycleBin => 52706 B
EmptyTemp: => 379.4 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:51:44 ====

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prevence

#18 Příspěvek od Diallix »

Dobre, ako je na tom pocitac?
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Uživatelský avatar
PavelP
Návštěvník
Návštěvník
Příspěvky: 377
Registrován: 05 pro 2007 17:59

Re: Prevence

#19 Příspěvek od PavelP »

Je to o malinko lepší ale někdy se jako zastaví obraz nebo když jsem na netu a chci rolovat tak se to jako seká, obrázky jsou ze začátku černé a po chvilce jsou dobré.

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prevence

#20 Příspěvek od Diallix »

Vymazte cookies - cache + historiu v prehliadaci.

Spusťte postupně tyto utility:

1. Stahnete Zoek.exe www.diallix.net/other/zoek.rar a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize




autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;





Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: https://www.stahuj.cz/utility_a_ostatni ... oval-tool/
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Uživatelský avatar
PavelP
Návštěvník
Návštěvník
Příspěvky: 377
Registrován: 05 pro 2007 17:59

Re: Prevence

#21 Příspěvek od PavelP »

zoek končil upozorněním avastu na vir. JRT jsem musel pozastavit všechny štíty avastu.


Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Pavel on 24.02.2021 at 19:43:30,99.
Microsoft Windows 10 Home 10.0.19041 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Pavel\Desktop\zoek\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

24.02.2021 19:45:38 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~3\Posse deleted successfully
C:\PROGRA~3\Riate deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\PROGRA~3\ssh deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\LocalLow deleted successfully
C:\Users\Pavel\AppData\Local\Cesar deleted successfully
C:\Users\Pavel\AppData\Local\Facebook deleted successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Packages deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Users\Pavel\AppData\Roaming\Farmerama deleted
C:\Users\Pavel\AppData\Roaming\FarmHelper deleted
C:\PROGRA~3\kaosdma.txt deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Pavel\AppData\Local\updater.log deleted
C:\Users\Pavel\AppData\Local\cache deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\CM2DD62.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1490-239c-4af0aa4.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1490-239c-4af1015.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1490-239c-4af1249.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1490-239c-4af150a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1490-239c-4af173f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1490-239c-4af18b8.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1490-239c-4af1afc.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1490-239c-4af20ea.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1490-239c-4af26a8.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1490-239c-4af2831.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1490-239c-4af2a85.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1490-239c-4af2fb7.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1490-239c-4af345c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1490-239c-4af36c0.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1490-239c-4af3b07.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1490-239c-4af3df7.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1490-239c-4af42eb.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1490-239c-4af485c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1490-239c-4af4e97.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1584-1b08-f51af.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1584-1b08-f54fc.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1584-1b08-f5d5b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1584-1b08-f5f12.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1584-1b08-f600e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1584-1b08-f63f8.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1584-1b08-f6d32.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1584-1b08-f70ed.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1584-1b08-f740c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1584-1b08-f7834.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1584-1b08-f7c0f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1584-1b08-f7e24.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1584-1b08-f855a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1584-1b08-f8721.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1584-1b08-f8ba7.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1584-1b08-f8cf1.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1584-1b08-f91e5.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1584-1b08-fa33c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1584-1b08-fab6c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1e0-2098-1aa4bb.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1e0-2098-1aa4dc.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1e0-2098-1aa4de.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1e0-2098-1aa4f0.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1e0-2098-1aa4f2.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1e0-2098-1aa503.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1e0-2098-1aa505.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1e0-2098-1aa517.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1e0-2098-1aa519.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1e0-2098-1aa52b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1e0-2098-1aa52d.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1e0-2098-1aa53e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1e0-2098-1aa550.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1e0-2098-1aa561.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1e0-2098-1aa563.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1e0-2098-1aa575.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1e0-2098-1aa577.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1e0-2098-1aa589.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1e0-2098-1aa59a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1ed8-2c48-1535679.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1ed8-2c48-153569a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1ed8-2c48-15356bc.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1ed8-2c48-15356fc.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1ed8-2c48-153571d.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1ed8-2c48-153573f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1ed8-2c48-1535750.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1ed8-2c48-1535762.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1ed8-2c48-1535793.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1ed8-2c48-15357e3.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1ed8-2c48-1535872.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1ed8-2c48-15358e1.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1ed8-2c48-1535960.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1ed8-2c48-15359ef.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1ed8-2c48-1535a1f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1ed8-2c48-1535afc.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1ed8-2c48-1535e1b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1ed8-2c48-1535e7b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1ed8-2c48-1535e9c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-28cc-7ac-5781580.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-28cc-7ac-57819a8.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-28cc-7ac-5781a46.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-28cc-7ac-5781fc7.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-28cc-7ac-57823a1.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-28cc-7ac-5782808.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-28cc-7ac-5782ac9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-28cc-7ac-5782df8.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-28cc-7ac-578304b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-28cc-7ac-57833f7.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-28cc-7ac-578364b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-28cc-7ac-5783bcb.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-28cc-7ac-5783ff3.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-28cc-7ac-57844a9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-28cc-7ac-5784ecc.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-28cc-7ac-5785612.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-28cc-7ac-5785b05.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-28cc-7ac-5786393.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-28cc-7ac-57864cd.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2ba8-2e50-992df35.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2ba8-2e50-992e08f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2ba8-2e50-992e0b0.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2ba8-2e50-992e0c2.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2ba8-2e50-992e112.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2ba8-2e50-992e1b0.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2ba8-2e50-992e1d1.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2ba8-2e50-992e1f3.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2ba8-2e50-992e224.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2ba8-2e50-992e245.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2ba8-2e50-992e295.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2ba8-2e50-992e2a7.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2ba8-2e50-992e2d7.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2ba8-2e50-992e2e9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2ba8-2e50-992e31a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2ba8-2e50-992e34b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2ba8-2e50-992e37c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2ba8-2e50-992e3ad.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2ba8-2e50-992e44b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-4ac-4b0-879f9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-4ac-4b0-87a0b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-4ac-4b0-87a2c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-4ac-4b0-87a2e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-4ac-4b0-87a40.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-4ac-4b0-87a42.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-4ac-4b0-87a63.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-4ac-4b0-87a65.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-4ac-4b0-87a76.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-4ac-4b0-87a78.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-4ac-4b0-87a7a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-4ac-4b0-87a8c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-4ac-4b0-87a8e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-4ac-4b0-87aa0.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-4ac-4b0-87aa2.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-4ac-4b0-87ab3.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-4ac-4b0-87ab5.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-4ac-4b0-87ac7.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-4ac-4b0-87ac9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-528-1780-3160b94.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-528-1780-3160bb5.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-528-1780-3160be6.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-528-1780-3160c07.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-528-1780-3160c38.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-528-1780-3160c69.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-528-1780-3160c8a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-528-1780-3160ccb.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-528-1780-3160cec.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-528-1780-3160d1d.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-528-1780-3160d3e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-528-1780-3160d5f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-528-1780-3160d71.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-528-1780-3160da2.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-528-1780-3160dc3.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-528-1780-3160df4.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-528-1780-3160e05.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-528-1780-3160e27.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-528-1780-3160e67.tmp deleted
"C:\DumpStack.log.tmp" not deleted
"C:\Users\Pavel\AppData\Roaming\WhatsApp\Cookies" not deleted
"C:\Users\Pavel\AppData\Roaming\WhatsApp\lockfile" not deleted
"C:\Users\Pavel\AppData\Roaming\WhatsApp\main-process.log" not deleted
"C:\Users\Pavel\AppData\Roaming\WhatsApp\QuotaManager" not deleted
"C:\Users\Pavel\AppData\Roaming\WhatsApp\QuotaManager-journal" not deleted
"C:\Users\Pavel\AppData\Roaming\WhatsApp\Cache\data_0" deleted
"C:\Users\Pavel\AppData\Roaming\WhatsApp\Cache\data_1" deleted
"C:\Users\Pavel\AppData\Roaming\WhatsApp\Cache\data_2" deleted
"C:\Users\Pavel\AppData\Roaming\WhatsApp\Cache\data_3" deleted
"C:\Users\Pavel\AppData\Roaming\WhatsApp\Cache\index" deleted
"C:\Users\Pavel\AppData\Roaming\WhatsApp\databases\Databases.db" not deleted
"C:\Users\Pavel\AppData\Roaming\WhatsApp\Dictionaries\cs-CZ-3-0.bdic" not deleted
"C:\Users\Pavel\AppData\Roaming\WhatsApp\GPUCache\data_0" deleted
"C:\Users\Pavel\AppData\Roaming\WhatsApp\GPUCache\data_1" deleted
"C:\Users\Pavel\AppData\Roaming\WhatsApp\GPUCache\data_2" deleted
"C:\Users\Pavel\AppData\Roaming\WhatsApp\GPUCache\data_3" deleted
"C:\Users\Pavel\AppData\Roaming\WhatsApp\GPUCache\index" deleted
"C:\Users\Pavel\AppData\Roaming\WhatsApp\Session Storage\000003.log" not deleted
"C:\Users\Pavel\AppData\Roaming\WhatsApp\Session Storage\LOCK" not deleted
"C:\Users\Pavel\AppData\Roaming\WhatsApp\Session Storage\LOG" not deleted
"C:\Users\Pavel\AppData\Roaming\WhatsApp\Session Storage\MANIFEST-000001" not deleted
"C:\Users\Pavel\AppData\Roaming\WhatsApp\File System\Origins\000003.log" not deleted
"C:\Users\Pavel\AppData\Roaming\WhatsApp\File System\Origins\LOCK" not deleted
"C:\Users\Pavel\AppData\Roaming\WhatsApp\File System\Origins\LOG" not deleted
"C:\Users\Pavel\AppData\Roaming\WhatsApp\File System\Origins\MANIFEST-000001" not deleted
"C:\Users\Pavel\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\000263.log" not deleted
"C:\Users\Pavel\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\000265.ldb" not deleted
"C:\Users\Pavel\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\000267.ldb" not deleted
"C:\Users\Pavel\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\000271.ldb" not deleted
"C:\Users\Pavel\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\000272.ldb" not deleted
"C:\Users\Pavel\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\LOCK" not deleted
"C:\Users\Pavel\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\LOG" not deleted
"C:\Users\Pavel\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\MANIFEST-000001" not deleted
"C:\Users\Pavel\AppData\Roaming\WhatsApp\Local Storage\leveldb\000005.ldb" not deleted
"C:\Users\Pavel\AppData\Roaming\WhatsApp\Local Storage\leveldb\000052.log" not deleted
"C:\Users\Pavel\AppData\Roaming\WhatsApp\Local Storage\leveldb\000054.ldb" not deleted
"C:\Users\Pavel\AppData\Roaming\WhatsApp\Local Storage\leveldb\LOCK" not deleted
"C:\Users\Pavel\AppData\Roaming\WhatsApp\Local Storage\leveldb\LOG" not deleted
"C:\Users\Pavel\AppData\Roaming\WhatsApp\Local Storage\leveldb\MANIFEST-000001" not deleted
"C:\PROGRA~2\Skillbrains\lightshot\5.4.0.10\Lightshot.dll" deleted
"C:\PROGRA~2\Skillbrains\lightshot\5.4.0.10\Lightshot.exe" deleted
"C:\PROGRA~2\Skillbrains\lightshot\5.4.0.10\uploader.dll" deleted
"C:\Users\Pavel\AppData\Roaming\WhatsApp" not deleted
"C:\PROGRA~2\Skillbrains" deleted
"C:\Users\Pavel\AppData\Roaming\WhatsApp\Cache" not deleted
"C:\Users\Pavel\AppData\Roaming\WhatsApp\databases" not deleted
"C:\Users\Pavel\AppData\Roaming\WhatsApp\Dictionaries" not deleted
"C:\Users\Pavel\AppData\Roaming\WhatsApp\File System" not deleted
"C:\Users\Pavel\AppData\Roaming\WhatsApp\GPUCache" not deleted
"C:\Users\Pavel\AppData\Roaming\WhatsApp\IndexedDB" not deleted
"C:\Users\Pavel\AppData\Roaming\WhatsApp\Local Storage" not deleted
"C:\Users\Pavel\AppData\Roaming\WhatsApp\Session Storage" not deleted
"C:\Users\Pavel\AppData\Roaming\WhatsApp\File System\Origins" not deleted
"C:\Users\Pavel\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb" not deleted
"C:\Users\Pavel\AppData\Roaming\WhatsApp\Local Storage\leveldb" not deleted
"C:\PROGRA~2\Skillbrains\lightshot" deleted
"C:\PROGRA~2\Skillbrains\lightshot\5.4.0.10" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi" [12.02.2021 06:16]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi" [12.02.2021 06:16]

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
fheoggkfdfchfphceeifdbepaooicaho - No path found[]

Farmerama | Zahraj si farmářskou hru zdarma online - Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkkchoocmhpnakhkdlijecgadaengdll
Farmerama CZ - Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnpeofkdlnnommkelmjhmidjlmlffamm
Chrome Media Router - Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Chromium Startpages ======================

C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Preferences
ices for mirroring of Chrome Media Router","differential_fingerprint":"1.8fdcd9381791669caafc8142957dc288ab410a05010331f0f0b037322b531f44","externally_connectable":{"ids":["idmofbkcelhplfjnmmdolenpigiiiecc","ggedfkijiiammpnbdadhllnehapomdge","njjegkblellcjnakomndbaloifhcoccg"]},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNTWJoPZ9bT32yKxuuVa9LSEYobjPoXCLX3dgsZ9djDrWKNikTECjdRe3/AFXb+v8jkmmtYQPnOgSYn06J/QodDlCIG6l470+gkOoobUM7fOs1AVOse23qYUV4jbuRW3+YZlCvaWCFeczCNbGIUgKEi5B2fyQazy60AL1sLW3utQIDAQAB","manifest_version":2,"minimum_chrome_version":"37","name":"Chrome Media Router","oauth2":{"client_id":"919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleusercontent.com","scopes":["https://www.googleapis.com/auth/calenda ... info.email"]},"permissions":["alarms","cast","declarativeWebRequest","desktopCapture","gcm","http://*/*","identity","identity.email","management","mdns","mediaRouterPrivate","metricsPrivate","networkingPrivate","processes","storage","system.cpu","settingsPrivate","tabCapture","tabs","webview","https://hangouts.google.com/*","https://*.google.com/cast/chromecast/home/gsse"],"update_url":"https://clients2.google.com/service/upd ... _resources":["cast_sender.js"]},"never_activated_since_loaded":true,"path":"pkedcjkdefgpdelpbcmbmeomcjbeemfm\\8820.1109.0.1_0","preferences":{},"regular_only_preferences":{},"running":true,"state":1,"was_installed_by_default":true,"was_installed_by_oem":false}}},"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"B32252410403D3C0A9EB87D6D0A50428A06861E63441F619F8046C04A61C53A2"},"default_search_provider_data":{"template_url_data":"4D19645139E3E7E582D125E06A1882EAA15B80745CA9B2C3C0199ACACB8EE126"},"extensions":{"settings":{"aapocclcgogkmnckokdopfmhonfmgoek":"64F35D4C39850BAA269047E224C221E8ABF9B4676CE94A767A7272AABB0BA55A","ahfgeienlihckogmohjhadlkjgocpleb":"4502172650D638CA6CE4A711BF08BC3AD66B31A702E3641FA5D1BC8A00E8530F","aohghmighlieiainnegkcijnfilokake":"4D2717B40F28271B83737917907BEA13CC1DA840585FAC5BA478AF8975AA6430","apdfllckaahabafndbhieahigkjlhalf":"3A9ADB9216689D85D0ABCD6E306840AB3236118F1571D5155333B89ADDC81812","blpcfgokakmgnkcojhhkbfbldkacnbeo":"E4C0563F494C8C6F1C0299058FC1F053DDBB5561D9EC3C28BA5B0A3E57AACC54","felcaaldnbdncclmgdcncolpebgiejap":"27DCA38FB860A45281E79FC38B0061DF106E2E223BDF068647BB56439F2395A1","gfdkimpbcpahaombhbimeihdjnejgicl":"90202018CC44045F6125443669E6D3B9B0C251AF79B0DCB0BFE6747A6A90C879","ghbmnnjooekpmoecnnnilnnbdlolhkhi":"BA285DB37CAD919FD1992C2C2FBC9F7D90FFBAD1537DDF2C1F61915E1A07E65C","gkkchoocmhpnakhkdlijecgadaengdll":"3C8AE9EC605AD508D8AA8239C13905A4E543680040BF89D3C9E1E3932CE41432","jnpeofkdlnnommkelmjhmidjlmlffamm":"EF2A227B0520071CB184FA6D89DE509F0EE2412DA2C0972424B02D8F6A14FABB","kmendfapggjehodndflmmgagdbamhnfd":"24CB0E479BB65B72072E9EE64D1BF52978FB69F143DA458D88B44518ABFA8624","mfehgcgbbipciphmccgaenjidiccnmng":"5FDFD1856F0AAAB8989883475658A5EF7983B4313CF2337B6BD365BD2616CB74","mhjfbmdgcfjbbpaeojofohoefgiehjai":"14667CB19554BE0AC606EAFC262B84686C52AC634667D332C539774A77F16F43","neajdppkdcdipfabeoofebfddakdcjhd":"275DA14984881739D530CC813201330F38E8D9329DA523DEE72EF3833284494C","nkeimhogjdpnpccoofpliimaahmaaome":"C14DB0306D3856CA7FBAAE330689F8910CE5A1C536AF138979FA1D9986D52937","nmmhkkegccagdldgiimedpiccmgmieda":"304C96E2DD87618141F0B9E6DBE148570F73C85E631DA85CEF782F417B452B7A","pjkljhegncpnkpknbcohdijeoejaedia":"C90577CF58D240D2FBFF9EEAB995BE2A62893127104CCD2576A86FCB20BFD4C5","pkedcjkdefgpdelpbcmbmeomcjbeemfm":"94F93C2004CFA291761E5C373289A4D6861A4A8675B8F8B58B710016DF7F9FD7"}},"google":{"services":{"account_id":"B3B1E8B039C35DAA54F2D7332635A50669BB840F4DAAED0E1AEE9F1326B5136B","last_account_id":"A73C7CA662AC18B929FD74E2DA4FB372DC2CB58300F610E2E7DAA8988704FD63","last_username":"29C9C472EBF5D08506ACA513B374DA06E3DA69CA976C4CEF8C4F062F12ADB8D6"}},"homepage":"B7CB580F581F39B8AC05395EF08EB3A73061BD2B38215731ACD5361C2C1E7E5B","homepage_is_newtabpage":"E03A41146C7DDD0CDED73EAB834E34024F69642A47F98EB1A37BAD4BCC7A4096","media":{"storage_id_salt":"13AB7D3AD9A367FEEF6A8A993104BE86123714E8CA781865E26CABDA79470E10"},"module_blacklist_cache_md5_digest":"6C5D8FDE9C1DA09FF83BBF6B35244956AD982B0156053EF02FD7FF2EE382909E","pinned_tabs":"B2CC5EDE4C1FD3E9275F304112263B89AD8D1D9C8C7DA97E9969B6F6B8A5BCE3","prefs":{"preference_reset_time":"75AD55478D2D2F80D701E57CA06A5BC72ABAD26C7FAB676161CCE968595DCFBA"},"safebrowsing":{"incidents_sent":"1F01037D2C5AF5EDEC2049FAF3FD684D375AF0FC2E152DB78D0973754943CEF2"},"search_provider_overrides":"111EC61B0417386D320FB6C3234EE927C3A802B115A94ED8B82BD73F6F69FC9E","session":{"restore_on_startup":"C9AFEED680D54682B476E900B41BA37D292CAFBEFD62FED1616D807093F0B408","startup_urls":"01C3B103ABD5E00B9043A7ECFFD11356AA683388AF6D9D4BE2AAF7462F7D9C49"},"settings_reset_prompt":{"last_triggered_for_default_search":"5190BFF4C3D36A62A9890C964900B7D7DB1238D0EC7042B179EC3AD7F2A79135","last_triggered_for_homepage":"0827AF6785123B2188C3D4800C20A1D2225B063B846C23614D7AAD820FEF6BE1","last_triggered_for_startup_urls":"4DC5FB6FDA9328DE60463558EAB22BBA94FD5C11E646C22715CB623A75276DC4","prompt_wave":"952960E6D33EE556B59B8BB0228964291E13C0A207456565A01E05551F4FEBE4"},"software_reporter":{"prompt_seed":"592B630CEF665CC1BFE735F47BEC1A9D0D3D180122148669C04A7D4D671FE998","prompt_version":"CE5C798028939741F40754980BBF3996D39B7CAEB47C312314FFC5582CF387A5","reporting":"490A577CFE7CEEC78D537BBB7FC3A1857B932F186518CE60B3652DF2BE834346"}},"super_mac":"FBF87B054775B8B99A27A841513AB97D7C75A2DA7134248CAD9320A526574A51"},"session":{"restore_on_startup":1}}

C:\Users\Pavel\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
tive_permissions":{"api":["desktopCapture","processes","webrtcAudioPrivate","webrtcDesktopCapturePrivate","webrtcLoggingPrivate","system.cpu","enterprise.hardwarePlatform"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":["runtime.onConnectExternal"],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13232382303731504","location":5,"manifest":{"background":{"page":"background.html","persistent":false},"externally_connectable":{"matches":["https://*.google.com/*","https://*.microsoft.com/*","https://*.skype.com/*","*://localhost/*"]},"incognito":"split","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDAQt2ZDdPfoSe/JI6ID5bgLHRCnCu9T36aYczmhw/tnv6QZB2I6WnOCMZXJZlRdqWc7w9jo4BWhYS50Vb4weMfh/I0On7VcRwJUgfAxW2cHB+EkmtI1v4v/OU24OqIa1Nmv9uRVeX0GjhQukdLNhAE6ACWooaf5kqKlCeK+1GOkQIDAQAB","manifest_version":2,"name":"Google Hangouts","permissions":["desktopCapture","enterprise.hardwarePlatform","processes","system.cpu","webrtcAudioPrivate","webrtcDesktopCapturePrivate","webrtcLoggingPrivate"],"version":"1.3.15"},"never_activated_since_loaded":true,"path":"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\81.0.416.64\\resources\\hangout_services","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false}}},"homepage":"http://seznam.cz/","homepage_is_newtabp ... artup_urls":["https://www.seznam.cz/"]}}


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IESR02"

==== Reset Google Chrome ======================

C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Pavel\AppData\Local\Microsoft\Edge\User Data\Default\Preferences was reset successfully
C:\Users\Pavel\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences was reset successfully
C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\Pavel\AppData\Local\Microsoft\Edge\User Data\Default\Web Data was reset successfully
C:\Users\Pavel\AppData\Local\Microsoft\Edge\User Data\Default\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Pavel\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Pavel\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Pavel\AppData\Local\Microsoft\Edge\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=2417 folders=266 446555106 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\Pavel\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\DumpStack.log.tmp" not deleted
"C:\Users\Pavel\AppData\Roaming\WhatsApp\Cookies" not found
"C:\Users\Pavel\AppData\Roaming\WhatsApp\lockfile" not found
"C:\Users\Pavel\AppData\Roaming\WhatsApp\main-process.log" not found
"C:\Users\Pavel\AppData\Roaming\WhatsApp\QuotaManager" not found
"C:\Users\Pavel\AppData\Roaming\WhatsApp\QuotaManager-journal" not found
"C:\Users\Pavel\AppData\Roaming\WhatsApp\databases\Databases.db" not found
"C:\Users\Pavel\AppData\Roaming\WhatsApp\Dictionaries\cs-CZ-3-0.bdic" not found
"C:\Users\Pavel\AppData\Roaming\WhatsApp\Session Storage\000003.log" not found
"C:\Users\Pavel\AppData\Roaming\WhatsApp\Session Storage\LOCK" not found
"C:\Users\Pavel\AppData\Roaming\WhatsApp\Session Storage\LOG" not found
"C:\Users\Pavel\AppData\Roaming\WhatsApp\Session Storage\MANIFEST-000001" not found
"C:\Users\Pavel\AppData\Roaming\WhatsApp\File System\Origins\000003.log" not found
"C:\Users\Pavel\AppData\Roaming\WhatsApp\File System\Origins\LOCK" not found
"C:\Users\Pavel\AppData\Roaming\WhatsApp\File System\Origins\LOG" not found
"C:\Users\Pavel\AppData\Roaming\WhatsApp\File System\Origins\MANIFEST-000001" not found
"C:\Users\Pavel\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\000263.log" not found
"C:\Users\Pavel\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\000265.ldb" not found
"C:\Users\Pavel\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\000267.ldb" not found
"C:\Users\Pavel\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\000271.ldb" not found
"C:\Users\Pavel\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\000272.ldb" not found
"C:\Users\Pavel\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\LOCK" not found
"C:\Users\Pavel\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\LOG" not found
"C:\Users\Pavel\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\MANIFEST-000001" not found
"C:\Users\Pavel\AppData\Roaming\WhatsApp\Local Storage\leveldb\000005.ldb" not found
"C:\Users\Pavel\AppData\Roaming\WhatsApp\Local Storage\leveldb\000052.log" not found
"C:\Users\Pavel\AppData\Roaming\WhatsApp\Local Storage\leveldb\000054.ldb" not found
"C:\Users\Pavel\AppData\Roaming\WhatsApp\Local Storage\leveldb\LOCK" not found
"C:\Users\Pavel\AppData\Roaming\WhatsApp\Local Storage\leveldb\LOG" not found
"C:\Users\Pavel\AppData\Roaming\WhatsApp\Local Storage\leveldb\MANIFEST-000001" not found
"C:\Users\Pavel\AppData\Roaming\WhatsApp" not found

==== EOF on 24.02.2021 at 20:07:14,08 ======================

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64
Ran by Pavel (Administrator) on 24.02.2021 at 20:16:53,17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 2

Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.02.2021 at 20:20:00,56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prevence

#22 Příspěvek od Diallix »

Neaka zmena?
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Uživatelský avatar
PavelP
Návštěvník
Návštěvník
Příspěvky: 377
Registrován: 05 pro 2007 17:59

Re: Prevence

#23 Příspěvek od PavelP »

Je to pořád stejné.

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prevence

#24 Příspěvek od Diallix »

Skusal ste vymazat cookie / cache? robit to u vsetkych prehliadacoch?

Skuste scrolovat a dat sem screenshot z task manageru (spravcu uloh) -> podrobnosti -> zotriedte procesy od najvecsich zatazujucich ram a screen dajte sem.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Uživatelský avatar
PavelP
Návštěvník
Návštěvník
Příspěvky: 377
Registrován: 05 pro 2007 17:59

Re: Prevence

#25 Příspěvek od PavelP »

Ano prohlížeče jsem promazal oba.
Přílohy
Bez názvu.jpg
Bez názvu.jpg (52.8 KiB) Zobrazeno 1919 x

Uživatelský avatar
PavelP
Návštěvník
Návštěvník
Příspěvky: 377
Registrován: 05 pro 2007 17:59

Re: Prevence

#26 Příspěvek od PavelP »

Dneska mě dopoledne při otevření internetu vyskočila hláška a Pc se sekl.
Přílohy
Screenshot_11.png
Screenshot_11.png (22.9 KiB) Zobrazeno 1909 x

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prevence

#27 Příspěvek od Diallix »

Ten obrazok spravcu uloh je v zlej kvalite rozmazany. Dajte ho tu, prosim, znovu.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Uživatelský avatar
PavelP
Návštěvník
Návštěvník
Příspěvky: 377
Registrován: 05 pro 2007 17:59

Re: Prevence

#28 Příspěvek od PavelP »

Tak snad ted to bude ono.
Přílohy
155214173_883545162447225_5577771899984329149_n.jpg
155214173_883545162447225_5577771899984329149_n.jpg (98.55 KiB) Zobrazeno 1893 x

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prevence

#29 Příspěvek od Diallix »

Mozete sem, prosim, vlozit nove logy FRST + ADDITION?
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Uživatelský avatar
PavelP
Návštěvník
Návštěvník
Příspěvky: 377
Registrován: 05 pro 2007 17:59

Re: Prevence

#30 Příspěvek od PavelP »

Při spuštění FRST opět zmizel a musel jsem stáhnout nový ale nešlo to stáhnou na plochu.


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-02-2021
Ran by Pavel (administrator) on DESKTOP-FFA105T (MSI MS-7642) (28-02-2021 12:23:20)
Running from C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Loaded Profiles: Pavel
Platform: Windows 10 Home Version 2004 19041.804 (X64) Language: Čeština (Česko)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0360470.inf_amd64_b06c374aee20d185\B360357\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0360470.inf_amd64_b06c374aee20d185\B360357\atiesrxx.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <4>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Kilonova LLC -> Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2101.15643.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.20122.11121.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2020-01-18] (Microsoft Windows Hardware Compatibility Publisher -> Pixart Imaging Inc)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [117352 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226728 2019-07-21] (Kilonova LLC -> )
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [155648 2003-09-30] (Scansoft, Inc.) [File not signed]
HKLM-x32\...\Run: [OpwareSE4] => C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [69632 2006-03-21] (ScanSoft, Inc.) [File not signed]
HKU\S-1-5-21-171863584-1344761036-1501396969-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [29271224 2020-08-05] (Piriform Software Ltd -> Piriform Software Ltd)
HKLM\...\Windows x64\Print Processors\BJ Print Processor4: C:\Windows\System32\spool\prtprocs\x64\CNBPP4.DLL [84992 2011-08-30] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\Canon MP460 Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPD81.DLL [33792 2006-03-26] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\BJ Language Monitor4: C:\WINDOWS\system32\CNBLM4.DLL [267776 2011-08-30] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MP460: C:\WINDOWS\system32\CNMLM81.DLL [270848 2006-03-26] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.190\Installer\chrmstp.exe [2021-02-26] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {10A5D08C-A546-4F11-A804-5B6E327FD368} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [69304 2020-08-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {2B8AE2DF-141A-499E-8ED5-8942C8EDFA71} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4621920 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
Task: {4DDA2D29-E710-431E-9974-55860881DCF3} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1791712 2021-02-23] (Avast Software s.r.o. -> Avast Software)
Task: {82A1D4A8-B4B3-4E08-8C95-942A71177E6B} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-08-05] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {9FDB4347-3006-406C-A67B-A53830F706FF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [24770744 2020-08-05] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {BDA964E7-3938-4436-B645-C373452D6746} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\BIN64\InstallManagerApp.exe [468992 2019-04-16] (Advanced Micro Devices, Inc.) [File not signed]
Task: {CB0A471F-BF48-4B31-AA9E-412C18B565F0} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-08-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{84c748ad-5931-4452-a55c-9fae0836d652}: [DhcpNameServer] 192.168.0.1

Edge:
=======
DownloadDir: C:\Users\Pavel\Desktop
Edge HomeButtonPage: HKU\S-1-5-21-171863584-1344761036-1501396969-1001 -> hxxp://seznam.cz/
Edge DefaultProfile: Default
Edge Profile: C:\Users\Pavel\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-28]
Edge HomePage: Default -> hxxp://seznam.cz/
Edge StartupUrls: Default -> "hxxps://www.seznam.cz/"
Edge Profile: C:\Users\Pavel\AppData\Local\Microsoft\Edge\User Data\Guest Profile [2020-08-09]

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2021-02-12] [UpdateUrl:hxxps://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_465.dll [2020-12-09] (Adobe Inc. -> )
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_465.dll [2020-12-09] (Adobe Inc. -> )
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-02-20] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default [2021-02-28]
CHR Extension: (Prezentace) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-02-24]
CHR Extension: (Dokumenty) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-02-24]
CHR Extension: (Disk Google) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-02-24]
CHR Extension: (YouTube) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-02-24]
CHR Extension: (Tabulky) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-02-24]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2021-02-24]
CHR Extension: (Dokumenty Google offline) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-02-24]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-24]
CHR Extension: (Gmail) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-02-24]
CHR Extension: (Chrome Media Router) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-02-24]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-09] (Adobe Inc. -> Adobe)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [8477080 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [621728 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [58048 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
S2 gupdate1d6e1c264499a7b; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2021-01-03] (Google Inc -> Google Inc.)
S3 gupdatem1d6e1c2644c3149; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2021-01-03] (Google Inc -> Google Inc.)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [959752 2021-02-12] (McAfee, LLC -> McAfee, LLC)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12835096 2021-01-28] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [36792 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [208672 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [332880 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [247888 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [97360 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16832 2021-01-07] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42424 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [176384 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [108928 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84496 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [851256 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [468888 2021-01-08] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [214808 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [324904 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R3 huawei_enumerator; C:\WINDOWS\System32\drivers\ew_jubusenum.sys [86016 2011-01-30] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-26 12:41 - 2021-02-26 12:41 - 000001262 _____ C:\Users\Pavel\Desktop\Lightshot.lnk
2021-02-26 12:41 - 2021-02-26 12:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2021-02-26 12:41 - 2021-02-26 12:41 - 000000000 ____D C:\Program Files (x86)\Skillbrains
2021-02-24 20:20 - 2021-02-24 20:20 - 000000871 _____ C:\Users\Pavel\Desktop\JRT.txt
2021-02-24 20:16 - 2021-02-24 20:16 - 001790024 _____ (Malwarebytes) C:\Users\Pavel\Desktop\JRT.exe
2021-02-24 20:13 - 2021-02-24 20:13 - 000000000 ____D C:\Users\Pavel\AppData\Local\cache
2021-02-24 20:09 - 2021-02-24 20:09 - 000037736 _____ C:\Users\Pavel\Desktop\zoek-results.txt
2021-02-24 20:04 - 2021-02-24 19:43 - 000024064 _____ C:\WINDOWS\zoek-delete.exe
2021-02-24 19:43 - 2021-02-24 20:01 - 000000000 ____D C:\zoek_backup
2021-02-24 19:43 - 2020-12-22 09:14 - 000000000 ____D C:\Users\Pavel\Desktop\zoek
2021-02-23 17:14 - 2021-02-23 17:15 - 000037031 _____ C:\Users\Pavel\Desktop\Addition.txt
2021-02-23 16:50 - 2021-02-23 18:51 - 000006158 _____ C:\Users\Pavel\Desktop\Fixlog.txt
2021-02-23 12:36 - 2021-02-23 14:45 - 000003112 _____ C:\WINDOWS\system32\Tasks\AMDLinkUpdate
2021-02-22 19:01 - 2021-02-23 17:15 - 000024808 _____ C:\Users\Pavel\Desktop\FRST.txt
2021-02-21 20:03 - 2021-02-21 20:03 - 008463216 _____ (Malwarebytes) C:\Users\Pavel\Desktop\adwcleaner_8.1.exe
2021-02-21 15:51 - 2021-02-28 12:23 - 000000000 ____D C:\FRST
2021-02-21 15:46 - 2021-02-21 15:46 - 000000000 ____D C:\Program Files\trend micro
2021-02-21 15:45 - 2021-02-21 15:46 - 000000000 ____D C:\rsit
2021-02-19 20:42 - 2021-02-19 20:55 - 000000000 ____D C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome
2021-02-19 20:01 - 2021-02-19 20:01 - 000000000 ____D C:\Users\Pavel\AppData\LocalLow\Bigpoint
2021-02-19 20:00 - 2021-02-19 20:07 - 000000000 ____D C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bigpoint GmbH
2021-02-19 20:00 - 2021-02-19 20:07 - 000000000 ____D C:\Users\Pavel\AppData\Local\Farmerama
2021-02-19 19:57 - 2021-02-19 19:57 - 004284928 _____ (Pokki) C:\Users\Pavel\Downloads\PokkiInstaller.exe
2021-02-19 19:26 - 2021-02-20 20:20 - 000000000 ____D C:\Users\Pavel\AppData\Roaming\obs-studio
2021-02-19 19:26 - 2021-02-19 19:26 - 000001052 _____ C:\ProgramData\Desktop\OBS Studio.lnk
2021-02-19 19:26 - 2021-02-19 19:26 - 000000000 ____D C:\ProgramData\obs-studio-hook
2021-02-19 19:26 - 2021-02-19 19:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2021-02-19 19:26 - 2021-02-19 19:26 - 000000000 ____D C:\Program Files\obs-studio
2021-02-19 19:20 - 2021-02-19 19:21 - 075607864 _____ (obsproject.com) C:\Users\Pavel\Desktop\OBS-Studio-26.1.1-Full-Installer-x64.exe
2021-02-14 16:23 - 2021-02-14 16:23 - 000001112 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer.lnk
2021-02-14 16:23 - 2021-02-14 16:23 - 000001100 _____ C:\ProgramData\Desktop\TeamViewer.lnk
2021-02-14 16:22 - 2021-02-26 21:01 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-02-14 11:29 - 2021-02-14 11:29 - 029352480 _____ (TeamViewer Germany GmbH) C:\Users\Pavel\Desktop\TeamViewer_Setup1.exe
2021-02-12 14:16 - 2021-02-12 14:16 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-02-12 14:16 - 2021-02-12 14:16 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-02-12 14:16 - 2021-02-12 14:16 - 001314112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-02-12 14:16 - 2021-02-12 14:16 - 000010892 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-02-12 14:15 - 2021-02-12 14:15 - 000231232 _____ C:\WINDOWS\system32\containerdevicemanagement.dll

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-28 12:11 - 2020-11-10 16:37 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-02-28 12:11 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-02-28 07:46 - 2020-11-10 16:58 - 000004210 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{62F3AFFB-7B4D-4381-A384-3DD0A4C25656}
2021-02-27 18:54 - 2020-04-26 14:44 - 000002419 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-02-27 18:54 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-02-27 18:54 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-02-27 07:41 - 2020-01-18 16:19 - 000000000 ____D C:\ProgramData\AVAST Software
2021-02-26 22:20 - 2020-11-10 16:58 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-02-26 22:20 - 2020-11-10 16:37 - 000008192 ___SH C:\DumpStack.log.tmp
2021-02-26 22:19 - 2020-01-18 13:22 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2021-02-26 22:19 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-02-26 21:32 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-02-26 21:28 - 2020-01-19 10:09 - 000000000 ____D C:\Users\Pavel\AppData\Local\ElevatedDiagnostics
2021-02-26 21:18 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-02-26 13:37 - 2020-01-18 16:30 - 000000000 ____D C:\Users\Pavel\AppData\Local\D3DSCache
2021-02-26 12:39 - 2020-11-10 16:58 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-02-26 06:52 - 2020-02-08 19:37 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-02-23 16:50 - 2020-06-01 15:14 - 000000000 ____D C:\Users\Pavel\AppData\LocalLow\Temp
2021-02-23 15:42 - 2020-01-18 16:23 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-02-23 13:54 - 2020-11-10 06:43 - 000000000 ____D C:\Users\Pavel
2021-02-23 12:34 - 2020-11-10 16:37 - 000544128 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-02-22 17:17 - 2020-01-18 17:43 - 000000000 ____D C:\Users\Pavel\AppData\Roaming\TeamViewer
2021-02-22 16:00 - 2015-03-15 14:15 - 000000000 ____D C:\AdwCleaner
2021-02-22 15:58 - 2020-09-30 11:25 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-02-21 10:45 - 2020-11-11 16:37 - 000000000 ____D C:\Users\Pavel\Desktop\Vína 2019 na odesílání
2021-02-20 20:20 - 2020-03-15 13:18 - 000000000 ____D C:\Users\Pavel\AppData\Roaming\vlc
2021-02-20 11:39 - 2020-01-18 14:29 - 000000000 ____D C:\Users\Pavel\AppData\Local\AMD
2021-02-19 20:00 - 2021-01-05 19:25 - 000000000 ____D C:\Users\Pavel\AppData\Local\SquirrelTemp
2021-02-19 16:02 - 2021-01-07 18:39 - 000000000 ____D C:\Users\Pavel\AppData\Local\WhatsApp
2021-02-14 16:23 - 2020-01-18 17:43 - 000000000 ____D C:\Users\Pavel\AppData\Local\TeamViewer
2021-02-14 11:10 - 2020-01-24 13:42 - 000000000 ____D C:\Users\Pavel\AppData\Local\CrashDumps
2021-02-12 14:46 - 2020-11-10 16:53 - 001693136 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-02-12 14:46 - 2019-12-07 15:41 - 000716602 _____ C:\WINDOWS\system32\perfh005.dat
2021-02-12 14:46 - 2019-12-07 15:41 - 000144780 _____ C:\WINDOWS\system32\perfc005.dat
2021-02-12 14:39 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-02-12 14:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2021-02-12 14:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-02-12 14:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-02-12 14:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Keywords
2021-02-12 14:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-02-12 14:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-02-12 14:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-02-12 14:39 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-02-12 14:39 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2021-02-12 14:15 - 2015-03-07 15:40 - 000413690 __RSH C:\bootmgr
2021-02-12 14:00 - 2020-11-09 06:16 - 000000000 ___HD C:\$WinREAgent
2021-02-11 11:58 - 2020-11-30 06:34 - 000003490 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6b7792cc8d8ce
2021-02-11 11:58 - 2020-11-10 16:58 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-02-10 18:54 - 2020-01-18 16:26 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-02-10 18:51 - 2020-01-18 16:26 - 130141752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-02-05 20:04 - 2020-09-30 11:25 - 000734016 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll
2021-02-05 20:03 - 2020-09-30 11:25 - 000470848 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll
2021-02-03 19:43 - 2020-03-27 17:18 - 000000000 ____D C:\Users\Pavel\Desktop\FARMERAMA

==================== Files in the root of some directories ========

2020-01-19 10:31 - 2020-01-19 10:34 - 000000425 _____ () C:\Users\Pavel\AppData\Local\UserProducts.xml

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-02-2021
Ran by Pavel (28-02-2021 12:26:06)
Running from C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Windows 10 Home Version 2004 19041.804 (X64) (2020-11-10 15:59:02)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-171863584-1344761036-1501396969-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-171863584-1344761036-1501396969-503 - Limited - Disabled)
Guest (S-1-5-21-171863584-1344761036-1501396969-501 - Limited - Disabled)
Pavel (S-1-5-21-171863584-1344761036-1501396969-1001 - Administrator - Enabled) => C:\Users\Pavel
WDAGUtilityAccount (S-1-5-21-171863584-1344761036-1501396969-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 21.001.20140 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.465 - Adobe)
AIDA64 Extreme v5.80 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.80 - FinalWire Ltd.)
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2020.0821.1329.24282 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 19.4.3 - Advanced Micro Devices, Inc.)
ArcSoft PhotoStudio 5.5 (HKLM-x32\...\{85309D89-7BE9-4094-BB17-24999C6118FC}) (Version: - ArcSoft)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 20.10.2442 - Avast Software)
Branding64 (HKLM\...\{EE2AFCE4-0238-4DE0-A140-1647021627C1}) (Version: 1.00.0001 - Advanced Micro Devices, Inc.) Hidden
Canon MP Navigator 3.0 (HKLM-x32\...\MP Navigator 3.0) (Version: - )
Canon MP460 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP460) (Version: - )
Canon Utilities Easy-PhotoPrint (HKLM-x32\...\Easy-PhotoPrint) (Version: - )
Catalyst Control Center Next Localization BR (HKLM\...\{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{36EDC500-E4C0-371C-9865-08450415C1E9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4D1D5407-9B69-6422-629C-8518A26004A4}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.70 - Piriform)
Easy-WebPrint (HKLM-x32\...\Easy-WebPrint) (Version: - )
Farm sčot 2 verze 2.0.5 (HKLM-x32\...\Farm sčot 2_is1) (Version: 2.0.5 - ledni_prase)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.190 - Google LLC)
Huawei Drivers (HKLM-x32\...\{C82D8932-EB28-4da6-9582-33D515D46F04}) (Version: 4.22.19.00 - )
Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Lightshot-5.5.0.7 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.5.0.7 - Skillbrains)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.81 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.141.59 - )
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.21.27702 (HKLM-x32\...\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}) (Version: 14.21.27702.2 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.14.26429 (HKLM-x32\...\{2019b6a0-8533-4a04-ac0e-b2c10bdb9841}) (Version: 14.14.26429.4 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{dd8b09df-3ef8-49f1-bd1a-65278435860b}) (Version: 14.0.23217 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2017 (HKLM-x32\...\{5a7dc0ad-cdb2-43b5-8b82-f81065fe6092}) (Version: 15.0.26717 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2019 (HKLM-x32\...\{1edcd8d2-905a-4e93-bfdf-92ed5601528a}) (Version: 16.0.28801 - Microsoft Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 26.1.1 - OBS Project)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Registrace uživatele zařízení Canon MP460 (HKLM-x32\...\Registrace uživatele zařízení Canon MP460) (Version: - )
ScanSoft OmniPage SE 4.0 (HKLM-x32\...\{29D851C2-048C-4B5E-8D1F-25D473342BB5}) (Version: 15.00.0020 - ScanSoft, Inc.)
Skype verze 8.67 (HKLM-x32\...\Skype_is1) (Version: 8.67 - Skype Technologies S.A.)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.14.5 - TeamViewer)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.10 - VideoLAN)
WebAdvisor od společnosti McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.200 - McAfee, LLC)
WhatsApp (HKU\S-1-5-21-171863584-1344761036-1501396969-1001\...\WhatsApp) (Version: 2.2104.10 - WhatsApp)
WinRAR 5.80 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.80.0 - win.rar GmbH)

Packages:
=========
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-02-20] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-01-18] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-01-18] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-02-01] (Microsoft Studios) [MS Ad]
Microsoft Sudoku -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSudoku_2.2.10190.0_x64__8wekyb3d8bbwe [2020-11-08] (Microsoft Studios) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-15] (Netflix, Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-01-07] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-01-07] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-01-07] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2020-08-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-01-07] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\Farmerama CZ.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=jnpeofkdlnnommkelmjhmidjlmlffamm
ShortcutWithArgument: C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\Farmerama _ Zahraj si farmářskou hru zdarma online.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=gkkchoocmhpnakhkdlijecgadaengdll
ShortcutWithArgument: C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\Farmerama.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=gkkchoocmhpnakhkdlijecgadaengdll

==================== Loaded Modules (Whitelisted) =============

2020-07-14 17:32 - 2020-07-14 17:32 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 003567616 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2020-08-21 13:19 - 2020-08-21 13:19 - 001562624 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\WVR\OpenVR\bin\win64\driver_amdwvr.dll
2020-11-10 16:45 - 2020-11-10 16:45 - 000096256 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c\ATL80.DLL
2020-07-14 17:32 - 2020-07-14 17:32 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qgif.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000039424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qicns.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qico.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000413696 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qjpeg.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qsvg.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qtga.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwbmp.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000519168 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwebp.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 001431040 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\platforms\qwindows.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 001180672 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\sqldrivers\qsqlite.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000135680 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\styles\qwindowsvistastyle.dll
2020-08-21 13:28 - 2020-08-21 13:28 - 006010880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 006345216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 001078272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000313856 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 004000256 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 003802624 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000171008 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickControls2.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 001083904 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickTemplates2.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000205312 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Sql.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000329728 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000376320 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 092323328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000113152 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 005560832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000463360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000188416 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 002888704 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000053760 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000017408 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000287232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls.2\qtquickcontrols2plugin.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000329216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000136192 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000089088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000312320 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Templates.2\qtquicktemplates2plugin.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2020-08-21 13:28 - 2020-08-21 13:28 - 000085504 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtWebEngine\qtwebengineplugin.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\TiltWheelMouse.exe:$CmdTcID [64]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

SearchScopes: HKU\S-1-5-21-171863584-1344761036-1501396969-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2021-02-12] (McAfee, LLC -> McAfee, LLC)
BHO-x32: EWPBrowseObject Class -> {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} -> C:\Program Files (x86)\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-04-18] () [File not signed]
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2021-02-12] (McAfee, LLC -> McAfee, LLC)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 05:49 - 2021-02-24 19:45 - 000000753 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %C_EM64T_REDIST11%bin\Intel64;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-171863584-1344761036-1501396969-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "MouseDriver"
HKLM\...\StartupApproved\Run32: => "GrooveMonitor"
HKLM\...\StartupApproved\Run32: => "Lightshot"
HKLM\...\StartupApproved\Run32: => "OpwareSE4"
HKLM\...\StartupApproved\Run32: => "SSBkgdUpdate"
HKU\S-1-5-21-171863584-1344761036-1501396969-1001\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk"
HKU\S-1-5-21-171863584-1344761036-1501396969-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-171863584-1344761036-1501396969-1001\...\StartupApproved\Run: => "Skype for Desktop"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{B57B99DF-DE00-4308-8620-2BD2671F4724}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{CB1481B9-76F6-44EB-9339-3CFC39572756}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{F629E691-CA23-4983-81A2-36C16B2EA5D7}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B004A5FD-65CD-428A-9B40-6B669B444D3D}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0739A69E-3C18-4453-BFC0-EF6C2DC98DBF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{5CBC8850-6FD1-45D4-AEDB-E1A7B95707A6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{CAEB50F8-530F-4948-AD24-AD7FAA011BDF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{A95732F8-4943-4FB7-A6E0-F6E50972871A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{360896BA-B17F-4E16-9691-55D598739053}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

24-02-2021 19:44:59 zoek.exe restore point
24-02-2021 20:16:54 JRT Pre-Junkware Removal
26-02-2021 21:16:21 Instalační služba modulů systému Windows
26-02-2021 21:17:27 Instalační služba modulů systému Windows

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (02/26/2021 12:57:49 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Disk (F:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (02/26/2021 12:57:48 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Nový svazek (G:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (02/26/2021 12:57:48 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Uložiště (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (02/14/2021 11:10:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: TeamViewer.exe, verze: 15.1.3937.0, časové razítko: 0x5df7b883
Název chybujícího modulu: ntdll.dll, verze: 10.0.19041.804, časové razítko: 0x039874b8
Kód výjimky: 0xc0000005
Posun chyby: 0x000621d3
ID chybujícího procesu: 0x3064
Čas spuštění chybující aplikace: 0x01d702b9a22fcfc0
Cesta k chybující aplikaci: C:\Users\Pavel\AppData\Local\Temp\TeamViewer\TeamViewer.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
ID zprávy: 2165b6e8-bc70-4dcc-b502-a06050928d4c
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (02/13/2021 10:02:24 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program SearchApp.exe verze 10.0.19041.546 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 2148

Čas spuštění: 01d701453ddeb773

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

ID hlášení: 786399e5-5447-4a29-bd99-5556b4c7af0a

Úplný název balíčku s chybou: Microsoft.Windows.Search_1.14.0.19041_neutral_neutral_cw5n1h2txyewy

ID aplikace relativní podle balíčku s chybou: CortanaUI

Typ zablokování: Quiesce

Error: (02/12/2021 06:52:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program Microsoft.Photos.exe verze 2020.20110.11001.0 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 15c8

Čas spuštění: 01d70156d64f900a

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.20110.11001.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

ID hlášení: 78f255d1-39bd-412c-8d0f-983ccdebc571

Úplný název balíčku s chybou: Microsoft.Windows.Photos_2020.20110.11001.0_x64__8wekyb3d8bbwe

ID aplikace relativní podle balíčku s chybou: App

Typ zablokování: Quiesce

Error: (02/07/2021 10:15:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program Microsoft.Photos.exe verze 2020.20110.11001.0 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 3a04

Čas spuštění: 01d6fca67ccce810

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.20110.11001.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

ID hlášení: b2d846f7-b651-4c45-b174-7fd0115140ce

Úplný název balíčku s chybou: Microsoft.Windows.Photos_2020.20110.11001.0_x64__8wekyb3d8bbwe

ID aplikace relativní podle balíčku s chybou: App

Typ zablokování: Quiesce

Error: (02/06/2021 05:09:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program SearchApp.exe verze 10.0.19041.546 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 3188

Čas spuštění: 01d6fbb37d827bb4

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

ID hlášení: 6541ddf5-2522-4fb8-ad78-9672f82cedc3

Úplný název balíčku s chybou: Microsoft.Windows.Search_1.14.0.19041_neutral_neutral_cw5n1h2txyewy

ID aplikace relativní podle balíčku s chybou: CortanaUI

Typ zablokování: Quiesce


System errors:
=============
Error: (02/26/2021 05:04:02 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Služba DCOM zjistila chybu 1115 při pokusu o spuštění služby wuauserv s argumenty Není k dispozici za účelem spuštění serveru:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (02/26/2021 05:04:02 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Služba DCOM zjistila chybu 1115 při pokusu o spuštění služby wuauserv s argumenty Není k dispozici za účelem spuštění serveru:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (02/26/2021 05:04:02 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Služba DCOM zjistila chybu 1115 při pokusu o spuštění služby wuauserv s argumenty Není k dispozici za účelem spuštění serveru:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (02/25/2021 07:14:35 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-FFA105T)
Description: Server {FD06603A-2BDF-4BB1-B7DF-5DC68F353601} se v daném časovém limitu neregistroval u služby DCOM.

Error: (02/24/2021 07:59:55 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (02/24/2021 07:59:55 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (02/24/2021 07:59:54 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (02/24/2021 07:59:54 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.


CodeIntegrity:
===============
Date: 2021-02-28 12:22:34
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. V1.6 04/30/2010
Motherboard: MSI 890GXM-G65 (MS-7642)
Processor: AMD Phenom(tm) II X4 945 Processor
Percentage of memory in use: 41%
Total physical RAM: 8191.18 MB
Available physical RAM: 4823.43 MB
Total Virtual: 9658.66 MB
Available Virtual: 4812.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.12 GB) (Free:45.06 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Uložiště) (Fixed) (Total:486.38 GB) (Free:452.92 GB) NTFS
Drive f: (Disk) (Fixed) (Total:74.53 GB) (Free:67.71 GB) NTFS
Drive g: (Nový svazek) (Fixed) (Total:12.13 GB) (Free:11.31 GB) NTFS

\\?\Volume{2c1a3cdb-0000-0000-0000-f04d18000000}\ () (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 596.2 GB) (Disk ID: 2C1A3CDB)
Partition 1: (Active) - (Size=97.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
Partition 3: (Not Active) - (Size=486.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=12.1 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (Size: 74.5 GB) (Disk ID: 31D631D5)
Partition 1: (Not Active) - (Size=74.5 GB) - (Type=42)

==================== End of Addition.txt =======================

Odpovědět