VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

SGLH subory, pravdepodobne ransomware

https://forum.viry.cz:443/viewtopic.php?t=158392

Stránka 1 z 1

SGLH subory, pravdepodobne ransomware

Napsal: 27 lis 2021 15:32
od MarkAurel
Ahojte, chcem sa opytat ci je mozne zachranit data z pc, vsetky subory maju za svojou koncovkou este koncovku SGLH docital som sa ze je to ransomware no neviem ci je este mozne zachranit data a teda je daky realny navod, moznost. Dakujem

Re: SGLH subory, pravdepodobne ransomware

Napsal: 27 lis 2021 17:02
od Rudy
Zdravím!
Zde vám můžeme PC vyčistit. Ovšem rozkódovat soubory nikoliv. K tomu je třeba přímý přístup do PC, což nemáme právně ošetřeno. Dekódování, za předpokladu, že mají k dispozici dekódovací klíč, vám provedou zde: https://neslape.cz/?utm_campaign=neslap ... ium=banner . Pokud chcete PC vyčistit, dejte logy FRST+Addition: https://forum.viry.cz/viewtopic.php?f=13&t=154679 .

Re: SGLH subory, pravdepodobne ransomware

Napsal: 28 lis 2021 14:54
od MarkAurel
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-11-2021
Ran by Georgius (administrator) on GEORGIUS-PC (MSI MS-7750) (28-11-2021 14:44:23)
Running from C:\Users\Georgius\Desktop
Loaded Profiles: Georgius & UpdatusUser
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X64) Language: Slovenčina (Slovensko)
Default browser: IE
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microleaves LTD -> Advanced Windows Manager) C:\Program Files (x86)\AdvancedWindowsManager\Windows Installer\AdvancedWindowsManager.exe <7>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe <2>
(philandro Software GmbH -> philandro Software GmbH) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files\EPSON_P2\Status Monitor\SEPWDN.EXE
(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files\EPSON_P2\Status Monitor\SESDBN.EXE

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [175504 2020-10-26] (ESET, spol. s r.o. -> ESET)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3999889357-1238142211-2592065837-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35342976 2021-11-12] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-18\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [30796352 2018-10-24] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKLM\...\Print\Monitors\EPSON L805 Series 64MonitorBE: C:\Windows\system32\E_YLMBPRE.DLL [180224 2014-03-04] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\EPSON Stylus Photo R260 Series 64MonitorBA: C:\Windows\system32\E_ILMBNA.DLL [126976 2006-08-09] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\EPSON Stylus Photo R265 Series 64MonitorBE: C:\Windows\system32\E_ILMBNE.DLL [108032 2007-12-07] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\Status Monitor Language Monitor for EPSON AL-C2900 PCL 6: C:\Windows\system32\SEHMPZIL.DLL [187392 2010-12-28] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\Status Monitor Language Monitor for EPSON AL-C2900 PS: C:\Windows\system32\SEPSCMPL.DLL [187392 2010-12-28] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\Installer\chrmstp.exe [2019-07-23] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{65122CB0-EA0F-47DF-A953-017170ED12F9}] -> "C:\Program Files (x86)\UCBrowser\Application\6.2.3831.211\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --wow-install-target-path="C:\Program Files (x86)\UCBrowser"
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2020-05-04] (Adobe Inc. -> Adobe Systems, Inc.)
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Policies: C:\Users\Georgius\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09FAA8E5-4B52-467E-9431-DF374998D799} - System32\Tasks\vp4-slovak => C:\Program Files (x86)\VyčistiťPočítač4\vp4.exe /SCHEDULED (No File)
Task: {13266AF3-51CB-4471-8538-F56ED2CF58A6} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files (x86)\UCBrowser\Application\update_task.exe /task=1 (No File) <==== ATTENTION
Task: {17D50D7A-4187-4C41-B1B2-A60B8760B559} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-11-11] (Adobe Inc. -> Adobe)
Task: {27A4CC11-21C3-432C-AF2B-AC0901DE2353} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe /update (No File) <==== ATTENTION
Task: {2B9DB0E8-44F5-4AE6-A5A0-E577E6F307C4} - System32\Tasks\Opera scheduled assistant Autoupdate 1582645762 => C:\Program Files\Opera developer\launcher.exe [2634448 2021-11-22] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Program Files\Opera developer\assistant" $(Arg0)
Task: {2C8A3D5D-DA6F-4D17-9485-D0EA513E390C} - System32\Tasks\AdvancedUpdater => C:\Program Files (x86)\AdvancedWindowsManager\Windows Installer\Windows Updater.exe [1020024 2021-04-09] (Microleaves LTD -> AdvancedWindowsManager) <==== ATTENTION
Task: {3849D7B1-3F2A-4B27-862D-FBE7725B5A10} - System32\Tasks\CorelUpdateHelperTaskCore => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe [1662200 2019-02-27] (Corel Corporation -> Corel Corporation)
Task: {38F32E4D-18C3-47FF-88C7-63D58DE7930E} - System32\Tasks\AdvancedWindowsManager => C:\Program Files (x86)\AdvancedWindowsManager\Windows Installer\AdvancedWindowsManager.exe [482632 2021-04-09] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {401CE22A-8D62-4D76-878D-838887B32E24} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe --update-config (No File) <==== ATTENTION
Task: {42FDD7B4-FA9D-4212-872A-637B55BB9088} - System32\Tasks\jVVcebPoCjhHKmi => rundll32 "C:\Program Files (x86)\ExRIRmygU\aWdcTt.dll",#1
Task: {4423F784-ABEA-46B6-B133-C0AE52EFEA40} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [39920 2018-10-24] (Garmin International, Inc. -> )
Task: {48552812-83EB-4E3C-8152-8BE5B69C31BC} - System32\Tasks\boQbXxbEJPaDgWztw => rundll32 "C:\Program Files (x86)\OGqwJxyzdjgEZIvrFER\aUqUBNq.dll",#1
Task: {4B8EC765-4DA1-4A8B-AE9A-A8B8C308C63E} - System32\Tasks\One System Care Monitor => C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe -Notify (No File) <==== ATTENTION
Task: {4EC691C3-967F-4428-8EF0-900598827B75} - System32\Tasks\AdvancedWindowsManager #4 => C:\Program Files (x86)\AdvancedWindowsManager\Windows Installer\AdvancedWindowsManager.exe [482632 2021-04-09] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {54F0C687-8E58-4AB4-A2C5-41381B8A1921} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_453_pepper.exe [1498680 2020-11-11] (Adobe Inc. -> Adobe)
Task: {60343854-85E1-4C56-B119-7178252D4C0D} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [908144 2017-11-02] (MICROLEAVES LTD -> Microleaves) <==== ATTENTION
Task: {63205A6C-1DEE-4F77-88F5-2B594CEF8E6A} - System32\Tasks\jVVcebPoCjhHKmi2 => rundll32 "C:\Program Files (x86)\ExRIRmygU\aWdcTt.dll",#1
Task: {68148EC5-F255-4EC6-B3F5-29E5CEE49ACB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {7F2CFC08-8F4E-4DCD-9FFB-BA15C0999C44} - System32\Tasks\AdvancedWindowsManager #1 => C:\Program Files (x86)\AdvancedWindowsManager\Windows Installer\AdvancedWindowsManager.exe [482632 2021-04-09] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {909CAEF1-8270-4C4C-BDE5-999B1BD1F8FF} - System32\Tasks\One System Care Delayed => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe --scan (No File) <==== ATTENTION
Task: {9422BC1C-DE8C-4004-90D8-141621E83236} - System32\Tasks\FastDataX Task => C:\PROGRA~2\FASTDA~1\FASTDA~1.EXE (No File)
Task: {9CF5BE36-256D-41C3-9CD9-B6AD9BFFE8CA} - System32\Tasks\LaCieS => C:\Disk\WebService.exe (No File)
Task: {9F5EB526-389B-4094-A0A9-18B27A32F766} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {A42A036B-E837-4DA0-B37E-3EA2AE2C62C0} - System32\Tasks\AdvancedWindowsManager #5 => C:\Program Files (x86)\AdvancedWindowsManager\Windows Installer\AdvancedWindowsManager.exe [482632 2021-04-09] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {BE648ECD-6586-4952-9353-06ED74FAFF28} - System32\Tasks\EPSON L805 Series Update {FF87F377-887B-4C67-80E4-232CA7C473E0} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSPRE.EXE [690536 2013-11-21] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Task: {BE7A66B7-9EEB-4A2D-BF4B-86B466000F24} - System32\Tasks\EPSON L805 Series Update {ED7CDAD9-7D40-43A5-AD81-5577B9704608} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSPRE.EXE [690536 2013-11-21] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Task: {CAB64C6E-3F94-42CB-A9FB-8B3C8AB3B72A} - System32\Tasks\AdvancedWindowsManager #3 => C:\Program Files (x86)\AdvancedWindowsManager\Windows Installer\AdvancedWindowsManager.exe [482632 2021-04-09] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {D1AFE6CC-7198-440B-B70A-B798C71FCC4B} - System32\Tasks\{DA5A7956-815F-490D-BE92-02A152381DC5} => C:\Windows\system32\pcalua.exe -a C:\Users\Georgius\AppData\Local\Temp\jre-8u171-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {D1E17A47-3C1A-4B79-8F1F-22ACBDBBA42C} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-11-12] (Piriform Software Ltd -> Piriform)
Task: {D8B75B86-EE38-443A-8366-151ECC8A5584} - System32\Tasks\AdvancedWindowsManager #2 => C:\Program Files (x86)\AdvancedWindowsManager\Windows Installer\AdvancedWindowsManager.exe [482632 2021-04-09] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {DA9D7E4E-5239-4992-B094-BC0769DC7003} - System32\Tasks\AdvancedWindowsManager #6 => C:\Program Files (x86)\AdvancedWindowsManager\Windows Installer\AdvancedWindowsManager.exe [482632 2021-04-09] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {E3D2D902-9470-4243-A61D-AA290EF5A8A0} - System32\Tasks\{e6b1bd71-40ef-4173-8106-93b5f9032a6e} => C:\Users\Georgius\AppData\Local\Temp\{EEB8F0D5-C8CD-4F20-93D5-70AB9346B22E}.exe /t 93b5f9032a6e (No File) <==== ATTENTION
Task: {ED4B16FE-6DA8-46DF-A8D2-76B18D8FFF02} - System32\Tasks\boQbXxbEJPaDgWztw2 => rundll32 "C:\Program Files (x86)\OGqwJxyzdjgEZIvrFER\aUqUBNq.dll",#1
Task: {F471775F-D4C4-474B-909B-5B33F31B2B9C} - System32\Tasks\Opera scheduled Autoupdate 1512577162 => C:\Program Files\Opera developer\launcher.exe [2634448 2021-11-22] (Opera Software AS -> Opera Software) <==== ATTENTION
Task: {F781C579-07DD-41E0-AE98-A2DA6D6522FA} - System32\Tasks\{F32CA8EF-8439-4C12-BF2B-E201BB9BF5AA} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\Quodonbam\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\Quodonbam\uninstall.dat" -a uninstallme CDB521ED-88A2-4D4C-AD53-6B46C197D4D3 DeviceId=da7ff99d-dc25-1262-cfb6-6dde7d04f209 BarcodeId=51557004 ChannelId=4 DistributerName=APSFWemonetize
Task: {FA1FF7DC-D110-47FB-BD2C-C811B0944135} - System32\Tasks\DFSNamespaceClient => C:\Program Files (x86)\nodejs\node.exe [15017624 2017-05-02] (Node.js Foundation -> Node.js) -> C:\Windows\Installer\{51B62CFF-90C0-4E96-A286-1BC6D15792F5}\{81D2A972-1815-4EE2-9523-6D2661ED34D5} <==== ATTENTION
Task: {FC92E17A-C1F6-4F69-B5E6-BF910B5CCD1E} - System32\Tasks\CCleanerSkipUAC - Georgius => C:\Program Files\CCleaner\CCleaner.exe [29417088 2021-11-12] (Piriform Software Ltd -> Piriform Software Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\boQbXxbEJPaDgWztw.job => C:\Program Files (x86)\OGqwJxyzdjgEZIvrFER\aUqUBNq.dll
Task: C:\Windows\Tasks\EPSON L805 Series Update {ED7CDAD9-7D40-43A5-AD81-5577B9704608}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSPRE.EXE:/EXE:{ED7CDAD9-7D40-43A5-AD81-5577B9704608} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\EPSON L805 Series Update {FF87F377-887B-4C67-80E4-232CA7C473E0}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSPRE.EXE:/EXE:{FF87F377-887B-4C67-80E4-232CA7C473E0} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\jVVcebPoCjhHKmi.job => C:\Program Files (x86)\ExRIRmygU\aWdcTt.dll
Task: C:\Windows\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
Task: C:\Windows\Tasks\UCBrowserUpdaterCore.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
Task: C:\Windows\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [.DEFAULT] => hxxp://webunstop.net/wpad.dat?7060970bdcd3e6bc2d4d7d0491780e8b37140425
AutoConfigURL: [S-1-5-21-3999889357-1238142211-2592065837-1000] => hxxp://webunstop.net/wpad.dat?7060970bdcd3e6bc2d4d7d0491780e8b37140425
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.22.1
Tcpip\..\Interfaces\{BDE2E643-B705-4AA9-8968-9940248D5661}: [DhcpNameServer] 192.168.22.1
Tcpip\..\Interfaces\{DA120C2C-12A1-4D75-827A-E0D632C39FD8}: [DhcpNameServer] 192.168.1.1
ManualProxies: 0hxxp://webunstop.net/wpad.dat?7060970bdcd3e6bc2d4d7d0491780e8b37140425

Edge:
=======
Edge Profile: C:\Users\Georgius\AppData\Local\Microsoft\Edge\User Data\Default [2021-11-25]

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2020-02-28] [Legacy] [not signed]
FF HKU\S-1-5-21-3999889357-1238142211-2592065837-1000\...\Firefox\Extensions: [KVAllmytube@KeepVid.com] - C:\Program Files (x86)\Wondershare\Wondershare AllMyTube\BrowserPlugin\kvallmytube@keepvid.com_xpi => not found
FF Plugin: @java.com/DTPlugin,version=11.241.2 -> C:\Program Files\Java\jre1.8.0_241\bin\dtplugin\npDeployJava1.dll [2020-01-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.241.2 -> C:\Program Files\Java\jre1.8.0_241\bin\plugin2\npjp2.dll [2020-01-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @videolan.org/vlc,version=3.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-11-13] (VideoLAN) [File not signed]
FF Plugin: @videolan.org/vlc,version=4.0.0-dev -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-11-13] (VideoLAN) [File not signed]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-02-14] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2012-10-02] (NVIDIA CORPORATION -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2012-10-02] (NVIDIA CORPORATION -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.13\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.13\npGoogleUpdate3.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-10-22] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-02-14] (Adobe Systems Incorporated -> Adobe Systems)

Chrome:
=======
CHR Profile: C:\Users\Georgius\AppData\Local\Google\Chrome\User Data\Default [2021-11-25]
CHR Extension: (No Name) - C:\Users\Georgius\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-11-22]
CHR Extension: (No Name) - C:\Users\Georgius\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-11-22]
CHR Extension: (No Name) - C:\Users\Georgius\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2020-11-22]
CHR Extension: (No Name) - C:\Users\Georgius\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhjhnafpiilpffhglajcaepjbnbjemci [2020-11-22]
CHR Extension: (No Name) - C:\Users\Georgius\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2020-11-22]
CHR Extension: (No Name) - C:\Users\Georgius\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmpghkabedbjaabdjfchnafeciefnjnk [2020-11-22]
CHR Extension: (No Name) - C:\Users\Georgius\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-11-22]
CHR Extension: (No Name) - C:\Users\Georgius\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-22]
CHR Extension: (No Name) - C:\Users\Georgius\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2020-11-22]
CHR Extension: (No Name) - C:\Users\Georgius\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcadgijmedbfgciegjomfpjcdchlhnif [2020-11-22]
CHR Extension: (No Name) - C:\Users\Georgius\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhemechcanjmilllmccjbjldonmnnjjj [2020-11-22]
CHR Extension: (No Name) - C:\Users\Georgius\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmeinlfojlcegblpogpjbhipmonclejh [2020-11-22]
CHR Extension: (No Name) - C:\Users\Georgius\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-11-22]
CHR Extension: (No Name) - C:\Users\Georgius\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmnkbkildohoaagphpbnbejaegnileoi [2020-11-22]
CHR Extension: (No Name) - C:\Users\Georgius\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2020-11-22]
CHR Extension: (No Name) - C:\Users\Georgius\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-22]
CHR HKU\S-1-5-21-3999889357-1238142211-2592065837-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bgjpfhpjcgdppjbgnpnjllokbmcdllig]
CHR HKU\S-1-5-21-3999889357-1238142211-2592065837-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo]
CHR HKU\S-1-5-21-3999889357-1238142211-2592065837-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [olfeabkoenfaoljndfecamgilllcpiak]
CHR HKLM-x32\...\Chrome\Extension: [bhjhnafpiilpffhglajcaepjbnbjemci]
CHR HKLM-x32\...\Chrome\Extension: [hcadgijmedbfgciegjomfpjcdchlhnif]
CHR HKLM-x32\...\Chrome\Extension: [indjgiebmakhmnaplnlnanodkfiejfjd]
CHR HKLM-x32\...\Chrome\Extension: [lhemechcanjmilllmccjbjldonmnnjjj]

Opera:
=======
OPR Profile: C:\Users\Georgius\AppData\Roaming\Opera Software\Opera Stable [2020-11-22]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=o ... utEncoding}
OPR Extension: (Tables) - C:\Users\Georgius\AppData\Roaming\Opera Software\Opera Stable\Extensions\egafjhhpbipcmpoiomegbckljbbbphoj [2017-12-05]
OPR Extension: (Rich Hints Agent) - C:\Users\Georgius\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2020-10-28]
OPR Extension: (Adblocker na Youtube™) - C:\Users\Georgius\AppData\Roaming\Opera Software\Opera Stable\Extensions\keakaoleafeemhlcpdgcgnaehpeofopp [2017-12-05]
OPR Extension: (Alitools shopping assistant) - C:\Users\Georgius\AppData\Roaming\Opera Software\Opera Stable\Extensions\nkekkheibgkgeepapinkalkongndfajn [2020-11-05]
StartMenuInternet: (HKLM) Operadeveloper - C:\Program Files\Opera developer\Launcher.exe

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"ypwyiedq" => service was unlocked. <==== ATTENTION

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-11-11] (Adobe Inc. -> Adobe)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-02-14] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3739728 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3511376 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [3743984 2021-11-25] (philandro Software GmbH -> philandro Software GmbH)
S4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [90776 2014-03-20] (Microsoft Corporation -> Microsoft Corporation)
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [158912 2019-03-28] (Microsoft Dynamic Code Publisher -> Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2595360 2020-10-26] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2595360 2020-10-26] (ESET, spol. s r.o. -> ESET)
R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
R2 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc)
R2 SESMPWD; C:\Program Files\EPSON_P2\Status Monitor\SEPWDN.EXE [156120 2011-02-02] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
R2 SESMSDB; C:\Program Files\EPSON_P2\Status Monitor\SESDBN.EXE [344536 2011-02-02] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
S2 ypwyiedq; C:\Windows\SysWOW64\ypwyiedq\jiwymjkc.exe [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 athur; C:\Windows\System32\DRIVERS\athurx.sys [1930240 2014-05-23] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [160992 2020-10-26] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [109360 2020-10-26] (ESET, spol. s r.o. -> ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [190464 2020-10-26] (ESET, spol. s r.o. -> ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [43720 2020-10-26] (ESET, spol. s r.o. -> ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [70048 2020-10-26] (ESET, spol. s r.o. -> ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [56152 2020-10-26] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [107784 2020-10-26] (ESET, spol. s r.o. -> ESET)
R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [82432 2011-02-10] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [181760 2011-02-10] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
S3 Ser2pl; C:\Windows\System32\DRIVERS\ser2pl64.sys [97280 2010-03-12] (Microsoft Windows Hardware Compatibility Publisher -> Prolific Technology Inc.)
U1 aswbdisk; no ImagePath
S1 ucdrv; \??\C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [X] <==== ATTENTION
S3 Winmon; \??\C:\Windows\System32\drivers\Winmon.sys [X]
S3 WinmonFS; \??\C:\Windows\System32\drivers\WinmonFS.sys [X]
S1 WinmonProcessMonitor; \??\C:\Windows\System32\drivers\WinmonProcessMonitor.sys [X] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-11-28 14:44 - 2021-11-28 14:45 - 000028366 _____ C:\Users\Georgius\Desktop\FRST.txt
2021-11-28 14:43 - 2021-11-28 14:42 - 002311680 _____ (Farbar) C:\Users\Georgius\Desktop\FRST64.exe
2021-11-28 14:42 - 2021-11-28 14:44 - 000000000 ____D C:\FRST
2021-11-28 14:42 - 2021-11-28 14:42 - 002311680 _____ (Farbar) C:\Users\Georgius\Documents\FRST64.exe
2021-11-28 14:42 - 2021-11-28 14:42 - 000004072 _____ C:\Windows\system32\Tasks\Opera scheduled assistant Autoupdate 1582645762
2021-11-25 18:09 - 2021-11-25 18:09 - 025243648 ____N C:\Windows\system32\config\SYSTEM
2021-11-25 18:00 - 2021-11-25 18:00 - 000003854 _____ C:\Windows\system32\Tasks\AdvancedWindowsManager #6
2021-11-25 18:00 - 2021-11-25 18:00 - 000003854 _____ C:\Windows\system32\Tasks\AdvancedWindowsManager #5
2021-11-25 18:00 - 2021-11-25 18:00 - 000003854 _____ C:\Windows\system32\Tasks\AdvancedWindowsManager #4
2021-11-25 18:00 - 2021-11-25 18:00 - 000003854 _____ C:\Windows\system32\Tasks\AdvancedWindowsManager #3
2021-11-25 18:00 - 2021-11-25 18:00 - 000003854 _____ C:\Windows\system32\Tasks\AdvancedWindowsManager #2
2021-11-25 18:00 - 2021-11-25 18:00 - 000003854 _____ C:\Windows\system32\Tasks\AdvancedWindowsManager #1
2021-11-25 17:41 - 2021-11-25 17:41 - 000002820 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC - Georgius

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-11-28 14:42 - 2009-07-14 06:13 - 000785858 _____ C:\Windows\system32\PerfStringBackup.INI
2021-11-28 14:42 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2021-11-28 14:41 - 2020-11-22 14:45 - 025427968 _____ C:\Windows\system32\C_32770.NLS
2021-11-28 14:41 - 2017-12-06 17:19 - 000003868 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1512577162
2021-11-28 14:41 - 2017-12-06 17:19 - 000000000 ____D C:\Program Files\Opera developer
2021-11-28 14:39 - 2017-12-06 17:51 - 000000000 ____D C:\Program Files\CCleaner
2021-11-28 14:38 - 2017-12-05 20:23 - 000000290 __RSH C:\Users\Georgius\ntuser.pol
2021-11-28 14:38 - 2017-12-05 12:13 - 000000000 ____D C:\Users\Georgius
2021-11-28 14:37 - 2017-12-05 20:20 - 000000298 _____ C:\Windows\Tasks\UCBrowserUpdaterCore.job
2021-11-28 14:37 - 2017-12-05 19:41 - 000000316 _____ C:\Windows\Tasks\boQbXxbEJPaDgWztw.job
2021-11-28 14:37 - 2017-12-05 19:41 - 000000294 _____ C:\Windows\Tasks\jVVcebPoCjhHKmi.job
2021-11-28 14:36 - 2017-12-05 12:50 - 000000000 ____D C:\ProgramData\NVIDIA
2021-11-28 14:36 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-11-25 18:00 - 2020-02-25 19:40 - 000003862 _____ C:\Windows\system32\Tasks\AdvancedUpdater
2021-11-25 17:54 - 2020-09-18 22:33 - 000000000 ____D C:\epson
2021-11-25 17:54 - 2020-04-07 12:08 - 000000000 ____D C:\Adobe Illustrator Installer
2021-11-25 17:54 - 2020-02-06 10:26 - 000000000 ___HD C:\$AV_ASW
2021-11-25 17:54 - 2019-09-04 17:18 - 000000000 ____D C:\JDownloader 2.0
2021-11-25 17:54 - 2018-10-17 21:43 - 000000000 ___HD C:\$AV_AVG
2021-11-25 17:54 - 2018-02-14 16:25 - 000000000 ____D C:\Applications
2021-11-25 17:54 - 2017-12-05 19:38 - 000000000 ____D C:\WinSys
2021-11-25 17:54 - 2017-12-05 19:35 - 000000000 ____D C:\Windat
2021-11-25 17:54 - 2017-12-05 18:45 - 000000000 ____D C:\KMPlayer
2021-11-25 17:54 - 2017-12-05 13:24 - 000000000 ____D C:\artcut6
2021-11-25 17:54 - 2017-12-05 12:50 - 000000000 ____D C:\Users\UpdatusUser
2021-11-25 17:54 - 2017-12-05 12:34 - 000000000 ____D C:\Drivers Win7 x64
2021-11-25 17:50 - 2017-12-05 20:20 - 000000462 _____ C:\Windows\Tasks\UCBrowserUpdater.job
2021-11-25 17:50 - 2009-07-14 05:45 - 000032464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-11-25 17:50 - 2009-07-14 05:45 - 000032464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-11-25 17:41 - 2017-12-06 17:51 - 000003870 _____ C:\Windows\system32\Tasks\CCleaner Update
2021-11-25 17:40 - 2018-03-26 23:56 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2021-11-25 17:39 - 2021-02-19 15:43 - 000000000 ____D C:\Users\Georgius\AppData\LocalLow\uTorrent
2021-11-25 17:39 - 2020-02-26 10:04 - 000000000 ____D C:\Program Files (x86)\AnyDesk
2021-11-25 17:39 - 2017-12-05 18:03 - 000000000 ____D C:\Users\Georgius\AppData\Roaming\uTorrent
2021-11-25 17:39 - 2009-07-14 04:20 - 000000000 __RHD C:\Users\Public\Libraries
2021-11-25 17:31 - 2019-05-03 11:53 - 000000000 ____D C:\Windows\pss
2021-11-25 17:27 - 2020-02-28 12:27 - 000000911 _____ C:\Windows\Tasks\EPSON L805 Series Update {ED7CDAD9-7D40-43A5-AD81-5577B9704608}.job
2021-11-25 17:15 - 2020-02-28 01:15 - 000000911 _____ C:\Windows\Tasks\EPSON L805 Series Update {FF87F377-887B-4C67-80E4-232CA7C473E0}.job
2021-11-25 16:59 - 2017-12-05 17:44 - 000000000 ____D C:\Users\Georgius\AppData\Roaming\Seznam.cz

==================== Files in the root of some directories ========

2019-05-29 12:06 - 2019-05-29 16:44 - 000000040 _____ () C:\Users\Georgius\AppData\Roaming\cdr.ini
2020-01-14 19:33 - 2020-01-03 04:33 - 000405727 ___SH () C:\Users\Georgius\AppData\Roaming\ewbaaut
2017-12-05 20:21 - 2017-12-05 20:21 - 000001658 _____ () C:\Users\Georgius\AppData\Roaming\NDOQH3C.exe.config
2017-12-05 20:17 - 2017-12-05 20:17 - 000001658 _____ () C:\Users\Georgius\AppData\Roaming\XSMM7TI.exe.config
2018-02-14 16:28 - 2018-02-14 16:28 - 007576064 _____ () C:\Users\Georgius\AppData\Local\agent.dat
2020-11-22 14:04 - 2020-11-22 14:04 - 000000557 _____ () C:\Users\Georgius\AppData\Local\bowsakkdestx.txt
2018-02-14 16:28 - 2018-02-14 16:28 - 000070896 _____ () C:\Users\Georgius\AppData\Local\Config.xml
2019-11-27 21:50 - 2019-11-27 22:27 - 000003584 _____ () C:\Users\Georgius\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-02-14 16:26 - 2018-02-14 16:26 - 000016080 _____ () C:\Users\Georgius\AppData\Local\InstallationConfiguration.xml
2018-02-14 16:26 - 2018-02-14 16:26 - 000140800 _____ () C:\Users\Georgius\AppData\Local\installer.dat
2020-01-13 22:34 - 2020-01-13 22:34 - 000326427 _____ () C:\Users\Georgius\AppData\Local\IxsnidY
2018-02-14 16:28 - 2018-02-14 16:28 - 000018432 _____ () C:\Users\Georgius\AppData\Local\Main.dat
2018-02-14 16:28 - 2018-02-14 16:28 - 000005568 _____ () C:\Users\Georgius\AppData\Local\md.xml
2018-02-14 16:28 - 2018-02-14 16:28 - 000126464 _____ () C:\Users\Georgius\AppData\Local\noah.dat
2020-04-09 06:44 - 2020-04-09 06:44 - 000000000 _____ () C:\Users\Georgius\AppData\Local\oobelibMkey.log
2018-02-14 16:26 - 2018-02-14 16:38 - 000930816 _____ () C:\Users\Georgius\AppData\Local\po.db
2017-12-05 13:02 - 2017-12-05 13:02 - 000000017 _____ () C:\Users\Georgius\AppData\Local\resmon.resmoncfg
2020-11-22 14:04 - 2020-11-22 14:04 - 000000049 _____ () C:\Users\Georgius\AppData\Local\script.ps1
2018-02-14 16:28 - 2018-02-14 16:28 - 001984160 _____ () C:\Users\Georgius\AppData\Local\TouchTamla.tst
2018-02-14 16:28 - 2018-02-14 16:28 - 000032038 _____ () C:\Users\Georgius\AppData\Local\uninstall_temp.ico

==================== FLock ==============================

2021-11-25 18:09 C:\Windows\system32\config\SYSTEM
2020-11-22 14:17 C:\Windows\system32\Drivers\1Z7WYt.sys

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


BCD (recoveryenabled=No -> recoveryenabled=Yes) <==== restored successfully

LastRegBack: 2020-11-13 17:04
==================== End of FRST.txt ========================

Re: SGLH subory, pravdepodobne ransomware

Napsal: 28 lis 2021 14:55
od MarkAurel
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-11-2021
Ran by Georgius (28-11-2021 14:45:41)
Running from C:\Users\Georgius\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X64) (2017-12-05 11:13:06)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3999889357-1238142211-2592065837-500 - Administrator - Disabled)
Georgius (S-1-5-21-3999889357-1238142211-2592065837-1000 - Administrator - Enabled) => C:\Users\Georgius
Guest (S-1-5-21-3999889357-1238142211-2592065837-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3999889357-1238142211-2592065837-1003 - Limited - Enabled)
UpdatusUser (S-1-5-21-3999889357-1238142211-2592065837-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Security (Enabled - Up to date) {89B55CC4-3881-78B2-11E2-479AE0371896}
AS: ESET Security (Enabled - Up to date) {32D4BD20-1EBB-773C-2B52-7CE89BB0522B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Firewall (Enabled) {B18EDDE1-72EE-79EA-3ABD-EEAF1EE45FED}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3999889357-1238142211-2592065837-1000\...\uTorrent) (Version: 3.5.5.45852 - BitTorrent Inc.)
4K Video Downloader 4.11 (HKLM\...\{2DC070EE-D256-4564-BC7C-A78085F22080}) (Version: 4.11.3.3420 - Open Media LLC)
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
ACDSee Pro 9 (64-bit) (HKLM\...\{AAB2B2D2-1B27-4EEC-B033-6F9B6FFEEF4C}) (Version: 9.1.0.453 - ACD Systems International Inc.)
Active WebCam (HKLM-x32\...\Active WebCam) (Version: - )
Adobe Acrobat Reader DC - Slovak (HKLM-x32\...\{AC76BA86-7AD7-1051-7B44-AC0F074E4100}) (Version: 20.013.20064 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.4.1.298 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.453 - Adobe)
Adobe Illustrator (HKLM\...\{88D5B37C-D63C-4FB3-84DD-25BFF26DDD9A}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CC 2018 (HKLM-x32\...\ILST_22_1) (Version: 22.1 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - Adobe Systems, Inc.)
AIMP (HKLM-x32\...\AIMP) (Version: v4.51.2084, 01.12.2018 - AIMP DevTeam)
Aktualizácie NVIDIA 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Alternate QR Code Generator 1.760 (HKLM-x32\...\Alternate QR Code Generator_is1) (Version: - Alternate Tools)
ANT Drivers Installer x64 (HKLM\...\{D559687A-60C5-4786-9429-C21EC195789D}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 6.2.6 - philandro Software GmbH)
Artcut2009 (HKLM-x32\...\{FA01D751-CE47-4533-BB5D-9BB34514A43B}) (Version: 7.0 - Beijing Wentai Technology Co. Ltd)
Audacity 2.3.2 (HKLM-x32\...\Audacity_is1) (Version: 2.3.2 - Audacity Team)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.)
AVS Video Converter 12.0.3 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 12.0.3.654 - Online Media Technologies Ltd.)
BenVista PhotoZoom Pro Corel Plug-In 4.6.2 (HKU\S-1-5-21-3999889357-1238142211-2592065837-1000\...\PhotoZoom Pro Corel Plug-In 4) (Version: 4.6.2 - BenVista Ltd.)
Booking (HKLM-x32\...\{13D4CD54-EA09-4FDB-B979-8B2BC0F020CA}_is1) (Version: 2.0.701 - Booking)
CCleaner (HKLM\...\CCleaner) (Version: 5.87 - Piriform)
Corel AfterShot 3 - HDR x64 (HKLM\...\{304BEFF1-0645-4E24-BBBE-71F86AF55169}) (Version: 3.0 - Corel Corporation) Hidden
Corel AfterShot 3 - ICA x64 (HKLM\...\{FE875B02-11A1-4D1E-B57A-8DE2C00C0B51}) (Version: 3.5 - Corel Corporation) Hidden
Corel AfterShot 3 - IPM Content x64 (HKLM\...\{3E064BED-C9D8-4BEF-A2EE-8D67E99C3932}) (Version: 3.4 - Corel Corporation) Hidden
Corel AfterShot 3 - IPM x64 (HKLM\...\{5059B47C-4D7B-46E9-9D7A-1E2FCF5DDBED}) (Version: 3.5.0.365 - Corel Corporation) Hidden
Corel AfterShot 3(64-bit) (HKLM\...\_{FE875B02-11A1-4D1E-B57A-8DE2C00C0B51}) (Version: 3.5.0.365 - Corel Corporation)
Corel Graphics - Windows Shell Extension (HKLM\...\_{39AB9389-ABC5-4603-AFB6-071BB35225E4}) (Version: 21.0.0.581 - Corel Corporation)
Corel Graphics - Windows Shell Extension (HKLM\...\{39AB9389-ABC5-4603-AFB6-071BB35225E4}) (Version: 21.0.581 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit Keys (HKLM\...\{95555783-E5F3-40B2-99C7-7345C39EFF76}) (Version: 21.0.581 - Corel Corporation) Hidden
Corel Update Manager (HKLM\...\{9E1EE683-0C7B-46E7-83EC-1F5A1D8F2296}) (Version: 2.10.442 - Corel corporation) Hidden
CorelDRAW Graphics Suite 2017 - IPM (x64) (HKLM\...\{904B10A6-0D9C-4645-9C61-504FA92B9220}) (Version: 19.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2017 - IPM Content (x64) (HKLM\...\{54F024CB-16AF-4CC0-9BC2-D2507E7C6C01}) (Version: 19.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2017 - Writing Tools (x64) (HKLM\...\{E38357D4-1B80-400F-A6D7-B4D5DD83D979}) (Version: 19.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2019 - IPM (x64) (HKLM\...\{A3BA4B57-A263-476E-B787-B5267F35201F}) (Version: 21.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2019 - IPM Content CZ (x64) (HKLM\...\{05FDF5A8-802D-44EF-B475-92EE19B77502}) (Version: 21.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2019 - IPM Content EN (x64) (HKLM\...\{E5A6F812-B03B-4054-BDC9-E92B1BC6B052}) (Version: 21.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2019 - IPM Content PL (x64) (HKLM\...\{52290C71-F654-4B59-9C05-628F24690A22}) (Version: 21.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2019 - IPM Content RU (x64) (HKLM\...\{C0DFC477-D301-4E8C-B439-E57116182B68}) (Version: 21.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2019 - IPM Content TR (x64) (HKLM\...\{EB0B0BB1-4425-4E33-81B0-8F7CFECD94B9}) (Version: 21.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2019 - Writing Tools (x64) (HKLM\...\{F37A71D2-9B69-45E5-B6B1-DE9D98C197FC}) (Version: 21.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2019 (64-Bit) (HKLM\...\_{E82C45F0-2C79-47A5-B90B-C514724B1C48}) (Version: 21.0.0.593 - Corel Corporation)
Elevated Installer (HKLM-x32\...\{0BF90608-2F95-4C7C-9A85-E90E0CAF4FE9}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries) Hidden
Epson Copy Utility 3.5 (HKLM-x32\...\{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}) (Version: 3.5.0.0 - )
EPSON Easy Photo Print (HKLM-x32\...\{B8890B12-4E4C-4E53-9ECB-96193BBA7767}) (Version: 1.4.0.0 - )
Epson Easy Photo Print 2 (HKLM-x32\...\{7E0261C4-8495-4365-BE48-647701D8B9BD}) (Version: 2.8.3.0 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
EPSON L805 Series Printer Uninstall (HKLM\...\EPSON L805 Series) (Version: - Seiko Epson Corporation)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.50.00 - Seiko Epson Corporation)
Epson Printer Connection Checker (HKLM-x32\...\{FFA5C174-DB3F-4AFE-B59D-C0FB1744CD76}) (Version: 3.1.0.0 - Seiko Epson Corporation)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
EPSON Printer Software (HKLM-x32\...\{7612D261-8150-4B33-ADEE-3D3C086F0815}) (Version: 1.000.00.00 - EPSON)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
EPSON Scan Assistant (HKLM-x32\...\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}) (Version: 1.10.00 - )
Epson Software Updater (HKLM-x32\...\{28C66F35-69BF-4376-BC80-4D5F4808FF3C}) (Version: 4.6.1 - Seiko Epson Corporation)
ESET Security (HKLM\...\{3B47BDC5-99BF-4F5C-A303-1F0F9DBC74F6}) (Version: 14.0.22.0 - ESET, spol. s r.o.)
Free Audio CD to MP3 Converter version 1.3.12.908 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: - DVDVideoSoft Ltd.)
Garmin Express (HKLM-x32\...\{95D0EADA-5123-41C0-931A-F37946BC0E8E}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{eab4691c-4022-41cd-8d39-c3097ba62d4b}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Hidden
Google Chrome (HKLM\...\{04DBEDAC-DFA9-3823-937A-FE754A7AD6F7}) (Version: 75.0.3770.142 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
HPWhale (HKLM-x32\...\HPWhale) (Version: - ) <==== ATTENTION
Chinese Traditional Graphics (HKLM-x32\...\Chinese Traditional Graphics) (Version: - )
Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.50.1172 - Intel Corporation)
irreptitious version 3.0 (HKLM-x32\...\irreptitious_is1) (Version: 3.0 - )
Java 8 Update 241 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180241F0}) (Version: 8.0.2410.7 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
JDownloader 2 (HKLM\...\jdownloader2-1) (Version: 2.0 - AppWork GmbH)
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.2.2.32 - PandoraTV)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2017 (HKLM-x32\...\{5a7dc0ad-cdb2-43b5-8b82-f81065fe6092}) (Version: 15.0.26717 - Microsoft Corporation)
MWSnap 3 (HKLM-x32\...\MWSnap 3) (Version: 3.0.0.74 - Mirek Wojtowicz)
NVIDIA 3D Vision radič ovládača 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 306.97 - NVIDIA Corporation)
NVIDIA Grafický ovládač 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 306.97 - NVIDIA Corporation)
NVIDIA Ovládač 3D Vision 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 306.97 - NVIDIA Corporation)
NVIDIA Ovládač zvuku HD 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Softvér systému s podporou technológie PhysX 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation)
Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.7.0 - Microleaves) Hidden <==== ATTENTION
Opera developer 83.0.4246.0 (HKLM-x32\...\Opera 83.0.4246.0) (Version: 83.0.4246.0 - Opera Software)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.2.10 - Prolific Technology INC)
Príručky EPSON (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.57.0.0 - Seiko Epson Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.107.323.2017 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8010 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Seznam Software (HKU\S-1-5-21-3999889357-1238142211-2592065837-1000\...\SeznamInstall) (Version: 2.1.35 - Seznam.cz)
Skype verzia 8.37 (HKLM-x32\...\Skype_is1) (Version: 8.37 - Skype Technologies S.A.)
TEC-IT QR-Code Studio 1.0 (HKLM-x32\...\{642d31e9-61fd-44a6-874d-3e3c5247a63d}) (Version: 1.0.3.22924 - TEC-IT Datenverarbeitung GmbH)
TEC-IT QR-Code Studio 1.0 (HKLM-x32\...\{A13BEE2E-93C1-493F-B1C1-510EED17A4F4}) (Version: 1.0.3.22924 - TEC-IT Datenverarbeitung GmbH) Hidden
Total Commander 64+32-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.21a - Ghisler Software GmbH)
TP-LINK TL-WN721N_TL-WN722N Driver (HKLM-x32\...\{38A1E3ED-D913-41D2-9953-A93D5ACE3ADF}) (Version: 1.3.1 - TP-LINK)
uTorrent Web (HKU\S-1-5-21-3999889357-1238142211-2592065837-1000\...\utweb) (Version: 1.0.7 - BitTorrent, Inc.)
VirtualDJ 2018 (HKLM-x32\...\{9CE1367A-3C11-4895-99E0-23E511C7DD8C}) (Version: 8.3.4720.0 - Atomix Productions)
VLC media player (HKLM\...\VLC media player) (Version: 4.0.0-dev - VideoLAN)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Installer (HKLM-x32\...\{13499434-9821-4E2D-B7DF-7C0867EB1504}) (Version: 5.0.3 - AdvancedWindowsManager)
WiperSoft 1.1.1157.64 (HKLM\...\{AB1C8C91-4D8E-4C28-80E7-FD135FB90515}}_is1) (Version: 1.1.1157.64 - WiperSoft)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3999889357-1238142211-2592065837-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [{BFD98515-CD74-48A4-98E2-13D209E3EE4F}] -> {BFD98515-CD74-48A4-98E2-13D209E3EE4F} => -> No File
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll [2019-04-21] (Artem Izmaylov -> AIMP DevTeam)
ContextMenuHandlers1-x32: [EPPShellEx] -> {509FE1AF-ADD5-49EC-BC55-7CF81FD16E78} => C:\Program Files (x86)\EPSON\Creativity Suite\Easy Photo Print\EPPShell.dll [2006-04-13] (SEIKO EPSON CORPORATION) [File not signed]
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-10-26] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [PicaViewCtxMenuShlExt] -> {F3CBBA61-EE3F-4D6D-B1C6-B3474E579936} => C:\Program Files\Common Files\ACD Systems\PicaView\ACDSeePV.dll [2015-08-28] (ACD Systems International -> ACD Systems International Inc.)
ContextMenuHandlers1: [ShellConverter] -> {30A4E07E-068A-4d91-8F05-691283A1336B} => C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSShellConverter64.dll [2017-12-18] (Online Media Technologies Ltd. -> Online Media Technologies Ltd.) [File not signed]
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-10-26] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll [2019-04-21] (Artem Izmaylov -> AIMP DevTeam)
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2012-10-02] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-10-26] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32-x32: [vidc.XVID] => xvidvfw.dll
HKLM\...\Drivers32-x32: [VIDC.VP80] => vp8vfw.dll

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
Shortcut: C:\Users\Georgius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехрlоrеr (Nо Аdd-оns).lnk -> C:\Program Files (x86)\HPWhale\WhaleStarter.exe (No File) <==== Cyrillic
ShortcutWithArgument: C:\Users\Georgius\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> %SNP%
ShortcutWithArgument: C:\Users\Georgius\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> url,FileProtocolHandler "hxxp://www.mail.ru/cnt/20775012?gp=811550"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> %SNP%

==================== Loaded Modules (Whitelisted) =============

2017-12-05 12:39 - 2012-04-17 10:36 - 001892352 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\xerces-c_2_7.dll
2017-12-05 12:39 - 2012-04-17 10:30 - 000069632 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\StatusStrings.dll
2019-09-07 14:37 - 2019-09-07 14:37 - 000113664 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\amd64_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_8a1dd9552ed7f8d8\ATL80.DLL
2019-09-07 14:38 - 2017-12-18 15:35 - 000151024 _____ (Online Media Technologies Ltd. -> Online Media Technologies Ltd.) [File not signed] C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSShellConverter64.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\system32\drivers:ucdrv-x64.sys [25444]
AlternateDataStreams: C:\Windows\system32\drivers:x64 [1498914]
AlternateDataStreams: C:\Windows\system32\drivers:x86 [1223458]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 11) (Whitelisted) ==========

HKU\S-1-5-21-3999889357-1238142211-2592065837-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxlQl_qh-lpPVGaot6QfodMAbnVPDKXxgjYYaGKyPDJOHyuAhWzsUG_2RbdmLVTfHqraoNh3nGSjWFV_T4ulT6kfGtimMXIqO-n61I6C8v9bjoRV-7vk0mD9lMIW39e7lPZuXzub8fEkykwjXOXxUmZNQv-nAjFLTHSNo5Ayhl4A,&q={searchTerms}
HKU\S-1-5-21-3999889357-1238142211-2592065837-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mail.ru/cnt/10445?gp=834423
HKU\S-1-5-21-3999889357-1238142211-2592065837-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxlQl_qh-lpPVGaot6QfodMAbnVPDKXxgjYYaGKyPDJOHyuAhWzsUG_2RbdmLVTfHqraoNh3nGSjWFV_T4ulT6kfGtimMXIqO-n61I6C8v9bjoRV-7vk0mD9lMIW39e7lPZuXzub8fEkykwjXOXxUmZNQv-nAjFLTHSNo5Ayhl4A,&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxlQl_qh-lpPVGaot6QfodMAbnVPDKXxgjYYaGKyPDJOHyuAhWzsUG_2RbdmLVTfHqraoNh3nGSjWFV_T4ulT6kfGtimMXIqO-n61I6C8v9bjoRV-7vk0mD9lMIW39e7lPZuXzub8fEkykwjXOXxUmZNQv-nAjFLTHSNo5Ayhl4A,&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKU\S-1-5-21-3999889357-1238142211-2592065837-1000 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7B12C80D2C-2B62-4242-802F-4F648E396C84%7D&gp=811610
SearchScopes: HKU\S-1-5-21-3999889357-1238142211-2592065837-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src ... ORM=IESR02
SearchScopes: HKU\S-1-5-21-3999889357-1238142211-2592065837-1000 -> {11C790BD-3411-4C1A-AFF6-237C5D0DA1B5} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_37180
SearchScopes: HKU\S-1-5-21-3999889357-1238142211-2592065837-1000 -> {2AACF7F3-B3AC-4381-88EC-FA1F7FB675A8} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_37180
SearchScopes: HKU\S-1-5-21-3999889357-1238142211-2592065837-1000 -> {7114DB86-5F22-4678-8E06-B7D3BD920AB4} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_37180
SearchScopes: HKU\S-1-5-21-3999889357-1238142211-2592065837-1000 -> {7977ECCB-DF00-4BA2-9BDA-6C7B28672AE2} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_37180
SearchScopes: HKU\S-1-5-21-3999889357-1238142211-2592065837-1000 -> {97CAF322-BC75-4B87-87DE-411961F7BC1A} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_37180
SearchScopes: HKU\S-1-5-21-3999889357-1238142211-2592065837-1000 -> {A7451444-EEFE-411E-9D9D-523372A962B5} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_37180
SearchScopes: HKU\S-1-5-21-3999889357-1238142211-2592065837-1000 -> {AAAE39FF-3204-45BA-B814-10C425DC001D} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_37180
SearchScopes: HKU\S-1-5-21-3999889357-1238142211-2592065837-1000 -> {ECAF2A0E-3931-4949-93C5-9702E54E55BA} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_37180
SearchScopes: HKU\S-1-5-21-3999889357-1238142211-2592065837-1000 -> {EDEAA1DC-3871-4503-889D-C40234DA1F86} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_37180
SearchScopes: HKU\S-1-5-21-3999889357-1238142211-2592065837-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7B12C80D2C-2B62-4242-802F-4F648E396C84%7D&gp=811610
SearchScopes: HKU\S-1-5-21-3999889357-1238142211-2592065837-1000 -> {ielnksrch} URL = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxlQl_qh-lpPVGaot6QfodMAbnVPDKXxgjYYaGKyPDJOHyuAhWzsUG_2RbdmLVTfHqraoNh3nGSjWFV_T4ulT6kfGtimMXIqO-n61I6C8v9bjoRV-7vk0mD9lMIW39e7lPZuXzub8fEkykwjXOXxUmZNQv-nAjFLTHSNo5Ayhl4A,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3999889357-1238142211-2592065837-1001 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxlQl_qh-lpPVGaot6QfodMAbnVPDKXxgjYYaGKyPDJOHyuAhWzsUG_2RbdmLVTfHqraoNh3nGSjWFV_T4ulT6kfGtimMXIqO-n61I6C8v9bjoRV-7vk0mD9lMIW39e7lPZuXzub8fEkykwjXOXxUmZNQv-nAjFLTHSNo5Ayhl4A,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3999889357-1238142211-2592065837-1001 -> {ielnksrch} URL = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxlQl_qh-lpPVGaot6QfodMAbnVPDKXxgjYYaGKyPDJOHyuAhWzsUG_2RbdmLVTfHqraoNh3nGSjWFV_T4ulT6kfGtimMXIqO-n61I6C8v9bjoRV-7vk0mD9lMIW39e7lPZuXzub8fEkykwjXOXxUmZNQv-nAjFLTHSNo5Ayhl4A,&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_241\bin\ssv.dll [2020-01-19] (Oracle America, Inc. -> Oracle Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_241\bin\jp2ssv.dll [2020-01-19] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
BHO-x32: Search@Mail.Ru -> {8E8F97CD-60B5-456F-A201-73065652D099} -> C:\Users\Georgius\AppData\Local\Mail.Ru\Sputnik\ie_addon_dll.dll [2019-04-29] (LLC Mail.Ru -> Mail.Ru)
BHO-x32: No Name -> {F9B65201-3D7F-48DA-AAB3-57A6FAD648FD} -> No File
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Handler: WSKVAllmytubechrome - {91AB862D-07B8-4A85 - No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2020-11-05 22:19 - 000000625 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 space1.adminpressure.space
127.0.0.1 trackpressure.website
127.0.0.1 htagzdownload.pw
127.0.0.1 texttotalk.org
127.0.0.1 360devtraking.website
127.0.0.1 room1.360dev.info
127.0.0.1 djapp.info
127.0.0.1 technologievimy.com
127.0.0.1 sharefolder.online
127.0.0.1 install.portmdfmoon.com
127.0.0.1 adkqow01283.pw
127.0.0.1 telechargini.com
127.0.0.1 rothsiLehyaome.pw
127.0.0.1 fffffk.xyz
127.0.0.1 smarttrackk.xyz
127.0.0.1 discretdan.com
0.0.0.0 apps.corel.com
0.0.0.0 mc.corel.com
0.0.0.0 origin-mc.corel.com
0.0.0.0 iws.corel.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%C_EM64T_REDIST11%bin\Intel64;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\nodejs\
HKU\S-1-5-21-3999889357-1238142211-2592065837-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Georgius\AppData\Roaming\ACD Systems\ACDSee\ACD Wallpaper.bmp
DNS Servers: 192.168.22.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AnyDesk.lnk => C:\Windows\pss\AnyDesk.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Georgius^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk => C:\Windows\pss\Google Updater.lnk.Startup
MSCONFIG\startupreg: ACDSeeCommanderPro9 => C:\Program Files\ACD Systems\ACDSee Pro\9.0\ACDSeeCommanderPro9.exe
MSCONFIG\startupreg: ACPW09EN => "C:\Program Files\ACD Systems\ACDSee Pro\9.0\acdIDInTouch2.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeGCInvoker-1.0 => "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe"
MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Chromium => "c:\users\georgius\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session
MSCONFIG\startupreg: Client => "C:\Users\Georgius\AppData\Roaming\Client\nircmd.exe" exec hide "C:\Users\Georgius\AppData\Roaming\Client\cnf.bat"
MSCONFIG\startupreg: cz.seznam.software.autoupdate => "C:\Users\Georgius\AppData\Roaming\Seznam.cz\szninstall.exe" -c
MSCONFIG\startupreg: cz.seznam.software.szndesktop => "C:\Users\Georgius\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
MSCONFIG\startupreg: electron.app.Filesafer => C:\Users\Georgius\AppData\Local\Temp\nskAB5.tmp\app\Filesafer.exe
MSCONFIG\startupreg: EPLTarget =>
MSCONFIG\startupreg: EPSDNMON => ""
MSCONFIG\startupreg: EPSON Stylus Photo R260 Series => C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBNA.EXE /FU "C:\Windows\TEMP\E_S2DA5.tmp" /EF "HKCU"
MSCONFIG\startupreg: Opera Browser Assistant => C:\Program Files\Opera developer\assistant\browser_assistant.exe
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
MSCONFIG\startupreg: SERVICE =>
MSCONFIG\startupreg: SESMPSP => "C:\Program Files\EPSON_P2\Status Monitor\SEPSPZ.EXE"
MSCONFIG\startupreg: seznam-listicka-distribuce => "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
MSCONFIG\startupreg: systemservicesmain => C:\Users\Georgius\Documents\SystemServices Inc\systemservices.exe.lnk
MSCONFIG\startupreg: transactionservicesmain => C:\Users\Georgius\Documents\TransactionServices Inc\transactionservices.exe.lnk
MSCONFIG\startupreg: uTorrent => "C:\Users\Georgius\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{7CD3EB34-9BDD-4FB7-83E9-8811B5A581DB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{BE8BF330-28DF-42EA-863B-BE689B96367E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7BB34197-36C3-42D8-A160-225B089CDB4F}] => (Allow) C:\Users\Georgius\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{8F5C3CD8-1A96-40BF-8CD0-34D3FB4F1960}] => (Allow) C:\Users\Georgius\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{DE7E5AF2-0D45-47AA-B6BE-552BA694B092}] => (Allow) C:\Users\Georgius\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{BC486F6D-E4C0-4A04-8839-A891E9E5975E}] => (Allow) C:\Users\Georgius\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{C42330B4-004B-4062-931D-AD371A1A8A66}] => (Allow) C:\Users\Georgius\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{56DAEFD3-A5AB-4A07-9372-14B9FCDCCB5A}] => (Allow) C:\Users\Georgius\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{5C76F7B7-A465-4E99-82DA-291CA0BFE198}] => (Allow) 㩃啜敳獲䝜潥杲畩屳灁䑰瑡屡潒浡湩屧潮整慰㍤屫潮整慰㍤⹫硥e => No File
FirewallRules: [{35A9598C-37E4-4D9E-9025-2CB8C7C2D6A0}] => (Allow) 㩃啜敳獲䝜潥杲畩屳灁䑰瑡屡潒浡湩屧潮整慰㍤屫潮整灵⹤硥e => No File
FirewallRules: [{C286FD14-7F3B-47C8-B08A-909B945B17D9}] => (Allow) 㩃啜敳獲䝜潥杲畩屳灁䑰瑡屡潒浡湩屧潮整慰㍤屫潮整慰㍤⹫硥e => No File
FirewallRules: [{3046634D-6A99-4A09-A4BB-5A7120D305B9}] => (Allow) 㩃啜敳獲䝜潥杲畩屳灁䑰瑡屡潒浡湩屧潮整慰㍤屫潮整灵⹤硥e => No File
FirewallRules: [{436149AC-3D8E-4C9E-A349-11EAA92F6882}] => (Allow) C:\Users\Georgius\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{BB963F39-0BD3-4CCD-AB06-C27AF0F14D44}] => (Allow) C:\Users\Georgius\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{BD536F7A-033B-48CE-8CF2-2F364292953C}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{95325E32-2357-4379-86D4-41C3FFB519EF}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{80C34C32-473E-4D5E-AAE0-73A1488FB0C1}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C1454359-1D52-4F40-B827-6AED55734937}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EF9A61CE-FCF6-490E-BFEC-2091FBE7F6F5}] => (Allow) 㩃啜敳獲䝜潥杲畩屳灁䑰瑡屡潒浡湩屧湩潦楓屷湩潦楓⹷硥e => No File
FirewallRules: [{DB01C9D7-7E2B-442F-94C7-E4BF69E8F2A4}] => (Allow) 㩃啜敳獲䝜潥杲畩屳灁䑰瑡屡潒浡湩屧湩潦楓屷畒卮⹉硥e => No File
FirewallRules: [{129428C1-58E1-4701-A022-4EBD46097E0D}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7D435FD3-EFB6-4122-9DE6-412546E8B690}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{03A6560B-D679-4BBC-9ACD-1865FD2C634E}] => (Allow) 㩃啜敳獲䝜潥杲畩屳灁䑰瑡屡潒浡湩屧湩潦楓屷湩潦楓⹷硥e => No File
FirewallRules: [{E3C5FDA6-0CA8-4D11-A132-68AB350CF707}] => (Allow) 㩃啜敳獲䝜潥杲畩屳灁䑰瑡屡潒浡湩屧湩潦楓屷畒卮⹉硥e => No File
FirewallRules: [{CEB1DC04-6A0B-4ED5-9994-1C3F581708D8}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite 2019\Programs64\CorelDrw.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{23B9D72C-0F46-4BBF-91D0-0EB2E4EB6728}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite 2019\Programs64\CorelPP.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{175E0EBD-1744-4A62-9C1E-694FD6E450B0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{F9277231-42B3-4BA5-8B7B-9BEAADA75D4A}] => (Allow) C:\Program Files\Opera developer\74.0.3870.0\opera.exe => No File
FirewallRules: [{D87F7471-CE87-4CA5-9796-49F4EF271E8B}] => (Allow) C:\Program Files\Opera developer\75.0.3967.0\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{9425185A-3BD9-4AF4-A630-5FBB755D8FC6}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{0F2DF008-685A-4697-A13C-1249E4144395}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{4AC30D80-D644-44D0-8B1F-E59235C3B3ED}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{510664A8-D208-4BE2-A0C6-B85FCA831507}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{55ED5DFD-F255-4B80-8031-990A497EA514}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{93E60809-BC83-48EB-BD9C-997F770C4B76}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{C98B8528-AA5A-4F25-B4D3-2049713E7CA5}] => (Allow) C:\Program Files\Opera developer\83.0.4246.0\opera.exe (Opera Software AS -> Opera Software)

==================== Restore Points =========================

22-11-2020 15:08:54 Operácia obnovovania

==================== Faulty Device Manager Devices ============

Name: WinmonProcessMonitor
Description: WinmonProcessMonitor
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: WinmonProcessMonitor
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: ucdrv
Description: ucdrv
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ucdrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: ========================

Application errors:
==================
Error: (11/28/2021 02:47:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Zálohovanie sa nedokončilo v dôsledku chyby zápisu do umiestnenia zálohy F:\. Vyskytla sa chyba: Umiestnenie zálohy sa nedá nájsť alebo nie je platné. Skontrolujte svoje nastavenie zálohovania a umiestnenie zálohy. (0x81000006).

Error: (11/28/2021 02:42:25 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (11/28/2021 02:42:25 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (11/28/2021 02:38:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/25/2021 04:58:51 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (11/25/2021 04:58:50 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (11/25/2021 04:54:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/25/2021 04:42:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.


System errors:
=============
Error: (11/28/2021 02:48:38 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {BB6DF56B-CACE-11DC-9992-0019B93A3A84} did not register with DCOM within the required timeout.

Error: (11/28/2021 02:48:19 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (11/28/2021 02:48:16 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (11/28/2021 02:48:16 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (11/28/2021 02:48:16 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (11/28/2021 02:48:14 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (11/28/2021 02:37:09 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému zlyhali pri načítaní:
ucdrv

Error: (11/28/2021 02:37:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby wifi support zlyhalo kvôli nasledujúcej chybe:
Systém nemôže nájsť zadaný súbor.


Windows Defender:
================
Date: 2020-11-22 14:04:08.747
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid= ... tid=261552
Name:PWS:Win32/Fareit.VV!MTB
Severity:Závažná
Category:Program na odcudzenie hesiel
Path Found:file:C:\Users\Georgius\AppData\Local\8aec164c-f579-45d4-bce6-3b55d0094ad1\updatewin1.exe;process:pid:3564;process:pid:3768
Detection Type:Concrete
Detection Source:Real-Time Protection
Status:Unknown
Process Name:

Date: 2020-11-22 14:04:08.733
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid= ... tid=261552
Name:PWS:Win32/Fareit.VV!MTB
Severity:Závažná
Category:Program na odcudzenie hesiel
Path Found:file:C:\Users\Georgius\AppData\Local\8aec164c-f579-45d4-bce6-3b55d0094ad1\updatewin1.exe;process:pid:3768
Detection Type:Concrete
Detection Source:Real-Time Protection
Status:Unknown
Process Name:

Date: 2020-11-05 22:19:06.787
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid= ... tid=272037
Name:Misleading:Win32/Fybents
Severity:Vysoká
Category:Potenciálne nežiaduci softvér
Path Found:file:C:\Program Files\ByteFence\ByteFence.exe;file:C:\Program Files\ByteFence\ByteFenceService.exe;process:pid:8072;process:pid:9164;process:pid:9336;process:pid:9452;process:pid:9508,ProcessStart:132490837478818687;process:pid:9544;process:pid:9944,ProcessStart:132490837314479287
Detection Type:Concrete
Detection Source:Real-Time Protection
Status:Unknown
Process Name:

Date: 2020-11-05 22:19:02.917
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid= ... tid=272037
Name:Misleading:Win32/Fybents
Severity:Vysoká
Category:Potenciálne nežiaduci softvér
Path Found:file:C:\Program Files\ByteFence\ByteFence.exe;file:C:\Program Files\ByteFence\ByteFenceService.exe;process:pid:9164;process:pid:9336;process:pid:9452;process:pid:9508,ProcessStart:132490837478818687;process:pid:9544;process:pid:9944,ProcessStart:132490837314479287
Detection Type:Concrete
Detection Source:Real-Time Protection
Status:Unknown
Process Name:

Date: 2020-11-05 22:18:56.192
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid= ... tid=272037
Name:Misleading:Win32/Fybents
Severity:Vysoká
Category:Potenciálne nežiaduci softvér
Path Found:file:C:\Program Files\ByteFence\ByteFence.exe;file:C:\Program Files\ByteFence\ByteFenceService.exe;process:pid:9164;process:pid:9452;process:pid:9508,ProcessStart:132490837478818687;process:pid:9544;process:pid:9944,ProcessStart:132490837314479287
Detection Type:Concrete
Detection Source:Real-Time Protection
Status:Unknown
Process Name:
Event[0]:

Date: 2020-11-22 14:04:14.418
Description:
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature:On Access
Error Code:0x80501002
Error description:Program nenašiel súbory definícií, ktoré pomáhajú pri zisťovaní nežiaduceho softvéru. Vyhľadajte aktualizácie súborov definícií a potom skúste operáciu zopakovať. Informácie o inštalácii aktualizácií nájdete v Pomoci a technickej podpore.
Reason:Real Time Monitoring has stopped functioning for an unknown reason. Restart the service in order to recover.

==================== Memory info ===========================

BIOS: American Megatrends Inc. V4.2 01/11/2012
Motherboard: MSI Z68A-G43 (G3) (MS-7750)
Processor: Intel(R) Core(TM) i5-2380P CPU @ 3.10GHz
Percentage of memory in use: 66%
Total physical RAM: 8164.95 MB
Available physical RAM: 2724.26 MB
Total Virtual: 16328.04 MB
Available Virtual: 10833.54 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.56 GB) (Free:19.69 GB) NTFS
Drive d: () (Fixed) (Total:368.1 GB) (Free:82.59 GB) NTFS

\\?\Volume{9c1f78c4-d9ac-11e7-b8f8-806e6f6e6963}\ (Vyhradené systémom) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 973CEC0B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=368.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Re: SGLH subory, pravdepodobne ransomware

Napsal: 28 lis 2021 15:17
od Rudy
Teď spusťte tuto utlitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

Re: SGLH subory, pravdepodobne ransomware

Napsal: 28 lis 2021 15:56
od MarkAurel
# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build: 11-18-2021
# Database: 2021-11-18.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 11-28-2021
# Duration: 00:00:17
# OS: Windows 7 Home Premium
# Cleaned: 198
# Awaiting reboot:1
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Deleted C:\Program Files (x86)\HPWhale
Deleted C:\Program Files (x86)\MachinerData
Deleted C:\Program Files (x86)\Microleaves
Deleted C:\Program Files (x86)\Seed Trade
Deleted C:\Program Files (x86)\Seznam.cz
Deleted C:\Program Files (x86)\Smart Application Controller
Deleted C:\Program Files (x86)\SystemHealer
Deleted C:\Program Files\My Web Shield
Deleted C:\Program Files\WiperSoft
Deleted C:\ProgramData\192918A8-28F5-1
Deleted C:\ProgramData\192918A8-79E3-0
Deleted C:\ProgramData\AdvancedWindowsManager
Deleted C:\ProgramData\AppmallosayoV
Deleted C:\ProgramData\AppmallosayoVs
Deleted C:\ProgramData\DreamScreen
Deleted C:\ProgramData\F6C8E74C-0467-0
Deleted C:\ProgramData\F6C8E74C-0745-1
Deleted C:\ProgramData\Garbage Cleaner
Deleted C:\ProgramData\Logic Cramble
Deleted C:\ProgramData\Microleaves
Deleted C:\ProgramData\PrefsSecure
Deleted C:\ProgramData\Voyasollam
Deleted C:\ProgramData\tiser
Deleted C:\Users\Georgius\AppData\Local\AdService
Deleted C:\Users\Georgius\AppData\Local\UCBrowser
Deleted C:\Users\Georgius\AppData\Roaming\BROWSERMODULE
Deleted C:\Users\Georgius\AppData\Roaming\DreamCompress
Deleted C:\Users\Georgius\AppData\Roaming\DreamScreen
Deleted C:\Users\Georgius\AppData\Roaming\Microleaves
Deleted C:\Users\Georgius\AppData\Roaming\OneSystemCare
Deleted C:\Users\Georgius\AppData\Roaming\Seznam.cz
Deleted C:\Users\Georgius\AppData\Roaming\Smart Application Controller
Deleted C:\Users\Georgius\AppData\Roaming\Smart Clock
Deleted C:\Users\Georgius\AppData\Roaming\SystemHealer
Deleted C:\Users\Georgius\AppData\Roaming\WiperSoft
Deleted C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Local\UCBrowser
Deleted C:\Windows\rss
Needs Reboot C:\Program Files (x86)\AdvancedWindowsManager

***** [ Files ] *****

Deleted C:\Users\Georgius\AppData\Local\Main.dat
Deleted C:\Users\Georgius\AppData\Local\PO.DB
Deleted C:\Users\Georgius\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk
Deleted C:\Users\Georgius\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\UC???.lnk
Deleted C:\Users\Georgius\appdata\local\installationconfiguration.xml
Deleted C:\Users\UpdatusUser\Desktop\Garbage Cleaner.lnk
Deleted C:\Windows\Installer\{44BB7353-0308-44BF-A7DE-E8DC3857D056}\{135F5B91-C93C-4342-8993-C40FE32BE92C}.XPI
Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Local\PO.DB
Deleted C:\Windows\SysWOW64\findit.xml

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
Deleted C:\Users\Georgius\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

***** [ Tasks ] *****

Deleted C:\Windows\System32\Tasks\ADVANCEDWINDOWSMANAGER
Deleted C:\Windows\System32\Tasks\BOQBXXBEJPADGWZTW
Deleted C:\Windows\System32\Tasks\BOQBXXBEJPADGWZTW2
Deleted C:\Windows\System32\Tasks\FASTDATAX TASK
Deleted C:\Windows\System32\Tasks\JVVCEBPOCJHHKMI
Deleted C:\Windows\System32\Tasks\JVVCEBPOCJHHKMI2
Deleted C:\Windows\System32\Tasks\LACIES
Deleted C:\Windows\System32\Tasks\ONE SYSTEM CARE DELAYED
Deleted C:\Windows\System32\Tasks\ONE SYSTEM CARE MONITOR
Deleted C:\Windows\System32\Tasks\UCBROWSERSECUREUPDATER
Deleted C:\Windows\System32\Tasks\UCBROWSERUPDATERCORE
Deleted C:\Windows\System32\Tasks\UPDATER_ONLINE_APPLICATION
Deleted C:\Windows\Tasks\BOQBXXBEJPADGWZTW.JOB
Deleted C:\Windows\Tasks\JVVCEBPOCJHHKMI.JOB
Deleted C:\Windows\Tasks\UCBROWSERUPDATERCORE.JOB
Deleted C:\Windows\Tasks\UPDATER_ONLINE_APPLICATION.JOB

***** [ Registry ] *****

Deleted HKCU\Environment|SNF
Deleted HKCU\Environment|SNP
Deleted HKCU\SOFTWARE\Classes\.crx\OpenWithProgids|UCHTML.AssocFile.CRX
Deleted HKCU\SOFTWARE\Classes\.htm\OpenWithProgids|UCHTML.AssocFile.HTM
Deleted HKCU\SOFTWARE\Classes\.html\OpenWithProgids|UCHTML.AssocFile.HTML
Deleted HKCU\SOFTWARE\Classes\.mht\OpenWithProgids|UCHTML.AssocFile.MHT
Deleted HKCU\SOFTWARE\Classes\.shtm\OpenWithProgids|UCHTML.AssocFile.SHTM
Deleted HKCU\SOFTWARE\Classes\.shtml\OpenWithProgids|UCHTML.AssocFile.SHTML
Deleted HKCU\SOFTWARE\Classes\.webp\OpenWithProgids|UCHTML.AssocFile.WEBP
Deleted HKCU\SOFTWARE\Classes\.xht\OpenWithProgids|UCHTML.AssocFile.XHT
Deleted HKCU\SOFTWARE\Classes\.xhtml\OpenWithProgids|UCHTML.AssocFile.XHTML
Deleted HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\UCBrowser.exe
Deleted HKCU\Software\DreamTrips
Deleted HKCU\Software\FastDataX
Deleted HKCU\Software\GCleaner
Deleted HKCU\Software\Google\Chrome\NativeMessagingHosts\ru.mail.go.ext_info_host
Deleted HKCU\Software\Lightcleaner
Deleted HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8E8F97CD-60B5-456F-A201-73065652D099}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E8F97CD-60B5-456F-A201-73065652D099}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall
Deleted HKCU\Software\Mozilla\NativeMessagingHosts\sznpp_nm
Deleted HKCU\Software\One System Care
Deleted HKCU\Software\PRODUCTSETUP
Deleted HKCU\Software\PopWnd
Deleted HKCU\Software\SetupCompany
Deleted HKCU\Software\Seznam.cz
Deleted HKCU\Software\System Healer
Deleted HKCU\Software\YeaDesktop
Deleted HKCU\Software\csastats
Deleted HKCU\Software\mtAppmallosayoV
Deleted HKLM\SOFTWARE\Classes\.htm\OpenWithProgids|UCHTML.AssocFile.HTM
Deleted HKLM\SOFTWARE\Classes\.html\OpenWithProgids|UCHTML.AssocFile.HTML
Deleted HKLM\SOFTWARE\Classes\.mht\OpenWithProgids|UCHTML.AssocFile.MHT
Deleted HKLM\SOFTWARE\Classes\.shtm\OpenWithProgids|UCHTML.AssocFile.SHTM
Deleted HKLM\SOFTWARE\Classes\.shtml\OpenWithProgids|UCHTML.AssocFile.SHTML
Deleted HKLM\SOFTWARE\Classes\.webp\OpenWithProgids|UCHTML.AssocFile.WEBP
Deleted HKLM\SOFTWARE\Classes\.xht\OpenWithProgids|UCHTML.AssocFile.XHT
Deleted HKLM\SOFTWARE\Classes\.xhtml\OpenWithProgids|UCHTML.AssocFile.XHTML
Deleted HKLM\SOFTWARE\Classes\UCHTML
Deleted HKLM\SOFTWARE\Classes\UCHTML.AssocFile.CRX
Deleted HKLM\SOFTWARE\Classes\UCHTML.AssocFile.HTML
Deleted HKLM\SOFTWARE\Classes\UCHTML.AssocFile.SHTM
Deleted HKLM\SOFTWARE\Classes\UCHTML.AssocFile.SHTML
Deleted HKLM\SOFTWARE\Classes\UCHTML.AssocFile.WEBP
Deleted HKLM\SOFTWARE\Classes\UCHTML.AssocFile.XHTML
Deleted HKLM\SOFTWARE\MICROSOFT\Speedycar
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{401CE22A-8D62-4D76-878D-838887B32E24}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{38F32E4D-18C3-47FF-88C7-63D58DE7930E}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{60343854-85E1-4C56-B119-7178252D4C0D}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{63205A6C-1DEE-4F77-88F5-2B594CEF8E6A}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{909CAEF1-8270-4C4C-BDE5-999B1BD1F8FF}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9422BC1C-DE8C-4004-90D8-141621E83236}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ED4B16FE-6DA8-46DF-A8D2-76B18D8FFF02}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13266AF3-51CB-4471-8538-F56ED2CF58A6}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B8136FC-96C0-4E81-AC98-421FEB3517A3}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38F32E4D-18C3-47FF-88C7-63D58DE7930E}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{401CE22A-8D62-4D76-878D-838887B32E24}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42FDD7B4-FA9D-4212-872A-637B55BB9088}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{48552812-83EB-4E3C-8152-8BE5B69C31BC}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B8EC765-4DA1-4A8B-AE9A-A8B8C308C63E}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60343854-85E1-4C56-B119-7178252D4C0D}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63205A6C-1DEE-4F77-88F5-2B594CEF8E6A}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{909CAEF1-8270-4C4C-BDE5-999B1BD1F8FF}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9422BC1C-DE8C-4004-90D8-141621E83236}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CF5BE36-256D-41C3-9CD9-B6AD9BFFE8CA}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED4B16FE-6DA8-46DF-A8D2-76B18D8FFF02}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdvancedWindowsManager
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FastDataX Task
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaCieS
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System Care Delayed
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System Care Monitor
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ScheduledUpdate
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UCBrowserSecureUpdater
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UCBrowserUpdaterCore
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater_Online_Application
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\boQbXxbEJPaDgWztw
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\boQbXxbEJPaDgWztw2
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\jVVcebPoCjhHKmi
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\jVVcebPoCjhHKmi2
Deleted HKLM\Software\Classes\AppID\{3E0DB45B-9FCC-4064-B48C-080BD03A99A4}
Deleted HKLM\Software\Classes\AppID\{C81BED3B-31BD-491F-813D-78EFC2638CE1}
Deleted HKLM\Software\Classes\IESearchPlugin.MailRuBHO
Deleted HKLM\Software\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted HKLM\Software\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted HKLM\Software\Classes\Interface\{B28F9114-243E-4046-B173-11825352D18A}
Deleted HKLM\Software\Classes\Interface\{B910D9A1-9F21-484A-8650-82250DABF38E}
Deleted HKLM\Software\Classes\TypeLib\{CCA2A357-CCB4-41C9-B6F5-4F202B8CDC82}
Deleted HKLM\Software\Classes\TypeLib\{D5397E85-8AF4-414B-90FC-9F4244CD46FA}
Deleted HKLM\Software\Classes\tsckmna
Deleted HKLM\Software\MICROSOFT\TechnologyDesktopnew
Deleted HKLM\Software\Microsoft\DMunversion
Deleted HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Opera Browser Assistant
Deleted HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\cz.seznam.software.autoupdate
Deleted HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\cz.seznam.software.szndesktop
Deleted HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\seznam-listicka-distribuce
Deleted HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\systemservicesmain
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\mweshield
Deleted HKLM\Software\Wow6432Node\HPWhale
Deleted HKLM\Software\Wow6432Node\Microleaves
Deleted HKLM\Software\Wow6432Node\WIFIService
Deleted HKLM\Software\Wow6432Node\\Classes\AppID\{3E0DB45B-9FCC-4064-B48C-080BD03A99A4}
Deleted HKLM\Software\Wow6432Node\\Classes\AppID\{C81BED3B-31BD-491F-813D-78EFC2638CE1}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{B28F9114-243E-4046-B173-11825352D18A}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{B910D9A1-9F21-484A-8650-82250DABF38E}
Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{CCA2A357-CCB4-41C9-B6F5-4F202B8CDC82}
Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{D5397E85-8AF4-414B-90FC-9F4244CD46FA}
Deleted HKLM\Software\Wow6432Node\\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AE298D-7E8A-4F53-BE55-15D2B065F6C0}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\SearchScopes|DefaultScope
Deleted HKLM\Software\Wow6432Node\\Microsoft\MediaPlayer\ShimInclusionList\UCBrowser.exe
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E8F97CD-60B5-456F-A201-73065652D099}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\HPWhale
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\OneSystemCare_is1
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{13E374E4-E610-4F9E-ACC4-E461DA17D869}_is1
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{EF758C50-5FA2-4B0A-86D3-8B65B176BC53}
Deleted HKLM\Software\Wow6432Node\mtAppmallosayoV
Deleted HKLM\Software\mweshield
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\Application Hosting
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\tiser
Deleted HKU\.DEFAULT\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted HKU\S-1-5-18\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted HKU\S-1-5-21-3999889357-1238142211-2592065837-1001\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
Deleted HKU\S-1-5-21-3999889357-1238142211-2592065837-1001\Software\Microsoft\Internet Explorer\SearchScopes|DefaultScope
Deleted HKU\S-1-5-21-3999889357-1238142211-2592065837-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C0D38E5A-7CF8-4105-8FE8-31B81443A114}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] remove_file_ntuser
[+] remove_wingrouppolicy_registry
[+] remove_regKey_googleupdatepolicy
[+] Delete Tracing Keys
[+] Reset Winsock

*************************

***** Reboot Required to Complete *****


***** [ Folders ] *****

Cleaning failed C:\Program Files (x86)\AdvancedWindowsManager

*************************

AdwCleaner[S00].txt - [20623 octets] - [28/11/2021 15:51:20]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Re: SGLH subory, pravdepodobne ransomware

Napsal: 28 lis 2021 17:27
od Rudy
Dejte nové logy FRST+Addition.
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz