VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Mám haveď, AZORULT, GEPYS... Prosím o pomoc. Ďakujem.

https://forum.viry.cz:443/viewtopic.php?t=157790

Stránka 1 z 1

Mám haveď, AZORULT, GEPYS... Prosím o pomoc. Ďakujem.

Napsal: 16 led 2021 18:30
od Peter19660
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-01-2021
Ran by peter (administrator) on DESKTOP-OKKBF2I (Dell Inc. Latitude E6430) (16-01-2021 18:19:20)
Running from C:\Users\peter\Downloads
Loaded Profiles: peter
Platform: Windows 10 Home Single Language Version 20H2 19042.746 (X64) Language: Slovenčina (Slovensko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ALPS ELECTRIC CO., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(ALPS ELECTRIC CO., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(ALPS ELECTRIC CO., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(ELDES UAB -> ) C:\Program Files\Common Files\Eldes\ELDES Service.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <18>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_ecb9604542bb4ba6\RstMwService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\peter\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2011.16.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\NisSrv.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [779376 2019-05-09] (ALPS ELECTRIC CO., LTD. -> Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-16] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [haleng] => C:\Users\peter\AppData\Local\Temp\haleng.e <==== ATTENTION
HKU\S-1-5-21-3618232127-4161200626-2994251962-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
HKU\S-1-5-21-3618232127-4161200626-2994251962-1001\...\Run: [SysHelper] => "C:\Users\peter\AppData\Local\718c59c2-7c18-4537-bd90-62ee1ef9fc13\B434.exe" --AutoStart <==== ATTENTION
HKU\S-1-5-21-3618232127-4161200626-2994251962-1001\...\Policies\system: [DisableTaskmgr] 1
HKU\S-1-5-21-3618232127-4161200626-2994251962-1001\...\MountPoints2: {1402ddfe-e9f8-11ea-a1ed-ecf4bb2c8f2c} - "E:\HiSuiteDownLoader.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.141\Installer\chrmstp.exe [2021-01-15] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2B491FDE-CA50-4DBF-AE43-505F68AD2E03} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-07-14] (Google LLC -> Google LLC)
Task: {3092532E-8F13-4074-8CE2-D48793B00246} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\SysInfo => C:\Users\peter\AppData\Roaming\\toolsyshost\\sihost.exe [71168 2021-01-10] () [File not signed] <==== ATTENTION
Task: {30C7C9C3-1F21-4000-BFD9-E8856D147899} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [667856 2020-11-10] (Mozilla Corporation -> Mozilla Foundation)
Task: {3FEA38DF-20CF-43AC-A7E2-F70CE8A3EE4B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-20] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {40DA6EB9-6EA2-4EF0-820E-955CE4443F17} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-20] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6C9EC47F-34D3-4D19-A9C4-C80827636E2D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-20] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8C5EC040-640D-4F40-AB09-CD0B32F3A4F4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-20] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9FCD8608-F937-48B9-AE97-DB1F88FF5B07} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-07-14] (Google LLC -> Google LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.240.1 31.3.32.1
Tcpip\..\Interfaces\{0d9b7dd5-17f4-4151-a636-ebc2ad6cdf91}: [DhcpNameServer] 192.168.240.1 31.3.32.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\peter\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-16]
Edge Extension: (Outlook) - C:\Users\peter\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2020-10-18]
Edge Extension: (Word) - C:\Users\peter\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2020-10-18]
Edge Extension: (Excel) - C:\Users\peter\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2020-10-18]
Edge Extension: (PowerPoint) - C:\Users\peter\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2020-10-18]

FireFox:
========
FF DefaultProfile: 2dvtiph4.default
FF ProfilePath: C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\2dvtiph4.default [2020-11-01]
FF ProfilePath: C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\3uo0aucu.default-release [2021-01-16]
FF Extension: (Select After Closing Current) - C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\3uo0aucu.default-release\Extensions\select-after-closing-current@qw.linux-2g64.local.xpi [2020-11-01]
FF Extension: (Translate Web Pages) - C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\3uo0aucu.default-release\Extensions\{036a55b4-5e72-4d05-a06c-cba2dfcc134a}.xpi [2020-11-03]
FF Extension: (Video DownloadHelper) - C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\3uo0aucu.default-release\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2020-11-01]
FF Extension: (Greasemonkey) - C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\3uo0aucu.default-release\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2020-03-18]
FF Extension: (Torrent Control) - C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\3uo0aucu.default-release\Extensions\{e6e36c9a-8323-446c-b720-a176017e38ff}.xpi [2020-11-01]
FF Plugin: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2020-11-15] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-11-15] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default [2021-01-16]
CHR Session Restore: Default -> is enabled.
CHR Extension: (Prezentácie) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-07-14]
CHR Extension: (Dokumenty) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-07-14]
CHR Extension: (Disk Google) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-26]
CHR Extension: (YouTube) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-07-14]
CHR Extension: (Select to Translate - Translator ) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\eignaoffibhilfdkmddbpigikiglehcc [2021-01-15]
CHR Extension: (Tabuľky) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-07-14]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-18]
CHR Extension: (Prekladateľ) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiidjliailpkjeigakikbfedlfijngih [2021-01-15]
CHR Extension: (Select to Translate - Prekladateľ) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkbmajmmaeonfhjdcofabfilgfigpbao [2021-01-15]
CHR Extension: (d8yI+Hf7rX) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbpkgaifoikkjjmklpelkjlecngigjem [2021-01-16]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-07-14]
CHR Extension: (Gmail) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-25]
CHR Extension: (Chrome Media Router) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-20]
CHR Profile: C:\Users\peter\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-01-16]
CHR Extension: (d8yI+Hf7rX) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Guest Profile\Extensions\mbpkgaifoikkjjmklpelkjlecngigjem [2021-01-16]
CHR Profile: C:\Users\peter\AppData\Local\Google\Chrome\User Data\System Profile [2021-01-16]
CHR Extension: (d8yI+Hf7rX) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\mbpkgaifoikkjjmklpelkjlecngigjem [2021-01-16]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [104840 2019-05-09] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
R2 EldesService; C:\Program Files\Common Files\Eldes\ELDES Service.exe [201416 2018-08-01] (ELDES UAB -> )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-01-15] (Malwarebytes Inc -> Malwarebytes)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-20] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-20] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R3 CMUACWO; C:\Windows\System32\drivers\CMUACWO.sys [357888 2013-02-19] (C-MEDIA ELECTRONICS INC. -> C-Media Inc.)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [19440 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> OSR Open Systems Resources, Inc.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [220160 2021-01-16] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2021-01-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-01-15] (Malwarebytes Inc -> Malwarebytes)
R3 MbmUsbSerial; C:\Windows\System32\Drivers\MbmUsbSerial.sys [81392 2015-06-30] (Microsoft Windows Hardware Compatibility Publisher -> Ericsson AB)
R3 MkBusFilter; C:\Windows\system32\DRIVERS\MbmDeviceFilter.sys [42208 2015-06-30] (Ericsson AB -> )
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2019-11-08] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2019-11-08] (MiniTool Solution Ltd -> )
R3 sonarworks_VirtualDevice; C:\Windows\System32\drivers\sonarworks.sys [444200 2019-10-25] (SIA Sonarworks -> Sonarworks)
R3 SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [292864 2019-12-07] (Microsoft Windows -> Conexant Systems, Inc.)
R3 SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [1485312 2019-12-07] (Microsoft Windows -> Conexant Systems, Inc.)
R3 SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [740864 2019-12-07] (Microsoft Windows -> Conexant Systems, Inc.)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166760 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [30352 2016-10-07] (STMICROELECTRONICS S.R.L. -> ST Microelectronics)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [48536 2020-12-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [429296 2020-12-20] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-20] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-16 18:19 - 2021-01-16 18:19 - 000016162 _____ C:\Users\peter\Downloads\FRST.txt
2021-01-16 18:18 - 2021-01-16 18:19 - 000000000 ____D C:\FRST
2021-01-16 18:17 - 2021-01-16 18:17 - 002294784 _____ (Farbar) C:\Users\peter\Downloads\FRST64.exe
2021-01-16 18:11 - 2021-01-16 18:11 - 000220160 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2021-01-16 16:54 - 2021-01-16 18:10 - 073662464 _____ C:\Windows\system32\config\SOFTWARE
2021-01-16 16:51 - 2021-01-16 16:54 - 000000000 ____D C:\Windows\Microsoft Antimalware
2021-01-16 16:43 - 2021-01-16 16:46 - 000000000 ____D C:\Users\peter\AppData\LocalLow\IGDump
2021-01-16 16:43 - 2021-01-16 16:44 - 000099379 _____ C:\Users\peter\AppData\LocalLow\avMAKUxHbWD.zip.coos
2021-01-16 16:43 - 2021-01-16 16:43 - 000001111 _____ C:\Users\peter\_readme.txt
2021-01-16 16:43 - 2021-01-16 16:43 - 000001111 _____ C:\_readme.txt
2021-01-16 16:42 - 2021-01-16 16:46 - 000000000 ____D C:\ProgramData\Garbage Cleaner
2021-01-16 16:42 - 2021-01-16 16:43 - 000000000 ____D C:\Users\peter\AppData\LocalLow\pF2qC1gG7yH8hI1o
2021-01-16 16:42 - 2021-01-16 16:42 - 000000049 _____ C:\Users\peter\AppData\Local\script.ps1
2021-01-16 16:42 - 2021-01-16 16:42 - 000000000 ____D C:\Users\peter\AppData\Local\Xxi
2021-01-16 16:41 - 2021-01-16 16:46 - 000000000 ____D C:\Users\peter\AppData\Local\718c59c2-7c18-4537-bd90-62ee1ef9fc13
2021-01-16 16:41 - 2021-01-16 16:45 - 000000000 ____D C:\Users\peter\AppData\Local\813d91c3-62b1-4664-9de5-942d31850e88
2021-01-16 16:41 - 2021-01-16 16:42 - 000000000 ____D C:\ProgramData\5U3Z6GS5OCS20276A28GXCA6B
2021-01-16 16:41 - 2021-01-16 16:42 - 000000000 ____D C:\ProgramData\3475GCW401BAICXIFUT6GJIHE
2021-01-16 16:41 - 2021-01-16 16:41 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
2021-01-16 16:41 - 2021-01-16 16:41 - 000334288 _____ (Mozilla Foundation) C:\ProgramData\freebl3.dll
2021-01-16 16:41 - 2021-01-16 16:41 - 000144848 _____ (Mozilla Foundation) C:\ProgramData\softokn3.dll
2021-01-16 16:41 - 2021-01-16 16:41 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2021-01-16 16:41 - 2021-01-16 16:41 - 000000557 _____ C:\Users\peter\AppData\Local\bowsakkdestx.txt
2021-01-16 16:41 - 2021-01-16 16:41 - 000000000 ____D C:\Users\Public\Thunder Network
2021-01-16 16:41 - 2021-01-16 16:41 - 000000000 ____D C:\SystemID
2021-01-16 16:41 - 2021-01-16 16:41 - 000000000 ____D C:\ProgramData\Thunder Network
2021-01-16 16:41 - 2021-01-16 16:41 - 000000000 ____D C:\ProgramData\r9y9q5v2w6y9q5v2w6
2021-01-16 16:41 - 2021-01-16 16:41 - 000000000 ____D C:\Program Files (x86)\Seed Trade
2021-01-16 16:40 - 2021-01-16 16:45 - 000000000 ____D C:\Users\peter\Documents\VlcpVideoV1.0.1
2021-01-16 15:39 - 2021-01-16 18:19 - 000000000 ____D C:\Users\peter\AppData\Roaming\ToolSysHost
2021-01-16 15:22 - 2021-01-16 16:44 - 000013924 _____ C:\Users\peter\Desktop\Equalizer HD800.png.coos
2021-01-16 13:36 - 2021-01-16 16:44 - 000100745 _____ C:\Users\peter\Downloads\FFmpeg Decoder Wrapper.fb2k-component
2021-01-16 10:35 - 2021-01-16 10:35 - 000000721 _____ C:\Users\peter\Desktop\Hudba Peter.lnk
2021-01-16 10:34 - 2021-01-16 10:34 - 000000721 _____ C:\Users\peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hudba Peter.lnk
2021-01-15 20:54 - 2021-01-15 20:54 - 000581120 _____ (Microsoft Corporation) C:\Windows\system32\PhotoScreensaver.scr
2021-01-15 20:54 - 2021-01-15 20:54 - 000575488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2021-01-15 20:54 - 2021-01-15 20:54 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoScreensaver.scr
2021-01-15 20:54 - 2021-01-15 20:54 - 000469504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appwiz.cpl
2021-01-15 20:54 - 2021-01-15 20:54 - 000304128 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2021-01-15 20:54 - 2021-01-15 20:54 - 000234496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2021-01-15 20:54 - 2021-01-15 20:54 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\VBICodec.ax
2021-01-15 20:54 - 2021-01-15 20:54 - 000135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VBICodec.ax
2021-01-15 20:54 - 2021-01-15 20:54 - 000095744 _____ C:\Windows\system32\VirtualMonitorManager.dll
2021-01-15 20:54 - 2021-01-15 20:54 - 000084992 _____ (Microsoft Corporation) C:\Windows\system32\wscui.cpl
2021-01-15 20:54 - 2021-01-15 20:54 - 000072704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2021-01-15 20:54 - 2021-01-15 20:54 - 000067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscui.cpl
2021-01-15 20:54 - 2021-01-15 20:54 - 000053760 _____ C:\Windows\SysWOW64\BWContextHandler.dll
2021-01-15 20:53 - 2021-01-15 20:53 - 002260992 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2021-01-15 20:53 - 2021-01-15 20:53 - 002254336 _____ C:\Windows\system32\dwmscene.dll
2021-01-15 20:53 - 2021-01-15 20:53 - 001333760 _____ C:\Windows\SysWOW64\TextInputMethodFormatter.dll
2021-01-15 20:53 - 2021-01-15 20:53 - 001162240 _____ C:\Windows\system32\MBR2GPT.EXE
2021-01-15 20:53 - 2021-01-15 20:53 - 000729600 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2021-01-15 20:53 - 2021-01-15 20:53 - 000643072 _____ C:\Windows\system32\WindowManagementAPI.dll
2021-01-15 20:53 - 2021-01-15 20:53 - 000595968 _____ (Microsoft Corporation) C:\Windows\system32\appwiz.cpl
2021-01-15 20:53 - 2021-01-15 20:53 - 000544768 _____ (Microsoft Corporation) C:\Windows\system32\mmsys.cpl
2021-01-15 20:53 - 2021-01-15 20:53 - 000455680 _____ C:\Windows\SysWOW64\WindowManagementAPI.dll
2021-01-15 20:53 - 2021-01-15 20:53 - 000446976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmsys.cpl
2021-01-15 20:53 - 2021-01-15 20:53 - 000422912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2021-01-15 20:53 - 2021-01-15 20:53 - 000330752 _____ C:\Windows\SysWOW64\ssdm.dll
2021-01-15 20:53 - 2021-01-15 20:53 - 000306688 _____ C:\Windows\system32\HeatCore.dll
2021-01-15 20:53 - 2021-01-15 20:53 - 000238592 _____ (Microsoft Corporation) C:\Windows\system32\intl.cpl
2021-01-15 20:53 - 2021-01-15 20:53 - 000235520 _____ C:\Windows\SysWOW64\HeatCore.dll
2021-01-15 20:53 - 2021-01-15 20:53 - 000190976 _____ C:\Windows\system32\BthpanContextHandler.dll
2021-01-15 20:53 - 2021-01-15 20:53 - 000182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2021-01-15 20:53 - 2021-01-15 20:53 - 000178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl
2021-01-15 20:53 - 2021-01-15 20:53 - 000152064 _____ C:\Windows\system32\EoAExperiences.exe
2021-01-15 20:53 - 2021-01-15 20:53 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2021-01-15 20:53 - 2021-01-15 20:53 - 000067072 _____ C:\Windows\system32\BWContextHandler.dll
2021-01-15 20:53 - 2021-01-15 20:53 - 000010894 _____ C:\Windows\system32\DrtmAuthTxt.wim
2021-01-15 20:52 - 2021-01-15 20:52 - 000562688 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2021-01-15 20:52 - 2021-01-15 20:52 - 000455168 _____ C:\Windows\system32\ssdm.dll
2021-01-15 20:52 - 2021-01-15 20:52 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2021-01-15 20:52 - 2021-01-15 20:52 - 000165888 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe
2021-01-15 20:52 - 2021-01-15 20:52 - 000074240 _____ C:\Windows\system32\rdsxvmaudio.dll
2021-01-15 19:41 - 2021-01-15 19:41 - 000248992 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2021-01-15 19:41 - 2021-01-15 19:40 - 000019912 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2021-01-15 19:34 - 2021-01-15 19:34 - 000000220 _____ C:\Windows\CMSPDIF2.ini.imi
2021-01-15 19:34 - 2021-01-15 19:34 - 000000104 _____ C:\Windows\CMSPDIF2.ini.cfl
2021-01-15 19:34 - 2021-01-15 19:34 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2021-01-15 19:34 - 2013-02-22 14:59 - 000001338 ____N C:\Windows\CMSPDIF2.ini.cfg
2021-01-15 19:34 - 2013-01-18 11:45 - 000031744 ____N (C-Media Inc.) C:\Windows\system32\CMUACWOASIO64.dll
2021-01-15 19:34 - 2013-01-18 11:45 - 000027136 ____N (C-Media Inc.) C:\Windows\SysWOW64\CMUACWOASIO.dll
2021-01-15 19:34 - 2013-01-17 11:18 - 000828416 ____N C:\Windows\system32\CmeauSPDIF2.exe
2021-01-15 19:34 - 2009-08-20 16:00 - 000359424 ____N C:\Windows\system32\CmiInstallResAll64.dll
2021-01-15 19:29 - 2021-01-16 16:45 - 000000000 ____D C:\Users\peter\Downloads\CM6631_6631A_201305
2021-01-15 19:29 - 2013-02-19 17:36 - 000357888 _____ (C-Media Inc.) C:\Windows\system32\Drivers\CMUACWO.sys
2021-01-15 18:09 - 2021-01-15 18:09 - 000002348 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-01-15 18:09 - 2021-01-15 18:09 - 000002348 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-01-12 18:32 - 2021-01-16 16:44 - 000046572 _____ C:\Users\peter\Desktop\M3S.jpg.coos
2021-01-12 18:13 - 2021-01-16 16:44 - 000370585 _____ C:\Users\peter\Desktop\Master-RMA-Formular-NT-Global-Shanling.pdf.coos
2021-01-12 17:33 - 2021-01-16 17:55 - 000000000 ____D C:\Users\peter\Downloads\Uriah Heep - Look At Yourself (1971) [SACD] (2011 SHM-SACD PCM Stereo)
2020-12-20 12:53 - 2020-12-20 12:53 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2020-12-20 12:53 - 2020-12-20 12:53 - 002755584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2020-12-20 12:53 - 2020-12-20 12:53 - 001822272 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2020-12-20 12:53 - 2020-12-20 12:53 - 001393496 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2020-12-20 12:53 - 2020-12-20 12:53 - 000363520 _____ C:\Windows\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-12-20 12:53 - 2020-12-20 12:53 - 000287232 _____ C:\Windows\system32\CoreMas.dll
2020-12-20 12:53 - 2020-12-20 12:53 - 000266240 _____ C:\Windows\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-12-20 12:53 - 2020-12-20 12:53 - 000240640 _____ C:\Windows\SysWOW64\CoreMas.dll
2020-12-20 12:53 - 2020-12-20 12:53 - 000102912 _____ (Microsoft Corporation) C:\Windows\system32\ncpa.cpl
2020-12-20 12:53 - 2020-12-20 12:53 - 000100864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncpa.cpl
2020-12-20 12:53 - 2020-12-20 12:53 - 000089088 _____ C:\Windows\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2020-12-20 12:53 - 2020-12-20 12:53 - 000073216 _____ C:\Windows\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2020-12-20 12:53 - 2020-12-20 12:53 - 000060928 _____ C:\Windows\system32\runexehelper.exe
2020-12-20 12:53 - 2020-12-20 12:53 - 000048640 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2020-12-20 12:53 - 2020-12-20 12:53 - 000039936 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2020-12-20 12:53 - 2020-12-20 12:53 - 000013312 _____ C:\Windows\system32\agentactivationruntimestarter.exe
2020-12-20 12:53 - 2020-12-20 12:53 - 000010752 _____ C:\Windows\SysWOW64\agentactivationruntimestarter.exe
2020-12-20 12:53 - 2020-12-20 12:53 - 000001370 _____ C:\Windows\system32\ThirdPartyNoticesBySHS.txt
2020-12-20 11:59 - 2021-01-16 16:44 - 000000000 ____D C:\Users\peter\Desktop\Rohova skrinka

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-16 18:19 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ServiceState
2021-01-16 18:15 - 2020-07-22 17:03 - 000050066 _____ C:\Windows\system32\perfh01B.dat
2021-01-16 18:15 - 2020-07-22 17:03 - 000012172 _____ C:\Windows\system32\perfc01B.dat
2021-01-16 18:15 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2021-01-16 18:15 - 2019-12-07 08:20 - 000884192 _____ C:\Windows\system32\PerfStringBackup.INI
2021-01-16 18:13 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-01-16 18:12 - 2020-07-14 19:12 - 000000000 __SHD C:\Users\peter\IntelGraphicsProfiles
2021-01-16 18:12 - 2020-07-14 18:40 - 000000000 ___RD C:\Users\peter\OneDrive
2021-01-16 18:11 - 2019-12-07 08:13 - 000008192 ___SH C:\DumpStack.log.tmp
2021-01-16 18:11 - 2019-12-07 08:13 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-01-16 18:10 - 2020-07-22 17:24 - 000000000 ____D C:\Users\peter\AppData\Roaming\foobar2000
2021-01-16 18:10 - 2019-12-07 10:03 - 000524288 _____ C:\Windows\system32\config\BBI
2021-01-16 17:05 - 2020-11-25 22:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum
2021-01-16 17:05 - 2020-11-25 22:06 - 000000000 ____D C:\Program Files\DAUM
2021-01-16 16:45 - 2020-10-25 14:27 - 000000000 ____D C:\Users\peter\Documents\Životopis
2021-01-16 16:45 - 2020-10-25 14:27 - 000000000 ____D C:\Users\peter\Documents\Záhradka
2021-01-16 16:45 - 2020-10-25 14:27 - 000000000 ____D C:\Users\peter\Documents\Yamaha A1
2021-01-16 16:45 - 2020-07-19 12:37 - 000000000 ____D C:\Users\peter\Downloads\Záloha Majka karta SD 20.10.2013
2021-01-16 16:45 - 2020-07-19 12:37 - 000000000 ____D C:\Users\peter\Downloads\usb_driver
2021-01-16 16:45 - 2020-07-19 12:32 - 000000000 ____D C:\Users\peter\Downloads\Nokia 6303c soft
2021-01-16 16:45 - 2020-07-19 12:32 - 000000000 ____D C:\Users\peter\Downloads\Descal_subory
2021-01-16 16:44 - 2020-11-29 13:36 - 2821195512 _____ C:\Users\peter\Downloads\Photos.zip
2021-01-16 16:44 - 2020-11-19 00:03 - 000154107 _____ C:\Users\peter\Desktop\Yamaha A1 rele.JPG.coos
2021-01-16 16:44 - 2020-11-18 17:51 - 000239099 _____ C:\Users\peter\Desktop\Phidac.jpg.coos
2021-01-16 16:44 - 2020-11-16 17:59 - 000999055 _____ C:\Users\peter\Downloads\Specifications.pdf.coos
2021-01-16 16:44 - 2020-11-16 17:32 - 000254128 _____ C:\Users\peter\Downloads\Schematic_PhiDAChex_2020-05-16.pdf.coos
2021-01-16 16:44 - 2020-11-16 17:24 - 000096408 _____ C:\Users\peter\Downloads\Schematic_PhiAMP.pdf.coos
2021-01-16 16:44 - 2020-11-15 17:04 - 000085643 _____ C:\Users\peter\Downloads\dokumentácia.pdf
2021-01-16 16:44 - 2020-11-15 16:36 - 000202375 _____ C:\Users\peter\Downloads\montážny-návod.pdf.coos
2021-01-16 16:44 - 2020-11-02 20:01 - 026033034 _____ C:\Users\peter\Downloads\qbittorrent_4.3.0.1_x64_setup.exe.coos
2021-01-16 16:44 - 2020-11-01 17:06 - 000302241 _____ C:\Users\peter\Desktop\Dvierka.jpg.coos
2021-01-16 16:44 - 2020-11-01 10:01 - 043468158 _____ C:\Users\peter\Downloads\VdhCoAppSetup-1.5.0.exe.coos
2021-01-16 16:44 - 2020-10-25 14:37 - 000000000 ____D C:\Users\peter\Documents\Kana všetko
2021-01-16 16:44 - 2020-10-25 14:33 - 000000000 ____D C:\Users\peter\Documents\Hifi
2021-01-16 16:44 - 2020-10-25 14:32 - 000000000 ____D C:\Users\peter\Documents\Ford
2021-01-16 16:44 - 2020-10-25 14:28 - 003602766 _____ C:\Users\peter\Documents\Alarm klavesnica Návod integra_u_sk_1 12.doc.coos
2021-01-16 16:44 - 2020-10-25 14:28 - 002399630 _____ C:\Users\peter\Documents\Technický preukaz Ford .pdf.coos
2021-01-16 16:44 - 2020-10-25 14:28 - 001009412 _____ C:\Users\peter\Documents\3.3_Dudrik_SK_Polovodicove suciastky.pdf.coos
2021-01-16 16:44 - 2020-10-25 14:28 - 000268483 _____ C:\Users\peter\Documents\Jungheinrich .pdf.coos
2021-01-16 16:44 - 2020-10-25 14:28 - 000208474 _____ C:\Users\peter\Documents\Miková_Katka.jpg.coos
2021-01-16 16:44 - 2020-10-25 14:28 - 000192152 _____ C:\Users\peter\Documents\000005325313_Potvrdenie%A0o úhrade diaľničnej známky,_201701281813.pdf.coos
2021-01-16 16:44 - 2020-10-25 14:28 - 000095054 _____ C:\Users\peter\Documents\AntiCalc.doc.coos
2021-01-16 16:44 - 2020-10-25 14:28 - 000040539 _____ C:\Users\peter\Documents\Dokument.docx.coos
2021-01-16 16:44 - 2020-10-25 14:28 - 000029518 _____ C:\Users\peter\Documents\Aktualizovane kontakty 28.4.2017.xls.coos
2021-01-16 16:44 - 2020-10-25 14:28 - 000023303 _____ C:\Users\peter\Documents\Kontakty Nokia 6303 10.1.txt.coos
2021-01-16 16:44 - 2020-10-25 14:28 - 000004428 _____ C:\Users\peter\Documents\photo.jpg.coos
2021-01-16 16:44 - 2020-10-25 14:28 - 000000748 _____ C:\Users\peter\Documents\Hegm.txt.coos
2021-01-16 16:44 - 2020-10-25 14:28 - 000000451 _____ C:\Users\peter\Documents\Adresa z nemecka.txt.coos
2021-01-16 16:44 - 2020-10-25 14:28 - 000000363 _____ C:\Users\peter\Documents\Windows kod.txt.coos
2021-01-16 16:44 - 2020-10-25 14:28 - 000000344 _____ C:\Users\peter\Documents\Heslo k domacej sieti.txt.coos
2021-01-16 16:44 - 2020-10-25 14:28 - 000000000 ____D C:\Users\peter\Documents\Descal_subory
2021-01-16 16:44 - 2020-10-25 14:25 - 000000000 ____D C:\Users\peter\Documents\Obnova stratenych dat
2021-01-16 16:44 - 2020-10-25 14:24 - 000000000 ____D C:\Users\peter\Documents\Majkine súbory
2021-01-16 16:44 - 2020-10-25 14:24 - 000000000 ____D C:\Users\peter\Documents\Majka škola
2021-01-16 16:44 - 2020-10-25 14:23 - 000000000 ____D C:\Users\peter\Documents\Kontakty Majka
2021-01-16 16:44 - 2020-10-25 14:23 - 000000000 ____D C:\Users\peter\Documents\Kána2017-2018
2021-01-16 16:44 - 2020-10-25 14:22 - 000000000 ____D C:\Users\peter\Documents\Kána2016-2017
2021-01-16 16:44 - 2020-10-25 14:04 - 000141787 _____ C:\Users\peter\Desktop\Remene, olej, filtgre Ford.jpg.coos
2021-01-16 16:44 - 2020-10-22 16:47 - 000000428 _____ C:\Users\peter\Desktop\Nový textový dokument.txt.coos
2021-01-16 16:44 - 2020-10-18 13:45 - 010225174 _____ C:\Users\peter\Downloads\Návod k použití CZ.pdf.coos
2021-01-16 16:44 - 2020-10-18 09:44 - 000241895 _____ C:\Users\peter\Desktop\odstupenie-spotrebitela-od-zmluvy.pdf.coos
2021-01-16 16:44 - 2020-10-18 09:44 - 000000401 _____ C:\Users\peter\Desktop\debug.log.coos
2021-01-16 16:44 - 2020-10-08 17:48 - 455880742 _____ C:\Users\peter\Desktop\Svadba skrátená.mp4.coos
2021-01-16 16:44 - 2020-09-06 16:48 - 000000000 ____D C:\Users\peter\Desktop\Nový priečinok
2021-01-16 16:44 - 2020-09-01 12:35 - 000000000 ____D C:\Users\peter\ELDES Utility
2021-01-16 16:44 - 2020-08-29 11:26 - 000000000 ____D C:\totalcmd
2021-01-16 16:44 - 2020-07-19 15:52 - 000595714 _____ C:\Users\peter\Downloads\wiliotlheadamppcb.zip.coos
2021-01-16 16:44 - 2020-07-19 15:50 - 000594262 _____ C:\Users\peter\Downloads\HAv2.1.sch
2021-01-16 16:44 - 2020-07-19 15:50 - 000301992 _____ C:\Users\peter\Downloads\HAv2.1.brd
2021-01-16 16:44 - 2020-07-19 15:36 - 000002365 _____ C:\Users\peter\Desktop\Panel_HA.panel.coos
2021-01-16 16:44 - 2020-07-19 12:38 - 367086286 _____ C:\Users\peter\Downloads\pro100_demo5_csy.exe.coos
2021-01-16 16:44 - 2020-07-19 12:38 - 099927185 _____ C:\Users\peter\Downloads\vianocne-piesne-a-koledy.rar.coos
2021-01-16 16:44 - 2020-07-19 12:38 - 094122591 _____ C:\Users\peter\Downloads\Reproduktory-a-reproduktorove-soustavy_male-rozl.pdf.coos
2021-01-16 16:44 - 2020-07-19 12:38 - 027942194 _____ C:\Users\peter\Downloads\data.rar.coos
2021-01-16 16:44 - 2020-07-19 12:38 - 026714136 _____ C:\Users\peter\Downloads\VMA-I-SL-black.zip.coos
2021-01-16 16:44 - 2020-07-19 12:38 - 021870482 _____ C:\Users\peter\Downloads\rebuilt.Najkrajsie-Slovenské-ludové-Vianocné-koledy.part8.rar.coos
2021-01-16 16:44 - 2020-07-19 12:38 - 010493674 _____ C:\Users\peter\Downloads\VoiceRec&TaskMan.zip.coos
2021-01-16 16:44 - 2020-07-19 12:38 - 002744421 _____ C:\Users\peter\Downloads\flac-1.2.1b.exe
2021-01-16 16:44 - 2020-07-19 12:38 - 001009412 _____ C:\Users\peter\Downloads\3.3_Dudrik_SK_Polovodicove suciastky.pdf
2021-01-16 16:44 - 2020-07-19 12:38 - 000492770 _____ C:\Users\peter\Downloads\VoodooReport.apk.coos
2021-01-16 16:44 - 2020-07-19 12:38 - 000114059 _____ C:\Users\peter\Downloads\Voodoo-instant-anti-exynos-mem-abuse-0.9.apk.coos
2021-01-16 16:44 - 2020-07-19 12:38 - 000105950 _____ C:\Users\peter\Downloads\VoodooOTARootKeeper.apk.coos
2021-01-16 16:44 - 2020-07-19 12:32 - 000000000 ____D C:\Users\peter\Documents\Samsung úpravy
2021-01-16 16:44 - 2020-07-16 17:17 - 000291985 _____ C:\Users\peter\Downloads\Datasheet_DPB5650M.pdf
2021-01-16 16:44 - 2017-09-22 19:28 - 542997725 _____ C:\Users\peter\Downloads\C2. Nothing Else Matters.dsf
2021-01-16 16:44 - 2017-09-22 19:28 - 343669975 _____ C:\Users\peter\Downloads\C1. Through The Never.dsf
2021-01-16 16:44 - 2014-11-25 07:49 - 000000000 ____D C:\San disc 8gb majkin originalne subory
2021-01-16 16:43 - 2020-07-19 12:04 - 000000000 ____D C:\Chvály
2021-01-16 16:43 - 2020-07-14 18:41 - 000000000 ___HD C:\$WinREAgent
2021-01-16 16:43 - 2020-07-14 18:40 - 000000000 ___HD C:\OneDriveTemp
2021-01-16 16:43 - 2019-12-07 08:20 - 000000000 ____D C:\Users\peter
2021-01-16 16:42 - 2020-09-21 18:55 - 000000000 ____D C:\Users\peter\AppData\Local\CrashDumps
2021-01-16 15:55 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-01-16 15:55 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2021-01-16 15:55 - 2019-12-07 08:24 - 000000000 ____D C:\Users\peter\AppData\Local\Packages
2021-01-16 15:43 - 2020-07-14 21:48 - 000000000 ____D C:\Users\peter\AppData\Roaming\vlc
2021-01-15 22:37 - 2019-12-07 08:13 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-01-15 21:58 - 2019-12-07 08:13 - 000258088 _____ C:\Windows\system32\FNTCACHE.DAT
2021-01-15 21:57 - 2019-12-07 15:39 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-01-15 21:57 - 2019-12-07 15:39 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\SysWOW64\F12
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\UNP
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\F12
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\PrintDialog
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\PerceptionSimulation
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Com
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemResources
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Sysprep
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\setup
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\oobe
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Dism
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Com
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\AdvancedInstallers
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellExperiences
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellComponents
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\Provisioning
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\IME
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\bcastdvr
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-01-15 20:56 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp
2021-01-15 20:52 - 2019-12-07 08:17 - 002877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2021-01-15 20:46 - 2020-07-14 18:45 - 000000000 ____D C:\Windows\system32\MRT
2021-01-15 20:45 - 2020-07-14 18:44 - 135062968 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-01-15 19:41 - 2020-09-01 20:56 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-01-15 19:41 - 2020-09-01 20:56 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-01-15 19:41 - 2020-09-01 20:56 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-01-15 19:41 - 2019-12-07 10:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2021-01-15 19:40 - 2020-09-01 20:56 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2021-01-15 19:35 - 2020-07-14 19:40 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2021-01-15 19:34 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\System
2021-01-15 18:09 - 2020-07-14 18:51 - 000002389 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-12 18:51 - 2020-07-19 20:37 - 000000000 ____D C:\Users\peter\AppData\LocalLow\Mozilla
2021-01-12 18:27 - 2020-07-14 19:40 - 000001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2021-01-10 20:44 - 2020-09-01 18:57 - 000000000 ____D C:\Users\peter\Downloads\Sťahovaná hudba
2021-01-10 15:30 - 2020-07-19 17:19 - 000000000 ____D C:\Program Files\MiniTool Partition Wizard 12
2021-01-10 15:29 - 2020-11-15 19:41 - 000002444 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-01-10 15:29 - 2020-11-15 19:41 - 000002282 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-01-10 15:29 - 2020-11-15 19:41 - 000002282 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2020-12-20 12:58 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\migwiz
2020-12-20 12:58 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2020-12-20 12:01 - 2019-12-07 08:13 - 000000000 ____D C:\Windows\system32\Drivers\wd
2020-12-20 11:50 - 2020-07-14 18:50 - 000003456 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-12-20 11:50 - 2020-07-14 18:50 - 000003332 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2020-12-20 11:50 - 2020-07-14 18:40 - 000003380 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3618232127-4161200626-2994251962-1001
2020-12-20 11:50 - 2019-12-07 08:20 - 000002355 _____ C:\Users\peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

==================== Files in the root of some directories ========

2021-01-16 16:41 - 2021-01-16 16:41 - 000334288 _____ (Mozilla Foundation) C:\ProgramData\freebl3.dll
2021-01-16 16:41 - 2021-01-16 16:41 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2021-01-16 16:41 - 2021-01-16 16:41 - 000440120 _____ (Microsoft Corporation) C:\ProgramData\msvcp140.dll
2021-01-16 16:41 - 2021-01-16 16:41 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
2021-01-16 16:41 - 2021-01-16 16:41 - 000144848 _____ (Mozilla Foundation) C:\ProgramData\softokn3.dll
2021-01-16 16:41 - 2021-01-16 16:41 - 000083784 _____ (Microsoft Corporation) C:\ProgramData\vcruntime140.dll
2020-11-01 10:13 - 2020-11-01 10:13 - 000320202 ___SH () C:\Users\peter\AppData\Roaming\jacagbu
2021-01-16 16:41 - 2021-01-16 16:41 - 000000557 _____ () C:\Users\peter\AppData\Local\bowsakkdestx.txt
2021-01-16 16:42 - 2021-01-16 16:42 - 000000049 _____ () C:\Users\peter\AppData\Local\script.ps1

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================














































Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-01-2021
Ran by peter (16-01-2021 18:21:34)
Running from C:\Users\peter\Downloads
Windows 10 Home Single Language Version 20H2 19042.746 (X64) (2019-12-07 07:15:35)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3618232127-4161200626-2994251962-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3618232127-4161200626-2994251962-503 - Limited - Disabled)
Guest (S-1-5-21-3618232127-4161200626-2994251962-501 - Limited - Disabled)
peter (S-1-5-21-3618232127-4161200626-2994251962-1001 - Administrator - Enabled) => C:\Users\peter
WDAGUtilityAccount (S-1-5-21-3618232127-4161200626-2994251962-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 20.02 alpha (x64) (HKLM\...\7-Zip) (Version: 20.02 alpha - Igor Pavlov)
CMEDIA USB2.0 Audio Device (HKLM-x32\...\{9445E4B8-E875-470A-928A-A665D3F973B4}) (Version: 1.00.0001 - C-Media Electronics, Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 10.3201.101.212 - ALPS ELECTRIC CO., LTD.)
ELDES Utility (HKU\S-1-5-21-3618232127-4161200626-2994251962-1001\...\{0ce8bddd-881b-4829-9fb3-8c2634192e20}) (Version: 1.0.0 - ELDES UAB)
Excel (HKU\S-1-5-21-3618232127-4161200626-2994251962-1001\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel)
foobar2000 v1.5.5 (HKLM-x32\...\foobar2000) (Version: 1.5.5 - Peter Pawlowski)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.141 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Java 8 Update 261 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180261F0}) (Version: 8.0.2610.12 - Oracle Corporation)
Java 8 Update 271 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.75 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.59 - )
Microsoft OneDrive (HKU\S-1-5-21-3618232127-4161200626-2994251962-1001\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Mozilla Firefox 82.0.3 (x64 sk) (HKLM\...\Mozilla Firefox 82.0.3 (x64 sk)) (Version: 82.0.3 - Mozilla)
Mozilla Thunderbird 78.6.0 (x86 sk) (HKLM-x32\...\Mozilla Thunderbird 78.6.0 (x86 sk)) (Version: 78.6.0 - Mozilla)
Outlook (HKU\S-1-5-21-3618232127-4161200626-2994251962-1001\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook)
PowerPoint (HKU\S-1-5-21-3618232127-4161200626-2994251962-1001\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint)
qBittorrent 4.3.0.1 (HKLM-x32\...\qBittorrent) (Version: 4.3.0.1 - The qBittorrent project)
QuickPanel (HKU\S-1-5-21-3618232127-4161200626-2994251962-1001\...\QuickPanel) (Version: - )
Reference 4 AAX plugin for ProTools 10 (HKLM-x32\...\{3DA6B4C9-091C-4D5A-8D99-1FC31D1D2319}) (Version: 4.4.2.92 - Sonarworks)
Reference 4 AAX plugin for ProTools 11/12 (HKLM\...\{DF4C23A9-B429-4BBB-A4D3-62D84277B9A2}) (Version: 4.4.2.92 - Sonarworks)
Reference 4 Measure (HKLM\...\{89A07A90-F4FF-44B0-A0B2-4CAC0A0A436A}) (Version: 4.4.2.92 - Sonarworks)
Reference 4 RTAS plugin (HKLM-x32\...\{6B32B226-C783-4662-A72B-24C0FB508454}) (Version: 4.4.2.92 - Sonarworks)
Reference 4 VST plugin (32-bit) (HKLM-x32\...\{7740EF30-3541-4D9B-8890-71E6F5047DAC}) (Version: 4.4.2.92 - Sonarworks)
Reference 4 VST plugin (64-bit) (HKLM\...\{B5FC43B7-75DD-4E3C-A0DB-2BA31B45BD93}) (Version: 4.4.2.92 - Sonarworks)
Sonarworks Reference 4 Studio (HKLM-x32\...\{178729bc-9ccd-4e0f-b8a5-de48917d084c}) (Version: 4.4.2.92 - Sonarworks)
Sonarworks Reference 4 Systemwide (HKLM\...\{26C59DFC-9DB8-409C-92E3-F3FFA6FB0F9D}) (Version: 4.4.2.92 - Sonarworks)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.51 - Ghisler Software GmbH)
VdhCoApp 1.5.0 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Word (HKU\S-1-5-21-3618232127-4161200626-2994251962-1001\...\1b837d0bf93d01407352736c91b7bf50) (Version: 1.0 - Word)

Packages:
=========
Doplnok mediálneho nástroja pre Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-10-08] (Microsoft Corporation)
Doplnok pre Fotografie -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2020-10-08] (Microsoft Corporation)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_122.1.778.0_x64__v10z8vjag6ke6 [2020-12-22] (HP Inc.)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1102.0_x64__8wekyb3d8bbwe [2021-01-15] (Microsoft Studios) [MS Ad]
MusicBrainz Picard -> C:\Program Files\WindowsApps\MetaBrainzFoundationInc.org.musicbrainz.Picard_2.5.60000.0_x64__kef61k5a7g40j [2021-01-12] (MetaBrainz Foundation Inc.)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0 [2020-12-22] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3618232127-4161200626-2994251962-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2020-08-08] (Igor Pavlov) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-09-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2020-08-08] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-07-30] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2020-08-08] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-09-01] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\peter\Music\Hudba Peter\Dire Straits\Dire Straits Live Alchemy\Dire Straits Live, Part Two FLAC\Covers\Covers - Ярлык.lnk -> D:\музыка\flacmusic.ru-Rip by moote\Dire Straits\Alchemy Dire Straits Live, Part Two\Covers (No File) <==== Cyrillic
ShortcutWithArgument: C:\Users\peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=leffmjdabcgaflkikcefahmlgpodjkdm --app-url=hxxps://excel.office.com/
ShortcutWithArgument: C:\Users\peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bjhmmnoficofgoiacjaajpkfndojknpb --app-url=hxxps://outlook.com/
ShortcutWithArgument: C:\Users\peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=opfacbhaojodjaojgocnibmklknchehf --app-url=hxxps://powerpoint.office.com/
ShortcutWithArgument: C:\Users\peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hikhggiobiflkdfdgdajcfklmcibbopi --app-url=hxxps://word.office.com/

==================== Loaded Modules (Whitelisted) =============

2020-09-01 12:39 - 2013-04-22 17:03 - 022378434 _____ () [File not signed] C:\Program Files\Common Files\Eldes\icudt51.dll
2020-09-01 12:39 - 2013-04-22 17:03 - 003369922 _____ () [File not signed] C:\Program Files\Common Files\Eldes\icuin51.dll
2020-09-01 12:39 - 2013-04-22 17:03 - 001978690 _____ () [File not signed] C:\Program Files\Common Files\Eldes\icuuc51.dll
2020-09-01 12:39 - 2013-04-17 19:18 - 000544817 _____ () [File not signed] C:\Program Files\Common Files\Eldes\libgcc_s_dw2-1.dll
2020-09-01 12:39 - 2013-04-17 19:19 - 000989805 _____ () [File not signed] C:\Program Files\Common Files\Eldes\libstdc++-6.dll
2020-09-01 12:39 - 2018-02-18 22:26 - 000073216 _____ () [File not signed] C:\Program Files\Common Files\Eldes\QtSolutions_Service-head.dll
2020-09-01 12:39 - 2018-02-18 21:45 - 004604928 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files\Common Files\Eldes\Qt5Core.dll
2020-09-01 12:39 - 2013-12-08 19:00 - 001392128 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files\Common Files\Eldes\Qt5Network.dll
2020-09-01 12:39 - 2013-04-17 18:26 - 000073901 _____ (MingW-W64 Project. All rights reserved.) [File not signed] C:\Program Files\Common Files\Eldes\libwinpthread-1.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_271\bin\ssv.dll [2020-11-15] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_271\bin\jp2ssv.dll [2020-11-15] (Oracle America, Inc. -> Oracle Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 10:14 - 2021-01-16 16:44 - 000000822 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-3618232127-4161200626-2994251962-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.240.1 - 31.3.32.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{8875E960-0296-4E2B-9F7C-9DA0B2415FD9}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{48A2C8B6-1724-4165-BB31-6A00077B9378}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{4BAB8918-CD83-47D3-8C38-5A2073E0C6E3}] => (Allow) C:\Users\peter\AppData\Roaming\Zoom\bin\Zoom.exe => No File
FirewallRules: [{9C54255E-BE23-4200-8A02-47413F6AB8AB}] => (Allow) C:\Users\peter\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{BEA93A04-8DBC-435C-B6D0-19E830F26EE3}] => (Allow) C:\Users\peter\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{0270511A-AF9C-46CE-909F-79778E95A7FE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{DA438762-EE77-4DC7-B74B-FC78BFE86D56}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{314FC896-DD82-4EED-BE80-089F8E397267}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{DDD74CA6-FF87-4963-ABFD-8B657AA96F9E}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{C63F788D-5BB9-45E7-8B47-677246441945}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A1B1F6C3-1AE4-4EA8-8F92-A42B1065FA26}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E7360998-B718-43A3-8C55-96FA87A0C1CE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B8E0330C-96E2-4DE3-B968-C91EA9328333}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7DEE527B-BDA1-4DA5-89A6-51D7CD6C9A50}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{AD96F235-A2C8-423D-809A-89517947BD20}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{59BA7701-4249-48D0-A301-905F961B3574}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8FDC5BF1-CAE8-480F-B8EE-0013C366FAF6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B8F77E41-B62B-4CA9-BACF-910F0DAC2A7C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6D740359-F62B-40B8-A746-2B7A144D0B10}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{61A90EDF-6839-4D8C-8859-4D1D3F154E93}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9BE0A0F9-1D77-4A2C-A51C-56D01DFCECE0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{90A94002-0892-4CCD-8DDA-D6A1DBA72F64}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{5BCCA330-4526-4CA1-B977-FF6F5BEB6834}] => (Allow) C:\Users\peter\AppData\Local\Temp\download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
FirewallRules: [{190AA7D4-344D-49EF-8081-9E4FD1D14F38}] => (Allow) C:\Users\peter\AppData\Local\Temp\download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)

==================== Restore Points =========================

20-12-2020 12:46:49 Inštalátor modulov systému Windows
10-01-2021 18:02:02 Scheduled Checkpoint
12-01-2021 17:16:16 Inštalátor modulov systému Windows
15-01-2021 17:52:05 Inštalátor modulov systému Windows

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (01/16/2021 04:43:07 PM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007

Error: (01/16/2021 04:43:07 PM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0

Error: (01/16/2021 04:42:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: updatewin1.exe, verzia: 1.0.0.0, časová značka: 0x5be1a3c6
Názov chybujúceho modulu: updatewin1.exe, verzia: 1.0.0.0, časová značka: 0x5be1a3c6
Kód výnimky: 0xc0000005
Odstup chyby: 0x00005e76
Identifikácia chybujúceho procesu: 0x1e80
Čas spustenia chybujúcej aplikácie: 0x01d6ec1e185cf8b8
Cesta chybujúcej aplikácie: C:\Users\peter\AppData\Local\813d91c3-62b1-4664-9de5-942d31850e88\updatewin1.exe
Cesta chybujúceho modulu: C:\Users\peter\AppData\Local\813d91c3-62b1-4664-9de5-942d31850e88\updatewin1.exe
Identifikácia hlásenia: ecbe6881-be7d-4dc8-a2be-3b907f8cfbb8
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (01/16/2021 04:42:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: 5.exe, verzia: 1.0.0.1, časová značka: 0x6001bf5f
Názov chybujúceho modulu: 5.exe, verzia: 1.0.0.1, časová značka: 0x6001bf5f
Kód výnimky: 0xc0000005
Odstup chyby: 0x00005e16
Identifikácia chybujúceho procesu: 0x1bc
Čas spustenia chybujúcej aplikácie: 0x01d6ec1e19a41d50
Cesta chybujúcej aplikácie: C:\Users\peter\AppData\Local\813d91c3-62b1-4664-9de5-942d31850e88\5.exe
Cesta chybujúceho modulu: C:\Users\peter\AppData\Local\813d91c3-62b1-4664-9de5-942d31850e88\5.exe
Identifikácia hlásenia: cbe9186c-8757-45aa-b950-a321cd6de75b
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (01/16/2021 04:42:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: B6E5.exe, verzia: 1.0.0.1, časová značka: 0x6001c0b5
Názov chybujúceho modulu: B6E5.exe, verzia: 1.0.0.1, časová značka: 0x6001c0b5
Kód výnimky: 0xc0000005
Odstup chyby: 0x00005e16
Identifikácia chybujúceho procesu: 0x24cc
Čas spustenia chybujúcej aplikácie: 0x01d6ec1e164e2c3b
Cesta chybujúcej aplikácie: C:\Users\peter\AppData\Local\Temp\B6E5.exe
Cesta chybujúceho modulu: C:\Users\peter\AppData\Local\Temp\B6E5.exe
Identifikácia hlásenia: a9ddf5dc-ce4d-4814-9334-005473de7f3c
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (01/16/2021 04:42:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: updatewin2.exe, verzia: 1.0.0.0, časová značka: 0x5be2b0d6
Názov chybujúceho modulu: ntdll.dll, verzia: 10.0.19041.662, časová značka: 0x5f641e44
Kód výnimky: 0xc0000409
Odstup chyby: 0x00075525
Identifikácia chybujúceho procesu: 0x19d4
Čas spustenia chybujúcej aplikácie: 0x01d6ec1e186173f8
Cesta chybujúcej aplikácie: C:\Users\peter\AppData\Local\813d91c3-62b1-4664-9de5-942d31850e88\updatewin2.exe
Cesta chybujúceho modulu: C:\Windows\SYSTEM32\ntdll.dll
Identifikácia hlásenia: d2cfb48c-1fb5-40a5-b03d-6f7720dbc7ce
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (01/16/2021 04:42:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: C09C.exe, verzia: 1.0.5.1, časová značka: 0x5feb6866
Názov chybujúceho modulu: C09C.exe, verzia: 1.0.5.1, časová značka: 0x5feb6866
Kód výnimky: 0xc0000005
Odstup chyby: 0x0000a312
Identifikácia chybujúceho procesu: 0x76c
Čas spustenia chybujúcej aplikácie: 0x01d6ec1e17ca20ea
Cesta chybujúcej aplikácie: C:\Users\peter\AppData\Local\Temp\C09C.exe
Cesta chybujúceho modulu: C:\Users\peter\AppData\Local\Temp\C09C.exe
Identifikácia hlásenia: 40ed3efa-7568-4939-964e-e1e24507b3c8
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (01/16/2021 04:41:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: updatewin1.exe, verzia: 1.0.0.0, časová značka: 0x5be1a3c6
Názov chybujúceho modulu: updatewin1.exe, verzia: 1.0.0.0, časová značka: 0x5be1a3c6
Kód výnimky: 0xc0000005
Odstup chyby: 0x00005e76
Identifikácia chybujúceho procesu: 0x2ad4
Čas spustenia chybujúcej aplikácie: 0x01d6ec1e17f835be
Cesta chybujúcej aplikácie: C:\Users\peter\AppData\Local\813d91c3-62b1-4664-9de5-942d31850e88\updatewin1.exe
Cesta chybujúceho modulu: C:\Users\peter\AppData\Local\813d91c3-62b1-4664-9de5-942d31850e88\updatewin1.exe
Identifikácia hlásenia: c3dbe273-0d94-47d5-925f-fe3eab9f1ce7
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:


System errors:
=============
Error: (01/16/2021 04:47:34 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {08728914-3F57-4D52-9E31-49DAECA5A80A} did not register with DCOM within the required timeout.

Error: (01/16/2021 04:42:07 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (01/16/2021 04:10:51 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-OKKBF2I)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Error: (01/16/2021 04:10:51 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-OKKBF2I)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Error: (11/13/2020 08:05:58 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-OKKBF2I)
Description: The server {FD06603A-2BDF-4BB1-B7DF-5DC68F353601} did not register with DCOM within the required timeout.

Error: (11/11/2020 07:40:45 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (11/10/2020 04:43:15 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Zlyhanie inštalácie: Systému Windows sa nepodarilo nainštalovať nasledujúcu aktualizáciu. Vyskytla sa chyba 0x80073d02: 9WZDNCRFJ364-MICROSOFT.SKYPEAPP.

Error: (11/05/2020 05:30:03 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4


Windows Defender:
===================================
Date: 2021-01-16 18:19:26.3760000Z
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: Backdoor:Win32/Bladabindi!ml
ID: 2147748148
Severity: Závažná
Category: Backdoor
Path: file:_C:\Users\peter\AppData\Roaming\ToolSysHost\sihost.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.329.2294.0, AS: 1.329.2294.0, NIS: 1.329.2294.0
Engine Version: AM: 1.1.17700.4, NIS: 1.1.17700.4

Date: 2021-01-16 18:10:33.4630000Z
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: Trojan:Win32/Azorult.FW!MTB
ID: 2147744884
Severity: Závažná
Category: Trójsky kôň
Path: file:_C:\Users\peter\AppData\Roaming\rcjvvgr; file:_C:\Users\peter\AppData\Roaming\uajvvgr
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.329.2294.0, AS: 1.329.2294.0, NIS: 1.329.2294.0
Engine Version: AM: 1.1.17700.4, NIS: 1.1.17700.4

Date: 2021-01-16 18:10:32.2740000Z
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: Trojan:Win32/Azorult.FW!MTB
ID: 2147744884
Severity: Závažná
Category: Trójsky kôň
Path: file:_C:\Users\peter\AppData\Roaming\rcjvvgr; file:_C:\Users\peter\AppData\Roaming\uajvvgr; file:_C:\Windows\System32\Tasks\NvNgxUpdateCheckDaily_{2A68F03E-F03E-F03E-F03E-2A68F03EF03E}->(UTF-16LE); file:_C:\Windows\System32\Tasks\NvNgxUpdateCheckDaily_{78821544-1544-1544-1544-788215441544}->(UTF-16LE); regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1DE7FD40-B7FA-4875-B0C5-424F671164D8}; regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4C16AB6-B692-488B-B4F2-FDE76CAFDFF7}; regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvNgxUpdateCheckDaily_{2A68F03E-F03E-F03E-F03E-2A68F03EF03E}; regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvNgxUpdateCheckDaily_{78821544-1544-1544-1544-788215441544}; taskscheduler:_C:\Windows\System32\Tasks\NvNgxUpdateCheckDaily_{2A68F03E-F03E-F03E-F03E-2A68F03EF03E}; taskscheduler:_C:\Windows\System32\Tasks\NvNgxUpdateCheckDaily_{78821544-1544-1544
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\svchost.exe
Security intelligence Version: AV: 1.329.2294.0, AS: 1.329.2294.0, NIS: 1.329.2294.0
Engine Version: AM: 1.1.17700.4, NIS: 1.1.17700.4

Date: 2021-01-16 18:10:01.7760000Z
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: Trojan:Win32/Azorult.FW!MTB
ID: 2147744884
Severity: Závažná
Category: Trójsky kôň
Path: file:_C:\Users\peter\AppData\Roaming\rcjvvgr; file:_C:\Users\peter\AppData\Roaming\uajvvgr
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\svchost.exe
Security intelligence Version: AV: 1.329.2294.0, AS: 1.329.2294.0, NIS: 1.329.2294.0
Engine Version: AM: 1.1.17700.4, NIS: 1.1.17700.4

Date: 2021-01-16 18:10:01.4420000Z
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: Trojan:Win32/Azorult.FW!MTB
ID: 2147744884
Severity: Závažná
Category: Trójsky kôň
Path: file:_C:\Users\peter\AppData\Roaming\rcjvvgr
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\svchost.exe
Security intelligence Version: AV: 1.329.2294.0, AS: 1.329.2294.0, NIS: 1.329.2294.0
Engine Version: AM: 1.1.17700.4, NIS: 1.1.17700.4

Date: 2021-01-16 17:04:52.8030000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.2282.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80240438
Error description: Počas vyhľadávania aktualizácií sa vyskytol neočakávaný problém. Informácie o inštalácii aktualizácií a riešení problémov s aktualizáciami nájdete v Pomoci a technickej podpore.

Date: 2021-01-16 16:49:58.1680000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to download and configure Microsoft Defender Offline.
Error code: 0x8000000a
Error description: The data necessary to complete this operation is not yet available.

Date: 2021-01-16 16:49:25.4270000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to download and configure Microsoft Defender Offline.
Error code: 0x8000000a
Error description: The data necessary to complete this operation is not yet available.

Date: 2020-10-10 14:52:56.8760000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.325.414.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17500.4
Error code: 0x8024402c
Error description: Počas vyhľadávania aktualizácií sa vyskytol neočakávaný problém. Informácie o inštalácii aktualizácií a riešení problémov s aktualizáciami nájdete v Pomoci a technickej podpore.

CodeIntegrity:
===================================

Date: 2021-01-16 16:44:46.9090000Z
Description:
Windows blocked file \Device\HarddiskVolume2\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2021-01-16 16:44:46.8000000Z
Description:
Windows blocked file \Device\HarddiskVolume2\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2021-01-16 16:44:46.0690000Z
Description:
Windows blocked file \Device\HarddiskVolume2\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2020-09-06 15:10:25.5660000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-09-06 15:10:24.8420000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-09-06 15:10:24.8100000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: Dell Inc. A18 01/18/2016
Motherboard: Dell Inc. 0DV71K
Processor: Intel(R) Core(TM) i5-3340M CPU @ 2.70GHz
Percentage of memory in use: 91%
Total physical RAM: 3998.92 MB
Available physical RAM: 330.91 MB
Total Virtual: 6430.92 MB
Available Virtual: 2476.34 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.22 GB) (Free:103.88 GB) NTFS

\\?\Volume{20a38955-0000-0000-0000-100000000000}\ (Vyhradené systémom) (Fixed) (Total:0.05 GB) (Free:0.02 GB) NTFS
\\?\Volume{20a38955-0000-0000-0000-005174000000}\ () (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 20A38955)
Partition 1: (Active) - (Size=50 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=506 MB) - (Type=27)

==================== End of Addition.txt =======================

Re: Mám haveď, AZORULT, GEPYS... Prosím o pomoc. Ďakujem.

Napsal: 16 led 2021 18:47
od Rudy
Zdravím!
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

Re: Mám haveď, AZORULT, GEPYS... Prosím o pomoc. Ďakujem.

Napsal: 16 led 2021 19:30
od Peter19660
# -------------------------------
# Malwarebytes AdwCleaner 8.0.9.0
# -------------------------------
# Build: 01-11-2021
# Database: 2021-01-11.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 01-16-2021
# Duration: 00:00:01
# OS: Windows 10 Home Single Language
# Cleaned: 4
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Program Files (x86)\Seed Trade
Deleted C:\ProgramData\Garbage Cleaner

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\DreamTrips
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|SysHelper

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1638 octets] - [16/01/2021 19:27:49]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Re: Mám haveď, AZORULT, GEPYS... Prosím o pomoc. Ďakujem.

Napsal: 16 led 2021 19:48
od Rudy
Dejte nové logy FRST+Addition.

Re: Mám haveď, AZORULT, GEPYS... Prosím o pomoc. Ďakujem.

Napsal: 16 led 2021 20:36
od Peter19660
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-01-2021
Ran by peter (administrator) on DESKTOP-OKKBF2I (Dell Inc. Latitude E6430) (16-01-2021 20:32:29)
Running from C:\Users\peter\Desktop
Loaded Profiles: peter
Platform: Windows 10 Home Single Language Version 20H2 19042.746 (X64) Language: Slovenčina (Slovensko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\peter\AppData\Local\Microsoft\OneDrive\20.201.1005.0009\FileCoAuth.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2011.16.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\NisSrv.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [779376 2019-05-09] (ALPS ELECTRIC CO., LTD. -> Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-16] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [haleng] => C:\Users\peter\AppData\Local\Temp\haleng.e <==== ATTENTION
HKU\S-1-5-21-3618232127-4161200626-2994251962-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
HKU\S-1-5-21-3618232127-4161200626-2994251962-1001\...\Policies\system: [DisableTaskmgr] 1
HKU\S-1-5-21-3618232127-4161200626-2994251962-1001\...\MountPoints2: {1402ddfe-e9f8-11ea-a1ed-ecf4bb2c8f2c} - "E:\HiSuiteDownLoader.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.141\Installer\chrmstp.exe [2021-01-15] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2B491FDE-CA50-4DBF-AE43-505F68AD2E03} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-07-14] (Google LLC -> Google LLC)
Task: {3092532E-8F13-4074-8CE2-D48793B00246} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\SysInfo => C:\Users\peter\AppData\Roaming\\toolsyshost\\sihost.exe <==== ATTENTION
Task: {30C7C9C3-1F21-4000-BFD9-E8856D147899} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [667856 2020-11-10] (Mozilla Corporation -> Mozilla Foundation)
Task: {3FEA38DF-20CF-43AC-A7E2-F70CE8A3EE4B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-20] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {40DA6EB9-6EA2-4EF0-820E-955CE4443F17} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-20] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6C9EC47F-34D3-4D19-A9C4-C80827636E2D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-20] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8C5EC040-640D-4F40-AB09-CD0B32F3A4F4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-20] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9FCD8608-F937-48B9-AE97-DB1F88FF5B07} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-07-14] (Google LLC -> Google LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.240.1 31.3.32.1
Tcpip\..\Interfaces\{0d9b7dd5-17f4-4151-a636-ebc2ad6cdf91}: [DhcpNameServer] 192.168.240.1 31.3.32.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\peter\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-16]
Edge Extension: (Outlook) - C:\Users\peter\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2020-10-18]
Edge Extension: (Word) - C:\Users\peter\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2020-10-18]
Edge Extension: (Excel) - C:\Users\peter\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2020-10-18]
Edge Extension: (PowerPoint) - C:\Users\peter\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2020-10-18]

FireFox:
========
FF DefaultProfile: 2dvtiph4.default
FF ProfilePath: C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\2dvtiph4.default [2020-11-01]
FF ProfilePath: C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\3uo0aucu.default-release [2021-01-16]
FF Extension: (Select After Closing Current) - C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\3uo0aucu.default-release\Extensions\select-after-closing-current@qw.linux-2g64.local.xpi [2020-11-01]
FF Extension: (Translate Web Pages) - C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\3uo0aucu.default-release\Extensions\{036a55b4-5e72-4d05-a06c-cba2dfcc134a}.xpi [2020-11-03]
FF Extension: (Video DownloadHelper) - C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\3uo0aucu.default-release\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2020-11-01]
FF Extension: (Greasemonkey) - C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\3uo0aucu.default-release\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2020-03-18]
FF Extension: (Torrent Control) - C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\3uo0aucu.default-release\Extensions\{e6e36c9a-8323-446c-b720-a176017e38ff}.xpi [2020-11-01]
FF Plugin: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2020-11-15] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-11-15] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default [2021-01-16]
CHR Session Restore: Default -> is enabled.
CHR Extension: (Prezentácie) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-07-14]
CHR Extension: (Dokumenty) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-07-14]
CHR Extension: (Disk Google) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-26]
CHR Extension: (YouTube) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-07-14]
CHR Extension: (Select to Translate - Translator ) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\eignaoffibhilfdkmddbpigikiglehcc [2021-01-15]
CHR Extension: (Tabuľky) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-07-14]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-18]
CHR Extension: (Prekladateľ) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiidjliailpkjeigakikbfedlfijngih [2021-01-15]
CHR Extension: (Select to Translate - Prekladateľ) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkbmajmmaeonfhjdcofabfilgfigpbao [2021-01-15]
CHR Extension: (d8yI+Hf7rX) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbpkgaifoikkjjmklpelkjlecngigjem [2021-01-16]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-07-14]
CHR Extension: (Gmail) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-25]
CHR Extension: (Chrome Media Router) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-20]
CHR Profile: C:\Users\peter\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-01-16]
CHR Extension: (d8yI+Hf7rX) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Guest Profile\Extensions\mbpkgaifoikkjjmklpelkjlecngigjem [2021-01-16]
CHR Profile: C:\Users\peter\AppData\Local\Google\Chrome\User Data\System Profile [2021-01-16]
CHR Extension: (d8yI+Hf7rX) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\mbpkgaifoikkjjmklpelkjlecngigjem [2021-01-16]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [104840 2019-05-09] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
S2 EldesService; C:\Program Files\Common Files\Eldes\ELDES Service.exe [201416 2018-08-01] (ELDES UAB -> )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-01-15] (Malwarebytes Inc -> Malwarebytes)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-20] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-20] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 CMUACWO; C:\Windows\System32\drivers\CMUACWO.sys [357888 2013-02-19] (C-MEDIA ELECTRONICS INC. -> C-Media Inc.)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [19440 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> OSR Open Systems Resources, Inc.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [220160 2021-01-16] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2021-01-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-01-15] (Malwarebytes Inc -> Malwarebytes)
R3 MbmUsbSerial; C:\Windows\System32\Drivers\MbmUsbSerial.sys [81392 2015-06-30] (Microsoft Windows Hardware Compatibility Publisher -> Ericsson AB)
R3 MkBusFilter; C:\Windows\system32\DRIVERS\MbmDeviceFilter.sys [42208 2015-06-30] (Ericsson AB -> )
R3 MpKsl51051dd8; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DBCA7E75-DF5B-4E21-A407-BABA8CCE6F41}\MpKslDrv.sys [91376 2021-01-16] (Microsoft Windows -> Microsoft Corporation)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2019-11-08] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2019-11-08] (MiniTool Solution Ltd -> )
R3 sonarworks_VirtualDevice; C:\Windows\System32\drivers\sonarworks.sys [444200 2019-10-25] (SIA Sonarworks -> Sonarworks)
R3 SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [292864 2019-12-07] (Microsoft Windows -> Conexant Systems, Inc.)
R3 SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [1485312 2019-12-07] (Microsoft Windows -> Conexant Systems, Inc.)
R3 SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [740864 2019-12-07] (Microsoft Windows -> Conexant Systems, Inc.)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166760 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [30352 2016-10-07] (STMICROELECTRONICS S.R.L. -> ST Microelectronics)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [48536 2020-12-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [429296 2020-12-20] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-20] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-16 20:32 - 2021-01-16 20:33 - 000014670 _____ C:\Users\peter\Desktop\FRST.txt
2021-01-16 19:25 - 2021-01-16 19:28 - 000000000 ____D C:\AdwCleaner
2021-01-16 19:25 - 2021-01-16 19:25 - 008458096 _____ (Malwarebytes) C:\Users\peter\Desktop\adwcleaner_8.0.9.exe
2021-01-16 18:59 - 2021-01-16 18:59 - 000001104 _____ C:\Users\Public\Desktop\foobar2000.lnk
2021-01-16 18:59 - 2021-01-16 18:59 - 000001104 _____ C:\ProgramData\Desktop\foobar2000.lnk
2021-01-16 18:45 - 2021-01-16 18:45 - 000002520 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-01-16 18:21 - 2021-01-16 18:39 - 000041240 _____ C:\Users\peter\Downloads\Addition.txt
2021-01-16 18:19 - 2021-01-16 18:39 - 000043342 _____ C:\Users\peter\Downloads\FRST.txt
2021-01-16 18:18 - 2021-01-16 20:32 - 000000000 ____D C:\FRST
2021-01-16 18:17 - 2021-01-16 18:17 - 002294784 _____ (Farbar) C:\Users\peter\Desktop\FRST64.exe
2021-01-16 18:11 - 2021-01-16 18:11 - 000220160 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2021-01-16 16:54 - 2021-01-16 18:10 - 073924608 _____ C:\Windows\system32\config\SOFTWARE
2021-01-16 16:51 - 2021-01-16 16:54 - 000000000 ____D C:\Windows\Microsoft Antimalware
2021-01-16 16:43 - 2021-01-16 16:46 - 000000000 ____D C:\Users\peter\AppData\LocalLow\IGDump
2021-01-16 16:43 - 2021-01-16 16:44 - 000099379 _____ C:\Users\peter\AppData\LocalLow\avMAKUxHbWD.zip.coos
2021-01-16 16:43 - 2021-01-16 16:43 - 000001111 _____ C:\Users\peter\_readme.txt
2021-01-16 16:43 - 2021-01-16 16:43 - 000001111 _____ C:\_readme.txt
2021-01-16 16:42 - 2021-01-16 16:43 - 000000000 ____D C:\Users\peter\AppData\LocalLow\pF2qC1gG7yH8hI1o
2021-01-16 16:42 - 2021-01-16 16:42 - 000000049 _____ C:\Users\peter\AppData\Local\script.ps1
2021-01-16 16:42 - 2021-01-16 16:42 - 000000000 ____D C:\Users\peter\AppData\Local\Xxi
2021-01-16 16:41 - 2021-01-16 16:46 - 000000000 ____D C:\Users\peter\AppData\Local\718c59c2-7c18-4537-bd90-62ee1ef9fc13
2021-01-16 16:41 - 2021-01-16 16:45 - 000000000 ____D C:\Users\peter\AppData\Local\813d91c3-62b1-4664-9de5-942d31850e88
2021-01-16 16:41 - 2021-01-16 16:42 - 000000000 ____D C:\ProgramData\5U3Z6GS5OCS20276A28GXCA6B
2021-01-16 16:41 - 2021-01-16 16:42 - 000000000 ____D C:\ProgramData\3475GCW401BAICXIFUT6GJIHE
2021-01-16 16:41 - 2021-01-16 16:41 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
2021-01-16 16:41 - 2021-01-16 16:41 - 000334288 _____ (Mozilla Foundation) C:\ProgramData\freebl3.dll
2021-01-16 16:41 - 2021-01-16 16:41 - 000144848 _____ (Mozilla Foundation) C:\ProgramData\softokn3.dll
2021-01-16 16:41 - 2021-01-16 16:41 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2021-01-16 16:41 - 2021-01-16 16:41 - 000000557 _____ C:\Users\peter\AppData\Local\bowsakkdestx.txt
2021-01-16 16:41 - 2021-01-16 16:41 - 000000000 ____D C:\Users\Public\Thunder Network
2021-01-16 16:41 - 2021-01-16 16:41 - 000000000 ____D C:\SystemID
2021-01-16 16:41 - 2021-01-16 16:41 - 000000000 ____D C:\ProgramData\Thunder Network
2021-01-16 16:41 - 2021-01-16 16:41 - 000000000 ____D C:\ProgramData\r9y9q5v2w6y9q5v2w6
2021-01-16 16:40 - 2021-01-16 16:45 - 000000000 ____D C:\Users\peter\Documents\VlcpVideoV1.0.1
2021-01-16 15:39 - 2021-01-16 18:19 - 000000000 ____D C:\Users\peter\AppData\Roaming\ToolSysHost
2021-01-16 15:22 - 2021-01-16 16:44 - 000013924 _____ C:\Users\peter\Desktop\Equalizer HD800.png.coos
2021-01-16 13:36 - 2021-01-16 16:44 - 000100745 _____ C:\Users\peter\Downloads\FFmpeg Decoder Wrapper.fb2k-component
2021-01-16 10:35 - 2021-01-16 10:35 - 000000721 _____ C:\Users\peter\Desktop\Hudba Peter.lnk
2021-01-16 10:34 - 2021-01-16 10:34 - 000000721 _____ C:\Users\peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hudba Peter.lnk
2021-01-15 20:54 - 2021-01-15 20:54 - 000581120 _____ (Microsoft Corporation) C:\Windows\system32\PhotoScreensaver.scr
2021-01-15 20:54 - 2021-01-15 20:54 - 000575488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2021-01-15 20:54 - 2021-01-15 20:54 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoScreensaver.scr
2021-01-15 20:54 - 2021-01-15 20:54 - 000469504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appwiz.cpl
2021-01-15 20:54 - 2021-01-15 20:54 - 000304128 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2021-01-15 20:54 - 2021-01-15 20:54 - 000234496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2021-01-15 20:54 - 2021-01-15 20:54 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\VBICodec.ax
2021-01-15 20:54 - 2021-01-15 20:54 - 000135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VBICodec.ax
2021-01-15 20:54 - 2021-01-15 20:54 - 000095744 _____ C:\Windows\system32\VirtualMonitorManager.dll
2021-01-15 20:54 - 2021-01-15 20:54 - 000084992 _____ (Microsoft Corporation) C:\Windows\system32\wscui.cpl
2021-01-15 20:54 - 2021-01-15 20:54 - 000072704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2021-01-15 20:54 - 2021-01-15 20:54 - 000067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscui.cpl
2021-01-15 20:54 - 2021-01-15 20:54 - 000053760 _____ C:\Windows\SysWOW64\BWContextHandler.dll
2021-01-15 20:53 - 2021-01-15 20:53 - 002260992 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2021-01-15 20:53 - 2021-01-15 20:53 - 002254336 _____ C:\Windows\system32\dwmscene.dll
2021-01-15 20:53 - 2021-01-15 20:53 - 001333760 _____ C:\Windows\SysWOW64\TextInputMethodFormatter.dll
2021-01-15 20:53 - 2021-01-15 20:53 - 001162240 _____ C:\Windows\system32\MBR2GPT.EXE
2021-01-15 20:53 - 2021-01-15 20:53 - 000729600 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2021-01-15 20:53 - 2021-01-15 20:53 - 000643072 _____ C:\Windows\system32\WindowManagementAPI.dll
2021-01-15 20:53 - 2021-01-15 20:53 - 000595968 _____ (Microsoft Corporation) C:\Windows\system32\appwiz.cpl
2021-01-15 20:53 - 2021-01-15 20:53 - 000544768 _____ (Microsoft Corporation) C:\Windows\system32\mmsys.cpl
2021-01-15 20:53 - 2021-01-15 20:53 - 000455680 _____ C:\Windows\SysWOW64\WindowManagementAPI.dll
2021-01-15 20:53 - 2021-01-15 20:53 - 000446976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmsys.cpl
2021-01-15 20:53 - 2021-01-15 20:53 - 000422912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2021-01-15 20:53 - 2021-01-15 20:53 - 000330752 _____ C:\Windows\SysWOW64\ssdm.dll
2021-01-15 20:53 - 2021-01-15 20:53 - 000306688 _____ C:\Windows\system32\HeatCore.dll
2021-01-15 20:53 - 2021-01-15 20:53 - 000238592 _____ (Microsoft Corporation) C:\Windows\system32\intl.cpl
2021-01-15 20:53 - 2021-01-15 20:53 - 000235520 _____ C:\Windows\SysWOW64\HeatCore.dll
2021-01-15 20:53 - 2021-01-15 20:53 - 000190976 _____ C:\Windows\system32\BthpanContextHandler.dll
2021-01-15 20:53 - 2021-01-15 20:53 - 000182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2021-01-15 20:53 - 2021-01-15 20:53 - 000178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl
2021-01-15 20:53 - 2021-01-15 20:53 - 000152064 _____ C:\Windows\system32\EoAExperiences.exe
2021-01-15 20:53 - 2021-01-15 20:53 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2021-01-15 20:53 - 2021-01-15 20:53 - 000067072 _____ C:\Windows\system32\BWContextHandler.dll
2021-01-15 20:53 - 2021-01-15 20:53 - 000010894 _____ C:\Windows\system32\DrtmAuthTxt.wim
2021-01-15 20:52 - 2021-01-15 20:52 - 000562688 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2021-01-15 20:52 - 2021-01-15 20:52 - 000455168 _____ C:\Windows\system32\ssdm.dll
2021-01-15 20:52 - 2021-01-15 20:52 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2021-01-15 20:52 - 2021-01-15 20:52 - 000165888 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe
2021-01-15 20:52 - 2021-01-15 20:52 - 000074240 _____ C:\Windows\system32\rdsxvmaudio.dll
2021-01-15 19:41 - 2021-01-15 19:41 - 000248992 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2021-01-15 19:41 - 2021-01-15 19:40 - 000019912 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2021-01-15 19:34 - 2021-01-15 19:34 - 000000220 _____ C:\Windows\CMSPDIF2.ini.imi
2021-01-15 19:34 - 2021-01-15 19:34 - 000000104 _____ C:\Windows\CMSPDIF2.ini.cfl
2021-01-15 19:34 - 2021-01-15 19:34 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2021-01-15 19:34 - 2013-02-22 14:59 - 000001338 ____N C:\Windows\CMSPDIF2.ini.cfg
2021-01-15 19:34 - 2013-01-18 11:45 - 000031744 ____N (C-Media Inc.) C:\Windows\system32\CMUACWOASIO64.dll
2021-01-15 19:34 - 2013-01-18 11:45 - 000027136 ____N (C-Media Inc.) C:\Windows\SysWOW64\CMUACWOASIO.dll
2021-01-15 19:34 - 2013-01-17 11:18 - 000828416 ____N C:\Windows\system32\CmeauSPDIF2.exe
2021-01-15 19:34 - 2009-08-20 16:00 - 000359424 ____N C:\Windows\system32\CmiInstallResAll64.dll
2021-01-15 19:29 - 2021-01-16 16:45 - 000000000 ____D C:\Users\peter\Downloads\CM6631_6631A_201305
2021-01-15 19:29 - 2013-02-19 17:36 - 000357888 _____ (C-Media Inc.) C:\Windows\system32\Drivers\CMUACWO.sys
2021-01-12 18:32 - 2021-01-16 16:44 - 000046572 _____ C:\Users\peter\Desktop\M3S.jpg.coos
2021-01-12 18:13 - 2021-01-16 16:44 - 000370585 _____ C:\Users\peter\Desktop\Master-RMA-Formular-NT-Global-Shanling.pdf.coos
2021-01-12 17:33 - 2021-01-16 17:55 - 000000000 ____D C:\Users\peter\Downloads\Uriah Heep - Look At Yourself (1971) [SACD] (2011 SHM-SACD PCM Stereo)
2020-12-20 12:53 - 2020-12-20 12:53 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2020-12-20 12:53 - 2020-12-20 12:53 - 002755584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2020-12-20 12:53 - 2020-12-20 12:53 - 001822272 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2020-12-20 12:53 - 2020-12-20 12:53 - 001393496 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2020-12-20 12:53 - 2020-12-20 12:53 - 000363520 _____ C:\Windows\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-12-20 12:53 - 2020-12-20 12:53 - 000287232 _____ C:\Windows\system32\CoreMas.dll
2020-12-20 12:53 - 2020-12-20 12:53 - 000266240 _____ C:\Windows\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-12-20 12:53 - 2020-12-20 12:53 - 000240640 _____ C:\Windows\SysWOW64\CoreMas.dll
2020-12-20 12:53 - 2020-12-20 12:53 - 000102912 _____ (Microsoft Corporation) C:\Windows\system32\ncpa.cpl
2020-12-20 12:53 - 2020-12-20 12:53 - 000100864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncpa.cpl
2020-12-20 12:53 - 2020-12-20 12:53 - 000089088 _____ C:\Windows\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2020-12-20 12:53 - 2020-12-20 12:53 - 000073216 _____ C:\Windows\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2020-12-20 12:53 - 2020-12-20 12:53 - 000060928 _____ C:\Windows\system32\runexehelper.exe
2020-12-20 12:53 - 2020-12-20 12:53 - 000048640 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2020-12-20 12:53 - 2020-12-20 12:53 - 000039936 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2020-12-20 12:53 - 2020-12-20 12:53 - 000013312 _____ C:\Windows\system32\agentactivationruntimestarter.exe
2020-12-20 12:53 - 2020-12-20 12:53 - 000010752 _____ C:\Windows\SysWOW64\agentactivationruntimestarter.exe
2020-12-20 12:53 - 2020-12-20 12:53 - 000001370 _____ C:\Windows\system32\ThirdPartyNoticesBySHS.txt
2020-12-20 11:59 - 2021-01-16 18:37 - 000000000 ____D C:\Users\peter\Desktop\Rohova skrinka

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-16 20:30 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-01-16 20:30 - 2019-12-07 08:13 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-01-16 19:36 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-01-16 19:36 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2021-01-16 19:24 - 2020-07-22 17:24 - 000000000 ____D C:\Users\peter\AppData\Roaming\foobar2000
2021-01-16 18:59 - 2020-07-22 17:24 - 000001186 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk
2021-01-16 18:59 - 2020-07-22 17:24 - 000000000 ____D C:\Program Files (x86)\foobar2000
2021-01-16 18:45 - 2020-11-15 19:41 - 000002358 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-01-16 18:45 - 2020-11-15 19:41 - 000002358 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-01-16 18:19 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ServiceState
2021-01-16 18:15 - 2020-07-22 17:03 - 000050066 _____ C:\Windows\system32\perfh01B.dat
2021-01-16 18:15 - 2020-07-22 17:03 - 000012172 _____ C:\Windows\system32\perfc01B.dat
2021-01-16 18:15 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2021-01-16 18:15 - 2019-12-07 08:20 - 000884192 _____ C:\Windows\system32\PerfStringBackup.INI
2021-01-16 18:12 - 2020-07-14 19:12 - 000000000 __SHD C:\Users\peter\IntelGraphicsProfiles
2021-01-16 18:12 - 2020-07-14 18:40 - 000000000 ___RD C:\Users\peter\OneDrive
2021-01-16 18:11 - 2019-12-07 08:13 - 000008192 ___SH C:\DumpStack.log.tmp
2021-01-16 18:11 - 2019-12-07 08:13 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-01-16 18:10 - 2019-12-07 10:03 - 000524288 _____ C:\Windows\system32\config\BBI
2021-01-16 17:05 - 2020-11-25 22:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum
2021-01-16 17:05 - 2020-11-25 22:06 - 000000000 ____D C:\Program Files\DAUM
2021-01-16 16:45 - 2020-10-25 14:27 - 000000000 ____D C:\Users\peter\Documents\Životopis
2021-01-16 16:45 - 2020-10-25 14:27 - 000000000 ____D C:\Users\peter\Documents\Záhradka
2021-01-16 16:45 - 2020-10-25 14:27 - 000000000 ____D C:\Users\peter\Documents\Yamaha A1
2021-01-16 16:45 - 2020-07-19 12:37 - 000000000 ____D C:\Users\peter\Downloads\Záloha Majka karta SD 20.10.2013
2021-01-16 16:45 - 2020-07-19 12:37 - 000000000 ____D C:\Users\peter\Downloads\usb_driver
2021-01-16 16:45 - 2020-07-19 12:32 - 000000000 ____D C:\Users\peter\Downloads\Nokia 6303c soft
2021-01-16 16:44 - 2020-11-29 13:36 - 2821195512 _____ C:\Users\peter\Downloads\Photos.zip
2021-01-16 16:44 - 2020-11-18 17:51 - 000239099 _____ C:\Users\peter\Desktop\Phidac.jpg.coos
2021-01-16 16:44 - 2020-11-16 17:59 - 000999055 _____ C:\Users\peter\Downloads\Specifications.pdf.coos
2021-01-16 16:44 - 2020-11-16 17:32 - 000254128 _____ C:\Users\peter\Downloads\Schematic_PhiDAChex_2020-05-16.pdf.coos
2021-01-16 16:44 - 2020-11-16 17:24 - 000096408 _____ C:\Users\peter\Downloads\Schematic_PhiAMP.pdf.coos
2021-01-16 16:44 - 2020-11-15 17:04 - 000085643 _____ C:\Users\peter\Downloads\dokumentácia.pdf
2021-01-16 16:44 - 2020-11-15 16:36 - 000202375 _____ C:\Users\peter\Downloads\montážny-návod.pdf.coos
2021-01-16 16:44 - 2020-11-02 20:01 - 026033034 _____ C:\Users\peter\Downloads\qbittorrent_4.3.0.1_x64_setup.exe.coos
2021-01-16 16:44 - 2020-11-01 17:06 - 000302241 _____ C:\Users\peter\Desktop\Dvierka.jpg.coos
2021-01-16 16:44 - 2020-11-01 10:01 - 043468158 _____ C:\Users\peter\Downloads\VdhCoAppSetup-1.5.0.exe.coos
2021-01-16 16:44 - 2020-10-25 14:37 - 000000000 ____D C:\Users\peter\Documents\Kana všetko
2021-01-16 16:44 - 2020-10-25 14:33 - 000000000 ____D C:\Users\peter\Documents\Hifi
2021-01-16 16:44 - 2020-10-25 14:32 - 000000000 ____D C:\Users\peter\Documents\Ford
2021-01-16 16:44 - 2020-10-25 14:28 - 003602766 _____ C:\Users\peter\Documents\Alarm klavesnica Návod integra_u_sk_1 12.doc.coos
2021-01-16 16:44 - 2020-10-25 14:28 - 002399630 _____ C:\Users\peter\Documents\Technický preukaz Ford .pdf.coos
2021-01-16 16:44 - 2020-10-25 14:28 - 001009412 _____ C:\Users\peter\Documents\3.3_Dudrik_SK_Polovodicove suciastky.pdf.coos
2021-01-16 16:44 - 2020-10-25 14:28 - 000268483 _____ C:\Users\peter\Documents\Jungheinrich .pdf.coos
2021-01-16 16:44 - 2020-10-25 14:28 - 000208474 _____ C:\Users\peter\Documents\Miková_Katka.jpg.coos
2021-01-16 16:44 - 2020-10-25 14:28 - 000192152 _____ C:\Users\peter\Documents\000005325313_Potvrdenie%A0o úhrade diaľničnej známky,_201701281813.pdf.coos
2021-01-16 16:44 - 2020-10-25 14:28 - 000095054 _____ C:\Users\peter\Documents\AntiCalc.doc.coos
2021-01-16 16:44 - 2020-10-25 14:28 - 000040539 _____ C:\Users\peter\Documents\Dokument.docx.coos
2021-01-16 16:44 - 2020-10-25 14:28 - 000029518 _____ C:\Users\peter\Documents\Aktualizovane kontakty 28.4.2017.xls.coos
2021-01-16 16:44 - 2020-10-25 14:28 - 000023303 _____ C:\Users\peter\Documents\Kontakty Nokia 6303 10.1.txt.coos
2021-01-16 16:44 - 2020-10-25 14:28 - 000004428 _____ C:\Users\peter\Documents\photo.jpg.coos
2021-01-16 16:44 - 2020-10-25 14:28 - 000000748 _____ C:\Users\peter\Documents\Hegm.txt.coos
2021-01-16 16:44 - 2020-10-25 14:28 - 000000451 _____ C:\Users\peter\Documents\Adresa z nemecka.txt.coos
2021-01-16 16:44 - 2020-10-25 14:28 - 000000363 _____ C:\Users\peter\Documents\Windows kod.txt.coos
2021-01-16 16:44 - 2020-10-25 14:28 - 000000344 _____ C:\Users\peter\Documents\Heslo k domacej sieti.txt.coos
2021-01-16 16:44 - 2020-10-25 14:28 - 000000000 ____D C:\Users\peter\Documents\Descal_subory
2021-01-16 16:44 - 2020-10-25 14:25 - 000000000 ____D C:\Users\peter\Documents\Obnova stratenych dat
2021-01-16 16:44 - 2020-10-25 14:24 - 000000000 ____D C:\Users\peter\Documents\Majkine súbory
2021-01-16 16:44 - 2020-10-25 14:24 - 000000000 ____D C:\Users\peter\Documents\Majka škola
2021-01-16 16:44 - 2020-10-25 14:23 - 000000000 ____D C:\Users\peter\Documents\Kontakty Majka
2021-01-16 16:44 - 2020-10-25 14:23 - 000000000 ____D C:\Users\peter\Documents\Kána2017-2018
2021-01-16 16:44 - 2020-10-25 14:22 - 000000000 ____D C:\Users\peter\Documents\Kána2016-2017
2021-01-16 16:44 - 2020-10-22 16:47 - 000000428 _____ C:\Users\peter\Desktop\Nový textový dokument.txt.coos
2021-01-16 16:44 - 2020-10-18 13:45 - 010225174 _____ C:\Users\peter\Downloads\Návod k použití CZ.pdf.coos
2021-01-16 16:44 - 2020-10-18 09:44 - 000241895 _____ C:\Users\peter\Desktop\odstupenie-spotrebitela-od-zmluvy.pdf
2021-01-16 16:44 - 2020-10-08 17:48 - 455880742 _____ C:\Users\peter\Desktop\Svadba skrátená.mp4
2021-01-16 16:44 - 2020-09-06 16:48 - 000000000 ____D C:\Users\peter\Desktop\Nový priečinok
2021-01-16 16:44 - 2020-09-01 12:35 - 000000000 ____D C:\Users\peter\ELDES Utility
2021-01-16 16:44 - 2020-08-29 11:26 - 000000000 ____D C:\totalcmd
2021-01-16 16:44 - 2020-07-19 15:52 - 000595714 _____ C:\Users\peter\Downloads\wiliotlheadamppcb.zip.coos
2021-01-16 16:44 - 2020-07-19 15:50 - 000594262 _____ C:\Users\peter\Downloads\HAv2.1.sch
2021-01-16 16:44 - 2020-07-19 15:50 - 000301992 _____ C:\Users\peter\Downloads\HAv2.1.brd
2021-01-16 16:44 - 2020-07-19 15:36 - 000002365 _____ C:\Users\peter\Desktop\Panel_HA.panel
2021-01-16 16:44 - 2020-07-19 12:38 - 367086286 _____ C:\Users\peter\Downloads\pro100_demo5_csy.exe.coos
2021-01-16 16:44 - 2020-07-19 12:38 - 099927185 _____ C:\Users\peter\Downloads\vianocne-piesne-a-koledy.rar.coos
2021-01-16 16:44 - 2020-07-19 12:38 - 094122591 _____ C:\Users\peter\Downloads\Reproduktory-a-reproduktorove-soustavy_male-rozl.pdf.coos
2021-01-16 16:44 - 2020-07-19 12:38 - 027942194 _____ C:\Users\peter\Downloads\data.rar.coos
2021-01-16 16:44 - 2020-07-19 12:38 - 026714136 _____ C:\Users\peter\Downloads\VMA-I-SL-black.zip.coos
2021-01-16 16:44 - 2020-07-19 12:38 - 021870482 _____ C:\Users\peter\Downloads\rebuilt.Najkrajsie-Slovenské-ludové-Vianocné-koledy.part8.rar.coos
2021-01-16 16:44 - 2020-07-19 12:38 - 010493674 _____ C:\Users\peter\Downloads\VoiceRec&TaskMan.zip.coos
2021-01-16 16:44 - 2020-07-19 12:38 - 002744421 _____ C:\Users\peter\Downloads\flac-1.2.1b.exe
2021-01-16 16:44 - 2020-07-19 12:38 - 001009412 _____ C:\Users\peter\Downloads\3.3_Dudrik_SK_Polovodicove suciastky.pdf
2021-01-16 16:44 - 2020-07-19 12:38 - 000492770 _____ C:\Users\peter\Downloads\VoodooReport.apk.coos
2021-01-16 16:44 - 2020-07-19 12:38 - 000114059 _____ C:\Users\peter\Downloads\Voodoo-instant-anti-exynos-mem-abuse-0.9.apk.coos
2021-01-16 16:44 - 2020-07-19 12:38 - 000105950 _____ C:\Users\peter\Downloads\VoodooOTARootKeeper.apk.coos
2021-01-16 16:44 - 2020-07-19 12:32 - 000000000 ____D C:\Users\peter\Documents\Samsung úpravy
2021-01-16 16:44 - 2020-07-16 17:17 - 000291985 _____ C:\Users\peter\Downloads\Datasheet_DPB5650M.pdf
2021-01-16 16:44 - 2017-09-22 19:28 - 542997725 _____ C:\Users\peter\Downloads\C2. Nothing Else Matters.dsf
2021-01-16 16:44 - 2017-09-22 19:28 - 343669975 _____ C:\Users\peter\Downloads\C1. Through The Never.dsf
2021-01-16 16:44 - 2014-11-25 07:49 - 000000000 ____D C:\San disc 8gb majkin originalne subory
2021-01-16 16:43 - 2020-07-19 12:04 - 000000000 ____D C:\Chvály
2021-01-16 16:43 - 2020-07-14 18:41 - 000000000 ___HD C:\$WinREAgent
2021-01-16 16:43 - 2020-07-14 18:40 - 000000000 ___HD C:\OneDriveTemp
2021-01-16 16:43 - 2019-12-07 08:20 - 000000000 ____D C:\Users\peter
2021-01-16 16:42 - 2020-09-21 18:55 - 000000000 ____D C:\Users\peter\AppData\Local\CrashDumps
2021-01-16 15:55 - 2019-12-07 08:24 - 000000000 ____D C:\Users\peter\AppData\Local\Packages
2021-01-16 15:43 - 2020-07-14 21:48 - 000000000 ____D C:\Users\peter\AppData\Roaming\vlc
2021-01-15 21:58 - 2019-12-07 08:13 - 000258088 _____ C:\Windows\system32\FNTCACHE.DAT
2021-01-15 21:57 - 2019-12-07 15:39 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-01-15 21:57 - 2019-12-07 15:39 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\SysWOW64\F12
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\UNP
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\F12
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\PrintDialog
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\PerceptionSimulation
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Com
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemResources
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Sysprep
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\setup
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\oobe
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Dism
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Com
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\AdvancedInstallers
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellExperiences
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellComponents
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\Provisioning
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\IME
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\bcastdvr
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-01-15 20:56 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp
2021-01-15 20:52 - 2019-12-07 08:17 - 002877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2021-01-15 20:46 - 2020-07-14 18:45 - 000000000 ____D C:\Windows\system32\MRT
2021-01-15 20:45 - 2020-07-14 18:44 - 135062968 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-01-15 19:41 - 2020-09-01 20:56 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-01-15 19:41 - 2020-09-01 20:56 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-01-15 19:41 - 2020-09-01 20:56 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-01-15 19:41 - 2019-12-07 10:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2021-01-15 19:40 - 2020-09-01 20:56 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2021-01-15 19:35 - 2020-07-14 19:40 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2021-01-15 19:34 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\System
2021-01-15 18:09 - 2020-07-14 18:51 - 000002389 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-12 18:51 - 2020-07-19 20:37 - 000000000 ____D C:\Users\peter\AppData\LocalLow\Mozilla
2021-01-12 18:27 - 2020-07-14 19:40 - 000001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2021-01-10 20:44 - 2020-09-01 18:57 - 000000000 ____D C:\Users\peter\Downloads\Sťahovaná hudba
2021-01-10 15:30 - 2020-07-19 17:19 - 000000000 ____D C:\Program Files\MiniTool Partition Wizard 12
2020-12-20 12:58 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\migwiz
2020-12-20 12:58 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2020-12-20 12:01 - 2019-12-07 08:13 - 000000000 ____D C:\Windows\system32\Drivers\wd
2020-12-20 11:50 - 2020-07-14 18:50 - 000003456 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-12-20 11:50 - 2020-07-14 18:50 - 000003332 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2020-12-20 11:50 - 2020-07-14 18:40 - 000003380 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3618232127-4161200626-2994251962-1001
2020-12-20 11:50 - 2019-12-07 08:20 - 000002355 _____ C:\Users\peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

==================== Files in the root of some directories ========

2021-01-16 16:41 - 2021-01-16 16:41 - 000334288 _____ (Mozilla Foundation) C:\ProgramData\freebl3.dll
2021-01-16 16:41 - 2021-01-16 16:41 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2021-01-16 16:41 - 2021-01-16 16:41 - 000440120 _____ (Microsoft Corporation) C:\ProgramData\msvcp140.dll
2021-01-16 16:41 - 2021-01-16 16:41 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
2021-01-16 16:41 - 2021-01-16 16:41 - 000144848 _____ (Mozilla Foundation) C:\ProgramData\softokn3.dll
2021-01-16 16:41 - 2021-01-16 16:41 - 000083784 _____ (Microsoft Corporation) C:\ProgramData\vcruntime140.dll
2020-11-01 10:13 - 2020-11-01 10:13 - 000320202 ___SH () C:\Users\peter\AppData\Roaming\jacagbu
2021-01-16 16:41 - 2021-01-16 16:41 - 000000557 _____ () C:\Users\peter\AppData\Local\bowsakkdestx.txt
2021-01-16 16:42 - 2021-01-16 16:42 - 000000049 _____ () C:\Users\peter\AppData\Local\script.ps1

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================


















Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-01-2021
Ran by peter (16-01-2021 20:34:33)
Running from C:\Users\peter\Desktop
Windows 10 Home Single Language Version 20H2 19042.746 (X64) (2019-12-07 07:15:35)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3618232127-4161200626-2994251962-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3618232127-4161200626-2994251962-503 - Limited - Disabled)
Guest (S-1-5-21-3618232127-4161200626-2994251962-501 - Limited - Disabled)
peter (S-1-5-21-3618232127-4161200626-2994251962-1001 - Administrator - Enabled) => C:\Users\peter
WDAGUtilityAccount (S-1-5-21-3618232127-4161200626-2994251962-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 20.02 alpha (x64) (HKLM\...\7-Zip) (Version: 20.02 alpha - Igor Pavlov)
CMEDIA USB2.0 Audio Device (HKLM-x32\...\{9445E4B8-E875-470A-928A-A665D3F973B4}) (Version: 1.00.0001 - C-Media Electronics, Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 10.3201.101.212 - ALPS ELECTRIC CO., LTD.)
ELDES Utility (HKU\S-1-5-21-3618232127-4161200626-2994251962-1001\...\{0ce8bddd-881b-4829-9fb3-8c2634192e20}) (Version: 1.0.0 - ELDES UAB)
Excel (HKU\S-1-5-21-3618232127-4161200626-2994251962-1001\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel)
foobar2000 v1.6.2 (HKLM-x32\...\foobar2000) (Version: 1.6.2 - Peter Pawlowski)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.141 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Java 8 Update 261 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180261F0}) (Version: 8.0.2610.12 - Oracle Corporation)
Java 8 Update 271 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.75 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.59 - )
Microsoft OneDrive (HKU\S-1-5-21-3618232127-4161200626-2994251962-1001\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Mozilla Firefox 82.0.3 (x64 sk) (HKLM\...\Mozilla Firefox 82.0.3 (x64 sk)) (Version: 82.0.3 - Mozilla)
Mozilla Thunderbird 78.6.0 (x86 sk) (HKLM-x32\...\Mozilla Thunderbird 78.6.0 (x86 sk)) (Version: 78.6.0 - Mozilla)
Outlook (HKU\S-1-5-21-3618232127-4161200626-2994251962-1001\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook)
PowerPoint (HKU\S-1-5-21-3618232127-4161200626-2994251962-1001\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint)
qBittorrent 4.3.0.1 (HKLM-x32\...\qBittorrent) (Version: 4.3.0.1 - The qBittorrent project)
QuickPanel (HKU\S-1-5-21-3618232127-4161200626-2994251962-1001\...\QuickPanel) (Version: - )
Reference 4 AAX plugin for ProTools 10 (HKLM-x32\...\{3DA6B4C9-091C-4D5A-8D99-1FC31D1D2319}) (Version: 4.4.2.92 - Sonarworks)
Reference 4 AAX plugin for ProTools 11/12 (HKLM\...\{DF4C23A9-B429-4BBB-A4D3-62D84277B9A2}) (Version: 4.4.2.92 - Sonarworks)
Reference 4 Measure (HKLM\...\{89A07A90-F4FF-44B0-A0B2-4CAC0A0A436A}) (Version: 4.4.2.92 - Sonarworks)
Reference 4 RTAS plugin (HKLM-x32\...\{6B32B226-C783-4662-A72B-24C0FB508454}) (Version: 4.4.2.92 - Sonarworks)
Reference 4 VST plugin (32-bit) (HKLM-x32\...\{7740EF30-3541-4D9B-8890-71E6F5047DAC}) (Version: 4.4.2.92 - Sonarworks)
Reference 4 VST plugin (64-bit) (HKLM\...\{B5FC43B7-75DD-4E3C-A0DB-2BA31B45BD93}) (Version: 4.4.2.92 - Sonarworks)
Sonarworks Reference 4 Studio (HKLM-x32\...\{178729bc-9ccd-4e0f-b8a5-de48917d084c}) (Version: 4.4.2.92 - Sonarworks)
Sonarworks Reference 4 Systemwide (HKLM\...\{26C59DFC-9DB8-409C-92E3-F3FFA6FB0F9D}) (Version: 4.4.2.92 - Sonarworks)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.51 - Ghisler Software GmbH)
VdhCoApp 1.5.0 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Word (HKU\S-1-5-21-3618232127-4161200626-2994251962-1001\...\1b837d0bf93d01407352736c91b7bf50) (Version: 1.0 - Word)

Packages:
=========
Doplnok mediálneho nástroja pre Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-10-08] (Microsoft Corporation)
Doplnok pre Fotografie -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2020-10-08] (Microsoft Corporation)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_122.1.778.0_x64__v10z8vjag6ke6 [2020-12-22] (HP Inc.)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1102.0_x64__8wekyb3d8bbwe [2021-01-15] (Microsoft Studios) [MS Ad]
MusicBrainz Picard -> C:\Program Files\WindowsApps\MetaBrainzFoundationInc.org.musicbrainz.Picard_2.5.60000.0_x64__kef61k5a7g40j [2021-01-12] (MetaBrainz Foundation Inc.)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0 [2020-12-22] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3618232127-4161200626-2994251962-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2020-08-08] (Igor Pavlov) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-09-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2020-08-08] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-07-30] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2020-08-08] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-09-01] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\peter\Music\Hudba Peter\Dire Straits\Dire Straits Live Alchemy\Dire Straits Live, Part Two FLAC\Covers\Covers - Ярлык.lnk -> D:\музыка\flacmusic.ru-Rip by moote\Dire Straits\Alchemy Dire Straits Live, Part Two\Covers (No File) <==== Cyrillic
ShortcutWithArgument: C:\Users\peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=leffmjdabcgaflkikcefahmlgpodjkdm --app-url=hxxps://excel.office.com/
ShortcutWithArgument: C:\Users\peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bjhmmnoficofgoiacjaajpkfndojknpb --app-url=hxxps://outlook.com/
ShortcutWithArgument: C:\Users\peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=opfacbhaojodjaojgocnibmklknchehf --app-url=hxxps://powerpoint.office.com/
ShortcutWithArgument: C:\Users\peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hikhggiobiflkdfdgdajcfklmcibbopi --app-url=hxxps://word.office.com/

==================== Loaded Modules (Whitelisted) =============

2020-09-01 19:03 - 2020-08-08 20:00 - 000076800 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_271\bin\ssv.dll [2020-11-15] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_271\bin\jp2ssv.dll [2020-11-15] (Oracle America, Inc. -> Oracle Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 10:14 - 2021-01-16 16:44 - 000000822 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-3618232127-4161200626-2994251962-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.240.1 - 31.3.32.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{8875E960-0296-4E2B-9F7C-9DA0B2415FD9}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{48A2C8B6-1724-4165-BB31-6A00077B9378}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{4BAB8918-CD83-47D3-8C38-5A2073E0C6E3}] => (Allow) C:\Users\peter\AppData\Roaming\Zoom\bin\Zoom.exe => No File
FirewallRules: [{9C54255E-BE23-4200-8A02-47413F6AB8AB}] => (Allow) C:\Users\peter\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{BEA93A04-8DBC-435C-B6D0-19E830F26EE3}] => (Allow) C:\Users\peter\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{0270511A-AF9C-46CE-909F-79778E95A7FE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{DA438762-EE77-4DC7-B74B-FC78BFE86D56}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{314FC896-DD82-4EED-BE80-089F8E397267}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{DDD74CA6-FF87-4963-ABFD-8B657AA96F9E}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{C63F788D-5BB9-45E7-8B47-677246441945}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A1B1F6C3-1AE4-4EA8-8F92-A42B1065FA26}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E7360998-B718-43A3-8C55-96FA87A0C1CE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B8E0330C-96E2-4DE3-B968-C91EA9328333}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7DEE527B-BDA1-4DA5-89A6-51D7CD6C9A50}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{AD96F235-A2C8-423D-809A-89517947BD20}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{59BA7701-4249-48D0-A301-905F961B3574}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8FDC5BF1-CAE8-480F-B8EE-0013C366FAF6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B8F77E41-B62B-4CA9-BACF-910F0DAC2A7C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6D740359-F62B-40B8-A746-2B7A144D0B10}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{61A90EDF-6839-4D8C-8859-4D1D3F154E93}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9BE0A0F9-1D77-4A2C-A51C-56D01DFCECE0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{90A94002-0892-4CCD-8DDA-D6A1DBA72F64}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{5BCCA330-4526-4CA1-B977-FF6F5BEB6834}] => (Allow) C:\Users\peter\AppData\Local\Temp\download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
FirewallRules: [{190AA7D4-344D-49EF-8081-9E4FD1D14F38}] => (Allow) C:\Users\peter\AppData\Local\Temp\download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)

==================== Restore Points =========================

20-12-2020 12:46:49 Inštalátor modulov systému Windows
10-01-2021 18:02:02 Scheduled Checkpoint
12-01-2021 17:16:16 Inštalátor modulov systému Windows
15-01-2021 17:52:05 Inštalátor modulov systému Windows

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (01/16/2021 07:03:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SecHealthUI.exe version 10.0.19041.662 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1d08

Start Time: 01d6ec2fd3b39b2e

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe

Report Id: 8a52e8d9-9c44-4b71-9989-25135b708972

Faulting package full name: Microsoft.Windows.SecHealthUI_10.0.19041.423_neutral__cw5n1h2txyewy

Faulting package-relative application ID: SecHealthUI

Hang type: Cross-process

Error: (01/16/2021 04:43:07 PM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007

Error: (01/16/2021 04:43:07 PM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0

Error: (01/16/2021 04:42:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: updatewin1.exe, verzia: 1.0.0.0, časová značka: 0x5be1a3c6
Názov chybujúceho modulu: updatewin1.exe, verzia: 1.0.0.0, časová značka: 0x5be1a3c6
Kód výnimky: 0xc0000005
Odstup chyby: 0x00005e76
Identifikácia chybujúceho procesu: 0x1e80
Čas spustenia chybujúcej aplikácie: 0x01d6ec1e185cf8b8
Cesta chybujúcej aplikácie: C:\Users\peter\AppData\Local\813d91c3-62b1-4664-9de5-942d31850e88\updatewin1.exe
Cesta chybujúceho modulu: C:\Users\peter\AppData\Local\813d91c3-62b1-4664-9de5-942d31850e88\updatewin1.exe
Identifikácia hlásenia: ecbe6881-be7d-4dc8-a2be-3b907f8cfbb8
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (01/16/2021 04:42:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: 5.exe, verzia: 1.0.0.1, časová značka: 0x6001bf5f
Názov chybujúceho modulu: 5.exe, verzia: 1.0.0.1, časová značka: 0x6001bf5f
Kód výnimky: 0xc0000005
Odstup chyby: 0x00005e16
Identifikácia chybujúceho procesu: 0x1bc
Čas spustenia chybujúcej aplikácie: 0x01d6ec1e19a41d50
Cesta chybujúcej aplikácie: C:\Users\peter\AppData\Local\813d91c3-62b1-4664-9de5-942d31850e88\5.exe
Cesta chybujúceho modulu: C:\Users\peter\AppData\Local\813d91c3-62b1-4664-9de5-942d31850e88\5.exe
Identifikácia hlásenia: cbe9186c-8757-45aa-b950-a321cd6de75b
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (01/16/2021 04:42:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: B6E5.exe, verzia: 1.0.0.1, časová značka: 0x6001c0b5
Názov chybujúceho modulu: B6E5.exe, verzia: 1.0.0.1, časová značka: 0x6001c0b5
Kód výnimky: 0xc0000005
Odstup chyby: 0x00005e16
Identifikácia chybujúceho procesu: 0x24cc
Čas spustenia chybujúcej aplikácie: 0x01d6ec1e164e2c3b
Cesta chybujúcej aplikácie: C:\Users\peter\AppData\Local\Temp\B6E5.exe
Cesta chybujúceho modulu: C:\Users\peter\AppData\Local\Temp\B6E5.exe
Identifikácia hlásenia: a9ddf5dc-ce4d-4814-9334-005473de7f3c
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (01/16/2021 04:42:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: updatewin2.exe, verzia: 1.0.0.0, časová značka: 0x5be2b0d6
Názov chybujúceho modulu: ntdll.dll, verzia: 10.0.19041.662, časová značka: 0x5f641e44
Kód výnimky: 0xc0000409
Odstup chyby: 0x00075525
Identifikácia chybujúceho procesu: 0x19d4
Čas spustenia chybujúcej aplikácie: 0x01d6ec1e186173f8
Cesta chybujúcej aplikácie: C:\Users\peter\AppData\Local\813d91c3-62b1-4664-9de5-942d31850e88\updatewin2.exe
Cesta chybujúceho modulu: C:\Windows\SYSTEM32\ntdll.dll
Identifikácia hlásenia: d2cfb48c-1fb5-40a5-b03d-6f7720dbc7ce
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (01/16/2021 04:42:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: C09C.exe, verzia: 1.0.5.1, časová značka: 0x5feb6866
Názov chybujúceho modulu: C09C.exe, verzia: 1.0.5.1, časová značka: 0x5feb6866
Kód výnimky: 0xc0000005
Odstup chyby: 0x0000a312
Identifikácia chybujúceho procesu: 0x76c
Čas spustenia chybujúcej aplikácie: 0x01d6ec1e17ca20ea
Cesta chybujúcej aplikácie: C:\Users\peter\AppData\Local\Temp\C09C.exe
Cesta chybujúceho modulu: C:\Users\peter\AppData\Local\Temp\C09C.exe
Identifikácia hlásenia: 40ed3efa-7568-4939-964e-e1e24507b3c8
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:


System errors:
=============
Error: (01/16/2021 07:28:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Storage Middleware Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.

Error: (01/16/2021 07:28:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba EldesService sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.

Error: (01/16/2021 07:28:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Presentation Foundation Font Cache 3.0.0.0 sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 0 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.

Error: (01/16/2021 07:28:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Bluetooth Driver Management Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.

Error: (01/16/2021 07:28:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Alps HID Monitor Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.

Error: (01/16/2021 07:28:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) HD Graphics Control Panel Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.

Error: (01/16/2021 04:47:34 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {08728914-3F57-4D52-9E31-49DAECA5A80A} did not register with DCOM within the required timeout.

Error: (01/16/2021 04:42:07 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.


Windows Defender:
===================================
Date: 2021-01-16 19:35:32.5620000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {DE173254-7DF0-4E84-AE7F-E6D348703EF7}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-01-16 19:03:43.6660000Z
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: Trojan:Win32/Ymacco.AB35
ID: 2147758463
Severity: Závažná
Category: Trójsky kôň
Path: file:_C:\Users\peter\AppData\Local\Microsoft\Windows\INetCache\IE\9ALNWLEH\soft[1].exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.329.2302.0, AS: 1.329.2302.0, NIS: 1.329.2302.0
Engine Version: AM: 1.1.17700.4, NIS: 1.1.17700.4

Date: 2021-01-16 19:03:43.3900000Z
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: Worm:Win32/Conficker!MSR
ID: 2147771725
Severity: Závažná
Category: Červ
Path: containerfile:_C:\Users\peter\AppData\Local\Temp\RarSFX0\keygen-step-4.exe; file:_C:\Users\peter\AppData\Local\Temp\RarSFX0\keygen-step-4.exe; file:_C:\Users\peter\AppData\Local\Temp\RarSFX0\keygen-step-4.exe->(ZipSfx)->file.exe; file:_C:\Users\peter\AppData\Local\Temp\RarSFX1\file.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: User
Process Name: Unknown
Security intelligence Version: AV: 1.329.2302.0, AS: 1.329.2302.0, NIS: 1.329.2302.0
Engine Version: AM: 1.1.17700.4, NIS: 1.1.17700.4

Date: 2021-01-16 19:03:43.1890000Z
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: Trojan:Win32/Glupteba!MSR
ID: 2147743429
Severity: Závažná
Category: Trójsky kôň
Path: file:_C:\Users\peter\AppData\Local\Temp\RarSFX0\intro.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.329.2302.0, AS: 1.329.2302.0, NIS: 1.329.2302.0
Engine Version: AM: 1.1.17700.4, NIS: 1.1.17700.4

Date: 2021-01-16 19:03:42.7210000Z
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: PUA:Win32/Presenoker
ID: 242420
Severity: Nízka
Category: Potenciálne nežiaduci softvér
Path: containerfile:_C:\Users\peter\AppData\Local\Temp\C8EA.exe; containerfile:_C:\Users\peter\AppData\Local\Temp\haleng.exe; file:_C:\Users\peter\AppData\Local\Temp\C8EA.exe; file:_C:\Users\peter\AppData\Local\Temp\C8EA.exe->[RSRCEmb]#2; file:_C:\Users\peter\AppData\Local\Temp\haleng.exe; file:_C:\Users\peter\AppData\Local\Temp\haleng.exe->[RSRCEmb]#2
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: User
Process Name: Unknown
Security intelligence Version: AV: 1.329.2302.0, AS: 1.329.2302.0, NIS: 1.329.2302.0
Engine Version: AM: 1.1.17700.4, NIS: 1.1.17700.4

Date: 2021-01-16 17:04:52.8030000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.2282.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80240438
Error description: Počas vyhľadávania aktualizácií sa vyskytol neočakávaný problém. Informácie o inštalácii aktualizácií a riešení problémov s aktualizáciami nájdete v Pomoci a technickej podpore.

Date: 2021-01-16 16:49:58.1680000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to download and configure Microsoft Defender Offline.
Error code: 0x8000000a
Error description: The data necessary to complete this operation is not yet available.

Date: 2021-01-16 16:49:25.4270000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to download and configure Microsoft Defender Offline.
Error code: 0x8000000a
Error description: The data necessary to complete this operation is not yet available.

Date: 2020-10-10 14:52:56.8760000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.325.414.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17500.4
Error code: 0x8024402c
Error description: Počas vyhľadávania aktualizácií sa vyskytol neočakávaný problém. Informácie o inštalácii aktualizácií a riešení problémov s aktualizáciami nájdete v Pomoci a technickej podpore.

CodeIntegrity:
===================================

Date: 2021-01-16 16:44:46.9090000Z
Description:
Windows blocked file \Device\HarddiskVolume2\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2021-01-16 16:44:46.8000000Z
Description:
Windows blocked file \Device\HarddiskVolume2\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2021-01-16 16:44:46.0690000Z
Description:
Windows blocked file \Device\HarddiskVolume2\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2020-09-06 15:10:25.5660000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-09-06 15:10:24.8420000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-09-06 15:10:24.8100000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: Dell Inc. A18 01/18/2016
Motherboard: Dell Inc. 0DV71K
Processor: Intel(R) Core(TM) i5-3340M CPU @ 2.70GHz
Percentage of memory in use: 79%
Total physical RAM: 3998.92 MB
Available physical RAM: 806.81 MB
Total Virtual: 6430.92 MB
Available Virtual: 3028 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.22 GB) (Free:103.02 GB) NTFS

\\?\Volume{20a38955-0000-0000-0000-100000000000}\ (Vyhradené systémom) (Fixed) (Total:0.05 GB) (Free:0.02 GB) NTFS
\\?\Volume{20a38955-0000-0000-0000-005174000000}\ () (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 20A38955)
Partition 1: (Active) - (Size=50 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=506 MB) - (Type=27)

==================== End of Addition.txt =======================

Re: Mám haveď, AZORULT, GEPYS... Prosím o pomoc. Ďakujem.

Napsal: 16 led 2021 21:07
od Rudy
Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-16] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [haleng] => C:\Users\peter\AppData\Local\Temp\haleng.e <==== ATTENTION
HKU\S-1-5-21-3618232127-4161200626-2994251962-1001\...\MountPoints2: {1402ddfe-e9f8-11ea-a1ed-ecf4bb2c8f2c} - "E:\HiSuiteDownLoader.exe"
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {2B491FDE-CA50-4DBF-AE43-505F68AD2E03} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-07-14] (Google LLC -> Google LLC)
Task: {3092532E-8F13-4074-8CE2-D48793B00246} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\SysInfo => C:\Users\peter\AppData\Roaming\\toolsyshost\\sihost.exe <==== ATTENTION
Task: {9FCD8608-F937-48B9-AE97-DB1F88FF5B07} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-07-14] (Google LLC -> Google LLC)
C:\Users\peter\AppData\Local\718c59c2-7c18-4537-bd90-62ee1ef9fc13
C:\Users\peter\AppData\Local\813d91c3-62b1-4664-9de5-942d31850e88
C:\ProgramData\5U3Z6GS5OCS20276A28GXCA6B
C:\ProgramData\3475GCW401BAICXIFUT6GJIHE
C:\ProgramData\r9y9q5v2w6y9q5v2w6
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
FirewallRules: [{4BAB8918-CD83-47D3-8C38-5A2073E0C6E3}] => (Allow) C:\Users\peter\AppData\Roaming\Zoom\bin\Zoom.exe => No File
FirewallRules: [{9C54255E-BE23-4200-8A02-47413F6AB8AB}] => (Allow) C:\Users\peter\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{BEA93A04-8DBC-435C-B6D0-19E830F26EE3}] => (Allow) C:\Users\peter\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{5BCCA330-4526-4CA1-B977-FF6F5BEB6834}] => (Allow) C:\Users\peter\AppData\Local\Temp\download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
FirewallRules: [{190AA7D4-344D-49EF-8081-9E4FD1D14F38}] => (Allow) C:\Users\peter\AppData\Local\Temp\download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
C:\Users\peter\AppData\Local\Microsoft\Windows\INetCache\IE\9ALNWLEH\soft[1].exe
C:\Users\peter\AppData\Local\Temp

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: Mám haveď, AZORULT, GEPYS... Prosím o pomoc. Ďakujem.

Napsal: 16 led 2021 21:39
od Peter19660
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-01-2021
Ran by peter (administrator) on DESKTOP-OKKBF2I (Dell Inc. Latitude E6430) (16-01-2021 20:32:29)
Running from C:\Users\peter\Desktop
Loaded Profiles: peter
Platform: Windows 10 Home Single Language Version 20H2 19042.746 (X64) Language: Slovenčina (Slovensko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\peter\AppData\Local\Microsoft\OneDrive\20.201.1005.0009\FileCoAuth.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2011.16.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\NisSrv.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [779376 2019-05-09] (ALPS ELECTRIC CO., LTD. -> Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-16] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [haleng] => C:\Users\peter\AppData\Local\Temp\haleng.e <==== ATTENTION
HKU\S-1-5-21-3618232127-4161200626-2994251962-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
HKU\S-1-5-21-3618232127-4161200626-2994251962-1001\...\Policies\system: [DisableTaskmgr] 1
HKU\S-1-5-21-3618232127-4161200626-2994251962-1001\...\MountPoints2: {1402ddfe-e9f8-11ea-a1ed-ecf4bb2c8f2c} - "E:\HiSuiteDownLoader.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.141\Installer\chrmstp.exe [2021-01-15] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2B491FDE-CA50-4DBF-AE43-505F68AD2E03} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-07-14] (Google LLC -> Google LLC)
Task: {3092532E-8F13-4074-8CE2-D48793B00246} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\SysInfo => C:\Users\peter\AppData\Roaming\\toolsyshost\\sihost.exe <==== ATTENTION
Task: {30C7C9C3-1F21-4000-BFD9-E8856D147899} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [667856 2020-11-10] (Mozilla Corporation -> Mozilla Foundation)
Task: {3FEA38DF-20CF-43AC-A7E2-F70CE8A3EE4B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-20] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {40DA6EB9-6EA2-4EF0-820E-955CE4443F17} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-20] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6C9EC47F-34D3-4D19-A9C4-C80827636E2D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-20] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8C5EC040-640D-4F40-AB09-CD0B32F3A4F4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-20] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9FCD8608-F937-48B9-AE97-DB1F88FF5B07} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-07-14] (Google LLC -> Google LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.240.1 31.3.32.1
Tcpip\..\Interfaces\{0d9b7dd5-17f4-4151-a636-ebc2ad6cdf91}: [DhcpNameServer] 192.168.240.1 31.3.32.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\peter\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-16]
Edge Extension: (Outlook) - C:\Users\peter\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2020-10-18]
Edge Extension: (Word) - C:\Users\peter\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2020-10-18]
Edge Extension: (Excel) - C:\Users\peter\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2020-10-18]
Edge Extension: (PowerPoint) - C:\Users\peter\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2020-10-18]

FireFox:
========
FF DefaultProfile: 2dvtiph4.default
FF ProfilePath: C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\2dvtiph4.default [2020-11-01]
FF ProfilePath: C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\3uo0aucu.default-release [2021-01-16]
FF Extension: (Select After Closing Current) - C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\3uo0aucu.default-release\Extensions\select-after-closing-current@qw.linux-2g64.local.xpi [2020-11-01]
FF Extension: (Translate Web Pages) - C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\3uo0aucu.default-release\Extensions\{036a55b4-5e72-4d05-a06c-cba2dfcc134a}.xpi [2020-11-03]
FF Extension: (Video DownloadHelper) - C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\3uo0aucu.default-release\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2020-11-01]
FF Extension: (Greasemonkey) - C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\3uo0aucu.default-release\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2020-03-18]
FF Extension: (Torrent Control) - C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\3uo0aucu.default-release\Extensions\{e6e36c9a-8323-446c-b720-a176017e38ff}.xpi [2020-11-01]
FF Plugin: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2020-11-15] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-11-15] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default [2021-01-16]
CHR Session Restore: Default -> is enabled.
CHR Extension: (Prezentácie) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-07-14]
CHR Extension: (Dokumenty) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-07-14]
CHR Extension: (Disk Google) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-26]
CHR Extension: (YouTube) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-07-14]
CHR Extension: (Select to Translate - Translator ) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\eignaoffibhilfdkmddbpigikiglehcc [2021-01-15]
CHR Extension: (Tabuľky) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-07-14]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-18]
CHR Extension: (Prekladateľ) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiidjliailpkjeigakikbfedlfijngih [2021-01-15]
CHR Extension: (Select to Translate - Prekladateľ) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkbmajmmaeonfhjdcofabfilgfigpbao [2021-01-15]
CHR Extension: (d8yI+Hf7rX) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbpkgaifoikkjjmklpelkjlecngigjem [2021-01-16]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-07-14]
CHR Extension: (Gmail) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-25]
CHR Extension: (Chrome Media Router) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-20]
CHR Profile: C:\Users\peter\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-01-16]
CHR Extension: (d8yI+Hf7rX) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\Guest Profile\Extensions\mbpkgaifoikkjjmklpelkjlecngigjem [2021-01-16]
CHR Profile: C:\Users\peter\AppData\Local\Google\Chrome\User Data\System Profile [2021-01-16]
CHR Extension: (d8yI+Hf7rX) - C:\Users\peter\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\mbpkgaifoikkjjmklpelkjlecngigjem [2021-01-16]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [104840 2019-05-09] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
S2 EldesService; C:\Program Files\Common Files\Eldes\ELDES Service.exe [201416 2018-08-01] (ELDES UAB -> )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-01-15] (Malwarebytes Inc -> Malwarebytes)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-20] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-20] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 CMUACWO; C:\Windows\System32\drivers\CMUACWO.sys [357888 2013-02-19] (C-MEDIA ELECTRONICS INC. -> C-Media Inc.)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [19440 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> OSR Open Systems Resources, Inc.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [220160 2021-01-16] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2021-01-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-01-15] (Malwarebytes Inc -> Malwarebytes)
R3 MbmUsbSerial; C:\Windows\System32\Drivers\MbmUsbSerial.sys [81392 2015-06-30] (Microsoft Windows Hardware Compatibility Publisher -> Ericsson AB)
R3 MkBusFilter; C:\Windows\system32\DRIVERS\MbmDeviceFilter.sys [42208 2015-06-30] (Ericsson AB -> )
R3 MpKsl51051dd8; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DBCA7E75-DF5B-4E21-A407-BABA8CCE6F41}\MpKslDrv.sys [91376 2021-01-16] (Microsoft Windows -> Microsoft Corporation)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2019-11-08] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2019-11-08] (MiniTool Solution Ltd -> )
R3 sonarworks_VirtualDevice; C:\Windows\System32\drivers\sonarworks.sys [444200 2019-10-25] (SIA Sonarworks -> Sonarworks)
R3 SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [292864 2019-12-07] (Microsoft Windows -> Conexant Systems, Inc.)
R3 SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [1485312 2019-12-07] (Microsoft Windows -> Conexant Systems, Inc.)
R3 SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [740864 2019-12-07] (Microsoft Windows -> Conexant Systems, Inc.)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166760 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [30352 2016-10-07] (STMICROELECTRONICS S.R.L. -> ST Microelectronics)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [48536 2020-12-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [429296 2020-12-20] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-20] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-16 20:32 - 2021-01-16 20:33 - 000014670 _____ C:\Users\peter\Desktop\FRST.txt
2021-01-16 19:25 - 2021-01-16 19:28 - 000000000 ____D C:\AdwCleaner
2021-01-16 19:25 - 2021-01-16 19:25 - 008458096 _____ (Malwarebytes) C:\Users\peter\Desktop\adwcleaner_8.0.9.exe
2021-01-16 18:59 - 2021-01-16 18:59 - 000001104 _____ C:\Users\Public\Desktop\foobar2000.lnk
2021-01-16 18:59 - 2021-01-16 18:59 - 000001104 _____ C:\ProgramData\Desktop\foobar2000.lnk
2021-01-16 18:45 - 2021-01-16 18:45 - 000002520 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-01-16 18:21 - 2021-01-16 18:39 - 000041240 _____ C:\Users\peter\Downloads\Addition.txt
2021-01-16 18:19 - 2021-01-16 18:39 - 000043342 _____ C:\Users\peter\Downloads\FRST.txt
2021-01-16 18:18 - 2021-01-16 20:32 - 000000000 ____D C:\FRST
2021-01-16 18:17 - 2021-01-16 18:17 - 002294784 _____ (Farbar) C:\Users\peter\Desktop\FRST64.exe
2021-01-16 18:11 - 2021-01-16 18:11 - 000220160 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2021-01-16 16:54 - 2021-01-16 18:10 - 073924608 _____ C:\Windows\system32\config\SOFTWARE
2021-01-16 16:51 - 2021-01-16 16:54 - 000000000 ____D C:\Windows\Microsoft Antimalware
2021-01-16 16:43 - 2021-01-16 16:46 - 000000000 ____D C:\Users\peter\AppData\LocalLow\IGDump
2021-01-16 16:43 - 2021-01-16 16:44 - 000099379 _____ C:\Users\peter\AppData\LocalLow\avMAKUxHbWD.zip.coos
2021-01-16 16:43 - 2021-01-16 16:43 - 000001111 _____ C:\Users\peter\_readme.txt
2021-01-16 16:43 - 2021-01-16 16:43 - 000001111 _____ C:\_readme.txt
2021-01-16 16:42 - 2021-01-16 16:43 - 000000000 ____D C:\Users\peter\AppData\LocalLow\pF2qC1gG7yH8hI1o
2021-01-16 16:42 - 2021-01-16 16:42 - 000000049 _____ C:\Users\peter\AppData\Local\script.ps1
2021-01-16 16:42 - 2021-01-16 16:42 - 000000000 ____D C:\Users\peter\AppData\Local\Xxi
2021-01-16 16:41 - 2021-01-16 16:46 - 000000000 ____D C:\Users\peter\AppData\Local\718c59c2-7c18-4537-bd90-62ee1ef9fc13
2021-01-16 16:41 - 2021-01-16 16:45 - 000000000 ____D C:\Users\peter\AppData\Local\813d91c3-62b1-4664-9de5-942d31850e88
2021-01-16 16:41 - 2021-01-16 16:42 - 000000000 ____D C:\ProgramData\5U3Z6GS5OCS20276A28GXCA6B
2021-01-16 16:41 - 2021-01-16 16:42 - 000000000 ____D C:\ProgramData\3475GCW401BAICXIFUT6GJIHE
2021-01-16 16:41 - 2021-01-16 16:41 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
2021-01-16 16:41 - 2021-01-16 16:41 - 000334288 _____ (Mozilla Foundation) C:\ProgramData\freebl3.dll
2021-01-16 16:41 - 2021-01-16 16:41 - 000144848 _____ (Mozilla Foundation) C:\ProgramData\softokn3.dll
2021-01-16 16:41 - 2021-01-16 16:41 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2021-01-16 16:41 - 2021-01-16 16:41 - 000000557 _____ C:\Users\peter\AppData\Local\bowsakkdestx.txt
2021-01-16 16:41 - 2021-01-16 16:41 - 000000000 ____D C:\Users\Public\Thunder Network
2021-01-16 16:41 - 2021-01-16 16:41 - 000000000 ____D C:\SystemID
2021-01-16 16:41 - 2021-01-16 16:41 - 000000000 ____D C:\ProgramData\Thunder Network
2021-01-16 16:41 - 2021-01-16 16:41 - 000000000 ____D C:\ProgramData\r9y9q5v2w6y9q5v2w6
2021-01-16 16:40 - 2021-01-16 16:45 - 000000000 ____D C:\Users\peter\Documents\VlcpVideoV1.0.1
2021-01-16 15:39 - 2021-01-16 18:19 - 000000000 ____D C:\Users\peter\AppData\Roaming\ToolSysHost
2021-01-16 15:22 - 2021-01-16 16:44 - 000013924 _____ C:\Users\peter\Desktop\Equalizer HD800.png.coos
2021-01-16 13:36 - 2021-01-16 16:44 - 000100745 _____ C:\Users\peter\Downloads\FFmpeg Decoder Wrapper.fb2k-component
2021-01-16 10:35 - 2021-01-16 10:35 - 000000721 _____ C:\Users\peter\Desktop\Hudba Peter.lnk
2021-01-16 10:34 - 2021-01-16 10:34 - 000000721 _____ C:\Users\peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hudba Peter.lnk
2021-01-15 20:54 - 2021-01-15 20:54 - 000581120 _____ (Microsoft Corporation) C:\Windows\system32\PhotoScreensaver.scr
2021-01-15 20:54 - 2021-01-15 20:54 - 000575488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2021-01-15 20:54 - 2021-01-15 20:54 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoScreensaver.scr
2021-01-15 20:54 - 2021-01-15 20:54 - 000469504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appwiz.cpl
2021-01-15 20:54 - 2021-01-15 20:54 - 000304128 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2021-01-15 20:54 - 2021-01-15 20:54 - 000234496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2021-01-15 20:54 - 2021-01-15 20:54 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\VBICodec.ax
2021-01-15 20:54 - 2021-01-15 20:54 - 000135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VBICodec.ax
2021-01-15 20:54 - 2021-01-15 20:54 - 000095744 _____ C:\Windows\system32\VirtualMonitorManager.dll
2021-01-15 20:54 - 2021-01-15 20:54 - 000084992 _____ (Microsoft Corporation) C:\Windows\system32\wscui.cpl
2021-01-15 20:54 - 2021-01-15 20:54 - 000072704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2021-01-15 20:54 - 2021-01-15 20:54 - 000067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscui.cpl
2021-01-15 20:54 - 2021-01-15 20:54 - 000053760 _____ C:\Windows\SysWOW64\BWContextHandler.dll
2021-01-15 20:53 - 2021-01-15 20:53 - 002260992 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2021-01-15 20:53 - 2021-01-15 20:53 - 002254336 _____ C:\Windows\system32\dwmscene.dll
2021-01-15 20:53 - 2021-01-15 20:53 - 001333760 _____ C:\Windows\SysWOW64\TextInputMethodFormatter.dll
2021-01-15 20:53 - 2021-01-15 20:53 - 001162240 _____ C:\Windows\system32\MBR2GPT.EXE
2021-01-15 20:53 - 2021-01-15 20:53 - 000729600 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2021-01-15 20:53 - 2021-01-15 20:53 - 000643072 _____ C:\Windows\system32\WindowManagementAPI.dll
2021-01-15 20:53 - 2021-01-15 20:53 - 000595968 _____ (Microsoft Corporation) C:\Windows\system32\appwiz.cpl
2021-01-15 20:53 - 2021-01-15 20:53 - 000544768 _____ (Microsoft Corporation) C:\Windows\system32\mmsys.cpl
2021-01-15 20:53 - 2021-01-15 20:53 - 000455680 _____ C:\Windows\SysWOW64\WindowManagementAPI.dll
2021-01-15 20:53 - 2021-01-15 20:53 - 000446976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmsys.cpl
2021-01-15 20:53 - 2021-01-15 20:53 - 000422912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2021-01-15 20:53 - 2021-01-15 20:53 - 000330752 _____ C:\Windows\SysWOW64\ssdm.dll
2021-01-15 20:53 - 2021-01-15 20:53 - 000306688 _____ C:\Windows\system32\HeatCore.dll
2021-01-15 20:53 - 2021-01-15 20:53 - 000238592 _____ (Microsoft Corporation) C:\Windows\system32\intl.cpl
2021-01-15 20:53 - 2021-01-15 20:53 - 000235520 _____ C:\Windows\SysWOW64\HeatCore.dll
2021-01-15 20:53 - 2021-01-15 20:53 - 000190976 _____ C:\Windows\system32\BthpanContextHandler.dll
2021-01-15 20:53 - 2021-01-15 20:53 - 000182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2021-01-15 20:53 - 2021-01-15 20:53 - 000178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl
2021-01-15 20:53 - 2021-01-15 20:53 - 000152064 _____ C:\Windows\system32\EoAExperiences.exe
2021-01-15 20:53 - 2021-01-15 20:53 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2021-01-15 20:53 - 2021-01-15 20:53 - 000067072 _____ C:\Windows\system32\BWContextHandler.dll
2021-01-15 20:53 - 2021-01-15 20:53 - 000010894 _____ C:\Windows\system32\DrtmAuthTxt.wim
2021-01-15 20:52 - 2021-01-15 20:52 - 000562688 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2021-01-15 20:52 - 2021-01-15 20:52 - 000455168 _____ C:\Windows\system32\ssdm.dll
2021-01-15 20:52 - 2021-01-15 20:52 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2021-01-15 20:52 - 2021-01-15 20:52 - 000165888 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe
2021-01-15 20:52 - 2021-01-15 20:52 - 000074240 _____ C:\Windows\system32\rdsxvmaudio.dll
2021-01-15 19:41 - 2021-01-15 19:41 - 000248992 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2021-01-15 19:41 - 2021-01-15 19:40 - 000019912 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2021-01-15 19:34 - 2021-01-15 19:34 - 000000220 _____ C:\Windows\CMSPDIF2.ini.imi
2021-01-15 19:34 - 2021-01-15 19:34 - 000000104 _____ C:\Windows\CMSPDIF2.ini.cfl
2021-01-15 19:34 - 2021-01-15 19:34 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2021-01-15 19:34 - 2013-02-22 14:59 - 000001338 ____N C:\Windows\CMSPDIF2.ini.cfg
2021-01-15 19:34 - 2013-01-18 11:45 - 000031744 ____N (C-Media Inc.) C:\Windows\system32\CMUACWOASIO64.dll
2021-01-15 19:34 - 2013-01-18 11:45 - 000027136 ____N (C-Media Inc.) C:\Windows\SysWOW64\CMUACWOASIO.dll
2021-01-15 19:34 - 2013-01-17 11:18 - 000828416 ____N C:\Windows\system32\CmeauSPDIF2.exe
2021-01-15 19:34 - 2009-08-20 16:00 - 000359424 ____N C:\Windows\system32\CmiInstallResAll64.dll
2021-01-15 19:29 - 2021-01-16 16:45 - 000000000 ____D C:\Users\peter\Downloads\CM6631_6631A_201305
2021-01-15 19:29 - 2013-02-19 17:36 - 000357888 _____ (C-Media Inc.) C:\Windows\system32\Drivers\CMUACWO.sys
2021-01-12 18:32 - 2021-01-16 16:44 - 000046572 _____ C:\Users\peter\Desktop\M3S.jpg.coos
2021-01-12 18:13 - 2021-01-16 16:44 - 000370585 _____ C:\Users\peter\Desktop\Master-RMA-Formular-NT-Global-Shanling.pdf.coos
2021-01-12 17:33 - 2021-01-16 17:55 - 000000000 ____D C:\Users\peter\Downloads\Uriah Heep - Look At Yourself (1971) [SACD] (2011 SHM-SACD PCM Stereo)
2020-12-20 12:53 - 2020-12-20 12:53 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2020-12-20 12:53 - 2020-12-20 12:53 - 002755584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2020-12-20 12:53 - 2020-12-20 12:53 - 001822272 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2020-12-20 12:53 - 2020-12-20 12:53 - 001393496 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2020-12-20 12:53 - 2020-12-20 12:53 - 000363520 _____ C:\Windows\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-12-20 12:53 - 2020-12-20 12:53 - 000287232 _____ C:\Windows\system32\CoreMas.dll
2020-12-20 12:53 - 2020-12-20 12:53 - 000266240 _____ C:\Windows\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-12-20 12:53 - 2020-12-20 12:53 - 000240640 _____ C:\Windows\SysWOW64\CoreMas.dll
2020-12-20 12:53 - 2020-12-20 12:53 - 000102912 _____ (Microsoft Corporation) C:\Windows\system32\ncpa.cpl
2020-12-20 12:53 - 2020-12-20 12:53 - 000100864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncpa.cpl
2020-12-20 12:53 - 2020-12-20 12:53 - 000089088 _____ C:\Windows\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2020-12-20 12:53 - 2020-12-20 12:53 - 000073216 _____ C:\Windows\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2020-12-20 12:53 - 2020-12-20 12:53 - 000060928 _____ C:\Windows\system32\runexehelper.exe
2020-12-20 12:53 - 2020-12-20 12:53 - 000048640 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2020-12-20 12:53 - 2020-12-20 12:53 - 000039936 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2020-12-20 12:53 - 2020-12-20 12:53 - 000013312 _____ C:\Windows\system32\agentactivationruntimestarter.exe
2020-12-20 12:53 - 2020-12-20 12:53 - 000010752 _____ C:\Windows\SysWOW64\agentactivationruntimestarter.exe
2020-12-20 12:53 - 2020-12-20 12:53 - 000001370 _____ C:\Windows\system32\ThirdPartyNoticesBySHS.txt
2020-12-20 11:59 - 2021-01-16 18:37 - 000000000 ____D C:\Users\peter\Desktop\Rohova skrinka

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-16 20:30 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-01-16 20:30 - 2019-12-07 08:13 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-01-16 19:36 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-01-16 19:36 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2021-01-16 19:24 - 2020-07-22 17:24 - 000000000 ____D C:\Users\peter\AppData\Roaming\foobar2000
2021-01-16 18:59 - 2020-07-22 17:24 - 000001186 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk
2021-01-16 18:59 - 2020-07-22 17:24 - 000000000 ____D C:\Program Files (x86)\foobar2000
2021-01-16 18:45 - 2020-11-15 19:41 - 000002358 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-01-16 18:45 - 2020-11-15 19:41 - 000002358 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-01-16 18:19 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ServiceState
2021-01-16 18:15 - 2020-07-22 17:03 - 000050066 _____ C:\Windows\system32\perfh01B.dat
2021-01-16 18:15 - 2020-07-22 17:03 - 000012172 _____ C:\Windows\system32\perfc01B.dat
2021-01-16 18:15 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2021-01-16 18:15 - 2019-12-07 08:20 - 000884192 _____ C:\Windows\system32\PerfStringBackup.INI
2021-01-16 18:12 - 2020-07-14 19:12 - 000000000 __SHD C:\Users\peter\IntelGraphicsProfiles
2021-01-16 18:12 - 2020-07-14 18:40 - 000000000 ___RD C:\Users\peter\OneDrive
2021-01-16 18:11 - 2019-12-07 08:13 - 000008192 ___SH C:\DumpStack.log.tmp
2021-01-16 18:11 - 2019-12-07 08:13 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-01-16 18:10 - 2019-12-07 10:03 - 000524288 _____ C:\Windows\system32\config\BBI
2021-01-16 17:05 - 2020-11-25 22:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum
2021-01-16 17:05 - 2020-11-25 22:06 - 000000000 ____D C:\Program Files\DAUM
2021-01-16 16:45 - 2020-10-25 14:27 - 000000000 ____D C:\Users\peter\Documents\Životopis
2021-01-16 16:45 - 2020-10-25 14:27 - 000000000 ____D C:\Users\peter\Documents\Záhradka
2021-01-16 16:45 - 2020-10-25 14:27 - 000000000 ____D C:\Users\peter\Documents\Yamaha A1
2021-01-16 16:45 - 2020-07-19 12:37 - 000000000 ____D C:\Users\peter\Downloads\Záloha Majka karta SD 20.10.2013
2021-01-16 16:45 - 2020-07-19 12:37 - 000000000 ____D C:\Users\peter\Downloads\usb_driver
2021-01-16 16:45 - 2020-07-19 12:32 - 000000000 ____D C:\Users\peter\Downloads\Nokia 6303c soft
2021-01-16 16:44 - 2020-11-29 13:36 - 2821195512 _____ C:\Users\peter\Downloads\Photos.zip
2021-01-16 16:44 - 2020-11-18 17:51 - 000239099 _____ C:\Users\peter\Desktop\Phidac.jpg.coos
2021-01-16 16:44 - 2020-11-16 17:59 - 000999055 _____ C:\Users\peter\Downloads\Specifications.pdf.coos
2021-01-16 16:44 - 2020-11-16 17:32 - 000254128 _____ C:\Users\peter\Downloads\Schematic_PhiDAChex_2020-05-16.pdf.coos
2021-01-16 16:44 - 2020-11-16 17:24 - 000096408 _____ C:\Users\peter\Downloads\Schematic_PhiAMP.pdf.coos
2021-01-16 16:44 - 2020-11-15 17:04 - 000085643 _____ C:\Users\peter\Downloads\dokumentácia.pdf
2021-01-16 16:44 - 2020-11-15 16:36 - 000202375 _____ C:\Users\peter\Downloads\montážny-návod.pdf.coos
2021-01-16 16:44 - 2020-11-02 20:01 - 026033034 _____ C:\Users\peter\Downloads\qbittorrent_4.3.0.1_x64_setup.exe.coos
2021-01-16 16:44 - 2020-11-01 17:06 - 000302241 _____ C:\Users\peter\Desktop\Dvierka.jpg.coos
2021-01-16 16:44 - 2020-11-01 10:01 - 043468158 _____ C:\Users\peter\Downloads\VdhCoAppSetup-1.5.0.exe.coos
2021-01-16 16:44 - 2020-10-25 14:37 - 000000000 ____D C:\Users\peter\Documents\Kana všetko
2021-01-16 16:44 - 2020-10-25 14:33 - 000000000 ____D C:\Users\peter\Documents\Hifi
2021-01-16 16:44 - 2020-10-25 14:32 - 000000000 ____D C:\Users\peter\Documents\Ford
2021-01-16 16:44 - 2020-10-25 14:28 - 003602766 _____ C:\Users\peter\Documents\Alarm klavesnica Návod integra_u_sk_1 12.doc.coos
2021-01-16 16:44 - 2020-10-25 14:28 - 002399630 _____ C:\Users\peter\Documents\Technický preukaz Ford .pdf.coos
2021-01-16 16:44 - 2020-10-25 14:28 - 001009412 _____ C:\Users\peter\Documents\3.3_Dudrik_SK_Polovodicove suciastky.pdf.coos
2021-01-16 16:44 - 2020-10-25 14:28 - 000268483 _____ C:\Users\peter\Documents\Jungheinrich .pdf.coos
2021-01-16 16:44 - 2020-10-25 14:28 - 000208474 _____ C:\Users\peter\Documents\Miková_Katka.jpg.coos
2021-01-16 16:44 - 2020-10-25 14:28 - 000192152 _____ C:\Users\peter\Documents\000005325313_Potvrdenie%A0o úhrade diaľničnej známky,_201701281813.pdf.coos
2021-01-16 16:44 - 2020-10-25 14:28 - 000095054 _____ C:\Users\peter\Documents\AntiCalc.doc.coos
2021-01-16 16:44 - 2020-10-25 14:28 - 000040539 _____ C:\Users\peter\Documents\Dokument.docx.coos
2021-01-16 16:44 - 2020-10-25 14:28 - 000029518 _____ C:\Users\peter\Documents\Aktualizovane kontakty 28.4.2017.xls.coos
2021-01-16 16:44 - 2020-10-25 14:28 - 000023303 _____ C:\Users\peter\Documents\Kontakty Nokia 6303 10.1.txt.coos
2021-01-16 16:44 - 2020-10-25 14:28 - 000004428 _____ C:\Users\peter\Documents\photo.jpg.coos
2021-01-16 16:44 - 2020-10-25 14:28 - 000000748 _____ C:\Users\peter\Documents\Hegm.txt.coos
2021-01-16 16:44 - 2020-10-25 14:28 - 000000451 _____ C:\Users\peter\Documents\Adresa z nemecka.txt.coos
2021-01-16 16:44 - 2020-10-25 14:28 - 000000363 _____ C:\Users\peter\Documents\Windows kod.txt.coos
2021-01-16 16:44 - 2020-10-25 14:28 - 000000344 _____ C:\Users\peter\Documents\Heslo k domacej sieti.txt.coos
2021-01-16 16:44 - 2020-10-25 14:28 - 000000000 ____D C:\Users\peter\Documents\Descal_subory
2021-01-16 16:44 - 2020-10-25 14:25 - 000000000 ____D C:\Users\peter\Documents\Obnova stratenych dat
2021-01-16 16:44 - 2020-10-25 14:24 - 000000000 ____D C:\Users\peter\Documents\Majkine súbory
2021-01-16 16:44 - 2020-10-25 14:24 - 000000000 ____D C:\Users\peter\Documents\Majka škola
2021-01-16 16:44 - 2020-10-25 14:23 - 000000000 ____D C:\Users\peter\Documents\Kontakty Majka
2021-01-16 16:44 - 2020-10-25 14:23 - 000000000 ____D C:\Users\peter\Documents\Kána2017-2018
2021-01-16 16:44 - 2020-10-25 14:22 - 000000000 ____D C:\Users\peter\Documents\Kána2016-2017
2021-01-16 16:44 - 2020-10-22 16:47 - 000000428 _____ C:\Users\peter\Desktop\Nový textový dokument.txt.coos
2021-01-16 16:44 - 2020-10-18 13:45 - 010225174 _____ C:\Users\peter\Downloads\Návod k použití CZ.pdf.coos
2021-01-16 16:44 - 2020-10-18 09:44 - 000241895 _____ C:\Users\peter\Desktop\odstupenie-spotrebitela-od-zmluvy.pdf
2021-01-16 16:44 - 2020-10-08 17:48 - 455880742 _____ C:\Users\peter\Desktop\Svadba skrátená.mp4
2021-01-16 16:44 - 2020-09-06 16:48 - 000000000 ____D C:\Users\peter\Desktop\Nový priečinok
2021-01-16 16:44 - 2020-09-01 12:35 - 000000000 ____D C:\Users\peter\ELDES Utility
2021-01-16 16:44 - 2020-08-29 11:26 - 000000000 ____D C:\totalcmd
2021-01-16 16:44 - 2020-07-19 15:52 - 000595714 _____ C:\Users\peter\Downloads\wiliotlheadamppcb.zip.coos
2021-01-16 16:44 - 2020-07-19 15:50 - 000594262 _____ C:\Users\peter\Downloads\HAv2.1.sch
2021-01-16 16:44 - 2020-07-19 15:50 - 000301992 _____ C:\Users\peter\Downloads\HAv2.1.brd
2021-01-16 16:44 - 2020-07-19 15:36 - 000002365 _____ C:\Users\peter\Desktop\Panel_HA.panel
2021-01-16 16:44 - 2020-07-19 12:38 - 367086286 _____ C:\Users\peter\Downloads\pro100_demo5_csy.exe.coos
2021-01-16 16:44 - 2020-07-19 12:38 - 099927185 _____ C:\Users\peter\Downloads\vianocne-piesne-a-koledy.rar.coos
2021-01-16 16:44 - 2020-07-19 12:38 - 094122591 _____ C:\Users\peter\Downloads\Reproduktory-a-reproduktorove-soustavy_male-rozl.pdf.coos
2021-01-16 16:44 - 2020-07-19 12:38 - 027942194 _____ C:\Users\peter\Downloads\data.rar.coos
2021-01-16 16:44 - 2020-07-19 12:38 - 026714136 _____ C:\Users\peter\Downloads\VMA-I-SL-black.zip.coos
2021-01-16 16:44 - 2020-07-19 12:38 - 021870482 _____ C:\Users\peter\Downloads\rebuilt.Najkrajsie-Slovenské-ludové-Vianocné-koledy.part8.rar.coos
2021-01-16 16:44 - 2020-07-19 12:38 - 010493674 _____ C:\Users\peter\Downloads\VoiceRec&TaskMan.zip.coos
2021-01-16 16:44 - 2020-07-19 12:38 - 002744421 _____ C:\Users\peter\Downloads\flac-1.2.1b.exe
2021-01-16 16:44 - 2020-07-19 12:38 - 001009412 _____ C:\Users\peter\Downloads\3.3_Dudrik_SK_Polovodicove suciastky.pdf
2021-01-16 16:44 - 2020-07-19 12:38 - 000492770 _____ C:\Users\peter\Downloads\VoodooReport.apk.coos
2021-01-16 16:44 - 2020-07-19 12:38 - 000114059 _____ C:\Users\peter\Downloads\Voodoo-instant-anti-exynos-mem-abuse-0.9.apk.coos
2021-01-16 16:44 - 2020-07-19 12:38 - 000105950 _____ C:\Users\peter\Downloads\VoodooOTARootKeeper.apk.coos
2021-01-16 16:44 - 2020-07-19 12:32 - 000000000 ____D C:\Users\peter\Documents\Samsung úpravy
2021-01-16 16:44 - 2020-07-16 17:17 - 000291985 _____ C:\Users\peter\Downloads\Datasheet_DPB5650M.pdf
2021-01-16 16:44 - 2017-09-22 19:28 - 542997725 _____ C:\Users\peter\Downloads\C2. Nothing Else Matters.dsf
2021-01-16 16:44 - 2017-09-22 19:28 - 343669975 _____ C:\Users\peter\Downloads\C1. Through The Never.dsf
2021-01-16 16:44 - 2014-11-25 07:49 - 000000000 ____D C:\San disc 8gb majkin originalne subory
2021-01-16 16:43 - 2020-07-19 12:04 - 000000000 ____D C:\Chvály
2021-01-16 16:43 - 2020-07-14 18:41 - 000000000 ___HD C:\$WinREAgent
2021-01-16 16:43 - 2020-07-14 18:40 - 000000000 ___HD C:\OneDriveTemp
2021-01-16 16:43 - 2019-12-07 08:20 - 000000000 ____D C:\Users\peter
2021-01-16 16:42 - 2020-09-21 18:55 - 000000000 ____D C:\Users\peter\AppData\Local\CrashDumps
2021-01-16 15:55 - 2019-12-07 08:24 - 000000000 ____D C:\Users\peter\AppData\Local\Packages
2021-01-16 15:43 - 2020-07-14 21:48 - 000000000 ____D C:\Users\peter\AppData\Roaming\vlc
2021-01-15 21:58 - 2019-12-07 08:13 - 000258088 _____ C:\Windows\system32\FNTCACHE.DAT
2021-01-15 21:57 - 2019-12-07 15:39 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-01-15 21:57 - 2019-12-07 15:39 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\SysWOW64\F12
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\UNP
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\F12
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\PrintDialog
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\PerceptionSimulation
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Com
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemResources
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Sysprep
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\setup
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\oobe
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Dism
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Com
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\AdvancedInstallers
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellExperiences
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellComponents
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\Provisioning
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\IME
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\bcastdvr
2021-01-15 21:57 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-01-15 20:56 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp
2021-01-15 20:52 - 2019-12-07 08:17 - 002877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2021-01-15 20:46 - 2020-07-14 18:45 - 000000000 ____D C:\Windows\system32\MRT
2021-01-15 20:45 - 2020-07-14 18:44 - 135062968 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-01-15 19:41 - 2020-09-01 20:56 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-01-15 19:41 - 2020-09-01 20:56 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-01-15 19:41 - 2020-09-01 20:56 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-01-15 19:41 - 2019-12-07 10:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2021-01-15 19:40 - 2020-09-01 20:56 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2021-01-15 19:35 - 2020-07-14 19:40 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2021-01-15 19:34 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\System
2021-01-15 18:09 - 2020-07-14 18:51 - 000002389 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-12 18:51 - 2020-07-19 20:37 - 000000000 ____D C:\Users\peter\AppData\LocalLow\Mozilla
2021-01-12 18:27 - 2020-07-14 19:40 - 000001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2021-01-10 20:44 - 2020-09-01 18:57 - 000000000 ____D C:\Users\peter\Downloads\Sťahovaná hudba
2021-01-10 15:30 - 2020-07-19 17:19 - 000000000 ____D C:\Program Files\MiniTool Partition Wizard 12
2020-12-20 12:58 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\migwiz
2020-12-20 12:58 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2020-12-20 12:01 - 2019-12-07 08:13 - 000000000 ____D C:\Windows\system32\Drivers\wd
2020-12-20 11:50 - 2020-07-14 18:50 - 000003456 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-12-20 11:50 - 2020-07-14 18:50 - 000003332 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2020-12-20 11:50 - 2020-07-14 18:40 - 000003380 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3618232127-4161200626-2994251962-1001
2020-12-20 11:50 - 2019-12-07 08:20 - 000002355 _____ C:\Users\peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

==================== Files in the root of some directories ========

2021-01-16 16:41 - 2021-01-16 16:41 - 000334288 _____ (Mozilla Foundation) C:\ProgramData\freebl3.dll
2021-01-16 16:41 - 2021-01-16 16:41 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2021-01-16 16:41 - 2021-01-16 16:41 - 000440120 _____ (Microsoft Corporation) C:\ProgramData\msvcp140.dll
2021-01-16 16:41 - 2021-01-16 16:41 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
2021-01-16 16:41 - 2021-01-16 16:41 - 000144848 _____ (Mozilla Foundation) C:\ProgramData\softokn3.dll
2021-01-16 16:41 - 2021-01-16 16:41 - 000083784 _____ (Microsoft Corporation) C:\ProgramData\vcruntime140.dll
2020-11-01 10:13 - 2020-11-01 10:13 - 000320202 ___SH () C:\Users\peter\AppData\Roaming\jacagbu
2021-01-16 16:41 - 2021-01-16 16:41 - 000000557 _____ () C:\Users\peter\AppData\Local\bowsakkdestx.txt
2021-01-16 16:42 - 2021-01-16 16:42 - 000000049 _____ () C:\Users\peter\AppData\Local\script.ps1

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================









Fix result of Farbar Recovery Scan Tool (x64) Version: 16-01-2021
Ran by peter (16-01-2021 21:21:53) Run:1
Running from C:\Users\peter\Desktop
Loaded Profiles: peter
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-16] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [haleng] => C:\Users\peter\AppData\Local\Temp\haleng.e <==== ATTENTION
HKU\S-1-5-21-3618232127-4161200626-2994251962-1001\...\MountPoints2: {1402ddfe-e9f8-11ea-a1ed-ecf4bb2c8f2c} - "E:\HiSuiteDownLoader.exe"
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {2B491FDE-CA50-4DBF-AE43-505F68AD2E03} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-07-14] (Google LLC -> Google LLC)
Task: {3092532E-8F13-4074-8CE2-D48793B00246} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\SysInfo => C:\Users\peter\AppData\Roaming\\toolsyshost\\sihost.exe <==== ATTENTION
Task: {9FCD8608-F937-48B9-AE97-DB1F88FF5B07} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-07-14] (Google LLC -> Google LLC)
C:\Users\peter\AppData\Local\718c59c2-7c18-4537-bd90-62ee1ef9fc13
C:\Users\peter\AppData\Local\813d91c3-62b1-4664-9de5-942d31850e88
C:\ProgramData\5U3Z6GS5OCS20276A28GXCA6B
C:\ProgramData\3475GCW401BAICXIFUT6GJIHE
C:\ProgramData\r9y9q5v2w6y9q5v2w6
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
FirewallRules: [{4BAB8918-CD83-47D3-8C38-5A2073E0C6E3}] => (Allow) C:\Users\peter\AppData\Roaming\Zoom\bin\Zoom.exe => No File
FirewallRules: [{9C54255E-BE23-4200-8A02-47413F6AB8AB}] => (Allow) C:\Users\peter\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{BEA93A04-8DBC-435C-B6D0-19E830F26EE3}] => (Allow) C:\Users\peter\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{5BCCA330-4526-4CA1-B977-FF6F5BEB6834}] => (Allow) C:\Users\peter\AppData\Local\Temp\download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
FirewallRules: [{190AA7D4-344D-49EF-8081-9E4FD1D14F38}] => (Allow) C:\Users\peter\AppData\Local\Temp\download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
C:\Users\peter\AppData\Local\Microsoft\Windows\INetCache\IE\9ALNWLEH\soft[1].exe
C:\Users\peter\AppData\Local\Temp

EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\haleng" => removed successfully
HKU\S-1-5-21-3618232127-4161200626-2994251962-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1402ddfe-e9f8-11ea-a1ed-ecf4bb2c8f2c} => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2B491FDE-CA50-4DBF-AE43-505F68AD2E03}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B491FDE-CA50-4DBF-AE43-505F68AD2E03}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3092532E-8F13-4074-8CE2-D48793B00246}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3092532E-8F13-4074-8CE2-D48793B00246}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting\SysInfo => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Error Reporting\SysInfo" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9FCD8608-F937-48B9-AE97-DB1F88FF5B07}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9FCD8608-F937-48B9-AE97-DB1F88FF5B07}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
C:\Users\peter\AppData\Local\718c59c2-7c18-4537-bd90-62ee1ef9fc13 => moved successfully
C:\Users\peter\AppData\Local\813d91c3-62b1-4664-9de5-942d31850e88 => moved successfully
C:\ProgramData\5U3Z6GS5OCS20276A28GXCA6B => moved successfully
C:\ProgramData\3475GCW401BAICXIFUT6GJIHE => moved successfully
C:\ProgramData\r9y9q5v2w6y9q5v2w6 => moved successfully
"C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore" => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4BAB8918-CD83-47D3-8C38-5A2073E0C6E3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9C54255E-BE23-4200-8A02-47413F6AB8AB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BEA93A04-8DBC-435C-B6D0-19E830F26EE3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5BCCA330-4526-4CA1-B977-FF6F5BEB6834}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{190AA7D4-344D-49EF-8081-9E4FD1D14F38}" => removed successfully
"C:\Users\peter\AppData\Local\Microsoft\Windows\INetCache\IE\9ALNWLEH\soft[1].exe" => not found
C:\Users\peter\AppData\Local\Temp => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8151040 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 1284999656 B
Java, Flash, Steam htmlcache => 291 B
Windows/system/drivers => 146908122 B
Edge => 97533 B
Chrome => 461602329 B
Firefox => 1098588739 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 15496 B
NetworkService => 241406 B
peter => 850823 B

RecycleBin => 4878914 B
EmptyTemp: => 2.8 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:22:41 ====

Re: Mám haveď, AZORULT, GEPYS... Prosím o pomoc. Ďakujem.

Napsal: 16 led 2021 21:53
od Rudy
Smazáno. Nastala nějaká změna?

Re: Mám haveď, AZORULT, GEPYS... Prosím o pomoc. Ďakujem.

Napsal: 16 led 2021 22:01
od Peter19660
Super.
Nič nenaznačuje, že by tu bola nejaká háveď. Nevyskakujú ďalšie okná v prehliadači.
Defender nič nenašiel.
Veľmi pekne vám ďakujem za odvirenie.
Prajem vám veľa zdravia a pracovných úspechov.

Re: Mám haveď, AZORULT, GEPYS... Prosím o pomoc. Ďakujem.

Napsal: 17 led 2021 11:16
od Rudy
To jsem rád a nemáte zač! Přeji vše dobré! :)
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz