VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Pridana pripona aeDbedBaEe

https://forum.viry.cz:443/viewtopic.php?t=157503

Stránka 1 z 1

Pridana pripona aeDbedBaEe

Napsal: 18 říj 2020 11:32
od Burian
Ahoj,
zjistil jsem, že některé soubory jsou přejmenované, lépe řečeno je tam přidané přípona *.*.aeDbedBaEe
Např. 2010-02-03_small.JPG.aeDbedBaEe
Kde může být problém?
Díky Buri

Re: Pridana pripona aeDbedBaEe

Napsal: 18 říj 2020 11:54
od Rudy
Zdravím!
Pravděpodobně jste si odněkud stáhl Ransomware, které soubory zašifrovalo. PC vám můžeme jen vyčistit od malware, ale nedešifrujeme vám zašifrované soubory. K tomu je třeba přímý přístup do PC, což nemáme právně ošetřeno. S tím se pak budete muset obrátit na naše kolegy: https://neslape.cz/?utm_campaign=neslap ... ium=banner . Dejte logy FRST+Addition: https://forum.viry.cz/viewtopic.php?f=13&t=154679 .

Re: Pridana pripona aeDbedBaEe

Napsal: 18 říj 2020 12:29
od Burian
Osobně si myslím, že už se mi před nějakým časem vir podařilo odstranit, přesto posílám logy v příloze (FRST.rar) a prosím o kontrolu.
Díky Buri

Re: Pridana pripona aeDbedBaEe

Napsal: 18 říj 2020 17:18
od Rudy
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

Re: Pridana pripona aeDbedBaEe

Napsal: 18 říj 2020 17:57
od Burian
Posílám log:

# -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build: 10-08-2020
# Database: 2020-09-29.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 10-18-2020
# Duration: 00:01:01
# OS: Windows 10 Home
# Cleaned: 136
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
Deleted C:\ProgramData\IObit\Advanced SystemCare
Deleted C:\Users\Marta\AppData\Roaming\IObit\Advanced SystemCare
Deleted C:\Users\admin\AppData\LocalLow\IObit\Advanced SystemCare
Deleted C:\Users\admin\AppData\Roaming\IObit\Advanced SystemCare
Deleted C:\Users\admin\AppData\Roaming\Tencent
Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare

***** [ Files ] *****

Deleted C:\END
Deleted C:\Users\Marta\AppData\Roaming\Mozilla\Firefox\Profiles\2gjxqwnv.default\invalidprefs.js
Deleted C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\usu81k2l.default-1473596935689\invalidprefs.js

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted C:\Windows\System32\Tasks\DRIVER BOOSTER SCHEDULER
Deleted C:\Windows\System32\Tasks\START DRIVER REVIVER CHECK DRIVER UPDATE
Deleted C:\Windows\System32\Tasks\START DRIVER REVIVER SCHEDULE
Deleted C:\Windows\System32\Tasks\START DRIVER REVIVER UPDATE

***** [ Registry ] *****

Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16DBB405-FD70-4D56-99B1-30FF4FEB79D}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{193BAC3F-4A8F-4A55-80F1-7E3551D9BD54}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2C2BF01-706E-4815-9694-E521666681EB}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{32B01CBF-F65-45AC-A85C-D74EF7E78CE2}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{34847EAB-785F-42BB-855C-380B981BD56}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{36D3F381-9DB4-4ED1-8D21-995EF07ED62}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3F58F2C5-AA62-46AA-9DE3-E6B55B689B41}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{41463A9-B726-4C04-A56E-FB745D29AE83}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{476D7357-5727-4811-85CB-E13FF6F0385E}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4913F1DD-E569-46ED-912F-EE413F5041A3}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4ABCA7AC-8081-48F0-BAF0-6B777FC85B0}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{534D06DC-6B1-4762-94D5-A4AC4CEC1028}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{53C83BC4-30F3-4B84-9E74-BE74C3CA19}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{55AFB91F-AF45-4AAD-89F0-9529B96B86C}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{57D3E179-2585-494A-BF4B-BEF7A54EAA42}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5D3F4C69-702F-4E41-8A32-10D64FE68616}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5D7E4E7D-FF73-4ED1-97DB-A6FD9F8D5982}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65F1B2E-7ADA-44C1-AE9D-617B397A54F}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{685A60EB-DBC5-4EFC-AEA0-6F268BA5917}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6C9898D4-7123-45B8-8432-81BCC16816}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6EDB4DBF-6976-4DA9-9033-A5D7294620ED}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{71203C94-B6BF-40DA-9312-A9B1CAF6BEF}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74E38BAC-69B9-4AFB-BA92-9323792611}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{75D7A6C5-B27A-4BA6-A2BE-9305C7F6B71}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{768872CF-F1FD-40D4-ABAD-F2F583948F54}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{76D89B72-B31-45D2-8688-7E1D5CC445F5}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{777E29B8-E35C-48CB-A692-69BF656C98F}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7796D2D6-461C-43E3-ACB5-67A38CFF9D9D}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78D2CE05-AC3B-4FA4-8E21-8019CD8417F}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78ECBA9C-E764-41D3-A1CE-BFF97851B44}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{791C46A3-E5DC-4D54-9552-DD5DE6403D9}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7E8E0562-EECD-468C-B7D1-C0372EACEB6F}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{816D6B5A-D0FC-451F-91B0-C7282DC35BAD}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{88E170CD-92C1-41F7-B4F7-1BE82BFA579}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9752B7F6-C64E-4C11-BBF5-52AA949EBDD1}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9A63F55F-FAC0-4036-9258-9311DB7EC87}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9BDBE0C6-D66D-4578-B0F8-95CA918AF448}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A0215748-C568-4D44-89C4-61ABA8568110}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A04E8F33-BCE1-49C3-9524-92FADA21EA3}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A4015C0E-AED-4839-8782-211732B46FEE}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A7D58F1C-9537-4595-A16F-55774DC54332}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A84D2E5B-A7DD-4370-BF38-717A423A97C}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A8C2B897-B502-4F0B-85D4-AE5B1DB55D72}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B50F486-1537-4768-B9FC-53C3FAF0C6CE}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B9555346-4196-4BFA-B97-593C1AAF926E}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BBA4F74D-C4D4-4E27-8022-16FF3DFCEF8E}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BF7CDEA-4FAB-4401-A6AA-463121AD9E72}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C082F9F2-37C8-40D6-BE3-1F2CE99F56A7}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CA1703D1-FE9-454C-AFB1-319A38644E7F}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CA49814C-52A-4E11-B5A7-F19252FAD6F0}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CC7237FD-B696-462A-8171-C92196A1448F}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CDA7EC03-94B5-4BE4-9661-3BA83923C5E9}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CDF28395-ED10-44A6-A5F-E4DB4A77FDF3}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CDF6F051-7E54-4059-96AB-6371888A634F}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CE17B359-FF75-4EED-AB86-A7D56DBD76FF}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CE6E384-3010-48E1-9649-9D19A4BD4D50}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CF9D3F51-2103-4AA4-8452-DC269BB236A5}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFB1A1E6-FC5E-4796-96CE-26BCB0A5C4C0}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D0CF8A56-B7CC-460C-8C86-3E53244D9B77}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D963775E-5942-4BA0-8B49-34AEE437979F}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DB2349E-39F7-4A4E-B7D9-9334C4219A1}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DECABB55-B0A9-4E59-9BE1-F75A5968384}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DEEEC496-6A7F-43F6-B546-6296B2F64239}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E909CCF5-1297-415D-96F7-CAE114CCB24}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EB7060F1-95C-4564-BBA9-ABEC704219E6}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EE1E6DF9-92C9-4328-8B16-27B6D3F5A341}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EFA8E318-FDCF-4F9E-A69F-84FD42989D34}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F071CEC5-9A39-4EC2-86A-E0484B7FF54}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F7C422A2-377C-43BA-BA9C-7E37A8BB57AD}
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FA13E3C8-1379-4416-9BFC-533D4876331B}
Deleted HKCU\Software\Classes\TornTvDownloader.File
Deleted HKCU\Software\IObit\Advanced SystemCare
Deleted HKCU\Software\PRODUCTSETUP
Deleted HKCU\Software\UpdateStar
Deleted HKCU\Software\csastats
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{477833B6-5E7E-4157-B203-FC56AF48290F}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{84DBED7A-8E2F-4A44-8500-70F2314089F7}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FCF140BE-09B4-46EB-A3DC-CDAA6C4E4DA1}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{477833B6-5E7E-4157-B203-FC56AF48290F}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84DBED7A-8E2F-4A44-8500-70F2314089F7}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F94C9FF0-F8AB-4A2B-B6F9-A7121BF63D64}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FCF140BE-09B4-46EB-A3DC-CDAA6C4E4DA1}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scheduler
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\START DRIVER REVIVER CHECK DRIVER UPDATE
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Start Driver Reviver Schedule
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Start Driver Reviver Update
Deleted HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\DriverUpdaterPro
Deleted HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\MacDrive 8 application
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Driver Reviver
Deleted HKLM\Software\Wow6432Node\IOBIT\ASC
Deleted HKLM\Software\Wow6432Node\IObit\Advanced SystemCare
Deleted HKLM\Software\Wow6432Node\IObit\RealTimeProtector
Deleted HKLM\Software\Wow6432Node\\Google\Chrome\NativeMessagingHosts\com.ascplugin.protect
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION|AndroidServer.exe
Deleted HKLM\System\Setup\FirstBoot\Services\ST2012_Svc

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted Preinstalled.HPMediaSmart Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{01FB4998-33C4-4431-85ED-079E3EEFE75D}
Deleted Preinstalled.LenovoEasyCamera Registry HKLM\Software\Sunplus SPUVCb
Deleted Preinstalled.LenovoEasyCamera Registry HKU\.DEFAULT\Software\Sunplus SPUVCb
Deleted Preinstalled.LenovoEasyCamera Registry HKU\S-1-5-18\Software\Sunplus SPUVCb
Deleted Preinstalled.LenovoEnergyManagement Folder C:\Program Files (x86)\LENOVO\ENERGY MANAGEMENT
Deleted Preinstalled.LenovoEnergyManagement Folder C:\Users\Marta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LENOVO\ENERGY MANAGEMENT
Deleted Preinstalled.LenovoEnergyManagement Folder C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LENOVO\ENERGY MANAGEMENT
Deleted Preinstalled.LenovoEnergyManagement Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Energy Management
Deleted Preinstalled.LenovoEnergyManagement Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|EnergyUtility
Deleted Preinstalled.LenovoEnergyManagement Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}
Deleted Preinstalled.LenovoEnergyManagement Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{D0956C11-0F60-43FE-99AD-524E833471BB}
Deleted Preinstalled.LenovoEnergyManager Folder C:\Program Files (x86)\LENOVO\ENERGY MANAGER
Deleted Preinstalled.LenovoEnergyManager Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LENOVO\ENERGY MANAGER
Deleted Preinstalled.LenovoEnergyManager Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Lenovo Utility
Deleted Preinstalled.LenovoEnergyManager Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}
Deleted Preinstalled.LenovoEnergyManager Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{AC768037-7079-4658-AC24-2897650E0ABE}
Deleted Preinstalled.LenovoIMController Folder C:\ProgramData\LENOVO\IMCONTROLLER
Deleted Preinstalled.LenovoIMController Folder C:\Users\Marta\AppData\Local\LENOVO\IMCONTROLLER
Deleted Preinstalled.LenovoIMController Folder C:\Users\admin\AppData\Local\LENOVO\IMCONTROLLER
Deleted Preinstalled.LenovoIMController Folder C:\Windows\LENOVO\IMCONTROLLER
Deleted Preinstalled.LenovoIMController Folder C:\Windows\System32\Tasks\LENOVO\IMCONTROLLER
Deleted Preinstalled.LenovoIMController Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo Dependency Package_is1
Deleted Preinstalled.LenovoPower2Go Folder C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LENOVO\POWER2GO
Deleted Preinstalled.LenovoPower2Go Folder C:\Users\Marta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LENOVO\POWER2GO
Deleted Preinstalled.LenovoYouCam Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|YouCam Mirage
Deleted Preinstalled.LenovoYouCam Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|YouCam Tray
Deleted Preinstalled.SamsungSmartSwitch Folder C:\Users\admin\AppData\Roaming\SAMSUNG\SMART SWITCH PC


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [18466 octets] - [18/10/2020 18:46:35]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Re: Pridana pripona aeDbedBaEe

Napsal: 18 říj 2020 18:54
od Rudy
Dejte nové logy FRST+Addition.

Re: Pridana pripona aeDbedBaEe

Napsal: 18 říj 2020 19:25
od Burian
Posílám v příloze.

Re: Pridana pripona aeDbedBaEe

Napsal: 18 říj 2020 20:15
od Rudy
Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [710264 2020-06-18] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
HKLM\Software\...\Authentication\Credential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] ->
GroupPolicy: Restriction ? <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {2B49CA2E-82B5-4EEE-A746-8CE7C780AE72} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> No File <==== ATTENTION
Task: {2BA82528-82CE-430D-A700-979E70012758} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {2C8DBB3B-41A6-4603-91E5-0FEEB137F0D8} - \Lenovo\ImController\TimeBasedEvents\372ea573-272b-4d15-b3b9-42ae8eeb061c -> No File <==== ATTENTION
Task: {39A84A61-9CCF-4EAB-A4BE-9DB2CFF82017} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {46B4AC8D-CD89-4C95-B578-3B6AFE9EE5A8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {47423429-0B0C-4597-BBD8-A85920D07DA9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {51A0B67E-A550-44C0-8C8E-724C83A3C2F6} - \Lenovo\ImController\TimeBasedEvents\36e6ab48-d4d0-42c2-b681-9896af5f1e26 -> No File <==== ATTENTION
Task: {52AC4213-F335-4F31-A8AC-03A6244BF078} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {5F5869E0-1537-4CDD-9774-86855C88FAB8} - System32\Tasks\GoogleUpdateTaskMachineUA1cf4f1341741280 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
Task: {61147F08-63F1-4DCA-911A-230DDA31759B} - System32\Tasks\GoogleUpdateTaskMachineUA1d08f4f5dc08c6b => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
Task: {6A029161-E29C-452D-8DCE-730674911828} - System32\Tasks\GoogleUpdateTaskMachineUA1d0f390e18b8d87 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
Task: {6D1B4A79-3FB4-45E5-AFD5-C42A3923CF33} - \Lenovo\ImController\TimeBasedEvents\fc20c70b-8b7f-4817-8ed4-fd9edaa79dbf -> No File <==== ATTENTION
Task: {902A660D-0328-4D1C-8DF0-34C9FA550F12} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {92816FB4-B7F5-43F0-9A85-27FF1C6D6484} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {95A54D3D-1FF4-43F2-9F7D-3C489FDE631D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {9F4F1272-B0B7-47DA-A3CE-5DE8997F7101} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {AC0D9382-A21E-4F5C-B4BF-00EF37CF0AAB} - \Lenovo\ImController\TimeBasedEvents\d538ed94-c936-4c22-bd10-dee0f803e870 -> No File <==== ATTENTION
Task: {AF9A580B-42E2-4ADA-82D5-A0A0302F5315} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {B45BCD4B-AF8C-4EA6-9F9D-2C22CD72F9E6} - \Lenovo\ImController\Lenovo iM Controller Monitor -> No File <==== ATTENTION
Task: {C20051F6-C97C-4F48-A0D8-D185050ABF5D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {C32EBB4D-7DF3-4777-A050-3BDF140A4F51} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {C7C0405E-3715-4DFC-B70A-5C96AD757FC5} - \Safer-Networking\Spybot - Search and Destroy\Refresh immunization -> No File <==== ATTENTION
Task: {C8100CF0-9F59-4BE0-9D3A-0AB8A22C9645} - System32\Tasks\GoogleUpdateTaskMachineUA1d04200dc818326 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
Task: {D14AEFB3-F6AB-49B0-B610-32B6F50B96F1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D6A3BFE0-5CAD-4089-97C0-615D1DFD62F5} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> No File <==== ATTENTION
Task: {D85C4A94-6213-4DDD-A36D-99701FDC6ECB} - System32\Tasks\GoogleUpdateTaskMachineUA1d0e331d4848623 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
Task: {E9029D18-F542-4E8A-A784-6A4372A17C30} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> No File <==== ATTENTION
Task: {EE1FA67C-3775-4183-9026-4D802DD705B6} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> No File <==== ATTENTION
Task: {F424A029-2267-4A21-A197-D2F86435771A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf4f1341741280.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d04200dc818326.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d08f4f5dc08c6b.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d0e331d4848623.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
U4 aspnet_state; no ImagePath
C:\WINDOWS\LastGood.Tmp
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA1d0f390e18b8d87
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore1d0f390e10b0338
C:\ProgramData\KMSTools.exe
C:\Program Files (x86)\GUT76E9.tmp
C:\WINDOWS\SysWOW64\version_IObitDel.dll [2020-09-27] <==== ATTENTION (zero byte File/Folder)
C:\WINDOWS\system32\npjp2.dll [2014-05-28] <==== ATTENTION (zero byte File/Folder)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\ProgramData\Temp:0E5CFA74 [116]
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\Temp:689AB7E9 [134]
AlternateDataStreams: C:\ProgramData\Temp:87C79266 [134]
AlternateDataStreams: C:\ProgramData\Temp:C5760A8B [290]
AlternateDataStreams: C:\ProgramData\Temp:C8B702FF [149]
AlternateDataStreams: C:\ProgramData\Temp:F6E5C7FB [111]
BHO: No Name -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> No File
Toolbar: HKU\S-1-5-21-2003990707-279457667-3181234942-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FirewallRules: [{82740B71-1847-41BA-A07C-D05DF1B88D44}] => (Allow) C:\ProgramData\Programs\AAct Network v1.1.0 Portable\AAct_Network_x64.exe => No File
FirewallRules: [{5964BEF4-56D7-404F-B0F6-1BF698B045FE}] => (Allow) C:\ProgramData\Programs\AAct Network v1.1.0 Portable\AAct_Network_x64.exe => No File
FirewallRules: [{E2EE9EA4-985F-4923-B89E-AD133EE4857C}] => (Allow) C:\Driver\DriverEasy\DriverEasy.exe => No File
FirewallRules: [{CB4E883A-CCA7-4A8D-BF38-9738AE601B39}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe => No File
FirewallRules: [{1E18C231-3996-492B-A8AF-8F8B3B57C2BD}] => (Allow) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe => No File
FirewallRules: [{B7A0B4CC-191A-40FA-A9B5-7BB5D57D26BC}] => (Allow) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe => No File
FirewallRules: [{9022533E-666F-48BE-AFA3-72EDE068A4A8}] => (Allow) C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe => No File
FirewallRules: [{0F7BED60-962F-463A-BED6-569A025E55F6}] => (Allow) C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe => No File
FirewallRules: [{3AE76F9F-7658-4389-9BAF-1A3911568FF4}] => (Allow) C:\Prehravace\PowerDVD\PowerDVD12\PowerDVD12.exe => No File
FirewallRules: [{01089DFF-820D-406C-B004-6DC539575FB7}] => (Allow) C:\Prehravace\PowerDVD\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe => No File
FirewallRules: [{6921FF52-3DD5-452F-B4FF-DE46563F3F2A}] => (Allow) C:\Prehravace\PowerDVD\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe => No File
FirewallRules: [{73620CE9-A109-4810-B34E-10441487FB0C}] => (Allow) C:\Prehravace\PowerDVD\PowerDVD12\PowerDVD12Agent.exe => No File
FirewallRules: [{01F68136-4238-4B52-979A-5E09AE720EEE}] => (Allow) C:\Prehravace\PowerDVD\PowerDVD12\PowerDVD12ML.exe => No File
FirewallRules: [{216DE3B1-9D48-45FB-9A14-E14C4AD1357C}] => (Allow) C:\Prehravace\PowerDVD\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe => No File
H:\Na vypaleni\Antiviry\TNod-1.6.4.1-beta-setup.exe
C:\Stazeno\Temp\TNod-1.7.0.0-beta-setup.exe

EmptyTemp:
Hosts:
End
Uložte do C:\Users\admin\OneDrive - edrive\Desktop jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: Pridana pripona aeDbedBaEe

Napsal: 18 říj 2020 20:44
od Burian
Fix result of Farbar Recovery Scan Tool (x64) Version: 14-10-2020
Ran by admin (18-10-2020 21:35:43) Run:1
Running from C:\Users\admin\OneDrive - edrive\Desktop
Loaded Profiles: admin
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [710264 2020-06-18] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
HKLM\Software\...\Authentication\Credential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] ->
GroupPolicy: Restriction ? <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {2B49CA2E-82B5-4EEE-A746-8CE7C780AE72} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> No File <==== ATTENTION
Task: {2BA82528-82CE-430D-A700-979E70012758} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {2C8DBB3B-41A6-4603-91E5-0FEEB137F0D8} - \Lenovo\ImController\TimeBasedEvents\372ea573-272b-4d15-b3b9-42ae8eeb061c -> No File <==== ATTENTION
Task: {39A84A61-9CCF-4EAB-A4BE-9DB2CFF82017} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {46B4AC8D-CD89-4C95-B578-3B6AFE9EE5A8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {47423429-0B0C-4597-BBD8-A85920D07DA9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {51A0B67E-A550-44C0-8C8E-724C83A3C2F6} - \Lenovo\ImController\TimeBasedEvents\36e6ab48-d4d0-42c2-b681-9896af5f1e26 -> No File <==== ATTENTION
Task: {52AC4213-F335-4F31-A8AC-03A6244BF078} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {5F5869E0-1537-4CDD-9774-86855C88FAB8} - System32\Tasks\GoogleUpdateTaskMachineUA1cf4f1341741280 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
Task: {61147F08-63F1-4DCA-911A-230DDA31759B} - System32\Tasks\GoogleUpdateTaskMachineUA1d08f4f5dc08c6b => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
Task: {6A029161-E29C-452D-8DCE-730674911828} - System32\Tasks\GoogleUpdateTaskMachineUA1d0f390e18b8d87 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
Task: {6D1B4A79-3FB4-45E5-AFD5-C42A3923CF33} - \Lenovo\ImController\TimeBasedEvents\fc20c70b-8b7f-4817-8ed4-fd9edaa79dbf -> No File <==== ATTENTION
Task: {902A660D-0328-4D1C-8DF0-34C9FA550F12} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {92816FB4-B7F5-43F0-9A85-27FF1C6D6484} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {95A54D3D-1FF4-43F2-9F7D-3C489FDE631D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {9F4F1272-B0B7-47DA-A3CE-5DE8997F7101} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {AC0D9382-A21E-4F5C-B4BF-00EF37CF0AAB} - \Lenovo\ImController\TimeBasedEvents\d538ed94-c936-4c22-bd10-dee0f803e870 -> No File <==== ATTENTION
Task: {AF9A580B-42E2-4ADA-82D5-A0A0302F5315} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {B45BCD4B-AF8C-4EA6-9F9D-2C22CD72F9E6} - \Lenovo\ImController\Lenovo iM Controller Monitor -> No File <==== ATTENTION
Task: {C20051F6-C97C-4F48-A0D8-D185050ABF5D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {C32EBB4D-7DF3-4777-A050-3BDF140A4F51} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {C7C0405E-3715-4DFC-B70A-5C96AD757FC5} - \Safer-Networking\Spybot - Search and Destroy\Refresh immunization -> No File <==== ATTENTION
Task: {C8100CF0-9F59-4BE0-9D3A-0AB8A22C9645} - System32\Tasks\GoogleUpdateTaskMachineUA1d04200dc818326 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
Task: {D14AEFB3-F6AB-49B0-B610-32B6F50B96F1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D6A3BFE0-5CAD-4089-97C0-615D1DFD62F5} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> No File <==== ATTENTION
Task: {D85C4A94-6213-4DDD-A36D-99701FDC6ECB} - System32\Tasks\GoogleUpdateTaskMachineUA1d0e331d4848623 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
Task: {E9029D18-F542-4E8A-A784-6A4372A17C30} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> No File <==== ATTENTION
Task: {EE1FA67C-3775-4183-9026-4D802DD705B6} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> No File <==== ATTENTION
Task: {F424A029-2267-4A21-A197-D2F86435771A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf4f1341741280.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d04200dc818326.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d08f4f5dc08c6b.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d0e331d4848623.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
U4 aspnet_state; no ImagePath
C:\WINDOWS\LastGood.Tmp
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA1d0f390e18b8d87
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore1d0f390e10b0338
C:\ProgramData\KMSTools.exe
C:\Program Files (x86)\GUT76E9.tmp
C:\WINDOWS\SysWOW64\version_IObitDel.dll [2020-09-27] <==== ATTENTION (zero byte File/Folder)
C:\WINDOWS\system32\npjp2.dll [2014-05-28] <==== ATTENTION (zero byte File/Folder)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\ProgramData\Temp:0E5CFA74 [116]
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\Temp:689AB7E9 [134]
AlternateDataStreams: C:\ProgramData\Temp:87C79266 [134]
AlternateDataStreams: C:\ProgramData\Temp:C5760A8B [290]
AlternateDataStreams: C:\ProgramData\Temp:C8B702FF [149]
AlternateDataStreams: C:\ProgramData\Temp:F6E5C7FB [111]
BHO: No Name -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> No File
Toolbar: HKU\S-1-5-21-2003990707-279457667-3181234942-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FirewallRules: [{82740B71-1847-41BA-A07C-D05DF1B88D44}] => (Allow) C:\ProgramData\Programs\AAct Network v1.1.0 Portable\AAct_Network_x64.exe => No File
FirewallRules: [{5964BEF4-56D7-404F-B0F6-1BF698B045FE}] => (Allow) C:\ProgramData\Programs\AAct Network v1.1.0 Portable\AAct_Network_x64.exe => No File
FirewallRules: [{E2EE9EA4-985F-4923-B89E-AD133EE4857C}] => (Allow) C:\Driver\DriverEasy\DriverEasy.exe => No File
FirewallRules: [{CB4E883A-CCA7-4A8D-BF38-9738AE601B39}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe => No File
FirewallRules: [{1E18C231-3996-492B-A8AF-8F8B3B57C2BD}] => (Allow) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe => No File
FirewallRules: [{B7A0B4CC-191A-40FA-A9B5-7BB5D57D26BC}] => (Allow) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe => No File
FirewallRules: [{9022533E-666F-48BE-AFA3-72EDE068A4A8}] => (Allow) C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe => No File
FirewallRules: [{0F7BED60-962F-463A-BED6-569A025E55F6}] => (Allow) C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe => No File
FirewallRules: [{3AE76F9F-7658-4389-9BAF-1A3911568FF4}] => (Allow) C:\Prehravace\PowerDVD\PowerDVD12\PowerDVD12.exe => No File
FirewallRules: [{01089DFF-820D-406C-B004-6DC539575FB7}] => (Allow) C:\Prehravace\PowerDVD\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe => No File
FirewallRules: [{6921FF52-3DD5-452F-B4FF-DE46563F3F2A}] => (Allow) C:\Prehravace\PowerDVD\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe => No File
FirewallRules: [{73620CE9-A109-4810-B34E-10441487FB0C}] => (Allow) C:\Prehravace\PowerDVD\PowerDVD12\PowerDVD12Agent.exe => No File
FirewallRules: [{01F68136-4238-4B52-979A-5E09AE720EEE}] => (Allow) C:\Prehravace\PowerDVD\PowerDVD12\PowerDVD12ML.exe => No File
FirewallRules: [{216DE3B1-9D48-45FB-9A14-E14C4AD1357C}] => (Allow) C:\Prehravace\PowerDVD\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe => No File
H:\Na vypaleni\Antiviry\TNod-1.6.4.1-beta-setup.exe
C:\Stazeno\Temp\TNod-1.7.0.0-beta-setup.exe

EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{503739d0-4c5e-4cfd-b3ba-d881334f0df2}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{50968FF7-10C1-4fb3-98B0-CD654D6CB97E} => removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2B49CA2E-82B5-4EEE-A746-8CE7C780AE72}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B49CA2E-82B5-4EEE-A746-8CE7C780AE72}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Scan the system" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2BA82528-82CE-430D-A700-979E70012758}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2BA82528-82CE-430D-A700-979E70012758}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2C8DBB3B-41A6-4603-91E5-0FEEB137F0D8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C8DBB3B-41A6-4603-91E5-0FEEB137F0D8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\372ea573-272b-4d15-b3b9-42ae8eeb061c" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{39A84A61-9CCF-4EAB-A4BE-9DB2CFF82017}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{39A84A61-9CCF-4EAB-A4BE-9DB2CFF82017}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{46B4AC8D-CD89-4C95-B578-3B6AFE9EE5A8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46B4AC8D-CD89-4C95-B578-3B6AFE9EE5A8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{47423429-0B0C-4597-BBD8-A85920D07DA9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47423429-0B0C-4597-BBD8-A85920D07DA9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{51A0B67E-A550-44C0-8C8E-724C83A3C2F6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51A0B67E-A550-44C0-8C8E-724C83A3C2F6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\36e6ab48-d4d0-42c2-b681-9896af5f1e26" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{52AC4213-F335-4F31-A8AC-03A6244BF078}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52AC4213-F335-4F31-A8AC-03A6244BF078}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5F5869E0-1537-4CDD-9774-86855C88FAB8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F5869E0-1537-4CDD-9774-86855C88FAB8}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1cf4f1341741280 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA1cf4f1341741280" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{61147F08-63F1-4DCA-911A-230DDA31759B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61147F08-63F1-4DCA-911A-230DDA31759B}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1d08f4f5dc08c6b => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA1d08f4f5dc08c6b" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6A029161-E29C-452D-8DCE-730674911828}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A029161-E29C-452D-8DCE-730674911828}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1d0f390e18b8d87 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA1d0f390e18b8d87" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6D1B4A79-3FB4-45E5-AFD5-C42A3923CF33}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D1B4A79-3FB4-45E5-AFD5-C42A3923CF33}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\fc20c70b-8b7f-4817-8ed4-fd9edaa79dbf" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{902A660D-0328-4D1C-8DF0-34C9FA550F12}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{902A660D-0328-4D1C-8DF0-34C9FA550F12}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{92816FB4-B7F5-43F0-9A85-27FF1C6D6484}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92816FB4-B7F5-43F0-9A85-27FF1C6D6484}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{95A54D3D-1FF4-43F2-9F7D-3C489FDE631D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{95A54D3D-1FF4-43F2-9F7D-3C489FDE631D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9F4F1272-B0B7-47DA-A3CE-5DE8997F7101}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F4F1272-B0B7-47DA-A3CE-5DE8997F7101}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC0D9382-A21E-4F5C-B4BF-00EF37CF0AAB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC0D9382-A21E-4F5C-B4BF-00EF37CF0AAB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\d538ed94-c936-4c22-bd10-dee0f803e870" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AF9A580B-42E2-4ADA-82D5-A0A0302F5315}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF9A580B-42E2-4ADA-82D5-A0A0302F5315}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B45BCD4B-AF8C-4EA6-9F9D-2C22CD72F9E6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B45BCD4B-AF8C-4EA6-9F9D-2C22CD72F9E6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Lenovo iM Controller Monitor" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C20051F6-C97C-4F48-A0D8-D185050ABF5D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C20051F6-C97C-4F48-A0D8-D185050ABF5D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C32EBB4D-7DF3-4777-A050-3BDF140A4F51}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C32EBB4D-7DF3-4777-A050-3BDF140A4F51}" => removed successfully
C:\WINDOWS\System32\Tasks\USER_ESRV_SVC_QUEENCREEK => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\USER_ESRV_SVC_QUEENCREEK" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C7C0405E-3715-4DFC-B70A-5C96AD757FC5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7C0405E-3715-4DFC-B70A-5C96AD757FC5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Refresh immunization" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C8100CF0-9F59-4BE0-9D3A-0AB8A22C9645}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C8100CF0-9F59-4BE0-9D3A-0AB8A22C9645}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1d04200dc818326 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA1d04200dc818326" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D14AEFB3-F6AB-49B0-B610-32B6F50B96F1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D14AEFB3-F6AB-49B0-B610-32B6F50B96F1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D6A3BFE0-5CAD-4089-97C0-615D1DFD62F5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D6A3BFE0-5CAD-4089-97C0-615D1DFD62F5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D85C4A94-6213-4DDD-A36D-99701FDC6ECB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D85C4A94-6213-4DDD-A36D-99701FDC6ECB}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1d0e331d4848623 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA1d0e331d4848623" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E9029D18-F542-4E8A-A784-6A4372A17C30}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9029D18-F542-4E8A-A784-6A4372A17C30}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EE1FA67C-3775-4183-9026-4D802DD705B6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE1FA67C-3775-4183-9026-4D802DD705B6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Check for updates" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F424A029-2267-4A21-A197-D2F86435771A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F424A029-2267-4A21-A197-D2F86435771A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf4f1341741280.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d04200dc818326.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d08f4f5dc08c6b.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d0e331d4848623.job => moved successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
HKLM\System\CurrentControlSet\Services\aspnet_state => removed successfully
aspnet_state => service removed successfully
C:\WINDOWS\LastGood.Tmp => moved successfully
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA1d0f390e18b8d87" => not found
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore1d0f390e10b0338 => moved successfully
C:\ProgramData\KMSTools.exe => moved successfully
C:\Program Files (x86)\GUT76E9.tmp => moved successfully
"C:\WINDOWS\SysWOW64\version_IObitDel.dll [2020-09-27] <==== ATTENTION (zero byte File\Folder)" => not found
"C:\WINDOWS\system32\npjp2.dll [2014-05-28] <==== ATTENTION (zero byte File\Folder)" => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
C:\ProgramData\Reprise => ":wupeogjxlctlfudivq`qsp`28hfm" ADS removed successfully
C:\ProgramData\Temp => ":0E5CFA74" ADS removed successfully
C:\ProgramData\Temp => ":2CB9631F" ADS removed successfully
C:\ProgramData\Temp => ":689AB7E9" ADS removed successfully
C:\ProgramData\Temp => ":87C79266" ADS removed successfully
C:\ProgramData\Temp => ":C5760A8B" ADS removed successfully
C:\ProgramData\Temp => ":C8B702FF" ADS removed successfully
C:\ProgramData\Temp => ":F6E5C7FB" ADS removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} => removed successfully
"HKU\S-1-5-21-2003990707-279457667-3181234942-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{82740B71-1847-41BA-A07C-D05DF1B88D44}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5964BEF4-56D7-404F-B0F6-1BF698B045FE}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E2EE9EA4-985F-4923-B89E-AD133EE4857C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CB4E883A-CCA7-4A8D-BF38-9738AE601B39}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1E18C231-3996-492B-A8AF-8F8B3B57C2BD}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B7A0B4CC-191A-40FA-A9B5-7BB5D57D26BC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9022533E-666F-48BE-AFA3-72EDE068A4A8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0F7BED60-962F-463A-BED6-569A025E55F6}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3AE76F9F-7658-4389-9BAF-1A3911568FF4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{01089DFF-820D-406C-B004-6DC539575FB7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6921FF52-3DD5-452F-B4FF-DE46563F3F2A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{73620CE9-A109-4810-B34E-10441487FB0C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{01F68136-4238-4B52-979A-5E09AE720EEE}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{216DE3B1-9D48-45FB-9A14-E14C4AD1357C}" => removed successfully
"H:\Na vypaleni\Antiviry\TNod-1.6.4.1-beta-setup.exe" => not found
"C:\Stazeno\Temp\TNod-1.7.0.0-beta-setup.exe" => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 10248192 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 22157971 B
Java, Flash, Steam htmlcache => 291 B
Windows/system/drivers => 5453613 B
Edge => 0 B
Chrome => 451155893 B
Firefox => 17584165 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 45858 B
Users => 45858 B
ProgramData => 45858 B
Public => 45858 B
systemprofile => 45858 B
systemprofile32 => 45858 B
LocalService => 81434 B
NetworkService => 65266652 B
Marta => 65792602 B
admin => 117647989 B

RecycleBin => 573248341 B
EmptyTemp: => 1.2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:38:18 ====

Re: Pridana pripona aeDbedBaEe

Napsal: 18 říj 2020 20:58
od Rudy
Smazáno, log je již OK. Zbývá dešifrovat soubory (obraťte se na odkaz uvedený v mém 1. příspěvku), nebo je obnovte ze zálohy (pokud ji máte).

Re: Pridana pripona aeDbedBaEe

Napsal: 18 říj 2020 21:04
od Burian
Děkuji
Buri

Re: Pridana pripona aeDbedBaEe

Napsal: 19 říj 2020 09:30
od Rudy
Rádo se stalo! :)
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz