VIRY.CZ

dobry den ,
prosim vas viete mi pomoct vyriesit problem,
do pocitaca sa mi dostal RIGD virus, zmenil mi vsetky subory, pridanim pripony .rigd, subory sa nedaju otvorit.
objavil sa im novy txt subor, kde utconici pozaduju peniaze za dekryptovanie suborov. .... to neplanujem ani zo sradny platit.
na internete som nasiel nejaky postup ako by som teoreticky ziskat subory naspat.
tu som naiel postup https://howtofix.guide/rigd-virus-file/
1. potrebujem si stiahnut nejaky antimalware, ktory odstrani rigd virus ten ktory odporucaju je plateny - VIETE MI PORADIT NEJAKY ZADARMO?
2. potom si mam stiahnut decryptor. ktory obnovy subory,

prosim poradte nejaky ten antimalware, ...
ked som stiahol ten jeden a potom som ho vymazal a stiahol druhy (tiez plateny,)tiez idem odinstalovat a hladam nejaky iny , musim zakazdym restartovat PC?

Zdravím!
Máte bohužel ransomware. My vám můžeme PC vyčistit, ale nemůžeme vám soubory odkryptovat. K tomu je třeba přímý přístup do vašeho PC, což nemáme právně ošetřeno. Zabývají se tím kolegové zde: https://neslape.cz/?utm_campaign=neslap ... ium=banner . Pochybuji, že existuje nějaký free AV, který dokáže soubory odkryptovat. O dekrypteru rovněž nic nevím, neboť ransomware je mnoho variant a ne na všechny je volně dostupný dekrypter. Máte-li zájem o vyčištění, dejte logy FRST+Addition.

snazil som sa tie virusy odstranit
nainstaloval som spyhunter5 , grindinsoft antimalware, aj super antispywarem a niekolkokrat som prescanoval pocitac a potm manualne vymazal criticke miesta.
stale som nerestartoval pocitac, lebo sa bojim ze este niekde ostal nejaky trojan skryty a aby sa restartom nerozsiril
nizsie prikladam PRST a adition
prosim skontrolujte:::


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-09-2021 02
Ran by ntb (administrator) on SERVER-T-01 (Dell Inc. Latitude E6420) (29-09-2021 14:28:32)
Running from C:\Users\ntb\Desktop
Loaded Profiles: ntb & Guest &
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Slovenčina (Slovensko)
Default browser not detected!
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\SUPERDelete\RegAsm.exe.SUPERDelete
() [File not signed] C:\Windows\SysWOW64\srvany.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\DiscoverySrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Broadcom Corp -> Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corp -> Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Dell Inc. -> Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
(DusanRodina_LanManagement -> Fieldston Software) [File not signed] C:\Users\ntb\AppData\Roaming\DB Software Laboratory\Svn Syncronize Management\disksyncer.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Google LLC -> ) C:\Program Files\Google\Drive File Stream\51.0.15.0\crashpad_handler.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation-Mobile Wireless Group -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation-Mobile Wireless Group -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation-Mobile Wireless Group -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Users\ntb\AppData\Roaming\RegAsm.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe <2>
(Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(O2Micro Inc. -> O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(O2Micro Inc. -> O2Micro.) C:\Windows\SysWOW64\SDIOAssist.exe
(SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmdS.exe [330552 2018-08-04] (ESET, spol. s r.o. -> ESET)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2300812948-3644434461-2255956692-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35093120 2021-09-10] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2300812948-3644434461-2255956692-1000\...\RunOnce: [BPInstaller.exe_140801884] => C:\Program Files\Bitdefender Antivirus Free\kitinstaller\BPInstaller.exe [1751144 2021-09-15] (Bitdefender SRL -> Bitdefender) <==== ATTENTION
HKU\S-1-5-21-2300812948-3644434461-2255956692-1000\...\Policies\Explorer: [NoSecurityTab] 1
HKU\S-1-5-21-2300812948-3644434461-2255956692-1000\...\MountPoints2: {2547e260-6f1d-11e8-8791-d4bed911f860} - E:\Lenovo_Suite.exe
HKU\S-1-5-21-2300812948-3644434461-2255956692-1000\...\MountPoints2: {78e037a1-2726-11e8-a2a5-d4bed911f860} - E:\autorun.exe
HKLM\...\Print\Monitors\EPSON BX310FN Series 64MonitorBE: C:\Windows\system32\E_ILMFHE.DLL [118784 2008-11-12] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\...\Authentication\Credential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] -> C:\Program Files\WIDCOMM\Bluetooth Software\\BtwCP.dll [2011-10-27] (Broadcom Corporation -> Broadcom Corporation.)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-08-24]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation -> Broadcom Corporation.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2015-08-24]
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc. -> Dell Inc.)
Startup: C:\Users\ntb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\netoptimize.lnk [2021-09-29]
ShortcutTarget: netoptimize.lnk -> C:\Users\ntb\AppData\Roaming\DB Software Laboratory\Svn Syncronize Management\disksyncer.exe (DusanRodina_LanManagement -> Fieldston Software) [File not signed]
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Policies: C:\Users\ntb\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04B93F2E-1624-4107-9BE8-4EDBD58AF9C5} - System32\Tasks\Microsoft\Windows\Diagnosis\SortWindowarps => RUNDLL32 "C:\Program Files (x86)\Common Files\ConsoleSimulation\WebqsUser\KDDGR_Bluegrdwmdr.dll" CNBage_Aa001c
Task: {1006DA88-C5C9-449C-9A84-23C7AF221828} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {1FB5512C-41F9-457B-9A2F-1852D7C76F50} - \Microsoft\Windows\Google\GoogleUpdateTaskMachineTE -> No File <==== ATTENTION
Task: {44E16439-9898-4510-8394-E709F34B215A} - System32\Tasks\CCleanerSkipUAC - ntb => C:\Program Files\CCleaner\CCleaner.exe [29155968 2021-09-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {5B10EB6A-581D-4C24-8FFF-076C0E637093} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {5B10EB6A-581D-4C24-8FFF-076C0E637093} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [358400 [358400 2016-05-20]] (Microsoft Windows -> Microsoft Corporation)
Task: {8760CC24-6D0C-418A-8880-4AA69FE9BF9F} - System32\Tasks\Microsoft\Windows\Setup\gwx\rH2Xy3EUQiRZqoiTQnXnBCDVJRh5RwE36W => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {8760CC24-6D0C-418A-8880-4AA69FE9BF9F} - System32\Tasks\Microsoft\Windows\Setup\gwx\rH2Xy3EUQiRZqoiTQnXnBCDVJRh5RwE36W => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [358400 [358400 2016-05-20]] (Microsoft Windows -> Microsoft Corporation)
Task: {8C520F69-2385-40E3-8247-57DFFB5E9EAC} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime
Task: {8C520F69-2385-40E3-8247-57DFFB5E9EAC} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [358400 [358400 2016-05-20]] (Microsoft Windows -> Microsoft Corporation)
Task: {8D729415-04BB-499A-813B-3AB742212BA7} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [888232 2021-01-29] (Bitdefender SRL -> Bitdefender)
Task: {AC47CE7F-E611-4BE9-BF4E-79453A0EFF83} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {AC47CE7F-E611-4BE9-BF4E-79453A0EFF83} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {AC47CE7F-E611-4BE9-BF4E-79453A0EFF83} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [358400 [358400 2016-05-20]] (Microsoft Windows -> Microsoft Corporation)
Task: {EC1143C7-7F50-4318-B922-2AEEB57C7F10} - \Firefox Default Browser Agent 69563C0401A7C7F9 -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Epson Printer Software Downloader.job => C:\Program Files (x86)\EPSON\EPAPDL\E_SAPDL2.EXE
Task: C:\Windows\Tasks\update-S-1-5-21-2300812948-3644434461-2255956692-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
Tcpip\Parameters: [DhcpNameServer] 195.146.128.60 195.146.132.59
Tcpip\..\Interfaces\{D6921D65-D6A5-41A9-A279-955100747A23}: [DhcpNameServer] 195.146.128.60 195.146.132.59

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2021-01-09] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [82640 2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
R2 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [89600 2009-03-03] (Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation)
R2 DFEPService; C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2280952 2013-01-22] (Dell Inc. -> Dell Inc.)
U2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2624856 2017-03-09] (ESET, spol. s r.o. -> ESET)
S2 EPSON_EB_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE [163840 2007-12-17] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
S2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE [126464 2007-01-11] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
S2 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [14649632 2021-09-28] (EnigmaSoft Limited -> EnigmaSoft Limited)
R2 O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1358248 2021-01-29] (Bitdefender SRL -> Bitdefender)
S2 ShMonitor; C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe [527136 2021-09-28] (EnigmaSoft Limited -> EnigmaSoft Limited)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [296448 2011-01-25] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2292480 2012-07-17] (Microsoft Corporation -> Microsoft Corp.)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Acceler; C:\Windows\System32\DRIVERS\accelern.sys [27760 2011-07-22] (STMicroelectronics -> ST Microelectronics)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [132848 2017-03-09] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [107344 2017-03-09] (ESET, spol. s r.o. -> ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [178056 2017-03-09] (ESET, spol. s r.o. -> ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [50752 2017-03-09] (ESET, spol. s r.o. -> ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [78192 2017-03-09] (ESET, spol. s r.o. -> ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [60544 2017-03-09] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [101648 2017-03-09] (ESET, spol. s r.o. -> ESET)
R1 googledrivefs3525; C:\Windows\System32\DRIVERS\googledrivefs3525.sys [382944 2021-08-09] (Google LLC -> Google, Inc.)
S3 GridinSoftInetSecurityDriver; C:\Windows\System32\DRIVERS\gsInetSecurity.sys [107784 2021-09-21] (GridinSoft, LLC -> GridinSoft LLC)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2021-01-09] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2021-01-09] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [22128 2011-07-15] (STMicroelectronics -> ST Microelectronics)
R3 STHDA; C:\Windows\System32\DRIVERS\stwrt64.sys [520192 2011-01-25] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
S3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [38216 2021-09-21] (GridinSoft, LLC -> GridinSoft LLC)
R3 wbfcvusbdrv; C:\Windows\System32\Drivers\wbfcvusbdrv.sys [17120 2013-03-07] (Broadcom Corp -> )
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64_prewin8.sys [31920 2018-02-26] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
U4 dmwappushservice; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-09-29 14:28 - 2021-09-29 14:29 - 000016790 _____ C:\Users\ntb\Desktop\FRST.txt
2021-09-29 14:26 - 2021-09-29 14:28 - 000000000 ____D C:\FRST
2021-09-29 14:25 - 2021-09-29 14:25 - 002304512 _____ (Farbar) C:\Users\ntb\Desktop\FRST64.exe
2021-09-29 14:20 - 2021-09-29 14:20 - 000087428 _____ C:\ProgramData\agent.update.1632918041.bdinstall.v2.bin
2021-09-29 13:51 - 2021-09-29 13:57 - 000000000 ____D C:\Users\ntb\Desktop\abcd
2021-09-29 13:20 - 2021-09-29 13:20 - 000001985 _____ C:\Users\Public\Desktop\ESET Ochrana online platieb.lnk
2021-09-29 13:19 - 2021-09-29 14:22 - 000003648 _____ C:\Windows\system32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2021-09-29 13:19 - 2021-09-29 13:19 - 000000000 ____D C:\Users\ntb\AppData\Roaming\DB Software Laboratory
2021-09-29 13:19 - 2021-09-29 13:19 - 000000000 ____D C:\Program Files\Bitdefender Antivirus Free
2021-09-29 13:17 - 2021-09-29 14:20 - 000000000 ____D C:\Program Files\Bitdefender Agent
2021-09-29 13:17 - 2021-09-29 13:17 - 000116056 _____ C:\ProgramData\agent.1632914244.bdinstall.v2.bin
2021-09-29 13:17 - 2021-09-29 13:17 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2021-09-29 13:10 - 2021-09-29 13:10 - 000007607 _____ C:\Users\ntb\AppData\Local\Resmon.ResmonCfg
2021-09-29 12:27 - 2021-09-29 12:27 - 013543384 _____ C:\Users\ntb\Desktop\bitdefender_online.exe
2021-09-28 23:47 - 2021-09-29 00:24 - 000000000 ____D C:\ProgramData\MicrosoftNetwork
2021-09-28 23:47 - 2021-09-28 23:47 - 000000000 ____D C:\Users\ntb\AppData\Local\Social_Systems
2021-09-28 21:34 - 2021-09-28 21:34 - 000000893 _____ C:\Users\Public\Desktop\GridinSoft Anti-Malware.lnk
2021-09-28 21:34 - 2021-09-28 21:34 - 000000000 ____D C:\Program Files\GridinSoft Anti-Malware
2021-09-28 21:32 - 2021-09-28 21:32 - 000989584 _____ (GridinSoft LLC) C:\Users\ntb\Desktop\install-antimalware-AM3.exe
2021-09-28 21:14 - 2021-09-28 21:14 - 000000000 ____D C:\Windows\pss
2021-09-28 16:59 - 2021-09-28 16:59 - 000002810 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC - ntb
2021-09-28 16:40 - 2021-09-28 23:02 - 000000000 ____D C:\SUPERDelete
2021-09-28 11:27 - 2021-09-28 11:27 - 000001808 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2021-09-28 11:27 - 2021-09-28 11:27 - 000000000 ____D C:\Users\ntb\AppData\Roaming\SUPERAntiSpyware.com
2021-09-28 11:27 - 2021-09-28 11:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2021-09-28 11:26 - 2021-09-28 11:27 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2021-09-28 11:26 - 2021-09-28 11:26 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2021-09-28 11:21 - 2021-09-28 11:21 - 197099928 _____ (SUPERAntiSpyware) C:\Users\ntb\Desktop\SUPERAntiSpyware.exe
2021-09-28 09:34 - 2021-09-28 09:34 - 000001034 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyHunter5.lnk
2021-09-28 09:34 - 2021-09-28 09:34 - 000001010 _____ C:\Users\Public\Desktop\SpyHunter5.lnk
2021-09-28 09:34 - 2021-09-28 09:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft
2021-09-28 09:34 - 2021-09-28 09:34 - 000000000 ____D C:\ProgramData\EnigmaSoft Limited
2021-09-28 09:33 - 2021-09-28 09:33 - 006673184 _____ (EnigmaSoft Limited) C:\Users\ntb\Desktop\SpyHunter-Installer.exe
2021-09-28 09:33 - 2021-09-28 09:33 - 000000000 ____D C:\Program Files\EnigmaSoft
2021-09-27 23:25 - 2021-09-27 23:25 - 001182144 _____ (Emsisoft Ltd.) C:\Users\ntb\Desktop\decrypt_STOPDjvu.exe
2021-09-27 23:17 - 2021-09-28 21:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Anti-Malware
2021-09-27 23:17 - 2021-09-27 23:17 - 000000000 ____D C:\ProgramData\GridinSoft
2021-09-27 22:31 - 2021-09-27 22:31 - 000001112 _____ C:\Users\ntb\_readme.txt
2021-09-27 22:17 - 2021-09-27 22:17 - 000000560 _____ C:\Users\ntb\AppData\Local\bowsakkdestx.txt
2021-09-27 22:17 - 2021-09-27 22:17 - 000000000 ____D C:\SystemID
2021-09-27 22:15 - 2021-09-27 16:22 - 001125386 _____ C:\Users\ntb\AppData\Roaming\H
2021-09-27 22:11 - 2021-09-27 22:22 - 000000290 __RSH C:\Users\ntb\ntuser.pol
2021-09-27 22:11 - 2021-09-27 22:22 - 000000290 __RSH C:\ProgramData\ntuser.pol
2021-09-27 22:10 - 2021-09-27 22:10 - 020709376 ____N C:\Windows\system32\config\SYSTEM
2021-09-27 22:04 - 2021-09-27 22:04 - 000893608 _____ (AutoIt Team) C:\Users\ntb\AppData\Roaming\Ore.exe.com
2021-09-27 22:04 - 2021-09-27 22:04 - 000000000 ____D C:\Users\ntb\AppData\Local\Systems
2021-09-27 22:03 - 2021-09-28 23:47 - 000000000 ____D C:\ProgramData\Systemd
2021-09-27 22:03 - 2021-09-27 22:17 - 000000000 ____D C:\Users\ntb\AppData\Local\Module_Art
2021-09-27 22:03 - 2021-09-27 22:03 - 000000001 _____ C:\ProgramData\check.txt
2021-09-27 22:03 - 2021-09-27 22:03 - 000000000 ____D C:\ProgramData\Data
2021-09-27 22:02 - 2021-09-28 23:02 - 000000000 ____D C:\Users\ntb\AppData\Roaming\DCzwxeAOru
2021-09-27 22:02 - 2021-09-27 22:42 - 000000000 ____D C:\Users\ntb\Documents\VlcpVideoV1.0.1
2021-09-27 22:02 - 2021-09-27 22:15 - 000893608 _____ (AutoIt Team) C:\Users\ntb\AppData\Roaming\Mia.exe.com
2021-09-27 22:02 - 2021-09-27 22:15 - 000893608 _____ (AutoIt Team) C:\Users\ntb\AppData\Roaming\Frecce.exe.com
2021-09-27 22:02 - 2021-09-27 22:12 - 006826592 _____ C:\Windows\system32\Drivers\7JAhq33gtucK.sys
2021-09-27 21:58 - 2021-09-27 21:58 - 000000000 ____D C:\Users\ntb\AppData\Local\Yandex
2021-09-27 16:22 - 2021-09-27 16:22 - 001125386 _____ C:\Users\ntb\AppData\Roaming\Vedi.avi
2021-09-27 16:22 - 2021-09-27 16:22 - 000893746 _____ C:\Users\ntb\AppData\Roaming\Gabbie.avi
2021-09-27 16:22 - 2021-09-27 16:22 - 000064000 _____ C:\Users\ntb\AppData\Roaming\Vai.avi
2021-09-27 16:22 - 2021-09-27 16:22 - 000012289 _____ C:\Users\ntb\AppData\Roaming\Basso.avi
2021-09-27 16:22 - 2021-09-27 16:22 - 000000462 _____ C:\Users\ntb\AppData\Roaming\Natura.avi
2021-09-27 16:15 - 2021-09-27 16:15 - 001100619 _____ C:\Users\ntb\AppData\Roaming\Fermissimo.vsd
2021-09-27 16:15 - 2021-09-27 16:15 - 000893744 _____ C:\Users\ntb\AppData\Roaming\Immensa.vsd
2021-09-27 16:15 - 2021-09-27 16:15 - 000010241 _____ C:\Users\ntb\AppData\Roaming\Ama.vsd
2021-09-27 16:15 - 2021-09-27 16:15 - 000000520 _____ C:\Users\ntb\AppData\Roaming\Qua.vsd
2021-09-27 13:34 - 2021-09-28 12:42 - 001131184 _____ C:\Users\ntb\AppData\Roaming\Grazia.eml
2021-09-27 13:34 - 2021-09-28 12:42 - 000893756 _____ C:\Users\ntb\AppData\Roaming\Ricuperato.eml
2021-09-27 13:34 - 2021-09-28 12:42 - 000012289 _____ C:\Users\ntb\AppData\Roaming\Custodiva.eml
2021-09-27 13:34 - 2021-09-28 12:42 - 000000489 _____ C:\Users\ntb\AppData\Roaming\Gambe.eml
2021-09-26 21:05 - 2021-09-26 21:05 - 000000000 ____D C:\Users\ntb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2021-09-26 21:03 - 2021-09-26 21:03 - 000002394 _____ C:\Users\Public\Desktop\Cossacks - European Wars.lnk
2021-09-26 21:03 - 2021-09-26 21:03 - 000002376 _____ C:\Users\Public\Desktop\Cossacks - Back To War.lnk
2021-09-26 21:03 - 2021-09-26 21:03 - 000002299 _____ C:\Users\Public\Desktop\Cossacks - Art Of War.lnk
2021-09-26 21:03 - 2021-09-26 21:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2021-09-26 21:02 - 2021-09-26 21:03 - 000000000 ____D C:\Program Files (x86)\Cossacks Anthology
2021-09-26 20:41 - 2021-09-27 22:41 - 000000000 ____D C:\Users\ntb\Desktop\Cossacks Anthology - www.GameTrex.com
2021-09-26 20:22 - 2021-09-27 22:39 - 965877050 _____ C:\Users\ntb\Desktop\Cossacks Anthology - www.GameTrex.com.rar.rigd
2021-09-26 15:20 - 2021-09-26 15:20 - 048637051 _____ C:\Users\ntb\Desktop\file
2021-09-21 14:15 - 2021-09-21 14:15 - 000107784 _____ (GridinSoft LLC) C:\Windows\system32\Drivers\gsInetSecurity.sys
2021-09-21 14:15 - 2021-09-21 14:15 - 000038216 _____ (GridinSoft LLC) C:\Windows\system32\Drivers\gtkdrv.sys
2021-09-14 20:00 - 2021-09-14 20:00 - 000000000 ____D C:\Users\ntb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2021-09-13 22:39 - 2021-09-27 22:39 - 023558533 _____ C:\Users\ntb\Desktop\parcely a brano foto.skp.rigd
2021-09-11 22:23 - 2021-09-11 22:23 - 000000645 _____ C:\Users\ntb\Desktop\Môj disk.lnk
2021-09-11 22:19 - 2021-09-24 18:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2021-09-08 18:09 - 2021-09-24 18:09 - 000002015 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2021-09-08 18:09 - 2021-09-24 18:09 - 000001854 _____ C:\Users\Default\Desktop\Google Slides.lnk
2021-09-08 18:09 - 2021-09-24 18:09 - 000001854 _____ C:\Users\Default\Desktop\Google Sheets.lnk
2021-09-08 18:09 - 2021-09-24 18:09 - 000001842 _____ C:\Users\Default\Desktop\Google Docs.lnk
2021-09-08 18:09 - 2021-08-09 14:57 - 000382944 _____ (Google, Inc.) C:\Windows\system32\Drivers\googledrivefs3525.sys
2021-08-30 21:55 - 2021-09-27 22:39 - 000012053 _____ C:\Users\ntb\Desktop\6. skupina 1. jún.2021.pdf.rigd

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-09-29 14:28 - 2009-07-14 04:34 - 021757952 _____ C:\Windows\system32\config\BCD000000
2021-09-29 13:53 - 2015-08-24 15:23 - 000000000 ____D C:\E6420
2021-09-29 13:51 - 2017-07-10 21:29 - 000000000 ___RD C:\Users\ntb\Disk Google
2021-09-29 13:41 - 2016-09-27 11:49 - 000000384 _____ C:\Windows\Tasks\update-sys.job
2021-09-29 13:21 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2021-09-29 13:11 - 2021-05-01 13:44 - 000000000 ____D C:\Program Files\CCleaner
2021-09-29 12:03 - 2017-05-27 18:10 - 000000000 ____D C:\Users\ntb\AppData\Roaming\EPSON
2021-09-29 12:03 - 2017-05-27 18:06 - 000000000 ____D C:\Program Files (x86)\Epson Software
2021-09-29 12:03 - 2017-05-27 17:59 - 000000000 ____D C:\Program Files (x86)\epson
2021-09-29 12:03 - 2015-08-24 15:24 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2021-09-29 11:20 - 2016-09-27 11:49 - 000000384 _____ C:\Windows\Tasks\update-S-1-5-21-2300812948-3644434461-2255956692-1000.job
2021-09-29 11:18 - 2015-09-22 17:24 - 000000000 ____D C:\Users\ntb\AppData\Local\Google
2021-09-29 08:55 - 2009-07-14 06:45 - 000029136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-09-29 08:55 - 2009-07-14 06:45 - 000029136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-09-28 23:01 - 2015-08-24 15:19 - 000000000 ____D C:\Users\ntb
2021-09-28 21:41 - 2015-09-22 17:24 - 000000000 ____D C:\Program Files (x86)\Google
2021-09-28 18:20 - 2017-05-27 18:20 - 000000248 _____ C:\Windows\Tasks\Epson Printer Software Downloader.job
2021-09-28 16:53 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\SysWOW64\WCN
2021-09-28 16:52 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\SysWOW64\sysprep
2021-09-28 16:51 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\SysWOW64\MUI
2021-09-28 14:43 - 2017-02-08 18:37 - 000000000 ____D C:\Program Files\VideoLAN
2021-09-28 14:32 - 2009-07-14 07:32 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-09-28 11:24 - 2017-07-10 22:08 - 000000000 ____D C:\zzz odlozene z plochy
2021-09-27 22:42 - 2021-07-26 12:59 - 000000000 ___RD C:\Users\ntb\Documents\Scanned Documents
2021-09-27 22:41 - 2021-06-15 10:51 - 000000000 ____D C:\Users\ntb\Desktop\sketchup
2021-09-27 22:39 - 2021-06-30 15:38 - 000240359 _____ C:\Users\ntb\Desktop\Pokyny-COVID19-V.pdf
2021-09-27 22:39 - 2021-06-21 15:28 - 000015070 _____ C:\Users\ntb\Desktop\Vynatie z.docx.rigd
2021-09-27 22:39 - 2021-06-14 10:12 - 001541196 _____ C:\Users\ntb\Desktop\Vyvarujte-sa-chybám-pri-stavbe-domu.pdf.rigd
2021-09-27 22:39 - 2021-06-02 10:21 - 002169289 _____ C:\Users\ntb\Desktop\S-144_V.pdf.rigd
2021-09-27 22:39 - 2021-05-25 12:33 - 155205646 _____ C:\Users\ntb\Downloads\sketchup-make-2015-64-bit.exe.rigd
2021-09-27 22:39 - 2021-05-01 13:44 - 083488134 _____ C:\Users\ntb\Downloads\sketchup-2014.exe.rigd
2021-09-27 22:39 - 2021-04-01 18:16 - 011517862 _____ C:\Users\ntb\Desktop\lff_V.pdf.rigd
2021-09-27 22:39 - 2021-02-10 00:19 - 000019437 _____ C:\Users\ntb\Desktop\Zošit1 (automaticky uložené).xlsx.rigd
2021-09-27 22:39 - 2021-01-27 18:51 - 000352487 _____ C:\Users\ntb\Desktop\zoominst-V (1).pdf.rigd
2021-09-27 22:39 - 2021-01-27 18:51 - 000184901 _____ C:\Users\ntb\Desktop\S-179-V_zhrom_cez_zoom.pdf.rigd
2021-09-27 22:39 - 2020-12-09 12:33 - 000824339 _____ C:\Users\ntb\Desktop\IMG_2800.JPG.rigd
2021-09-27 22:39 - 2020-11-26 21:31 - 000446286 _____ C:\Users\ntb\Desktop\Prednášky zoradene.xls.rigd
2021-09-27 22:39 - 2020-07-29 09:35 - 007304191 _____ C:\Users\ntb\Desktop\cgt_V_01_r720P.mp4.rigd
2021-09-27 22:39 - 2020-06-20 23:09 - 000447462 _____ C:\Users\ntb\Desktop\zoominst-V.pdf.rigd
2021-09-27 22:39 - 2018-12-20 22:22 - 000437839 _____ C:\Users\ntb\Desktop\Jehovovo slovo je živé.docx.rigd
2021-09-27 22:39 - 2017-07-10 19:04 - 000230681 _____ C:\Users\ntb\Downloads\OP na vydanie a pouzivanie kreditnych KK pre FO.pdf.rigd
2021-09-27 22:39 - 2017-07-10 18:57 - 000300682 _____ C:\Users\ntb\Downloads\VUB ucty.pdf.rigd
2021-09-27 22:39 - 2017-07-10 18:55 - 000074507 _____ C:\Users\ntb\Downloads\Zmena formy výpisov.pdf.rigd
2021-09-27 22:39 - 2017-03-20 14:09 - 000008526 _____ C:\Users\ntb\Downloads\SK5302000000001809302454_01-01-2016-31-12-2016 (2).XLS.rigd
2021-09-27 22:39 - 2017-03-20 14:09 - 000008526 _____ C:\Users\ntb\Downloads\SK5302000000001809302454_01-01-2016-31-12-2016 (1).XLS.rigd
2021-09-27 22:39 - 2017-03-20 14:05 - 000026958 _____ C:\Users\ntb\Downloads\SK5302000000001809302454_01-01-2016-31-12-2016.XLS.rigd
2021-09-27 22:39 - 2016-05-17 17:12 - 001525070 ___SH C:\Users\ntb\Desktop\Thumbs.db.rigd
2021-09-27 22:31 - 2021-07-12 11:35 - 000000000 ____D C:\zzzstary dell
2021-09-27 22:31 - 2018-08-23 19:03 - 000000000 ____D C:\samizdaty
2021-09-27 22:21 - 2019-07-24 16:10 - 000000000 ____D C:\Users\ntb\AppData\Roaming\MPC-HC
2021-09-27 22:21 - 2016-11-28 19:42 - 000000000 ____D C:\Program Files (x86)\Steam
2021-09-27 22:20 - 2009-07-14 07:13 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
2021-09-27 22:11 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-09-27 22:03 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\system32\GroupPolicy
2021-09-27 21:58 - 2009-07-14 07:32 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-09-14 20:00 - 2020-05-20 17:52 - 000001879 _____ C:\Users\ntb\Desktop\Zoom.lnk
2021-09-14 20:00 - 2020-04-01 17:48 - 000000000 ____D C:\Users\ntb\AppData\Roaming\Zoom
2021-09-08 18:09 - 2018-03-26 05:26 - 000000000 ____D C:\Program Files\Google

==================== Files in the root of some directories ========

2021-09-27 16:15 - 2021-09-27 16:15 - 000010241 _____ () C:\Users\ntb\AppData\Roaming\Ama.vsd
2021-09-27 16:22 - 2021-09-27 16:22 - 000012289 _____ () C:\Users\ntb\AppData\Roaming\Basso.avi
2021-09-27 13:34 - 2021-09-28 12:42 - 000012289 _____ () C:\Users\ntb\AppData\Roaming\Custodiva.eml
2021-09-27 16:15 - 2021-09-27 16:15 - 001100619 _____ () C:\Users\ntb\AppData\Roaming\Fermissimo.vsd
2021-09-27 22:02 - 2021-09-27 22:15 - 000893608 _____ (AutoIt Team) C:\Users\ntb\AppData\Roaming\Frecce.exe.com
2021-09-27 16:22 - 2021-09-27 16:22 - 000893746 _____ () C:\Users\ntb\AppData\Roaming\Gabbie.avi
2021-09-27 13:34 - 2021-09-28 12:42 - 000000489 _____ () C:\Users\ntb\AppData\Roaming\Gambe.eml
2021-09-27 13:34 - 2021-09-28 12:42 - 001131184 _____ () C:\Users\ntb\AppData\Roaming\Grazia.eml
2021-09-27 22:15 - 2021-09-27 16:22 - 001125386 _____ () C:\Users\ntb\AppData\Roaming\H
2021-09-27 16:15 - 2021-09-27 16:15 - 000893744 _____ () C:\Users\ntb\AppData\Roaming\Immensa.vsd
2021-09-27 22:02 - 2021-09-27 22:15 - 000893608 _____ (AutoIt Team) C:\Users\ntb\AppData\Roaming\Mia.exe.com
2021-09-27 16:22 - 2021-09-27 16:22 - 000000462 _____ () C:\Users\ntb\AppData\Roaming\Natura.avi
2021-09-27 22:04 - 2021-09-27 22:04 - 000893608 _____ (AutoIt Team) C:\Users\ntb\AppData\Roaming\Ore.exe.com
2021-09-27 16:15 - 2021-09-27 16:15 - 000000520 _____ () C:\Users\ntb\AppData\Roaming\Qua.vsd
2021-09-27 22:17 - 2014-04-12 00:48 - 000064664 _____ (Microsoft Corporation) C:\Users\ntb\AppData\Roaming\RegAsm.exe
2021-09-27 13:34 - 2021-09-28 12:42 - 000893756 _____ () C:\Users\ntb\AppData\Roaming\Ricuperato.eml
2021-09-27 16:22 - 2021-09-27 16:22 - 000064000 _____ () C:\Users\ntb\AppData\Roaming\Vai.avi
2021-09-27 16:22 - 2021-09-27 16:22 - 001125386 _____ () C:\Users\ntb\AppData\Roaming\Vedi.avi
2021-09-27 22:17 - 2021-09-27 22:17 - 000000560 _____ () C:\Users\ntb\AppData\Local\bowsakkdestx.txt
2021-09-29 13:10 - 2021-09-29 13:10 - 000007607 _____ () C:\Users\ntb\AppData\Local\Resmon.ResmonCfg
2016-09-27 11:49 - 2016-09-27 11:49 - 000000003 _____ () C:\Users\ntb\AppData\Local\updater.log
2016-09-27 11:49 - 2017-05-06 15:30 - 000000425 _____ () C:\Users\ntb\AppData\Local\UserProducts.xml

==================== FLock ==============================

2021-09-27 22:10 C:\Windows\system32\config\SYSTEM
2021-09-27 22:12 C:\Windows\system32\Drivers\7JAhq33gtucK.sys

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2021-09-25 15:16
==================== End of FRST.txt ========================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-09-2021 02
Ran by ntb (29-09-2021 14:29:56)
Running from C:\Users\ntb\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2015-08-24 13:19:02)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2300812948-3644434461-2255956692-500 - Administrator - Disabled)
Guest (S-1-5-21-2300812948-3644434461-2255956692-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-2300812948-3644434461-2255956692-1013 - Limited - Enabled)
ntb (S-1-5-21-2300812948-3644434461-2255956692-1000 - Administrator - Enabled) => C:\Users\ntb

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2300812948-3644434461-2255956692-1000\...\uTorrent) (Version: 3.5.0.44090 - BitTorrent Inc.)
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.10.33 - STMicroelectronics)
Adobe Reader XI (11.0.20) - Slovak (HKLM-x32\...\{AC76BA86-7AD7-1051-7B44-AB0000000001}) (Version: 11.0.20 - Adobe Systems Incorporated)
Aktualizácia Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-041B-0000-0000000FF1CE}_PROPLUS_{9A8C39B0-D27F-4F81-BE74-2FECF164707E}) (Version: - Microsoft)
Aktualizácia Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-041B-0000-0000000FF1CE}_PROPLUS_{CE23B3DC-18CC-46FC-A309-81D6670F8D3D}) (Version: - Microsoft)
Aktualizácia Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-041B-0000-0000000FF1CE}_PROPLUS_{D6DBF512-87C0-4F6A-8FB9-AC3A389D9DE5}) (Version: - Microsoft)
Backup and Sync from Google (HKLM\...\{AE7B9534-BD28-4C51-838F-A847C2A206E2}) (Version: 3.57.3958.2866 - Google, Inc.)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 25.0.1.177 - Bitdefender)
CCleaner (HKLM\...\CCleaner) (Version: 5.85 - Piriform)
Cossacks Anthology (HKLM-x32\...\Cossacks Anthology_is1) (Version: - GOG.com)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Client System Update (HKLM-x32\...\{04566294-A6B6-4462-9721-031073EB3694}) (Version: 1.3.0 - Dell Inc.)
Dell ControlVault Host Components Installer 64 bit (HKLM\...\{97308CC9-FAED-4A1C-9593-64B2F1FD852D}) (Version: 2.3.309.1625 - Broadcom Corporation)
Dell Feature Enhancement Pack (HKLM\...\{992D1CE7-A20F-4AB0-9D9D-AFC3418844DA}) (Version: 2.2.1 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.134 - ALPS ELECTRIC CO., LTD.)
Epson Printer Software Downloader (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF4434001}) (Version: 2.0.0 - SEIKO EPSON CORPORATION) Hidden
Epson Printer Software Downloader (HKLM-x32\...\Epson Printer Software Downloader) (Version: - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
ESET Smart Security (HKLM\...\{5B079008-A310-4AA7-B491-ABC7228CB773}) (Version: 10.1.204.1 - ESET, spol. s r.o.)
Fotogaléria (HKLM-x32\...\{5B87607E-E781-49C5-9891-80990E45BCA1}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 51.0.15.0 - Google LLC)
GridinSoft Anti-Malware (HKLM\...\GridinSoft Anti-Malware) (Version: 4.2.7 - Gridinsoft LLC)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6324.0 - IDT)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1010 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.70.1205 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.1 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3040 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{b6b417a3-1f40-4618-aadd-49628bda7836}) (Version: 16.1.1 - Intel Corporation)
Lightshot-5.4.0.10 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.10 - Skillbrains)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{0CD05078-D4F3-4006-8726-B01E10A89B28}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MPC-HC 1.7.13 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.13 - MPC-HC Team)
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\{0CB3B7EE-52C7-4136-AF40-605567D90318}) (Version: 3.0.07.23 - O2Micro International LTD.) Hidden
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{0CB3B7EE-52C7-4136-AF40-605567D90318}) (Version: 3.0.07.23 - O2Micro International LTD.)
Odinštalovať tlačiareň EPSON BX310FN Series (HKLM\...\EPSON BX310FN Series) (Version: - SEIKO EPSON Corporation)
SketchUp 2015 (HKLM-x32\...\{D0A0BE3D-8D66-4BE9-87C4-D30CA5AA93A3}) (Version: 15.3.330 - Trimble Navigation Limited)
SpyHunter 5 (HKLM-x32\...\SpyHunter5) (Version: 5.11.8.246 - EnigmaSoft Limited)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 10.0.1238 - SUPERAntiSpyware.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.8900 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Manager (HKLM-x32\...\{C845414C-903C-4218-9DE7-132AB97FDF62}) (Version: 1.0.0 - AW Manager) <==== ATTENTION
WinRAR 5.91 (64-bitová verzia) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-2300812948-3644434461-2255956692-1000\...\ZoomUMX) (Version: 5.7.8 (1247) - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\51.0.15.0\drivefsext.dll [2021-09-09] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\51.0.15.0\drivefsext.dll [2021-09-09] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\51.0.15.0\drivefsext.dll [2021-09-09] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\51.0.15.0\drivefsext.dll [2021-09-09] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-09-09] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-09-09] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-09-09] (Google LLC -> Google)
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\51.0.15.0\drivefsext.dll [2021-09-09] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-03-09] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-09-09] (Google LLC -> Google)
ContextMenuHandlers1: [GridinSoft Anti-Malware] -> {F77F27A6-89F3-471A-AFA8-3B280940A10C} => C:\Program Files\GridinSoft Anti-Malware\shellext.dll [2021-09-21] (GridinSoft, LLC -> Gridinsoft LLC)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-08-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-03-09] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers2: [GridinSoft Anti-Malware] -> {F77F27A6-89F3-471A-AFA8-3B280940A10C} => C:\Program Files\GridinSoft Anti-Malware\shellext.dll [2021-09-21] (GridinSoft, LLC -> Gridinsoft LLC)
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\51.0.15.0\drivefsext.dll [2021-09-09] (Google LLC -> Google, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-09-09] (Google LLC -> Google)
ContextMenuHandlers4: [GridinSoft Anti-Malware] -> {F77F27A6-89F3-471A-AFA8-3B280940A10C} => C:\Program Files\GridinSoft Anti-Malware\shellext.dll [2021-09-21] (GridinSoft, LLC -> Gridinsoft LLC)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\51.0.15.0\drivefsext.dll [2021-09-09] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-02-22] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-03-09] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [GridinSoft Anti-Malware] -> {F77F27A6-89F3-471A-AFA8-3B280940A10C} => C:\Program Files\GridinSoft Anti-Malware\shellext.dll [2021-09-21] (GridinSoft, LLC -> Gridinsoft LLC)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-08-25] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) =============

2021-09-27 23:08 - 2021-09-27 23:08 - 001556480 _____ (AdoptOpenJDK) [File not signed] C:\Users\ntb\AppData\Roaming\DB Software Laboratory\Svn Syncronize Management\libmpg2.0.dll
2015-08-24 15:37 - 2013-01-24 01:19 - 001892352 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\xerces-c_2_7.dll
2021-09-27 23:04 - 2021-09-27 23:04 - 004440576 _____ (DB Software Laboratory) [File not signed] C:\Users\ntb\AppData\Roaming\DB Software Laboratory\Svn Syncronize Management\ff_libdts.dll
2015-08-24 15:37 - 2013-01-24 01:19 - 000069632 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\StatusStrings.dll
2016-01-26 16:53 - 2016-01-26 16:53 - 001656320 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80.DLL
2016-01-26 16:53 - 2016-01-26 16:53 - 001652736 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL
0000-00-00 00:00 - 0000-00-00 00:00 - 000000000 _____ <==== ATTENTION (Access Denied) C:\Program Files (x86)\Common Files\ConsoleSimulation\WebqsUser\KDDGR_Bluegrdwmdr.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 11) (Whitelisted) ==========

HKU\S-1-5-21-2300812948-3644434461-2255956692-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: Pomocník pri prihlasovaní v konte Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-10-18 01:21 - 2021-09-27 21:58 - 000000000 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Windows Live\Shared
HKU\S-1-5-21-2300812948-3644434461-2255956692-1000\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-2300812948-3644434461-2255956692-501\Control Panel\Desktop\\Wallpaper -> C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 195.146.128.60 - 195.146.132.59
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: EEventManager => C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
MSCONFIG\startupreg: GoogleDriveFS => "C:\Program Files\Google\Drive File Stream\51.0.15.0\GoogleDriveFS.exe" --startup_mode
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D29C7893-FE7E-434F-A5A3-CA3E3182A2C6}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Mobile Wireless Group -> )
FirewallRules: [{E958079C-5B3A-45E2-9E55-84F34B227786}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CA3B4D11-92F2-47FC-A583-8D434FDCCEA2}] => (Allow) LPort=2869
FirewallRules: [{55A3D24A-2E86-4A1A-8FD3-F9732D9EB587}] => (Allow) LPort=1900
FirewallRules: [{D9DBD535-4F6F-4D53-931B-1A942909BBE2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{06404E5E-439E-466C-AABC-9DFF2AB93A6D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{582E3571-AA97-4E01-A468-AE5E57DF8110}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Awesomenauts\AwesomenautsLauncher.exe () [File not signed]
FirewallRules: [{8A4853C2-2912-4AEF-9586-C95D644A05F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Awesomenauts\AwesomenautsLauncher.exe () [File not signed]
FirewallRules: [{50F03F68-2EE6-4BC9-A3E5-E17EFAFC219F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{AE2773A9-D908-4092-A33D-D3163269A8D8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{0AF909A8-5C6F-42BA-B316-2D3F3BD79980}C:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenauts.exe () [File not signed]
FirewallRules: [UDP Query User{FB769FC3-FE83-469F-8488-A57450023B1D}C:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenauts.exe () [File not signed]
FirewallRules: [TCP Query User{B5D0A4A6-9E0B-44CC-A596-5D1DF20E136F}C:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenauts.exe () [File not signed]
FirewallRules: [UDP Query User{A22119B1-60B3-4E0C-9AAE-155B14CC2612}C:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenauts.exe () [File not signed]
FirewallRules: [{021E8CC7-CF8C-4E20-9983-4DEABB163F5B}] => (Allow) C:\Users\ntb\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{D4C6E4EE-C72F-4CDD-B6F5-59C7D4E12838}] => (Allow) C:\Users\ntb\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{6EA9D020-7B4A-4971-947F-4F4E8291FD39}] => (Allow) C:\Users\ntb\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{33D4F511-8F03-4523-A643-7DDFE338C60F}] => (Allow) C:\Users\ntb\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{DC35FFCC-A38C-4422-A7C1-49B58814BCDE}] => (Allow) C:\Users\ntb\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{9C0DD0A4-0E4D-412C-A61E-0E92CE93714B}] => (Allow) C:\Users\ntb\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{D443DA4E-E4AA-4B27-8C4E-27D969ED0378}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{0D96FEA5-7F33-43F8-BC6D-AA75E0271F3A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{D0FC3C39-55E9-4037-B735-B9A729371FF6}] => (Allow) C:\Users\ntb\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{ADD3BDBE-E71D-49B7-B4BB-0ED429BBA8B2}] => (Allow) C:\Users\ntb\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

==================== Restore Points =========================


==================== Faulty Device Manager Devices ============

Name: Dell Wireless 375 Bluetooth Module
Description: Dell Wireless 375 Bluetooth Module
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (09/29/2021 01:39:46 PM) (Source: MsiInstaller) (EventID: 11922) (User: SERVER-T-01)
Description: Product: ESET Smart Security -- Chyba 1922. Službu 'ESET Service' (ekrn) nie je možné odstrániť. Presvedčte sa, či máte dostatočné oprávnenia pre odstraňovanie systémových služieb.

Error: (09/29/2021 01:28:39 PM) (Source: MsiInstaller) (EventID: 11922) (User: SERVER-T-01)
Description: Product: ESET Smart Security -- Chyba 1922. Službu 'ESET Service' (ekrn) nie je možné odstrániť. Presvedčte sa, či máte dostatočné oprávnenia pre odstraňovanie systémových služieb.

Error: (09/29/2021 12:03:29 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Vytvorenie bodu obnovenia zlyhalo. (Proces = C:\Users\ntb\AppData\Local\Temp\SETF7D0.tmp -deleter -l0x9 -u -your_launchersetup.exe -clone_of"c:\program files (x86)\installshield installation information\{48f22622-1cc2-4a83-9c1e-644dd96f832d}\"; Popis = Removed Epson Event Manager; Chyba = 0x80070422).

Error: (09/29/2021 12:03:28 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Vytvorenie bodu obnovenia zlyhalo. (Proces = C:\Program Files (x86)\InstallShield Installation Information\{028EC2AF-F501-4567-9CEA-140030DE8544}\setup.exe -deleter -u; Popis = Removed Attach To Email; Chyba = 0x80070422).

Error: (09/29/2021 12:03:26 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Vytvorenie bodu obnovenia zlyhalo. (Proces = C:\Program Files (x86)\InstallShield Installation Information\{2580F4DA-324F-4945-B16F-B2B867325085}\setup.exe -deleter -u; Popis = Removed EPSON Scan Assistant; Chyba = 0x80070422).

Error: (09/28/2021 11:48:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybovej aplikácie: Zena.exe, verzia: 0.16.1.1, časová značka: 0x61477e6e
Názov chybového modulu: btmmhook.dll, verzia: 6.3.0.8900, časová značka: 0x4ea9aa19
Kód výnimky: 0x40000015
Odstup chyby: 0x000000000001a3ee
Identifikácia chybného procesu: 0x2ec0
Čas spustenia chybnej aplikácie: 0x01d7b4b274c86846
Cesta chybnej aplikácie: C:\Users\ntb\AppData\Local\Temp\Zena.exe
Cesta chybného modulu: C:\Program Files\WIDCOMM\Bluetooth Software\btmmhook.dll
Identifikácia hlásenia: d72cf681-20a5-11ec-823d-d4bed911f860

Error: (09/28/2021 11:47:40 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: chlen.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Reflection.TargetInvocationException
Stack:
at System.RuntimeMethodHandle.InvokeMethod(System.Object, System.Object[], System.Signature, Boolean)
at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(System.Object, System.Object[], System.Object[])
at System.Reflection.RuntimeMethodInfo.Invoke(System.Object, System.Reflection.BindingFlags, System.Reflection.Binder, System.Object[], System.Globalization.CultureInfo)
at System.RuntimeType.InvokeMember(System.String, System.Reflection.BindingFlags, System.Reflection.Binder, System.Object, System.Object[], System.Reflection.ParameterModifier[], System.Globalization.CultureInfo, System.String[])
at 䟅䟃䟓䟀䟉䞐䞔䟃䞒䞤䟄䞗䞐䟁䟁.᩿ᫀ᩻᪛᪚᪘᩿᩻᪭᩿᪄᩽᪱᪃᪭(System.String)
at 韚韟頋韛韡頍頎韬韚韞頗頝韸領韣.Main()

Error: (09/28/2021 10:51:58 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Vytvorenie bodu obnovenia zlyhalo. (Proces = C:\Windows\system32\msiexec.exe /V; Popis = Removed Windows Manager; Chyba = 0x80070422).


System errors:
=============
Error: (09/29/2021 02:26:38 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (09/29/2021 02:25:25 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (09/29/2021 02:25:25 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (09/29/2021 02:25:04 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (09/29/2021 02:25:04 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (09/29/2021 01:09:50 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (09/29/2021 01:09:50 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (09/29/2021 12:49:50 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.


==================== Memory info ===========================

BIOS: Dell Inc. A04 05/11/2011
Motherboard: Dell Inc. 0K0DNP
Processor: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz
Percentage of memory in use: 88%
Total physical RAM: 3972.93 MB
Available physical RAM: 474.67 MB
Total Virtual: 7944.05 MB
Available Virtual: 4261.06 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:476.84 GB) (Free:379.41 GB) NTFS

\\?\Volume{39733f43-ce15-11e9-bb9e-806e6f6e6963}\ (Vyhradené systémom) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 476.9 GB) (Disk ID: EE03FE89)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=476.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

OK. Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

tak urobil som to podla pokynov, posielam cen subor::::

# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build: 06-29-2021
# Database: 2021-06-29.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 09-29-2021
# Duration: 00:00:00
# OS: Windows 7 Home Premium
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1750 octets] - [29/09/2021 22:40:14]
AdwCleaner[C00].txt - [1977 octets] - [29/09/2021 22:42:48]
AdwCleaner[S01].txt - [1535 octets] - [29/09/2021 22:44:17]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

Toto je OK. Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2300812948-3644434461-2255956692-1000\...\MountPoints2: {2547e260-6f1d-11e8-8791-d4bed911f860} - E:\Lenovo_Suite.exe
HKU\S-1-5-21-2300812948-3644434461-2255956692-1000\...\MountPoints2: {78e037a1-2726-11e8-a2a5-d4bed911f860} - E:\autorun.exe
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Policies: C:\Users\ntb\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {1FB5512C-41F9-457B-9A2F-1852D7C76F50} - \Microsoft\Windows\Google\GoogleUpdateTaskMachineTE -> No File <==== ATTENTION
Task: {EC1143C7-7F50-4318-B922-2AEEB57C7F10} - \Firefox Default Browser Agent 69563C0401A7C7F9 -> No File <==== ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
U4 dmwappushservice; no ImagePath
C:\Users\ntb\AppData\Roaming\Mia.exe.com
C:\Users\ntb\AppData\Roaming\Ore.exe.com
C:\Windows\system32\Drivers\7JAhq33gtucK.sys
0000-00-00 00:00 - 0000-00-00 00:00 - 000000000 _____ <==== ATTENTION (Access Denied) C:\Program Files (x86)\Common Files\ConsoleSimulation\WebqsUser\KDDGR_Bluegrdwmdr.dll
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

vykonal som ukony, ziadalo ma to restartovat pocitac, tak som toez vykonal
prikladam log:::

Fix result of Farbar Recovery Scan Tool (x64) Version: 22-09-2021 02
Ran by ntb (30-09-2021 16:59:39) Run:1
Running from C:\Users\ntb\Desktop
Loaded Profiles: ntb & Guest
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2300812948-3644434461-2255956692-1000\...\MountPoints2: {2547e260-6f1d-11e8-8791-d4bed911f860} - E:\Lenovo_Suite.exe
HKU\S-1-5-21-2300812948-3644434461-2255956692-1000\...\MountPoints2: {78e037a1-2726-11e8-a2a5-d4bed911f860} - E:\autorun.exe
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Policies: C:\Users\ntb\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {1FB5512C-41F9-457B-9A2F-1852D7C76F50} - \Microsoft\Windows\Google\GoogleUpdateTaskMachineTE -> No File <==== ATTENTION
Task: {EC1143C7-7F50-4318-B922-2AEEB57C7F10} - \Firefox Default Browser Agent 69563C0401A7C7F9 -> No File <==== ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
U4 dmwappushservice; no ImagePath
C:\Users\ntb\AppData\Roaming\Mia.exe.com
C:\Users\ntb\AppData\Roaming\Ore.exe.com
C:\Windows\system32\Drivers\7JAhq33gtucK.sys
0000-00-00 00:00 - 0000-00-00 00:00 - 000000000 _____ <==== ATTENTION (Access Denied) C:\Program Files (x86)\Common Files\ConsoleSimulation\WebqsUser\KDDGR_Bluegrdwmdr.dll
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
HKU\S-1-5-21-2300812948-3644434461-2255956692-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2547e260-6f1d-11e8-8791-d4bed911f860} => removed successfully
HKU\S-1-5-21-2300812948-3644434461-2255956692-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{78e037a1-2726-11e8-a2a5-d4bed911f860} => removed successfully
C:\ProgramData\NTUSER.pol => moved successfully
C:\Users\ntb\NTUSER.pol => moved successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1FB5512C-41F9-457B-9A2F-1852D7C76F50}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1FB5512C-41F9-457B-9A2F-1852D7C76F50}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Google\GoogleUpdateTaskMachineTE" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EC1143C7-7F50-4318-B922-2AEEB57C7F10}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC1143C7-7F50-4318-B922-2AEEB57C7F10}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Firefox Default Browser Agent 69563C0401A7C7F9" => removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\System\CurrentControlSet\Services\dmwappushservice => removed successfully
dmwappushservice => service removed successfully
C:\Users\ntb\AppData\Roaming\Mia.exe.com => moved successfully
C:\Users\ntb\AppData\Roaming\Ore.exe.com => moved successfully
Could not move "C:\Windows\system32\Drivers\7JAhq33gtucK.sys" => Scheduled to move on reboot.
C:\Program Files (x86)\Common Files\ConsoleSimulation\WebqsUser\KDDGR_Bluegrdwmdr.dll => moved successfully
C:\ProgramData\Reprise => ":wupeogjxlctlfudivq`qsp`28hfm" ADS removed successfully
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`26hfm" ADS removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 18626617 B
Java, Flash, Steam htmlcache => 214481720 B
Windows/system/drivers => 457001512 B
Edge => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 66228 B
Public => 66228 B
ProgramData => 66228 B
systemprofile => 58624506 B
systemprofile32 => 60119690 B
LocalService => 60251934 B
NetworkService => 60318162 B
ntb => 522497945 B
Guest => 522833857 B

RecycleBin => 1524771352 B
EmptyTemp: => 3.3 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 30-09-2021 17:02:22)

C:\Windows\system32\Drivers\7JAhq33gtucK.sys => Could not move

==== End of Fixlog 17:02:22 ====

Smazáno, log by již měl být OK.

super dakujem,
dobre tomu rozumim, ze by som uz nemel mit zadny virusi a muzu bez obav spustit napr maily, internet banking, Google disk a ine duverne veci?
jeste jednou dekuji

PC máte bez malware, pouze některé vaše soubory jsou zakryptován. Zde: https://forum.viry.cz/viewtopic.php?p=1543552#p1543552 je návod na další postup. Pokud máte soubory zálohovány, postačí překopírovat soubory ze zálohy.