VIRY.CZ

Prosím o preventivní kontrolu, děkuji.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-09-2021
Ran by Johnny (administrator) on JOHNNY-PC (MSI MS-7972) (15-09-2021 14:52:41)
Running from C:\Users\Johnny\Desktop
Loaded Profiles: Johnny
Platform: Windows 7 Ultimate N Service Pack 1 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Google LLC -> ) C:\Program Files\Google\Drive File Stream\51.0.15.0\crashpad_handler.exe <3>
(Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe <2>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler64.exe
(Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\51.0.15.0\GoogleDriveFS.exe <7>
(Huawei Technologies Co., Ltd. -> ) C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.ServiceHelper.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\TrueKey\McTkSchedulerService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <7>
(Piriform Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [706192 2021-04-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.) [File not signed]
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\51.0.15.0\GoogleDriveFS.exe [54124376 2021-09-09] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\51.0.15.0\GoogleDriveFS.exe [54124376 2021-09-09] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-2350607292-2742822079-1077346085-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-2350607292-2742822079-1077346085-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [49952240 2021-09-09] (Google LLC -> )
HKU\S-1-5-21-2350607292-2742822079-1077346085-1000\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\51.0.15.0\GoogleDriveFS.exe [54124376 2021-09-09] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-2350607292-2742822079-1077346085-1000\...\MountPoints2: {1914d19d-de40-11eb-af4c-4ccc6a4b57c8} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-2350607292-2742822079-1077346085-1000\...\MountPoints2: {a69fcb2c-7350-11eb-9c3a-4ccc6a4b57c8} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-2350607292-2742822079-1077346085-1000\...\MountPoints2: {dfdb7522-ada5-11e7-831c-4ccc6a4b57c8} - G:\HiSuiteDownLoader.exe
HKU\S-1-5-21-2350607292-2742822079-1077346085-1000\...\MountPoints2: {e7df6e9a-49d9-11e7-a304-4ccc6a4b57c8} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-2350607292-2742822079-1077346085-1000\...\MountPoints2: {e7df6ea8-49d9-11e7-a304-4ccc6a4b57c8} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\51.0.15.0\GoogleDriveFS.exe [54124376 2021-09-09] (Google LLC -> Google, Inc.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2016-10-13] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\Canon MG3600 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDCT.DLL [30208 2015-03-12] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG3600 series: C:\Windows\system32\CNMLMCT.DLL [406528 2015-03-12] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\HP B011 Status Monitor: C:\Windows\system32\hpinkstsB011LM.dll [328552 2012-01-11] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Deskjet 3520 series): C:\Windows\system32\HPDiscoPMB011.dll [712552 2012-01-31] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\Software\...\Authentication\Credential Providers: [{B7724AE5-1135-4889-8A5F-CA98BE6CA1ED}] -> C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.CredentialProvider.dll [2019-03-09] (McAfee, Inc. -> McAfee, LLC.)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" "C:\Program Files\McAfee\TrueKey\McAfeeTrueKeyPasswordFilter"
Startup: C:\Users\Johnny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3520 series.lnk [2021-09-15]
ShortcutAndArgument: Monitor Ink Alerts - HP Deskjet 3520 series.lnk -> C:\Windows\system32\RunDll32.exe => "C:\Program Files\HP\HP Deskjet 3520 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN2AG1572005SZ;CONNECTION=USB;MONITOR=1;

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {081E696E-C859-424C-AB5B-C8B5433EC2A7} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel(R) Update Manager -> Intel Corporation)
Task: {28E15F76-434B-47A4-BE24-A0AB6C71E54F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-05-25] (Google Inc -> Google LLC)
Task: {46689C52-352C-405C-9394-F9A099D0CFCA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [5496600 2015-01-20] (Piriform Ltd -> Piriform Ltd)
Task: {6EFA9E4B-2400-4431-9FDE-2C2D28FF0965} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2651056 2021-07-13] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {7BC036CF-01AA-40F0-88F5-88404D521F47} - System32\Tasks\HPCustParticipation HP Deskjet 3520 series => C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPCustPartic.exe [4078440 2012-01-31] (Hewlett Packard -> Hewlett-Packard Co.)
Task: {7D7B227F-A945-4DC1-96E5-73A3A8C99932} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe [647168 2016-10-12] () [File not signed]
Task: {822B3096-A7C5-49F2-A2E8-4B0C679499B2} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [680888 2021-09-08] (Mozilla Corporation -> Mozilla Foundation)
Task: {846E67B5-4C57-48AD-8DA7-FB347894BFE2} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4639280 2018-12-02] (McAfee, Inc. -> McAfee, Inc.)
Task: {AC6E13FB-8B74-4E9C-A6A4-EBB7C91C8614} - System32\Tasks\{D649253E-049B-4DB9-AD7C-B5377A9780C6} => C:\Windows\system32\pcalua.exe -a C:\Users\Johnny\Desktop\Sonic.Projects.OP-X.PRO.II.v1.0.Incl.Keygen-AiR\Setup.exe -d C:\Users\Johnny\Desktop\Sonic.Projects.OP-X.PRO.II.v1.0.Incl.Keygen-AiR
Task: {BD025BC3-F4A3-462A-A203-5A2B075633CC} - System32\Tasks\{585550C6-D85C-496F-9AD0-145358AB9E7A} => C:\Windows\system32\pcalua.exe -a C:\Users\Johnny\Desktop\Superwave\superwave_p8.exe -d C:\Users\Johnny\Desktop\Superwave
Task: {E05224B6-8D8C-4F57-B3AE-B7CA14BB88C2} - System32\Tasks\AutoKMSDaily => C:\Windows\AutoKMS.exe [647168 2016-10-12] () [File not signed]
Task: {EE5CE10A-9378-409B-A16B-8A6B160FF6F2} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel(R) Update Manager -> Intel Corporation)
Task: {F56E3B6C-70B3-4146-B5CA-6C5E717BC168} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-05-25] (Google Inc -> Google LLC)
Task: {F97C4C9C-9389-41B2-9E30-E590D9707550} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [855352 2016-02-19] (Intel(R) Trusted Connect Service -> Intel(R) Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{102B50F1-2CA0-45AC-843B-8F31B1D85734}: [DhcpNameServer] 192.168.1.1 0.0.0.0

FireFox:
========
FF DefaultProfile: cwp2avjo.default
FF ProfilePath: C:\Users\Johnny\AppData\Roaming\Mozilla\Firefox\Profiles\cwp2avjo.default [2021-09-15]
FF DownloadDir: C:\Users\Johnny\Desktop
FF Homepage: Mozilla\Firefox\Profiles\cwp2avjo.default -> www.seznam.cz
FF Notifications: Mozilla\Firefox\Profiles\cwp2avjo.default -> hxxps://www.tipsport.cz; hxxps://www.podnikatel.cz
FF Extension: (Avira Browser Safety) - C:\Users\Johnny\AppData\Roaming\Mozilla\Firefox\Profiles\cwp2avjo.default\Extensions\abs@avira.com.xpi [2021-09-07]
FF Extension: (Avira SafeSearch Plus) - C:\Users\Johnny\AppData\Roaming\Mozilla\Firefox\Profiles\cwp2avjo.default\Extensions\safesearchplus2@avira.com.xpi [2020-09-21] [UpdateUrl:hxxps://package.avira.com/package/safesearch/firefox/update-plus2.json]
FF Extension: (Download YouTube Videos as MP4) - C:\Users\Johnny\AppData\Roaming\Mozilla\Firefox\Profiles\cwp2avjo.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2017-02-14] [Legacy]
FF Extension: (Video DownloadHelper) - C:\Users\Johnny\AppData\Roaming\Mozilla\Firefox\Profiles\cwp2avjo.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2021-07-02]
FF Extension: (No Name) - C:\Users\Johnny\AppData\Roaming\Mozilla\Firefox\Profiles\cwp2avjo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2021-09-01]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN -> VideoLAN)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1206648 2021-07-13] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [485048 2021-07-13] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [485048 2021-07-13] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [574672 2021-07-13] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [634768 2021-04-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [159080 2021-04-13] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192320 2020-09-24] (Huawei Technologies Co., Ltd. -> )
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [443344 2020-05-25] (Canon Inc. -> )
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel(R) Update Manager -> Intel Corporation)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [163280 2015-05-18] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R2 TrueKey; C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.Service.exe [421432 2019-03-09] (McAfee, Inc. -> McAfee, LLC.)
R2 TrueKeyScheduler; C:\Program Files\McAfee\TrueKey\McTkSchedulerService.exe [421432 2019-03-09] (McAfee, Inc. -> McAfee, LLC.)
R2 TrueKeyServiceHelper; C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.ServiceHelper.exe [194168 2019-03-09] (McAfee, Inc. -> McAfee, LLC.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [68152 2019-06-14] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [223128 2021-08-07] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [177112 2021-03-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36072 2019-02-21] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-03-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [35376 2019-02-21] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S3 ew_usbccgpfilter; C:\Windows\System32\DRIVERS\ew_usbccgpfilter.sys [18944 2020-09-24] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R1 googledrivefs3525; C:\Windows\System32\DRIVERS\googledrivefs3525.sys [382944 2021-08-09] (Google LLC -> Google, Inc.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2020-09-24] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys [13368 2012-10-25] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64.sys [23200 2015-04-30] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-09-15 14:52 - 2021-09-15 14:52 - 000018727 _____ C:\Users\Johnny\Desktop\FRST.txt
2021-09-15 14:40 - 2021-09-15 14:40 - 002304000 _____ (Farbar) C:\Users\Johnny\Desktop\FRST64.exe
2021-09-15 14:29 - 2021-09-15 14:30 - 002101944 _____ (Malwarebytes) C:\Users\Johnny\Desktop\MBSetup-10789.10789-consumer.exe
2021-09-10 13:48 - 2021-09-12 17:51 - 000000000 ____D C:\Users\Johnny\Desktop\Naskenované dokumenty
2021-09-09 08:54 - 2021-09-10 20:01 - 000002015 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2021-09-09 08:54 - 2021-09-10 20:01 - 000001854 _____ C:\Users\Default\Desktop\Google Slides.lnk
2021-09-09 08:54 - 2021-09-10 20:01 - 000001854 _____ C:\Users\Default\Desktop\Google Sheets.lnk
2021-09-09 08:54 - 2021-09-10 20:01 - 000001842 _____ C:\Users\Default\Desktop\Google Docs.lnk
2021-09-09 08:54 - 2021-08-09 14:57 - 000382944 _____ (Google, Inc.) C:\Windows\system32\Drivers\googledrivefs3525.sys
2021-09-08 21:09 - 2021-09-08 23:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2021-09-08 15:32 - 2021-09-08 15:32 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2021-09-02 10:43 - 2021-09-02 10:43 - 000000000 ___RD C:\Users\Johnny\Documents\Scanned Documents
2021-09-02 10:43 - 2021-09-02 10:43 - 000000000 ____D C:\Users\Johnny\Documents\Fax
2021-08-19 21:19 - 2021-08-19 21:23 - 000015260 _____ C:\Users\Johnny\Desktop\Skalka výpočet - 250000.xlsx

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-09-15 14:52 - 2020-07-19 15:55 - 000000000 ____D C:\FRST
2021-09-15 14:37 - 2016-11-21 20:05 - 000000000 ____D C:\Users\Johnny\AppData\LocalLow\Mozilla
2021-09-15 13:56 - 2019-05-25 13:04 - 000000000 ____D C:\Program Files (x86)\Google
2021-09-15 13:20 - 2016-10-12 20:49 - 000000000 ____D C:\ProgramData\Mozilla
2021-09-15 12:54 - 2009-07-14 06:50 - 000021616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-09-15 12:54 - 2009-07-14 06:50 - 000021616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-09-15 12:52 - 2016-12-22 09:31 - 000671856 _____ C:\Windows\system32\perfh005.dat
2021-09-15 12:52 - 2016-12-22 09:31 - 000142438 _____ C:\Windows\system32\perfc005.dat
2021-09-15 12:52 - 2009-07-14 07:12 - 001591910 _____ C:\Windows\system32\PerfStringBackup.INI
2021-09-15 12:52 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2021-09-15 12:49 - 2016-10-12 20:36 - 000078848 _____ C:\Windows\KMSEmulator.exe
2021-09-15 12:49 - 2016-10-12 20:36 - 000002740 _____ C:\Windows\system32\Tasks\AutoKMSDaily
2021-09-15 12:49 - 2016-10-12 20:36 - 000000202 _____ C:\Windows\Tasks\AutoKMSDaily.job
2021-09-15 12:49 - 2016-10-12 20:36 - 000000202 _____ C:\Windows\Tasks\AutoKMS.job
2021-09-15 12:49 - 2016-10-12 19:33 - 000000000 __SHD C:\Users\Johnny\IntelGraphicsProfiles
2021-09-15 12:48 - 2019-05-27 11:14 - 000000000 ___RD C:\Users\Johnny\Google Drive
2021-09-15 12:48 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-09-10 20:01 - 2019-05-25 13:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2021-09-10 14:55 - 2021-07-29 14:34 - 000000000 ____D C:\Users\Johnny\Desktop\Investice
2021-09-10 13:46 - 2021-01-06 16:01 - 000000000 ____D C:\ProgramData\CanonIJPLM
2021-09-09 12:50 - 2021-05-25 15:17 - 000000000 ____D C:\Users\Johnny\AppData\Roaming\Ledger Live
2021-09-09 10:14 - 2019-05-25 13:04 - 000000000 ____D C:\Users\Johnny\AppData\Local\Google
2021-09-09 08:54 - 2019-05-25 13:05 - 000000000 ____D C:\Program Files\Google
2021-09-09 08:39 - 2020-04-09 22:47 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-09-09 08:39 - 2016-10-12 21:00 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-09-08 15:10 - 2018-05-15 18:03 - 000000000 ____D C:\Users\Johnny\AppData\Local\CrashDumps
2021-09-08 14:02 - 2021-05-25 15:17 - 000001908 _____ C:\Users\Public\Desktop\Ledger Live.lnk
2021-09-08 14:02 - 2021-05-25 15:17 - 000000000 ____D C:\Program Files\Ledger Live
2021-09-08 14:00 - 2021-05-25 15:17 - 000000000 ____D C:\Users\Johnny\AppData\Local\ledger-live-desktop-updater
2021-09-04 16:17 - 2016-10-12 20:43 - 000000000 ____D C:\Users\Johnny\Desktop\Máma
2021-08-23 17:33 - 2009-07-14 07:08 - 000032624 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2021-08-17 22:47 - 2019-02-14 14:01 - 000000000 ____D C:\Users\Johnny\Desktop\Seznamy
2021-08-16 17:00 - 2016-10-12 20:46 - 000000000 ___RD C:\Users\Johnny\Desktop\Různé

==================== Files in the root of some directories ========

2016-12-20 13:21 - 2016-12-20 13:21 - 000000268 ___RH () C:\Users\Johnny\AppData\Roaming\Helper Scripts
2016-12-20 13:21 - 2016-12-20 13:21 - 000000268 ___RH () C:\Users\Johnny\AppData\Roaming\Hip Hop
2016-12-20 13:21 - 2016-12-20 13:21 - 000000268 ___RH () C:\Users\Johnny\AppData\Roaming\Home
2017-07-24 10:39 - 2017-07-24 10:40 - 000000000 _____ () C:\Users\Johnny\AppData\Local\{F1FD15D2-A3EA-4CAD-9CA0-F13410F7BF21}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2021-09-09 11:25
==================== End of FRST.txt ========================



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-09-2021
Ran by Johnny (15-09-2021 14:53:08)
Running from C:\Users\Johnny\Desktop
Windows 7 Ultimate N Service Pack 1 (X64) (2016-10-12 17:22:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2350607292-2742822079-1077346085-500 - Administrator - Disabled)
Guest (S-1-5-21-2350607292-2742822079-1077346085-501 - Limited - Disabled)
Johnny (S-1-5-21-2350607292-2742822079-1077346085-1000 - Administrator - Enabled) => C:\Users\Johnny

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {AC17F611-00B5-72DF-E540-58FE9912ECC8}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {177617F5-268F-7D51-DFF0-638CE295A675}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.03 (x64) (HKLM\...\7-Zip) (Version: 16.03 - Igor Pavlov)
Adobe Reader 9.1 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)
ARP2600 V2 2.0 (HKLM-x32\...\ARP2600 V2_is1) (Version: - Arturia)
Arturia Moog Modular V2 v1.0 (HKLM-x32\...\Arturia Moog Modular V2 v1.0) (Version: - )
Arturia Prophet V VSTi RTAS v1.2.1 (HKLM-x32\...\Arturia Prophet V VSTi RTAS_is1) (Version: - )
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Avira (HKLM-x32\...\{21098ed5-59e9-4203-b79e-63f3c373e022}) (Version: 1.2.155.4877 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{2CA8B2E7-B4B7-4553-83E6-448A543EA5AD}) (Version: 1.2.155.4877 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.2108.2113 - Avira Operations GmbH & Co. KG)
Avira Software Updater (HKLM-x32\...\{5FFF909D-D88F-42B9-9A85-328A1290611C}) (Version: 2.0.6.48309 - Avira Operations GmbH & Co. KG)
Backup and Sync from Google (HKLM\...\{AE7B9534-BD28-4C51-838F-A847C2A206E2}) (Version: 3.57.3958.2866 - Google, Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.20.13 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 6.3.0 - Canon Inc.)
Canon MG3600 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3600_series) (Version: 1.00 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
ConvertHelper 3.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version: - DownloadHelper)
CPUID CPU-Z MSI 1.76 (HKLM\...\CPUID CPU-Z MSI_is1) (Version: 1.76 - CPUID, Inc.)
CS-80 V3 (HKLM\...\CS-80 V3_is1) (Version: 3.3.0.1391 - Arturia & Team V.R)
D-Fend Reloaded 1.4.4 (Odinstalovat) (HKLM-x32\...\D-Fend Reloaded) (Version: 1.4.4 - Alexander Herzog)
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: - Steinberg Media Technologies GmbH)
FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version: - Image-Line)
GForce - Oddity (HKLM-x32\...\Oddity) (Version: - )
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 51.0.15.0 - Google LLC)
HiSuite (HKLM-x32\...\Hi Suite) (Version: 11.0.0.360 - Huawei Technologies Co., Ltd.)
HP Deskjet 3520 series Basic Device Software (HKLM\...\{E80963EC-EED7-411A-8AC0-149EC57FB0F9}) (Version: 27.0.847.0 - Hewlett-Packard Co.)
HP Deskjet 3520 series Help (HKLM-x32\...\{C13E1F46-84FE-4D3B-8581-0F2F624C7EEC}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 3520 series Product Improvement Study (HKLM\...\{177F4FEE-E119-4AB7-9B32-ECF6A1D03719}) (Version: 27.0.847.0 - Hewlett-Packard Co.)
HP Deskjet 3520 series Setup Guide (HKLM-x32\...\{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}) (Version: 27.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
Intel(R) Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.6.1194 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4534 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 4.0.0.36 - Intel Corporation)
Jupiter-8V2 2.0 (HKLM-x32\...\Jupiter-8V2_is1) (Version: - Arturia)
Ledger Live 2.32.2 (HKLM\...\c62032b2-0bca-5abc-b458-fd67cfc9e49b) (Version: 2.32.2 - Ledger Live Team)
M30 Reverb (HKLM-x32\...\M30 Reverb) (Version: 1.0.0.1 - TC Electronic)
McAfee True Key (HKLM\...\TrueKey) (Version: 5.3.138.1 - McAfee, LLC)
Microsoft .NET Framework 4.7 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox (x64 cs) (HKLM\...\Mozilla Firefox 92.0 (x64 cs)) (Version: 92.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 68.4.2 - Mozilla)
Mozilla Thunderbird 78.14.0 (x86 cs) (HKLM-x32\...\Mozilla Thunderbird 78.14.0 (x86 cs)) (Version: 78.14.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
N.I Pro-53 v3.0-OxYGeN (HKLM-x32\...\N.I Pro-53 v3.0-OxYGeN) (Version: - )
Native Instruments FM7 (HKLM-x32\...\Native Instruments FM7) (Version: - )
Native Instruments FM8 (HKLM-x32\...\Native Instruments FM8) (Version: - )
Native Instruments Massive v1.0.1.008 VSTi DXi RTAS (HKLM-x32\...\Native Instruments Massive v1.0.1.008 VSTi DXi RTAS) (Version: - )
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.2.2 - Nikon)
PSD Codec by Ardfry Imaging, LLC (32 bit) (HKLM-x32\...\{345E25C8-EC20-45D5-A088-C5891FC603D4}) (Version: 1.0.15.0 - Ardfry Imaging, LLC) Hidden
PSD Codec by Ardfry Imaging, LLC (64 bit) (HKLM\...\{AD4E43FF-20E5-4E91-9B10-5BFAB7F66EE2}) (Version: 1.0.15.0 - Ardfry Imaging, LLC) Hidden
PSD CODEC Version 1.6.1.0 (HKLM\...\Ardfry PSD CODEC_is1) (Version: 1.6.1.0 - Ardfry Imaging, LLC)
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.97.1001.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7730 - Realtek Semiconductor Corp.)
rgcAudio z3ta Plus v1.40 (HKLM-x32\...\rgcAudio z3ta Plus v1.40) (Version: - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)
SonicProjects OP-X PRO-II (HKLM\...\OP-X PRO-II_is1) (Version: 1.2.5 - Team V.R)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: - )
TubeOhm ANTI-TRANSPIRANT/Stepper4free (HKLM-x32\...\TUBEOHM A-T and Stepper4free_is1) (Version: - )
VdhCoApp 1.3.0 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper)
ViewNX 2 (HKLM-x32\...\{DDD62492-32A7-412B-8AF1-2CF032AD42E3}) (Version: 2.1.2 - Nikon)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.1 - VideoLAN)
Waldorf PPG Wave 2.V v1.2 (HKLM-x32\...\Waldorf PPG Wave 2.V v1.2) (Version: - )
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (01/19/2011 1.0.0009.0) (HKLM\...\4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20) (Version: 01/19/2011 1.0.0009.0 - Western Digital Technologies)
Z3TA+ 2 (HKLM-x32\...\Z3TA+ 2_is1) (Version: 2.1 - Cakewalk Music Software)
Zip Motion Block Video codec (Remove Only) (HKLM-x32\...\ZMBV) (Version: - DOSBox Team)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6671064 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\51.0.15.0\drivefsext.dll [2021-09-09] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\51.0.15.0\drivefsext.dll [2021-09-09] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\51.0.15.0\drivefsext.dll [2021-09-09] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\51.0.15.0\drivefsext.dll [2021-09-09] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-09-09] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-09-09] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-09-09] (Google LLC -> Google)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-09-28] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\51.0.15.0\drivefsext.dll [2021-09-09] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-09-09] (Google LLC -> Google)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2021-07-13] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-09-28] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\51.0.15.0\drivefsext.dll [2021-09-09] (Google LLC -> Google, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-09-09] (Google LLC -> Google)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\51.0.15.0\drivefsext.dll [2021-09-09] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-12-06] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-09-28] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2021-07-13] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.ZMBV] => C:\Windows\SysWOW64\zmbv.dll [94208 2010-04-09] () [File not signed]
HKLM\...\Drivers32: [msacm.vorbis] => C:\Windows\SysWOW64\vorbis.acm [1554944 2009-09-15] (HMS hxxp://hp.vector.co.jp/authors/VA012897/) [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Johnny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 10\Image-Line website.lnk -> hxxp://www.image-line.com
Shortcut: C:\Users\Johnny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 10\Advanced\Diagnostic.lnk -> hxxp://www.image-line.com/diagnosti
Shortcut: C:\Users\Johnny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 10\Additional\Download Deckadance.lnk -> hxxp://www.deckadance.com
Shortcut: C:\Users\Johnny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 10\Additional\SynthMaker website.lnk -> hxxp://www.synthmaker.co.uk

==================== Loaded Modules (Whitelisted) =============

2015-01-21 04:06 - 2015-01-21 04:06 - 000053248 _____ () [File not signed] C:\Program Files\CCleaner\lang\lang-1029.dll
2021-09-15 12:48 - 2021-09-15 12:48 - 000114176 _____ () [File not signed] C:\Users\Johnny\AppData\Local\Temp\_MEI17562\_ctypes.pyd
2021-09-15 12:48 - 2021-09-15 12:48 - 000172544 _____ () [File not signed] C:\Users\Johnny\AppData\Local\Temp\_MEI17562\_elementtree.pyd
2021-09-15 12:48 - 2021-09-15 12:48 - 002255872 _____ () [File not signed] C:\Users\Johnny\AppData\Local\Temp\_MEI17562\_hashlib.pyd
2021-09-15 12:48 - 2021-09-15 12:48 - 000032256 _____ () [File not signed] C:\Users\Johnny\AppData\Local\Temp\_MEI17562\_multiprocessing.pyd
2021-09-15 12:48 - 2021-09-15 12:48 - 000046080 _____ () [File not signed] C:\Users\Johnny\AppData\Local\Temp\_MEI17562\_psutil_windows.pyd
2021-09-15 12:48 - 2021-09-15 12:48 - 000047616 _____ () [File not signed] C:\Users\Johnny\AppData\Local\Temp\_MEI17562\_socket.pyd
2021-09-15 12:48 - 2021-09-15 12:48 - 002825216 _____ () [File not signed] C:\Users\Johnny\AppData\Local\Temp\_MEI17562\_ssl.pyd
2021-09-15 12:48 - 2021-09-15 12:48 - 000026112 _____ () [File not signed] C:\Users\Johnny\AppData\Local\Temp\_MEI17562\_yappi.pyd
2021-09-15 12:48 - 2021-09-15 12:48 - 000080896 _____ () [File not signed] C:\Users\Johnny\AppData\Local\Temp\_MEI17562\bz2.pyd
2021-09-15 12:48 - 2021-09-15 12:48 - 000015872 _____ () [File not signed] C:\Users\Johnny\AppData\Local\Temp\_MEI17562\common.time34.pyd
2021-09-15 12:48 - 2021-09-15 12:48 - 000007680 _____ () [File not signed] C:\Users\Johnny\AppData\Local\Temp\_MEI17562\hashobjs_ext.pyd
2021-09-15 12:48 - 2021-09-15 12:48 - 000301568 _____ () [File not signed] C:\Users\Johnny\AppData\Local\Temp\_MEI17562\PIL._imaging.pyd
2021-09-15 12:48 - 2021-09-15 12:48 - 000168448 _____ () [File not signed] C:\Users\Johnny\AppData\Local\Temp\_MEI17562\pyexpat.pyd
2021-09-15 12:48 - 2021-09-15 12:48 - 001084416 _____ () [File not signed] C:\Users\Johnny\AppData\Local\Temp\_MEI17562\pysqlite2._sqlite.pyd
2021-09-15 12:48 - 2021-09-15 12:48 - 000548864 _____ () [File not signed] C:\Users\Johnny\AppData\Local\Temp\_MEI17562\pythoncom27.dll
2021-09-15 12:48 - 2021-09-15 12:48 - 000137728 _____ () [File not signed] C:\Users\Johnny\AppData\Local\Temp\_MEI17562\pywintypes27.dll
2021-09-15 12:48 - 2021-09-15 12:48 - 000010752 _____ () [File not signed] C:\Users\Johnny\AppData\Local\Temp\_MEI17562\select.pyd
2021-09-15 12:48 - 2021-09-15 12:48 - 000020992 _____ () [File not signed] C:\Users\Johnny\AppData\Local\Temp\_MEI17562\thumbnails_ext.pyd
2021-09-15 12:48 - 2021-09-15 12:48 - 000689664 _____ () [File not signed] C:\Users\Johnny\AppData\Local\Temp\_MEI17562\unicodedata.pyd
2021-09-15 12:48 - 2021-09-15 12:48 - 000119808 _____ () [File not signed] C:\Users\Johnny\AppData\Local\Temp\_MEI17562\usb_ext.pyd
2021-09-15 12:48 - 2021-09-15 12:48 - 000128512 _____ () [File not signed] C:\Users\Johnny\AppData\Local\Temp\_MEI17562\win32api.pyd
2021-09-15 12:48 - 2021-09-15 12:48 - 000438784 _____ () [File not signed] C:\Users\Johnny\AppData\Local\Temp\_MEI17562\win32com.shell.shell.pyd
2021-09-15 12:48 - 2021-09-15 12:48 - 000011776 _____ () [File not signed] C:\Users\Johnny\AppData\Local\Temp\_MEI17562\win32crypt.pyd
2021-09-15 12:48 - 2021-09-15 12:48 - 000023040 _____ () [File not signed] C:\Users\Johnny\AppData\Local\Temp\_MEI17562\win32event.pyd
2021-09-15 12:48 - 2021-09-15 12:48 - 000149504 _____ () [File not signed] C:\Users\Johnny\AppData\Local\Temp\_MEI17562\win32file.pyd
2021-09-15 12:48 - 2021-09-15 12:48 - 000223232 _____ () [File not signed] C:\Users\Johnny\AppData\Local\Temp\_MEI17562\win32gui.pyd
2021-09-15 12:48 - 2021-09-15 12:48 - 000048128 _____ () [File not signed] C:\Users\Johnny\AppData\Local\Temp\_MEI17562\win32inet.pyd
2021-09-15 12:48 - 2021-09-15 12:48 - 000029696 _____ () [File not signed] C:\Users\Johnny\AppData\Local\Temp\_MEI17562\win32pdh.pyd
2021-09-15 12:48 - 2021-09-15 12:48 - 000027648 _____ () [File not signed] C:\Users\Johnny\AppData\Local\Temp\_MEI17562\win32pipe.pyd
2021-09-15 12:48 - 2021-09-15 12:48 - 000044032 _____ () [File not signed] C:\Users\Johnny\AppData\Local\Temp\_MEI17562\win32process.pyd
2021-09-15 12:48 - 2021-09-15 12:48 - 000020480 _____ () [File not signed] C:\Users\Johnny\AppData\Local\Temp\_MEI17562\win32profile.pyd
2021-09-15 12:48 - 2021-09-15 12:48 - 000136192 _____ () [File not signed] C:\Users\Johnny\AppData\Local\Temp\_MEI17562\win32security.pyd
2021-09-15 12:48 - 2021-09-15 12:48 - 000026624 _____ () [File not signed] C:\Users\Johnny\AppData\Local\Temp\_MEI17562\win32ts.pyd
2021-09-15 12:48 - 2021-09-15 12:48 - 000034304 _____ () [File not signed] C:\Users\Johnny\AppData\Local\Temp\_MEI17562\windows.conditional.pyd
2021-09-15 12:48 - 2021-09-15 12:48 - 000037888 _____ () [File not signed] C:\Users\Johnny\AppData\Local\Temp\_MEI17562\windows.connectivity.pyd
2021-09-15 12:48 - 2021-09-15 12:48 - 000071680 _____ () [File not signed] C:\Users\Johnny\AppData\Local\Temp\_MEI17562\windows.device_monitor.pyd
2021-09-15 12:48 - 2021-09-15 12:48 - 000103936 _____ () [File not signed] C:\Users\Johnny\AppData\Local\Temp\_MEI17562\windows.volumes.pyd
2021-09-15 12:48 - 2021-09-15 12:48 - 000019968 _____ () [File not signed] C:\Users\Johnny\AppData\Local\Temp\_MEI17562\windows.winwrap.pyd
2021-09-15 12:48 - 2021-09-15 12:48 - 001325056 _____ () [File not signed] C:\Users\Johnny\AppData\Local\Temp\_MEI17562\wx._controls_.pyd
2021-09-15 12:48 - 2021-09-15 12:48 - 001489408 _____ () [File not signed] C:\Users\Johnny\AppData\Local\Temp\_MEI17562\wx._core_.pyd
2021-09-15 12:48 - 2021-09-15 12:48 - 001007104 _____ () [File not signed] C:\Users\Johnny\AppData\Local\Temp\_MEI17562\wx._gdi_.pyd
2021-09-15 12:48 - 2021-09-15 12:48 - 000103424 _____ () [File not signed] C:\Users\Johnny\AppData\Local\Temp\_MEI17562\wx._html2.pyd
2021-09-15 12:48 - 2021-09-15 12:48 - 000916992 _____ () [File not signed] C:\Users\Johnny\AppData\Local\Temp\_MEI17562\wx._misc_.pyd
2021-09-15 12:48 - 2021-09-15 12:48 - 001039872 _____ () [File not signed] C:\Users\Johnny\AppData\Local\Temp\_MEI17562\wx._windows_.pyd
2016-10-20 20:52 - 2016-09-28 10:54 - 000076800 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2017-04-21 13:24 - 2017-04-21 13:24 - 000112128 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\Microsoft.Net\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
2017-04-21 13:26 - 2017-04-21 13:26 - 000126976 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\Microsoft.Net\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
2021-09-15 12:48 - 2021-09-15 12:48 - 003043328 _____ (Python Software Foundation) [File not signed] C:\Users\Johnny\AppData\Local\Temp\_MEI17562\python27.dll
2021-09-15 12:48 - 2021-09-15 12:48 - 000202240 _____ (wxWidgets development team) [File not signed] C:\Users\Johnny\AppData\Local\Temp\_MEI17562\wxbase30u_net_vc90_x64.dll
2021-09-15 12:48 - 2021-09-15 12:48 - 002831872 _____ (wxWidgets development team) [File not signed] C:\Users\Johnny\AppData\Local\Temp\_MEI17562\wxbase30u_vc90_x64.dll
2021-09-15 12:48 - 2021-09-15 12:48 - 001654784 _____ (wxWidgets development team) [File not signed] C:\Users\Johnny\AppData\Local\Temp\_MEI17562\wxmsw30u_adv_vc90_x64.dll
2021-09-15 12:48 - 2021-09-15 12:48 - 006542336 _____ (wxWidgets development team) [File not signed] C:\Users\Johnny\AppData\Local\Temp\_MEI17562\wxmsw30u_core_vc90_x64.dll
2021-09-15 12:48 - 2021-09-15 12:48 - 000773632 _____ (wxWidgets development team) [File not signed] C:\Users\Johnny\AppData\Local\Temp\_MEI17562\wxmsw30u_html_vc90_x64.dll
2021-09-15 12:48 - 2021-09-15 12:48 - 000137216 _____ (wxWidgets development team) [File not signed] C:\Users\Johnny\AppData\Local\Temp\_MEI17562\wxmsw30u_webview_vc90_x64.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 11) (Whitelisted) ==========

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie64.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie64.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie.dll [2018-04-23] (McAfee, Inc. -> Intel Security)
Toolbar: HKU\S-1-5-21-2350607292-2742822079-1077346085-1000 -> True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie64.dll [2018-04-23] (McAfee, Inc. -> Intel Security)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\
HKU\S-1-5-21-2350607292-2742822079-1077346085-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Johnny\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{14D8EF69-CCD2-4E89-BE3C-03D3F1B60F43}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe () [File not signed]
FirewallRules: [UDP Query User{6FD7B68E-E7BC-4E96-97BF-11FFFC3DAA1B}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe () [File not signed]
FirewallRules: [{A1D1EC1C-F397-4C20-9D6A-906045B067EA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{822E070F-E42B-4087-B2F3-5B57E7DD1138}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{36B2F014-A755-4AA3-9C36-F8EEC4BE1BC4}] => (Allow) C:\Program Files\HP\HP Deskjet 3520 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{BA947712-39F6-4059-8FD6-32C297759E69}] => (Allow) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [TCP Query User{3DE8CCDA-4CD4-4A06-9F64-EE2901A439EF}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{64EF5EE1-5889-4090-9468-A86778719B3F}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5472281F-4ECD-4C53-B46A-744ADD586CF6}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FirewallRules: [{D6172587-5540-4E90-8EA4-3407577AA041}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FirewallRules: [{7F1784C7-13D7-4B4E-AC09-54EC2557A574}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

==================== Restore Points =========================

01-08-2021 19:00:09 Windows Backup
08-08-2021 19:00:04 Windows Backup
15-08-2021 22:41:01 Windows Backup
22-08-2021 20:01:05 Windows Backup
29-08-2021 19:00:08 Windows Backup
05-09-2021 19:00:10 Windows Backup
12-09-2021 19:00:19 Windows Backup

==================== Faulty Device Manager Devices ============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (09/04/2021 07:24:24 PM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007

Error: (09/04/2021 07:24:24 PM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0

Error: (08/22/2021 04:44:23 PM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007

Error: (08/22/2021 04:44:23 PM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0

Error: (08/10/2021 05:29:17 PM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007

Error: (08/10/2021 05:29:17 PM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0

Error: (08/06/2021 05:02:41 PM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007

Error: (08/06/2021 05:02:41 PM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0


System errors:
=============
Error: (09/15/2021 02:34:22 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.

Error: (09/14/2021 06:56:25 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

Error: (09/13/2021 04:56:56 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

Error: (09/13/2021 11:36:23 AM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

Error: (09/12/2021 10:24:46 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

Error: (09/12/2021 06:26:51 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

Error: (09/10/2021 03:42:38 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

Error: (09/10/2021 12:38:37 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.


==================== Memory info ===========================

BIOS: American Megatrends Inc. C.60 07/22/2016
Motherboard: MSI B150M MORTAR (MS-7972)
Processor: Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz
Percentage of memory in use: 33%
Total physical RAM: 16258.88 MB
Available physical RAM: 10784.86 MB
Total Virtual: 32515.93 MB
Available Virtual: 26939.3 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:223.35 GB) (Free:84.33 GB) NTFS
Drive d: () (Fixed) (Total:1863.01 GB) (Free:122.4 GB) NTFS


==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 223.6 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 346FBCB4)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Ahoj

Ak nepouzivas program "McAfee True Key", mozes ho odinstalovat.

Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/

• Uloz na plochu a ukonci vsetky programy
• Spusti AdwCleaner ako spravca
• Odsuhlas licencne podmienky
• Klikni na Spustit skenovani a pockaj na dokoncenie
• V pripade nalezov nechaj vsetky nalezy oznacene a klikni na Karantena (ak nie su ziadne nalezy, tak na Spustit zakladni opravu)
• V pripade, ze sa detekuje aj "predinstalovany software", tieto programy mozes, ale nemusis zmazat (toto nie su skodlive programy, ale iba zbytocnosti)
• Potvrd vyzvu, pockaj na dokoncenie a potvrd restartovanie PC
• Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
• Otvori sa log, jeho obsah skopiruj a vloz do dalsej odpovede

McAfee odinstalováno.

AdwCleaner dal do karantény 5 souborů, ale nevynutil si sám restart. Restartoval jsem tedy PC sám a musel program znovu zapnout. Našel jsem logy a dávám sem:

Budu čekat, co poradíte dále.

# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build: 06-29-2021
# Database: 2021-09-09.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 09-17-2021
# Duration: 00:00:07
# OS: Windows 7 Ultimate N
# Scanned: 31990
# Detected: 5


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.DriverDoc C:\Windows\Installer\{4D0A0750-B034-4DF8-97DE-26F1212AC2FF}
PUP.Optional.Solvusoft C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Solvusoft

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy HKLM\Software\Wow6432Node\master
PUP.Optional.Solvusoft HKLM\SOFTWARE\Classes\Applications\DriverDocSetup.exe

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

PUP.Optional.Legacy Avira SafeSearch Plus - safesearchplus2@avira.com

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########


# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build: 06-29-2021
# Database: 2021-09-09.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 09-17-2021
# Duration: 00:00:01
# OS: Windows 7 Ultimate N
# Cleaned: 5
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Windows\Installer\{4D0A0750-B034-4DF8-97DE-26F1212AC2FF}
Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Solvusoft

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKLM\SOFTWARE\Classes\Applications\DriverDocSetup.exe
Deleted HKLM\Software\Wow6432Node\master

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

Deleted Avira SafeSearch Plus - safesearchplus2@avira.com

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1736 octets] - [17/09/2021 17:58:51]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Poprosim o obidva nove logy z FRST.

Posílám nové logy. Děkuji.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-09-2021
Ran by Johnny (administrator) on JOHNNY-PC (MSI MS-7972) (20-09-2021 13:34:42)
Running from C:\Users\Johnny\Desktop
Loaded Profiles: Johnny
Platform: Windows 7 Ultimate N Service Pack 1 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Huawei Technologies Co., Ltd. -> ) C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <7>
(Piriform Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(SARL ACLAP -> Node.js) [File not signed] [File is in use] C:\Program Files\net.downloadhelper.coapp\bin\net.downloadhelper.coapp-win-64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [706192 2021-04-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.) [File not signed]
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\51.0.15.0\GoogleDriveFS.exe --startup_mode
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\51.0.15.0\GoogleDriveFS.exe --startup_mode
HKU\S-1-5-21-2350607292-2742822079-1077346085-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-2350607292-2742822079-1077346085-1000\...\MountPoints2: {1914d19d-de40-11eb-af4c-4ccc6a4b57c8} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-2350607292-2742822079-1077346085-1000\...\MountPoints2: {a69fcb2c-7350-11eb-9c3a-4ccc6a4b57c8} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-2350607292-2742822079-1077346085-1000\...\MountPoints2: {dfdb7522-ada5-11e7-831c-4ccc6a4b57c8} - G:\HiSuiteDownLoader.exe
HKU\S-1-5-21-2350607292-2742822079-1077346085-1000\...\MountPoints2: {e7df6e9a-49d9-11e7-a304-4ccc6a4b57c8} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-2350607292-2742822079-1077346085-1000\...\MountPoints2: {e7df6ea8-49d9-11e7-a304-4ccc6a4b57c8} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\51.0.15.0\GoogleDriveFS.exe --startup_mode
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2016-10-13] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\Canon MG3600 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDCT.DLL [30208 2015-03-12] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG3600 series: C:\Windows\system32\CNMLMCT.DLL [406528 2015-03-12] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\HP B011 Status Monitor: C:\Windows\system32\hpinkstsB011LM.dll [328552 2012-01-11] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Deskjet 3520 series): C:\Windows\system32\HPDiscoPMB011.dll [712552 2012-01-31] (Hewlett Packard -> Hewlett-Packard Co.)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
Startup: C:\Users\Johnny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3520 series.lnk [2021-09-20]
ShortcutAndArgument: Monitor Ink Alerts - HP Deskjet 3520 series.lnk -> C:\Windows\system32\RunDll32.exe => "C:\Program Files\HP\HP Deskjet 3520 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN2AG1572005SZ;CONNECTION=USB;MONITOR=1;

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {081E696E-C859-424C-AB5B-C8B5433EC2A7} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel(R) Update Manager -> Intel Corporation)
Task: {335CD783-0BA7-4ACF-B425-CAF2082F85FC} - System32\Tasks\AutoKMSDaily => C:\Windows\AutoKMS.exe [647168 2016-10-12] () [File not signed]
Task: {46689C52-352C-405C-9394-F9A099D0CFCA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [5496600 2015-01-20] (Piriform Ltd -> Piriform Ltd)
Task: {6EFA9E4B-2400-4431-9FDE-2C2D28FF0965} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2651056 2021-07-13] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {7BC036CF-01AA-40F0-88F5-88404D521F47} - System32\Tasks\HPCustParticipation HP Deskjet 3520 series => C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPCustPartic.exe [4078440 2012-01-31] (Hewlett Packard -> Hewlett-Packard Co.)
Task: {7D7B227F-A945-4DC1-96E5-73A3A8C99932} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe [647168 2016-10-12] () [File not signed]
Task: {822B3096-A7C5-49F2-A2E8-4B0C679499B2} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [680888 2021-09-08] (Mozilla Corporation -> Mozilla Foundation)
Task: {AC6E13FB-8B74-4E9C-A6A4-EBB7C91C8614} - System32\Tasks\{D649253E-049B-4DB9-AD7C-B5377A9780C6} => C:\Windows\system32\pcalua.exe -a C:\Users\Johnny\Desktop\Sonic.Projects.OP-X.PRO.II.v1.0.Incl.Keygen-AiR\Setup.exe -d C:\Users\Johnny\Desktop\Sonic.Projects.OP-X.PRO.II.v1.0.Incl.Keygen-AiR
Task: {BD025BC3-F4A3-462A-A203-5A2B075633CC} - System32\Tasks\{585550C6-D85C-496F-9AD0-145358AB9E7A} => C:\Windows\system32\pcalua.exe -a C:\Users\Johnny\Desktop\Superwave\superwave_p8.exe -d C:\Users\Johnny\Desktop\Superwave
Task: {EE5CE10A-9378-409B-A16B-8A6B160FF6F2} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel(R) Update Manager -> Intel Corporation)
Task: {F97C4C9C-9389-41B2-9E30-E590D9707550} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [855352 2016-02-19] (Intel(R) Trusted Connect Service -> Intel(R) Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{102B50F1-2CA0-45AC-843B-8F31B1D85734}: [DhcpNameServer] 192.168.1.1 0.0.0.0

FireFox:
========
FF DefaultProfile: cwp2avjo.default
FF ProfilePath: C:\Users\Johnny\AppData\Roaming\Mozilla\Firefox\Profiles\cwp2avjo.default [2021-09-20]
FF DownloadDir: C:\Users\Johnny\Desktop
FF Homepage: Mozilla\Firefox\Profiles\cwp2avjo.default -> www.seznam.cz
FF Notifications: Mozilla\Firefox\Profiles\cwp2avjo.default -> hxxps://www.tipsport.cz; hxxps://www.podnikatel.cz
FF Extension: (Avira Browser Safety) - C:\Users\Johnny\AppData\Roaming\Mozilla\Firefox\Profiles\cwp2avjo.default\Extensions\abs@avira.com.xpi [2021-09-07]
FF Extension: (Download YouTube Videos as MP4) - C:\Users\Johnny\AppData\Roaming\Mozilla\Firefox\Profiles\cwp2avjo.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2017-02-14] [Legacy]
FF Extension: (Video DownloadHelper) - C:\Users\Johnny\AppData\Roaming\Mozilla\Firefox\Profiles\cwp2avjo.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2021-07-02]
FF Extension: (No Name) - C:\Users\Johnny\AppData\Roaming\Mozilla\Firefox\Profiles\cwp2avjo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2021-09-01]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN -> VideoLAN)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1206648 2021-07-13] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [485048 2021-07-13] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [485048 2021-07-13] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [574672 2021-07-13] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [634768 2021-04-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [159080 2021-04-13] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192320 2020-09-24] (Huawei Technologies Co., Ltd. -> )
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [443344 2020-05-25] (Canon Inc. -> )
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel(R) Update Manager -> Intel Corporation)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [163280 2015-05-18] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [68152 2019-06-14] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [223128 2021-08-07] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [177112 2021-03-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36072 2019-02-21] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-03-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [35376 2019-02-21] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S3 ew_usbccgpfilter; C:\Windows\System32\DRIVERS\ew_usbccgpfilter.sys [18944 2020-09-24] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2020-09-24] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys [13368 2012-10-25] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64.sys [23200 2015-04-30] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-09-20 13:34 - 2021-09-20 13:35 - 000016081 _____ C:\Users\Johnny\Desktop\FRST.txt
2021-09-20 13:27 - 2021-09-20 13:27 - 000767590 _____ C:\Users\Johnny\Desktop\Dáme_jídlo_-_Smlouva_o_zprostředkování_objedn.pdf
2021-09-18 10:11 - 2021-09-18 10:13 - 000000000 ___RD C:\Users\Johnny\My Drive (technohronic@seznam.cz)
2021-09-17 17:58 - 2021-09-17 17:59 - 000000000 ____D C:\AdwCleaner
2021-09-17 17:56 - 2021-09-17 17:57 - 008553680 _____ (Malwarebytes) C:\Users\Johnny\Desktop\adwcleaner_8.3.0.exe
2021-09-17 17:54 - 2021-09-20 13:19 - 000002740 _____ C:\Windows\system32\Tasks\AutoKMSDaily
2021-09-15 14:40 - 2021-09-15 14:40 - 002304000 _____ (Farbar) C:\Users\Johnny\Desktop\FRST64.exe
2021-09-10 13:48 - 2021-09-12 17:51 - 000000000 ____D C:\Users\Johnny\Desktop\Naskenované dokumenty
2021-09-09 08:54 - 2021-09-10 20:01 - 000001854 _____ C:\Users\Default\Desktop\Google Slides.lnk
2021-09-09 08:54 - 2021-09-10 20:01 - 000001854 _____ C:\Users\Default\Desktop\Google Sheets.lnk
2021-09-09 08:54 - 2021-09-10 20:01 - 000001842 _____ C:\Users\Default\Desktop\Google Docs.lnk
2021-09-08 21:09 - 2021-09-08 23:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2021-09-08 15:32 - 2021-09-08 15:32 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2021-09-02 10:43 - 2021-09-02 10:43 - 000000000 ___RD C:\Users\Johnny\Documents\Scanned Documents
2021-09-02 10:43 - 2021-09-02 10:43 - 000000000 ____D C:\Users\Johnny\Documents\Fax

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-09-20 13:34 - 2020-07-19 15:55 - 000000000 ____D C:\FRST
2021-09-20 13:34 - 2016-10-12 20:49 - 000000000 ____D C:\ProgramData\Mozilla
2021-09-20 13:33 - 2016-11-21 20:05 - 000000000 ____D C:\Users\Johnny\AppData\LocalLow\Mozilla
2021-09-20 13:24 - 2009-07-14 06:50 - 000021616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-09-20 13:24 - 2009-07-14 06:50 - 000021616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-09-20 13:23 - 2016-12-22 09:31 - 000671856 _____ C:\Windows\system32\perfh005.dat
2021-09-20 13:23 - 2016-12-22 09:31 - 000142438 _____ C:\Windows\system32\perfc005.dat
2021-09-20 13:23 - 2009-07-14 07:12 - 001591910 _____ C:\Windows\system32\PerfStringBackup.INI
2021-09-20 13:23 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2021-09-20 13:19 - 2016-10-12 20:36 - 000078848 _____ C:\Windows\KMSEmulator.exe
2021-09-20 13:19 - 2016-10-12 20:36 - 000000202 _____ C:\Windows\Tasks\AutoKMSDaily.job
2021-09-20 13:19 - 2016-10-12 20:36 - 000000202 _____ C:\Windows\Tasks\AutoKMS.job
2021-09-20 13:19 - 2016-10-12 19:33 - 000000000 __SHD C:\Users\Johnny\IntelGraphicsProfiles
2021-09-20 13:18 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-09-18 10:56 - 2019-05-25 13:04 - 000000000 ____D C:\Program Files (x86)\Google
2021-09-18 10:19 - 2019-05-25 13:05 - 000000000 ____D C:\Program Files\Google
2021-09-18 10:19 - 2019-05-25 13:04 - 000000000 ____D C:\Users\Johnny\AppData\Local\Google
2021-09-18 10:13 - 2019-05-27 11:14 - 000000000 ___RD C:\Users\Johnny\Google Drive
2021-09-18 10:11 - 2016-10-12 19:22 - 000000000 ____D C:\Users\Johnny
2021-09-18 09:02 - 2016-10-12 20:46 - 000000000 ___RD C:\Users\Johnny\Desktop\Různé
2021-09-17 17:52 - 2018-10-30 08:39 - 000000000 ____D C:\Program Files\McAfee
2021-09-17 17:52 - 2016-11-14 22:55 - 000000000 ____D C:\Program Files\Common Files\McAfee
2021-09-17 17:52 - 2016-11-14 22:39 - 000000000 ____D C:\ProgramData\McAfee
2021-09-16 19:04 - 2021-07-29 14:34 - 000000000 ____D C:\Users\Johnny\Desktop\Investice
2021-09-10 13:46 - 2021-01-06 16:01 - 000000000 ____D C:\ProgramData\CanonIJPLM
2021-09-09 12:50 - 2021-05-25 15:17 - 000000000 ____D C:\Users\Johnny\AppData\Roaming\Ledger Live
2021-09-09 08:39 - 2020-04-09 22:47 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-09-09 08:39 - 2016-10-12 21:00 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-09-08 15:10 - 2018-05-15 18:03 - 000000000 ____D C:\Users\Johnny\AppData\Local\CrashDumps
2021-09-08 14:02 - 2021-05-25 15:17 - 000001908 _____ C:\Users\Public\Desktop\Ledger Live.lnk
2021-09-08 14:02 - 2021-05-25 15:17 - 000000000 ____D C:\Program Files\Ledger Live
2021-09-08 14:00 - 2021-05-25 15:17 - 000000000 ____D C:\Users\Johnny\AppData\Local\ledger-live-desktop-updater
2021-09-04 16:17 - 2016-10-12 20:43 - 000000000 ____D C:\Users\Johnny\Desktop\Máma
2021-08-23 17:33 - 2009-07-14 07:08 - 000032624 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories ========

2016-12-20 13:21 - 2016-12-20 13:21 - 000000268 ___RH () C:\Users\Johnny\AppData\Roaming\Helper Scripts
2016-12-20 13:21 - 2016-12-20 13:21 - 000000268 ___RH () C:\Users\Johnny\AppData\Roaming\Hip Hop
2016-12-20 13:21 - 2016-12-20 13:21 - 000000268 ___RH () C:\Users\Johnny\AppData\Roaming\Home
2017-07-24 10:39 - 2017-07-24 10:40 - 000000000 _____ () C:\Users\Johnny\AppData\Local\{F1FD15D2-A3EA-4CAD-9CA0-F13410F7BF21}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2021-09-19 17:45
==================== End of FRST.txt ========================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-09-2021
Ran by Johnny (20-09-2021 13:35:42)
Running from C:\Users\Johnny\Desktop
Windows 7 Ultimate N Service Pack 1 (X64) (2016-10-12 17:22:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2350607292-2742822079-1077346085-500 - Administrator - Disabled)
Guest (S-1-5-21-2350607292-2742822079-1077346085-501 - Limited - Disabled)
Johnny (S-1-5-21-2350607292-2742822079-1077346085-1000 - Administrator - Enabled) => C:\Users\Johnny

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {AC17F611-00B5-72DF-E540-58FE9912ECC8}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {177617F5-268F-7D51-DFF0-638CE295A675}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.03 (x64) (HKLM\...\7-Zip) (Version: 16.03 - Igor Pavlov)
Adobe Reader 9.1 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)
ARP2600 V2 2.0 (HKLM-x32\...\ARP2600 V2_is1) (Version: - Arturia)
Arturia Moog Modular V2 v1.0 (HKLM-x32\...\Arturia Moog Modular V2 v1.0) (Version: - )
Arturia Prophet V VSTi RTAS v1.2.1 (HKLM-x32\...\Arturia Prophet V VSTi RTAS_is1) (Version: - )
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Avira (HKLM-x32\...\{21098ed5-59e9-4203-b79e-63f3c373e022}) (Version: 1.2.155.4877 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{2CA8B2E7-B4B7-4553-83E6-448A543EA5AD}) (Version: 1.2.155.4877 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.2108.2113 - Avira Operations GmbH & Co. KG)
Avira Software Updater (HKLM-x32\...\{5FFF909D-D88F-42B9-9A85-328A1290611C}) (Version: 2.0.6.48309 - Avira Operations GmbH & Co. KG)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.20.13 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 6.3.0 - Canon Inc.)
Canon MG3600 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3600_series) (Version: 1.00 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
ConvertHelper 3.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version: - DownloadHelper)
CPUID CPU-Z MSI 1.76 (HKLM\...\CPUID CPU-Z MSI_is1) (Version: 1.76 - CPUID, Inc.)
CS-80 V3 (HKLM\...\CS-80 V3_is1) (Version: 3.3.0.1391 - Arturia & Team V.R)
D-Fend Reloaded 1.4.4 (Odinstalovat) (HKLM-x32\...\D-Fend Reloaded) (Version: 1.4.4 - Alexander Herzog)
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: - Steinberg Media Technologies GmbH)
FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version: - Image-Line)
GForce - Oddity (HKLM-x32\...\Oddity) (Version: - )
HiSuite (HKLM-x32\...\Hi Suite) (Version: 11.0.0.360 - Huawei Technologies Co., Ltd.)
HP Deskjet 3520 series Basic Device Software (HKLM\...\{E80963EC-EED7-411A-8AC0-149EC57FB0F9}) (Version: 27.0.847.0 - Hewlett-Packard Co.)
HP Deskjet 3520 series Help (HKLM-x32\...\{C13E1F46-84FE-4D3B-8581-0F2F624C7EEC}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 3520 series Product Improvement Study (HKLM\...\{177F4FEE-E119-4AB7-9B32-ECF6A1D03719}) (Version: 27.0.847.0 - Hewlett-Packard Co.)
HP Deskjet 3520 series Setup Guide (HKLM-x32\...\{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}) (Version: 27.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
Intel(R) Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.6.1194 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4534 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 4.0.0.36 - Intel Corporation)
Jupiter-8V2 2.0 (HKLM-x32\...\Jupiter-8V2_is1) (Version: - Arturia)
Ledger Live 2.32.2 (HKLM\...\c62032b2-0bca-5abc-b458-fd67cfc9e49b) (Version: 2.32.2 - Ledger Live Team)
M30 Reverb (HKLM-x32\...\M30 Reverb) (Version: 1.0.0.1 - TC Electronic)
Microsoft .NET Framework 4.7 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox (x64 cs) (HKLM\...\Mozilla Firefox 92.0 (x64 cs)) (Version: 92.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 68.4.2 - Mozilla)
Mozilla Thunderbird 78.14.0 (x86 cs) (HKLM-x32\...\Mozilla Thunderbird 78.14.0 (x86 cs)) (Version: 78.14.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
N.I Pro-53 v3.0-OxYGeN (HKLM-x32\...\N.I Pro-53 v3.0-OxYGeN) (Version: - )
Native Instruments FM7 (HKLM-x32\...\Native Instruments FM7) (Version: - )
Native Instruments FM8 (HKLM-x32\...\Native Instruments FM8) (Version: - )
Native Instruments Massive v1.0.1.008 VSTi DXi RTAS (HKLM-x32\...\Native Instruments Massive v1.0.1.008 VSTi DXi RTAS) (Version: - )
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.2.2 - Nikon)
PSD Codec by Ardfry Imaging, LLC (32 bit) (HKLM-x32\...\{345E25C8-EC20-45D5-A088-C5891FC603D4}) (Version: 1.0.15.0 - Ardfry Imaging, LLC) Hidden
PSD Codec by Ardfry Imaging, LLC (64 bit) (HKLM\...\{AD4E43FF-20E5-4E91-9B10-5BFAB7F66EE2}) (Version: 1.0.15.0 - Ardfry Imaging, LLC) Hidden
PSD CODEC Version 1.6.1.0 (HKLM\...\Ardfry PSD CODEC_is1) (Version: 1.6.1.0 - Ardfry Imaging, LLC)
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.97.1001.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7730 - Realtek Semiconductor Corp.)
rgcAudio z3ta Plus v1.40 (HKLM-x32\...\rgcAudio z3ta Plus v1.40) (Version: - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)
SonicProjects OP-X PRO-II (HKLM\...\OP-X PRO-II_is1) (Version: 1.2.5 - Team V.R)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: - )
TubeOhm ANTI-TRANSPIRANT/Stepper4free (HKLM-x32\...\TUBEOHM A-T and Stepper4free_is1) (Version: - )
VdhCoApp 1.3.0 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper)
ViewNX 2 (HKLM-x32\...\{DDD62492-32A7-412B-8AF1-2CF032AD42E3}) (Version: 2.1.2 - Nikon)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.1 - VideoLAN)
Waldorf PPG Wave 2.V v1.2 (HKLM-x32\...\Waldorf PPG Wave 2.V v1.2) (Version: - )
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (01/19/2011 1.0.0009.0) (HKLM\...\4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20) (Version: 01/19/2011 1.0.0009.0 - Western Digital Technologies)
Z3TA+ 2 (HKLM-x32\...\Z3TA+ 2_is1) (Version: 2.1 - Cakewalk Music Software)
Zip Motion Block Video codec (Remove Only) (HKLM-x32\...\ZMBV) (Version: - DOSBox Team)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6671064 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-09-28] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => -> No File
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2021-07-13] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-09-28] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => -> No File
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-12-06] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-09-28] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2021-07-13] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.ZMBV] => C:\Windows\SysWOW64\zmbv.dll [94208 2010-04-09] () [File not signed]
HKLM\...\Drivers32: [msacm.vorbis] => C:\Windows\SysWOW64\vorbis.acm [1554944 2009-09-15] (HMS hxxp://hp.vector.co.jp/authors/VA012897/) [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Johnny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 10\Image-Line website.lnk -> hxxp://www.image-line.com
Shortcut: C:\Users\Johnny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 10\Advanced\Diagnostic.lnk -> hxxp://www.image-line.com/diagnosti
Shortcut: C:\Users\Johnny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 10\Additional\Download Deckadance.lnk -> hxxp://www.deckadance.com
Shortcut: C:\Users\Johnny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 10\Additional\SynthMaker website.lnk -> hxxp://www.synthmaker.co.uk

==================== Loaded Modules (Whitelisted) =============

2015-01-21 04:06 - 2015-01-21 04:06 - 000053248 _____ () [File not signed] C:\Program Files\CCleaner\lang\lang-1029.dll
2016-10-20 20:52 - 2016-09-28 10:54 - 000076800 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2017-04-21 13:24 - 2017-04-21 13:24 - 000112128 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\Microsoft.Net\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 11) (Whitelisted) ==========

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\
HKU\S-1-5-21-2350607292-2742822079-1077346085-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Johnny\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{14D8EF69-CCD2-4E89-BE3C-03D3F1B60F43}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe () [File not signed]
FirewallRules: [UDP Query User{6FD7B68E-E7BC-4E96-97BF-11FFFC3DAA1B}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe () [File not signed]
FirewallRules: [{A1D1EC1C-F397-4C20-9D6A-906045B067EA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{822E070F-E42B-4087-B2F3-5B57E7DD1138}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{36B2F014-A755-4AA3-9C36-F8EEC4BE1BC4}] => (Allow) C:\Program Files\HP\HP Deskjet 3520 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{BA947712-39F6-4059-8FD6-32C297759E69}] => (Allow) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [TCP Query User{3DE8CCDA-4CD4-4A06-9F64-EE2901A439EF}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{64EF5EE1-5889-4090-9468-A86778719B3F}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E0AA63C6-6BB9-4101-9B5E-E5BFF3B70D25}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FirewallRules: [{BA32CA01-5DAB-468B-A162-D6B7342C4203}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FirewallRules: [{7DC5B24E-6476-4FBE-84BF-AAE466ABB11A}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

==================== Restore Points =========================

22-08-2021 20:01:05 Windows Backup
29-08-2021 19:00:08 Windows Backup
05-09-2021 19:00:10 Windows Backup
12-09-2021 19:00:19 Windows Backup
18-09-2021 10:19:10 Removed Backup and Sync from Google
19-09-2021 19:12:57 Windows Backup

==================== Faulty Device Manager Devices ============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (09/17/2021 06:01:19 PM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhost (1536) WebCacheLocal: Error -1811 occurred while opening logfile C:\Users\Johnny\AppData\Local\Microsoft\Windows\WebCache\V010010B.log.

Error: (09/04/2021 07:24:24 PM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007

Error: (09/04/2021 07:24:24 PM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0

Error: (08/22/2021 04:44:23 PM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007

Error: (08/22/2021 04:44:23 PM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0

Error: (08/10/2021 05:29:17 PM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007

Error: (08/10/2021 05:29:17 PM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0

Error: (08/06/2021 05:02:41 PM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007


System errors:
=============
Error: (09/19/2021 05:47:03 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

Error: (09/18/2021 06:02:02 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

Error: (09/18/2021 04:00:32 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

Error: (09/18/2021 10:36:43 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume F:.

Error: (09/17/2021 11:08:34 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

Error: (09/17/2021 05:59:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Updater Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (09/17/2021 05:59:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HuaweiHiSuiteService64.exe service terminated unexpectedly. It has done this 1 time(s).

Error: (09/17/2021 05:59:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Service Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.


==================== Memory info ===========================

BIOS: American Megatrends Inc. C.60 07/22/2016
Motherboard: MSI B150M MORTAR (MS-7972)
Processor: Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz
Percentage of memory in use: 27%
Total physical RAM: 16258.88 MB
Available physical RAM: 11743.45 MB
Total Virtual: 32515.93 MB
Available Virtual: 27950.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:223.35 GB) (Free:88.12 GB) NTFS
Drive d: () (Fixed) (Total:1863.01 GB) (Free:117.86 GB) NTFS


==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 223.6 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 346FBCB4)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Otvor poznamkovy blok (Win+R -> notepad -> enter)

• Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

  Kód: Vybrat vše

  Start
  CloseProcesses:
  CreateRestorePoint:
  
  PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
  CMD: type "C:\Users\Johnny\AppData\Roaming\Helper Scripts"
  CMD: type "C:\Users\Johnny\AppData\Roaming\Hip Hop"
  CMD: type "C:\Users\Johnny\AppData\Roaming\Home"
  
  HKU\S-1-5-21-2350607292-2742822079-1077346085-1000\...\MountPoints2: {1914d19d-de40-11eb-af4c-4ccc6a4b57c8} - F:\HiSuiteDownLoader.exe
  HKU\S-1-5-21-2350607292-2742822079-1077346085-1000\...\MountPoints2: {a69fcb2c-7350-11eb-9c3a-4ccc6a4b57c8} - F:\HiSuiteDownLoader.exe
  HKU\S-1-5-21-2350607292-2742822079-1077346085-1000\...\MountPoints2: {dfdb7522-ada5-11e7-831c-4ccc6a4b57c8} - G:\HiSuiteDownLoader.exe
  HKU\S-1-5-21-2350607292-2742822079-1077346085-1000\...\MountPoints2: {e7df6e9a-49d9-11e7-a304-4ccc6a4b57c8} - F:\HiSuiteDownLoader.exe
  HKU\S-1-5-21-2350607292-2742822079-1077346085-1000\...\MountPoints2: {e7df6ea8-49d9-11e7-a304-4ccc6a4b57c8} - F:\HiSuiteDownLoader.exe
  Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
  Task: {335CD783-0BA7-4ACF-B425-CAF2082F85FC} - System32\Tasks\AutoKMSDaily => C:\Windows\AutoKMS.exe [647168 2016-10-12] () [File not signed]
  Task: {7D7B227F-A945-4DC1-96E5-73A3A8C99932} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe [647168 2016-10-12] () [File not signed]
  Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
  Task: C:\Windows\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS.exe
  2021-09-17 17:54 - 2021-09-20 13:19 - 000002740 _____ C:\Windows\system32\Tasks\AutoKMSDaily
  2021-09-20 13:19 - 2016-10-12 20:36 - 000078848 _____ C:\Windows\KMSEmulator.exe
  2021-09-20 13:19 - 2016-10-12 20:36 - 000000202 _____ C:\Windows\Tasks\AutoKMSDaily.job
  2021-09-20 13:19 - 2016-10-12 20:36 - 000000202 _____ C:\Windows\Tasks\AutoKMS.job
  2021-09-17 17:52 - 2018-10-30 08:39 - 000000000 ____D C:\Program Files\McAfee
  2021-09-17 17:52 - 2016-11-14 22:55 - 000000000 ____D C:\Program Files\Common Files\McAfee
  2021-09-17 17:52 - 2016-11-14 22:39 - 000000000 ____D C:\ProgramData\McAfee
  2017-07-24 10:39 - 2017-07-24 10:40 - 000000000 _____ () C:\Users\Johnny\AppData\Local\{F1FD15D2-A3EA-4CAD-9CA0-F13410F7BF21}
  ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} =>  -> No File
  ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} =>  -> No File
  ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} =>  -> No File
  ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
  SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
  SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
  SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
  SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
  FirewallRules: [TCP Query User{14D8EF69-CCD2-4E89-BE3C-03D3F1B60F43}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe () [File not signed]
  FirewallRules: [UDP Query User{6FD7B68E-E7BC-4E96-97BF-11FFFC3DAA1B}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe () [File not signed]
  
  Hosts:
  EmptyTemp:
  End

• Uloz na plochu s nazvom fixlist.txt
• Spusti znovu FRST a klikni na Fix
• Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
• Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah skopiruj a vloz do dalsej odpovede

Po restartování vyskakuje nějaká hláška od Aviry, že něco blokuje, nebo něco blokuje ji, něco ve smyslu: Host file bllocked.

Zde je log:

Fix result of Farbar Recovery Scan Tool (x64) Version: 22-09-2021 02
Ran by Johnny (23-09-2021 09:40:57) Run:1
Running from C:\Users\Johnny\Desktop
Loaded Profiles: Johnny
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
CMD: type "C:\Users\Johnny\AppData\Roaming\Helper Scripts"
CMD: type "C:\Users\Johnny\AppData\Roaming\Hip Hop"
CMD: type "C:\Users\Johnny\AppData\Roaming\Home"

HKU\S-1-5-21-2350607292-2742822079-1077346085-1000\...\MountPoints2: {1914d19d-de40-11eb-af4c-4ccc6a4b57c8} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-2350607292-2742822079-1077346085-1000\...\MountPoints2: {a69fcb2c-7350-11eb-9c3a-4ccc6a4b57c8} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-2350607292-2742822079-1077346085-1000\...\MountPoints2: {dfdb7522-ada5-11e7-831c-4ccc6a4b57c8} - G:\HiSuiteDownLoader.exe
HKU\S-1-5-21-2350607292-2742822079-1077346085-1000\...\MountPoints2: {e7df6e9a-49d9-11e7-a304-4ccc6a4b57c8} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-2350607292-2742822079-1077346085-1000\...\MountPoints2: {e7df6ea8-49d9-11e7-a304-4ccc6a4b57c8} - F:\HiSuiteDownLoader.exe
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
Task: {335CD783-0BA7-4ACF-B425-CAF2082F85FC} - System32\Tasks\AutoKMSDaily => C:\Windows\AutoKMS.exe [647168 2016-10-12] () [File not signed]
Task: {7D7B227F-A945-4DC1-96E5-73A3A8C99932} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe [647168 2016-10-12] () [File not signed]
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS.exe
2021-09-17 17:54 - 2021-09-20 13:19 - 000002740 _____ C:\Windows\system32\Tasks\AutoKMSDaily
2021-09-20 13:19 - 2016-10-12 20:36 - 000078848 _____ C:\Windows\KMSEmulator.exe
2021-09-20 13:19 - 2016-10-12 20:36 - 000000202 _____ C:\Windows\Tasks\AutoKMSDaily.job
2021-09-20 13:19 - 2016-10-12 20:36 - 000000202 _____ C:\Windows\Tasks\AutoKMS.job
2021-09-17 17:52 - 2018-10-30 08:39 - 000000000 ____D C:\Program Files\McAfee
2021-09-17 17:52 - 2016-11-14 22:55 - 000000000 ____D C:\Program Files\Common Files\McAfee
2021-09-17 17:52 - 2016-11-14 22:39 - 000000000 ____D C:\ProgramData\McAfee
2017-07-24 10:39 - 2017-07-24 10:40 - 000000000 _____ () C:\Users\Johnny\AppData\Local\{F1FD15D2-A3EA-4CAD-9CA0-F13410F7BF21}
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => -> No File
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => -> No File
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FirewallRules: [TCP Query User{14D8EF69-CCD2-4E89-BE3C-03D3F1B60F43}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe () [File not signed]
FirewallRules: [UDP Query User{6FD7B68E-E7BC-4E96-97BF-11FFFC3DAA1B}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe () [File not signed]

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========



Count : 3175
Average :
Sum : 7801870736
Maximum :
Minimum :
Property : Length


========= End of Powershell: =========


========= type "C:\Users\Johnny\AppData\Roaming\Helper Scripts" =========

čkž*A+Ł÷Ëş.╔ls?ĂÚ˘tHk└ľ žÖ&1
¸Ę│!n▒¸┴,¬zCyilşwY▄¸0█─ŃŰ>Ş;yć7Écx>(§mŇH[ĺŢűő§▒P├÷Ľ¬üÜ:á
========= End of CMD: =========


========= type "C:\Users\Johnny\AppData\Roaming\Hip Hop" =========

× j ~* A + A÷ Ë _. T% l s = C  i R  ‘%  %« Ä î |8 e ¨ `% $ ~ i l _w Y „%¸ 0 ˆ% %Cp> ^; y 7 É c x > ( § m GH [ :bqQ§ ’%P % ÷ =¬ ü Ü : á
========= End of CMD: =========


========= type "C:\Users\Johnny\AppData\Roaming\Home" =========

Ömž*A+Ł÷Ëş.╔ls=┴ý  $Exńľ¨ŚÁňĘĚmKáÓîĂ$~ilşwY▄¸0█─ŃŰ>Ş;yć7Écx>(§mŇH[ĺŢűő§▒P├÷Ľ¬üÜ:á
========= End of CMD: =========

HKU\S-1-5-21-2350607292-2742822079-1077346085-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1914d19d-de40-11eb-af4c-4ccc6a4b57c8} => removed successfully
HKU\S-1-5-21-2350607292-2742822079-1077346085-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a69fcb2c-7350-11eb-9c3a-4ccc6a4b57c8} => removed successfully
HKU\S-1-5-21-2350607292-2742822079-1077346085-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dfdb7522-ada5-11e7-831c-4ccc6a4b57c8} => removed successfully
HKU\S-1-5-21-2350607292-2742822079-1077346085-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e7df6e9a-49d9-11e7-a304-4ccc6a4b57c8} => removed successfully
HKU\S-1-5-21-2350607292-2742822079-1077346085-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e7df6ea8-49d9-11e7-a304-4ccc6a4b57c8} => removed successfully
HKLM\System\CurrentControlSet\Control\Lsa\\"Notification Packages"="scecli" => value restored successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{335CD783-0BA7-4ACF-B425-CAF2082F85FC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{335CD783-0BA7-4ACF-B425-CAF2082F85FC}" => removed successfully
C:\Windows\System32\Tasks\AutoKMSDaily => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMSDaily" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{7D7B227F-A945-4DC1-96E5-73A3A8C99932}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D7B227F-A945-4DC1-96E5-73A3A8C99932}" => removed successfully
C:\Windows\System32\Tasks\AutoKMS => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => removed successfully
C:\Windows\Tasks\AutoKMS.job => moved successfully
C:\Windows\Tasks\AutoKMSDaily.job => moved successfully
"C:\Windows\system32\Tasks\AutoKMSDaily" => not found
C:\Windows\KMSEmulator.exe => moved successfully
"C:\Windows\Tasks\AutoKMSDaily.job" => not found
"C:\Windows\Tasks\AutoKMS.job" => not found
C:\Program Files\McAfee => moved successfully
C:\Program Files\Common Files\McAfee => moved successfully
C:\ProgramData\McAfee => moved successfully
C:\Users\Johnny\AppData\Local\{F1FD15D2-A3EA-4CAD-9CA0-F13410F7BF21} => moved successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\DriveFS 28 or later => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\DriveFS 28 or later => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\DriveFS 28 or later => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{14D8EF69-CCD2-4E89-BE3C-03D3F1B60F43}C:\windows\kmsemulator.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{6FD7B68E-E7BC-4E96-97BF-11FFFC3DAA1B}C:\windows\kmsemulator.exe" => removed successfully
Could not move "C:\Windows\System32\Drivers\etc\hosts" => Scheduled to move on reboot.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 17386962 B
Java, Flash, Steam htmlcache => 204001465 B
Windows/system/drivers => 191948 B
Edge => 0 B
Firefox => 1519990498 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 66228 B
Public => 66228 B
ProgramData => 66228 B
systemprofile => 58641797 B
systemprofile32 => 58708585 B
LocalService => 58774813 B
NetworkService => 58774813 B
Johnny => 148941826 B

RecycleBin => 0 B
EmptyTemp: => 2 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 23-09-2021 09:45:52)

C:\Windows\System32\Drivers\etc\hosts => Could not move
Could not restore Hosts.

==== End of Fixlog 09:45:52 ====

Pardon za zdrzanie. Ano, tato hlaska bola kvoli resetovaniu suboru "hosts". Inak to ako vyzera s PC? Su nejake problemy?

Dobrý den, taky se omlouvám za zdržení.

Zatím je vše v pořádku, ono ani předtím žádné extra problémy nebyly.
Nicméně se tedy zeptám. Vyřešilo to jen nějaké menší problémy, nebo tam byl nějaký šmejd, který byl odstraněn?

Pokud by byl nějaký problém, opět se ozvu.

Děkuji

Tak este upraceme po pouzitych nastrojoch:

• Stiahni DelFix: https://toolslib.net/downloads/finish/2-delfix/
• Uloz na plochu a spusti
• Nechaj oznacenu moznost "Remove disinfection tools"
• Klikni na "Run"

Hotovo

Ak uz teda nie su problemy s PC, tak to by bolo vsetko